Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.What should you do?
Answer(s): C
"To support common use cases like setting a Time to Live (TTL) for objects, retaining noncurrent versions of objects, or "downgrading" storage classes of objects to help manage costs, Cloud Storage offers the Object Lifecycle Management feature. This page describes the feature as well as the options available when using it. To learn how to enable Object Lifecycle Management, and for examples of lifecycle policies, see Managing Lifecycles." https://cloud.google.com/storage/docs/lifecycle
A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.What should they do?
Answer(s): B
Small containers usually have a smaller attack surface as compared to containers that use large base images. https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-how-and-why-to-build-small-container-images
While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.What should you do?
https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring- single-sign-on
https://cloud.google.com/blog/products/identity-security/using-your-existing-identity- management- system-with-google-cloud-platform
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.What should you do?
Answer(s): A
https://docs.google.com/document/d/11o3e14tyhnT7w45Q8- r9ZmTAfj2WUNUpJPZImrxm_F4/edit?usp=sharing https://support.google.com/a/answer/175197?hl=en
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.What technique should the institution use?
If you want to manage the key encryption keys used for your data at rest, instead of having Google manage the keys, use Cloud Key Management Service to manage your keys. This scenario is known as customer-managed encryption keys (CMEK). https://cloud.google.com/bigquery/docs/encryption- at-rest
https://cloud.google.com/bigquery/docs/encryption-at-rest
Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:
question 18 : response isnt a ?
plaese add questions
is dumps still valid ?
thanks for this
please upload questions
please upload the question dump for professional machinelearning
question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!
number 52 answer is d
just started preparing for my exam , and this site is so much help
question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.
i would like to take psm1 exam.
cbd and pdb are key to the database
the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.
please upload p_sapea_2023
anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried
good questions
hello are these questions valid for ms-102
some questions are wrongly answered but its good nonetheless
how to get system serial number using intune
is it really helpful to pass the exam
#229 in incorrect - all the customers require an annual review
kindy upload
fantastic assessment on psm 1
56 question correct answer a,b
thank you for providing the q bank
true quesstions
i can´t believe ms asks things like this, seems to be only marketing material.
hi, could you please add the last update of ns0-527
question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).
sometimes it may be good some times it may be
qs 4 answer seems wrong- please check
very detailed explanation !
the interactive nature of the test engine application makes the preparation process less boring.
very useful.
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your PROFESSIONAL CLOUD SECURITY ENGINEER, please sign in or create a free account.