Free Professional Cloud Security Engineer Exam Braindumps (page: 9)

Page 9 of 60

Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet.

What should your team grant to Engineering Group A to meet this requirement?

  1. Compute Network User Role at the host project level.
  2. Compute Network User Role at the subnet level.
  3. Compute Shared VPC Admin Role at the host project level.
  4. Compute Shared VPC Admin Role at the service project level.

Answer(s): B

Explanation:

https://cloud.google.com/vpc/docs/shared-vpc#svc_proj_admins https://cloud.google.com/vpc/docs/shared-vpc#svc_proj_admins



A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across multiple projects managed by different departments. You want to have a historical record of what was running in Google Cloud Platform at any point in time.

What should you do?

  1. Use Resource Manager on the organization level.
  2. Use Forseti Security to automate inventory snapshots.
  3. Use Stackdriver to create a dashboard across all projects.
  4. Use Security Command Center to view all assets across the organization.

Answer(s): B

Explanation:

Only Forseti security can have both 'past' and 'present' (i.e. historical) records of the resources.
https://forsetisecurity.org/about/



An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its current data backup and disaster recovery solutions to GCP for later analysis. The organization's production environment will remain on- premises for an indefinite time. The organization wants a scalable and cost-efficient solution.

Which GCP solution should the organization use?

  1. BigQuery using a data pipeline job with continuous updates
  2. Cloud Storage using a scheduled task and gsutil
  3. Compute Engine Virtual Machines using Persistent Disk
  4. Cloud Datastore using regularly scheduled batch upload jobs

Answer(s): B

Explanation:

https://cloud.google.com/solutions/dr-scenarios-planning-guide#use-cloud-storage-as-part-of-your- daily-backup-routine



You are creating an internal App Engine application that needs to access a user's Google Drive on the user's behalf. Your company does not want to rely on the current user's credentials. It also wants to follow Google- recommended practices.

What should you do?

  1. Create a new Service account, and give all application users the role of Service Account User.
  2. Create a new Service account, and add all application users to a Google Group. Give this group the role of Service Account User.
  3. Use a dedicated G Suite Admin account, and authenticate the application's operations with these G Suite credentials.
  4. Create a new service account, and grant it G Suite domain-wide delegation. Have the application use it to impersonate the user.

Answer(s): D

Explanation:

https://developers.google.com/admin-sdk/directory/v1/guides/delegation






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Professional Cloud Security Engineer Exam Discussions & Posts