Free Google Cloud Architect Professional Exam Braindumps (page: 35)

Page 34 of 68

Your organization wants to control IAM policies for different departments independently, but centrally.
Which approach should you take?

  1. Multiple Organizations with multiple Folders
  2. Multiple Organizations, one for each department
  3. A single Organization with Folder for each department
  4. A single Organization with multiple projects, each with a central owner

Answer(s): C

Explanation:

Folders are nodes in the Cloud Platform Resource Hierarchy. A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of GCP resources. Folders allow you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies.
While a folder can contain multiple folders or resources, a given folder or resource can have exactly one parent.


Reference:

https://cloud.google.com/resource-manager/docs/creating-managing-folders



A recent audit that a new network was created in Your GCP project. In this network, a GCE instance has an SSH port open the world. You want to discover this network's origin.
What should you do?

  1. Search for Create VM entry in the Stackdriver alerting console.
  2. Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry.
  3. In the logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry.
  4. Connect to the GCE instance using project SSH Keys. Identify previous logins in system logs, and match these with the project owners list.

Answer(s): C

Explanation:

Incorrect Answers:

A: To use the Stackdriver alerting console we must first set up alerting policies.

B: Data access logs only contain read-only operations.

Audit logs help you determine who did what, where, and when.
Cloud Audit Logging returns two types of logs:
Admin activity logs

Data access logs: Contains log entries for operations that perform read-only operations do not modify any data, such as get, list, and aggregated list methods.



As part of implementing their disaster recovery plan, your company is trying to replicate their production
MySQL database from their private data center to their GCP project using a Google Cloud VPN connection.
They are experiencing latency issues and a small amount of packet loss that is disrupting the replication.
What should they do?

  1. Configure their replication to use UDP.
  2. Configure a Google Cloud Dedicated Interconnect.
  3. Restore their database daily using Google Cloud SQL.
  4. Add additional VPN connections and load balance them.
  5. Send the replicated transaction to Google Cloud Pub/Sub.

Answer(s): B



Your customer support tool logs all email and chat conversations to Cloud Bigtable for retention and analysis.
What is the recommended approach for sanitizing this data of personally identifiable information or payment card information before initial storage?

  1. Hash all data using SHA256
  2. Encrypt all data using elliptic curve cryptography
  3. De-identify the data with the Cloud Data Loss Prevention API
  4. Use regular expressions to find and redact phone numbers, email addresses, and credit card numbers

Answer(s): A


Reference:

https://cloud.google.com/solutions/pci-dss-compliance-ingcp#






Post your Comments and Discuss Google Google Cloud Architect Professional exam with other Community members:

Google Cloud Architect Professional Discussions & Posts