How should the DevOps team accomplish this?

Correct Answer for the Question – How should the DevOps team accomplish this? is given below A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE)How should the DevOps team accomplish this?Reference: https://cloud.google.com/kubernetes-engine/docs/security-bulletins Use Puppet or Chef to push out the patch to … Read more

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

Correct Answer for the Question – How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system? is given below How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system? Send all logs to the SIEM system via an existing protocol such as syslog. Configure every project … Read more

What solution would help meet the requirements?

Correct Answer for the Question – What solution would help meet the requirements? is given below An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system. The organization’s risk team … Read more

What should your team do?

Correct Answer for the Question – What should your team do? is given below A customer has an analytics workload running on Compute Engine that should have limited internet access.Your team created an egress firewall rule to deny (priority 1000) all traffic to the internet.The Compute Engine instances now need to reach out to the public … Read more

Which type of access should your team grant to meet this requirement?

Correct Answer for the Question – Which type of access should your team grant to meet this requirement? is given below A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.Your team … Read more

Which document should you review to find the information?

Correct Answer for the Question – Which document should you review to find the information? is given below You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls.Which document should you review to find the information?Reference: https://cloud.google.com/solutions/pci-dss-compliance-in-gcp Google Cloud Platform: Customer Responsibility Matrix PCI DSS Requirements and Security Assessment Procedures PCI … Read more

What are the steps to encrypt data using envelope encryption?

Correct Answer for the Question – What are the steps to encrypt data using envelope encryption? is given below What are the steps to encrypt data using envelope encryption?Use a key encryption key (KEK) to wrap the DEK.Encrypt data with the KEK.Store the encrypted data and the wrapped KEK.Use the KEK to generate a data encryption … Read more

How should the organization achieve this objective?

Correct Answer for the Question – How should the organization achieve this objective? is given below For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on “in-scope” Nodes only. These Nodes can only contain the “in-scope” Pods.How should the organization achieve this objective? Add a nodeSelector field to the pod configuration … Read more

Which method should be used to protect employee credentials in this situation?

Correct Answer for the Question – Which method should be used to protect employee credentials in this situation? is given below An organization receives an increasing number of phishing emails.Which method should be used to protect employee credentials in this situation? Multifactor Authentication A strict password policy Captcha on login pages Encrypted emails Correct Answer The … Read more