Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Security Engineer

Free Professional Cloud Security Engineer Exam Braindumps (page: 20)

Page 19 of 60
PDF with 331 Questions

An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its ongoing data backup and disaster recovery solutions to GCP. The organization's on-premises production environment is going to be the next phase for migration to GCP. Stable networking connectivity between the on-premises environment and GCP is also being implemented.

Which GCP solution should the organization use?

  1. BigQuery using a data pipeline job with continuous updates via Cloud VPN
  2. Cloud Storage using a scheduled task and gsutil via Cloud Interconnect
  3. Compute Engines Virtual Machines using Persistent Disk via Cloud Interconnect
  4. Cloud Datastore using regularly scheduled batch upload jobs via Cloud VPN

Answer(s): B

Explanation:

https://cloud.google.com/solutions/dr-scenarios-for-data#production_environment_is_on-premises https://medium.com/@pvergadia/cold-disaster-recovery-on-google-cloud-for-applications-running-

on-premises-114b31933d02



What are the steps to encrypt data using envelope encryption?

  1. Generate a data encryption key (DEK) locally.
    Use a key encryption key (KEK) to wrap the DEK. Encrypt data with the KEK.
    Store the encrypted data and the wrapped KEK.
  2. Generate a key encryption key (KEK) locally.
    Use the KEK to generate a data encryption key (DEK). Encrypt data with the DEK.
    Store the encrypted data and the wrapped DEK.
  3. Generate a data encryption key (DEK) locally.
    Encrypt data with the DEK.
    Use a key encryption key (KEK) to wrap the DEK. Store the encrypted data and the wrapped DEK.
  4. Generate a key encryption key (KEK) locally.
    Generate a data encryption key (DEK) locally. Encrypt data with the KEK.
    Store the encrypted data and the wrapped DEK.

Answer(s): C

Explanation:

The process of encrypting data is to generate a DEK locally, encrypt data with the DEK, use a KEK to wrap the DEK, and then store the encrypted data and the wrapped DEK. The KEK never leaves Cloud KMS. https://cloud.google.com/kms/docs/envelope-
encryption#how_to_encrypt_data_using_envelope_encryption


Reference:

https://cloud.google.com/kms/docs/envelope-encryption



A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires an authentication layer in front of the application that supports two-factor authentication

Which GCP product should the customer implement to meet these requirements?

  1. Cloud Identity-Aware Proxy
  2. Cloud Armor
  3. Cloud Endpoints
  4. Cloud VPN

Answer(s): A

Explanation:

Cloud IAP is integrated with Google Sign-in which Multi-factor authentication can be enabled.
https://cloud.google.com/iap/docs/concepts-overview



Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process.

What should you do?

  1. Use the Cloud Key Management Service to manage a data encryption key (DEK).
  2. Use the Cloud Key Management Service to manage a key encryption key (KEK).
  3. Use customer-supplied encryption keys to manage the data encryption key (DEK).
  4. Use customer-supplied encryption keys to manage the key encryption key (KEK).

Answer(s): C

Explanation:

This is a Customer-supplied encryption keys (CSEK). We generate our own encryption key and manage it on-premises. A KEK never leaves Cloud KMS.There is no KEK or KMS on-premises. Encryption at rest by default, with various key management options https://cloud.google.com/security/encryption-at-rest


Reference:

https://cloud.google.com/security/encryption-at-rest/default-encryption/






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Exam Discussions & Posts