Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.What should you do?
Answer(s): C
"To support common use cases like setting a Time to Live (TTL) for objects, retaining noncurrent versions of objects, or "downgrading" storage classes of objects to help manage costs, Cloud Storage offers the Object Lifecycle Management feature. This page describes the feature as well as the options available when using it. To learn how to enable Object Lifecycle Management, and for examples of lifecycle policies, see Managing Lifecycles." https://cloud.google.com/storage/docs/lifecycle
A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.What should they do?
Answer(s): B
Small containers usually have a smaller attack surface as compared to containers that use large base images. https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-how-and-why-to-build-small-container-images
While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.What should you do?
https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring- single-sign-on
https://cloud.google.com/blog/products/identity-security/using-your-existing-identity- management- system-with-google-cloud-platform
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.What should you do?
Answer(s): A
https://docs.google.com/document/d/11o3e14tyhnT7w45Q8- r9ZmTAfj2WUNUpJPZImrxm_F4/edit?usp=sharing https://support.google.com/a/answer/175197?hl=en
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.What technique should the institution use?
If you want to manage the key encryption keys used for your data at rest, instead of having Google manage the keys, use Cloud Key Management Service to manage your keys. This scenario is known as customer-managed encryption keys (CMEK). https://cloud.google.com/bigquery/docs/encryption- at-rest
https://cloud.google.com/bigquery/docs/encryption-at-rest
Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:
can you please upload the dumps for 1z0-1096-23 for oracle
its intresting, i would like to learn more abouth this
q252: dns poisoning is the correct answer, not locator redirection. beaconing is detected from a host. this indicates that the system has been infected with malware, which could be the source of local dns poisoning. location redirection works by either embedding the redirection in the original websites code or having a user click on a url that has an embedded redirect. since users at a different office are not getting redirected, it isnt an embedded redirection on the original website and since the user is manually typing in the url and not clicking a link, it isnt a modified link.
helpful dump questions
question 423 eigrp uses metric
hello nice dumps
good resource for learning
very useful
physical tempering techniques
its giving best technical knowledge
please upload
great question with explanation thanks!!
does this exam have lab sections?
please upload the braindump for .net
i need this exam 1z0-1107-2. please.
very useful!
for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo
q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.
nice questions
question # 208: failure logs is not an example of operational metadata.
good questions
thank you for the test materials!
its very helpful
good questons
i need the dumb of the hcip security v4.0 exam
upload the dump please
yes, iam looking this
please upload cima e2 managing performance dumps
wonderful questions
i used this site since 2000, still great to support my career
why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your PROFESSIONAL CLOUD SECURITY ENGINEER, please sign in or create a free account.