Professional-Cloud-Security-Engineer試験無料問題集「Google Cloud Certified - Professional Cloud Security Engineer 認定」

Which two implied firewall rules are defined on a VPC network? (Choose two.)

解説: (GoShiken メンバーにのみ表示されます)
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?

解説: (GoShiken メンバーにのみ表示されます)
A customer has an analytics workload running on Compute Engine that should have limited internet access.
Your team created an egress firewall rule to deny (priority 1000) all traffic to the internet.
The Compute Engine instances now need to reach out to the public repository to get security updates. What should your team do?

解説: (GoShiken メンバーにのみ表示されます)
Your company's storage team manages all product images within a specific Google Cloud project. To maintain control, you must isolate access to Cloud Storage for this project, allowing the storage team to manage restrictions at the project level. They must be restricted to using corporate computers. What should you do?

解説: (GoShiken メンバーにのみ表示されます)
Your organization hosts a financial services application running on Compute Engine instances for a third- party company. The third-party company's servers that will consume the application also run on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances. You have the following requirements:
The network connection must be encrypted.
The communication between servers must be over private IP addresses.
What should you do?

解説: (GoShiken メンバーにのみ表示されます)
Your organization uses Google Workspace as the primary identity provider for Google Cloud Users in your organization initially created their passwords. You need to improve password security due to a recent security event. What should you do?

解説: (GoShiken メンバーにのみ表示されます)
You need to connect your organization's on-premises network with an existing Google Cloud environment that includes one Shared VPC with two subnets named Production and Non-Production. You are required to:
Use a private transport link.
Configure access to Google Cloud APIs through private API endpoints originating from on-premises environments.
Ensure that Google Cloud APIs are only consumed via VPC Service Controls.
What should you do?

解説: (GoShiken メンバーにのみ表示されます)
Your company recently published a security policy to minimize the usage of service account keys. On- premises Windows-based applications are interacting with Google Cloud APIs. You need to implement Workload Identity Federation (WIF) with your identity provider on-premises.
What should you do?

解説: (GoShiken メンバーにのみ表示されます)
You will create a new Service Account that should be able to list the Compute Engine instances in the project.
You want to follow Google-recommended practices.
What should you do?

解説: (GoShiken メンバーにのみ表示されます)
Your organization is rolling out a new continuous integration and delivery (CI/CD) process to deploy infrastructure and applications in Google Cloud Many teams will use their own instances of the CI/CD workflow It will run on Google Kubernetes Engine (GKE) The CI/CD pipelines must be designed to securely access Google Cloud APIs What should you do?

解説: (GoShiken メンバーにのみ表示されます)
Your organization acquired a new workload. The Web and Application (App) servers will be running on Compute Engine in a newly created custom VPC. You are responsible for configuring a secure network communication solution that meets the following requirements:
Only allows communication between the Web and App tiers.
Enforces consistent network security when autoscaling the Web and App tiers.
Prevents Compute Engine Instance Admins from altering network traffic.
What should you do?

解説: (GoShiken メンバーにのみ表示されます)