Professional-Cloud-Security-Engineer試験無料問題集「Google Cloud Certified - Professional Cloud Security Engineer 認定」

A. Enable the dry run mode on your perimeter. Add your new access level to the perimeter configuration. Update the perimeter configuration after the access level has been vetted.

B. Create an exact replica of your existing perimeter. Add your new access level to the replica.
Update the original perimeter after the access level has been vetted.

C. Update your perimeter with a new access level that never matches. Update the new access level to match your desired state one condition at a time to avoid being overly permissive.

D. Enable the dry run mode on your perimeter. Add your new access level to the perimeter dry run configuration. Update the perimeter configuration after the access level has been vetted.

A. A rule that allows all inbound port 80 connections

B. A rule that denies all inbound connections

C. A rule that blocks all inbound port 25 connections

D. A rule that blocks all outbound connections

E. A rule that allows all outbound connections

A. Cloud Storage

B. Cloud Functions

C. App Engine

D. Compute Engine

E. Google Kubernetes Engine

A. Deploy patches with VM Manager by using OS patch management.

B. View patch management data in a Security Command Center dashboard.

C. View patch management data in Artifact Registry.

D. Deploy patches with Security Command Genter by using Rapid Vulnerability Detection.

E. View patch management data in VM Manager by using OS patch management.

A. 1. Enable Container Threat Detection in the Security Command Center Premium tier.
2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.
3. View and share the results from the Security Command Center.

B. 1. Get a GitHub subscription.
2. Build the images in Cloud Build and store them in GitHub for automatic scanning.
3. Download the report from GitHub and share with the Security Team.

C. 1. Use an open source tool in Cloud Build to scan the images.
2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil.
3. Share the scan report link with your security department.

D. 1. Enable vulnerability scanning in the Artifact Registry settings.
2. Use Cloud Build to build the images.
3. Push the images to the Artifact Registry for automatic scanning.
4. View the reports in the Artifact Registry.

A. Create the firewall rule with a target of a service account. Centrally manage access to the service account.

B. Create the firewall rule in a Shared VPC with a target of a specific subnet.

C. Create the firewall rule with a target of a network tag. Centrally manage access to the tag.

D. Create the firewall rule in a Shared VPC with a target of a network tag.

A. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.

B. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.

C. Make sure that the ERP system can validate the identity headers in the HTTP requests.

D. Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.

A. Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.

B. Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.

C. Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.

D. Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.

A. Policy Troubleshooter

B. IAM Recommender

C. Policy Analyzer

D. Policy Simulator

A. Change the VPC subnets to enable private Google access.

B. Configure Cloud VPN between the projects.

C. Set up VPC peering between all related projects.

D. Use Shared VPC to share the subnets with the other projects.

A. Web Security Scanner

B. Google Cloud Armor

C. Security Health Analytics

D. Container Threat Detection

A. Use rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.

B. Set appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.

C. Use FindingLimits and TimespanContfig to sample data and minimize transformation units.

D. Set appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.

A. BigQuery using a data pipeline job with continuous updates

B. Compute Engine Virtual Machines using Persistent Disk

C. Cloud Storage using a scheduled task and gsutil

D. Cloud Datastore using regularly scheduled batch upload jobs

A. Run a gsutil script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

B. Assign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours.

C. Configure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraint for BigQuery during the specified working hours.

D. Assign a BigQuery Data Viewer role along with an IAM condition that limits the access to specified working hours.

A. Cloud NAT

B. Google Cloud Armor

C. Cloud Router

D. Cloud VPN

A. Require file integrity monitoring and antivirus scans of pods and nodes.

B. Implement and enforce two-factor authentication.

C. Activate a firewall to prevent all egress traffic.

D. Establish minimum password length requirements for all systems.