ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Security Engineer
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud. What should you do?
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier. Which Cloud Data Loss Prevention API technique should you use to accomplish this?
For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on ''in- scope'' Nodes only. These Nodes can only contain the ''in-scope'' Pods. How should the organization achieve this objective?
You have been tasked with inspecting IP packet data for invalid or malicious content. What should you do?
A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior. What should you do to meet these requirements?
You are creating an internal App Engine application that needs to access a user's Google Drive on the user's behalf. Your company does not want to rely on the current user's credentials. It also wants to follow Google- recommended practices. What should you do?
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in a Cloud Storage bucket. Your team has the following requirements: The Cloud Storage bucket in Project A can only be readable from Project B. The Cloud Storage bucket in Project A cannot be accessed from outside the network. Data in the Cloud Storage bucket cannot be copied to an external Cloud Storage bucket. What should the security team do?
You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?
Your organization acquired a new workload. The Web and Application (App) servers will be running on Compute Engine in a newly created custom VPC. You are responsible for configuring a secure network communication solution that meets the following requirements: Only allows communication between the Web and App tiers. Enforces consistent network security when autoscaling the Web and App tiers. Prevents Compute Engine Instance Admins from altering network traffic. What should you do?

Question 230 - Professional Cloud Security Engineer discussion

Report
Export

You are developing a new application that uses exclusively Compute Engine VMs Once a day. this application will execute five different batch jobs Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle

What should you do?

A.
1. Create a general service account 'g-sa' to execute the batch jobs. * 2 Grant the permissions required to execute the batch jobs to g-sa. * 3. Execute the batch jobs with the permissions granted to g-sa
Answers
A.
1. Create a general service account 'g-sa' to execute the batch jobs. * 2 Grant the permissions required to execute the batch jobs to g-sa. * 3. Execute the batch jobs with the permissions granted to g-sa
B.
1. Create a general service account 'g-sa' to orchestrate the batch jobs. * 2. Create one service account per batch job Mb-sa-[1-5],' and grant only the permissions required to run the individual batch jobs to the service accounts. * 3. Grant the Service Account Token Creator role to g-sa Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5].
Answers
B.
1. Create a general service account 'g-sa' to orchestrate the batch jobs. * 2. Create one service account per batch job Mb-sa-[1-5],' and grant only the permissions required to run the individual batch jobs to the service accounts. * 3. Grant the Service Account Token Creator role to g-sa Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5].
C.
1. Create a workload identity pool and configure workload identity pool providers for each batch job * 2 Assign the workload identity user role to each of the identities configured in the providers. * 3. Create one service account per batch job Mb-sa-[1-5]'. and grant only the permissions required to run the individual batch jobs to the service accounts * 4 Generate credential configuration files for each of the providers Use these files to execute the batch jobs with the permissions of b-sa-[1-5].
Answers
C.
1. Create a workload identity pool and configure workload identity pool providers for each batch job * 2 Assign the workload identity user role to each of the identities configured in the providers. * 3. Create one service account per batch job Mb-sa-[1-5]'. and grant only the permissions required to run the individual batch jobs to the service accounts * 4 Generate credential configuration files for each of the providers Use these files to execute the batch jobs with the permissions of b-sa-[1-5].
D.
* 1. Create a general service account 'g-sa' to orchestrate the batch jobs. * 2 Create one service account per batch job 'b-sa-[1-5)\ Grant only the permissions required to run the individual batch jobs to the service accounts and generate service account keys for each of these service accounts * 3. Store the service account keys in Secret Manager. Grant g-sa access to Secret Manager and run the batch jobs with the permissions of b-sa-[1-5].
Answers
D.
* 1. Create a general service account 'g-sa' to orchestrate the batch jobs. * 2 Create one service account per batch job 'b-sa-[1-5)\ Grant only the permissions required to run the individual batch jobs to the service accounts and generate service account keys for each of these service accounts * 3. Store the service account keys in Secret Manager. Grant g-sa access to Secret Manager and run the batch jobs with the permissions of b-sa-[1-5].
Suggested answer: B
Show Answer
asked 18/09/2024
Arun Samuel
41 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms