- Home
- Google Cloud Certified - Professional Cloud Security Engineer Exam
- Google.Professional-Cloud-Security-Engineer.v2023-12-06.q99
- Question 19
Valid Professional-Cloud-Security-Engineer Dumps shared by ExamDiscuss.com for Helping Passing Professional-Cloud-Security-Engineer Exam! ExamDiscuss.com now offer the newest Professional-Cloud-Security-Engineer exam dumps, the ExamDiscuss.com Professional-Cloud-Security-Engineer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Professional-Cloud-Security-Engineer dumps with Test Engine here:
Access Professional-Cloud-Security-Engineer Dumps Premium Version
(268 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 19/99
You are setting up a CI/CD pipeline to deploy containerized applications to your production clusters on Google Kubernetes Engine (GKE). You need to prevent containers with known vulnerabilities from being deployed. You have the following requirements for your solution:
Must be cloud-native
Must be cost-efficient
Minimize operational overhead
How should you accomplish this? (Choose two.)
Must be cloud-native
Must be cost-efficient
Minimize operational overhead
How should you accomplish this? (Choose two.)
Correct Answer: A,E
Reference:
https://cloud.google.com/container-analysis/docs/container-analysis
Container Analysis is a service that provides vulnerability scanning and metadata storage for containers. The scanning service performs vulnerability scans on images in Container Registry and Artifact Registry, then stores the resulting metadata and makes it available for consumption through an API.
https://cloud.google.com/binary-authorization/docs/attestations
After a container image is built, an attestation can be created to affirm that a required activity was performed on the image such as a regression test, vulnerability scan, or other test. The attestation is created by signing the image's unique digest.
During deployment, instead of repeating the activities, Binary Authorization verifies the attestations using an attestor. If all of the attestations for an image are verified, Binary Authorization allows the image to be deployed.
https://cloud.google.com/container-analysis/docs/container-analysis
Container Analysis is a service that provides vulnerability scanning and metadata storage for containers. The scanning service performs vulnerability scans on images in Container Registry and Artifact Registry, then stores the resulting metadata and makes it available for consumption through an API.
https://cloud.google.com/binary-authorization/docs/attestations
After a container image is built, an attestation can be created to affirm that a required activity was performed on the image such as a regression test, vulnerability scan, or other test. The attestation is created by signing the image's unique digest.
During deployment, instead of repeating the activities, Binary Authorization verifies the attestations using an attestor. If all of the attestations for an image are verified, Binary Authorization allows the image to be deployed.
- Question List (99q)
- Question 1: A company is running their webshop on Google Kubernetes Engi...
- Question 2: Your organization's Google Cloud VMs are deployed via an ins...
- Question 3: An organization is starting to move its infrastructure from ...
- Question 4: You are working with protected health information (PHI) for ...
- Question 5: A retail customer allows users to upload comments and produc...
- Question 6: You are troubleshooting access denied errors between Compute...
- Question 7: You are a Cloud Identity administrator for your organization...
- Question 8: Your organization wants to be General Data Protection Regula...
- Question 9: You are on your company's development team. You noticed that...
- Question 10: Your team wants to make sure Compute Engine instances runnin...
- Question 11: You recently joined the networking team supporting your comp...
- Question 12: A DevOps team will create a new container to run on Google K...
- Question 13: You plan to use a Google Cloud Armor policy to prevent commo...
- Question 14: You need to follow Google-recommended practices to leverage ...
- Question 15: A customer is running an analytics workload on Google Cloud ...
- Question 16: You are developing a new application that uses exclusively C...
- Question 17: You are consulting with a client that requires end-to-end en...
- Question 18: Your team needs to prevent users from creating projects in t...
- Question 19: You are setting up a CI/CD pipeline to deploy containerized ...
- Question 20: A company is deploying their application on Google Cloud Pla...
- Question 21: You are in charge of migrating a legacy application from you...
- Question 22: You need to centralize your team's logs for production proje...
- Question 23: Your team wants to limit users with administrative privilege...
- Question 24: Your team needs to configure their Google Cloud Platform (GC...
- Question 25: When working with agents in a support center via online chat...
- Question 26: An organization is moving applications to Google Cloud while...
- Question 27: You are responsible for managing your company's identities i...
- Question 28: You need to implement an encryption at-rest strategy that re...
- Question 29: You are a member of your company's security team. You have b...
- Question 30: Your team needs to make sure that a Compute Engine instance ...
- Question 31: A customer's company has multiple business units. Each busin...
- Question 32: You need to provide a corporate user account in Google Cloud...
- Question 33: A customer has 300 engineers. The company wants to grant dif...
- Question 34: You are a security administrator at your company and are res...
- Question 35: You are part of a security team that wants to ensure that a ...
- Question 36: Your Google Cloud organization allows for administrative cap...
- Question 37: You are using Security Command Center (SCC) to protect your ...
- Question 38: Your security team wants to implement a defense-in-depth app...
- Question 39: A company is running workloads in a dedicated server room. T...
- Question 40: You have a highly sensitive BigQuery workload that contains ...
- Question 41: You are in charge of creating a new Google Cloud organizatio...
- Question 42: You are asked to recommend a solution to store and retrieve ...
- Question 43: Your organization s customers must scan and upload the contr...
- Question 44: A customer wants to make it convenient for their mobile work...
- Question 45: In a shared security responsibility model for IaaS, which tw...
- Question 46: You are designing a new governance model for your organizati...
- Question 47: In order to meet PCI DSS requirements, a customer wants to e...
- Question 48: A manager wants to start retaining security event logs for 2...
- Question 49: An organization is migrating from their current on-premises ...
- Question 50: You are backing up application logs to a shared Cloud Storag...
- Question 51: An organization's security and risk management teams are con...
- Question 52: Your organization develops software involved in many open so...
- Question 53: You want data on Compute Engine disks to be encrypted at res...
- Question 54: Employees at your company use their personal computers to ac...
- Question 55: You are a consultant for an organization that is considering...
- Question 56: You want to limit the images that can be used as the source ...
- Question 57: You are working with a client who plans to migrate their dat...
- Question 58: Your privacy team uses crypto-shredding (deleting encryption...
- Question 59: You will create a new Service Account that should be able to...
- Question 60: Your organization is moving virtual machines (VMs) to Google...
- Question 61: You have an application where the frontend is deployed on a ...
- Question 62: You are implementing data protection by design and in accord...
- Question 63: Your company plans to move most of its IT infrastructure to ...
- Question 64: You are migrating an on-premises data warehouse to BigQuery ...
- Question 65: You have stored company approved compute images in a single ...
- Question 66: Which Identity-Aware Proxy role should you grant to an Ident...
- Question 67: You are auditing all your Google Cloud resources in the prod...
- Question 68: Your organization is using Active Directory and wants to con...
- Question 69: Which two security characteristics are related to the use of...
- Question 70: Your company is using GSuite and has developed an applicatio...
- Question 71: You perform a security assessment on a customer architecture...
- Question 72: After completing a security vulnerability assessment, you le...
- Question 73: Your team needs to make sure that a Compute Engine instance ...
- Question 74: You manage a mission-critical workload for your organization...
- Question 75: Your company runs a website that will store PII on Google Cl...
- Question 76: You're developing the incident response plan for your compan...
- Question 77: Your company's chief information security officer (CISO) is ...
- Question 78: Your organization processes sensitive health information. Yo...
- Question 79: For compliance reasons, an organization needs to ensure that...
- Question 80: Your organization wants full control of the keys used to enc...
- Question 81: You need to set up two network segments: one with an untrust...
- Question 82: Your application is deployed as a highly available cross-reg...
- Question 83: An engineering team is launching a web application that will...
- Question 84: An application running on a Compute Engine instance needs to...
- Question 85: A patch for a vulnerability has been released, and a DevOps ...
- Question 86: Last week, a company deployed a new App Engine application t...
- Question 87: Your organization wants to be continuously evaluated against...
- Question 88: Your company has deployed an application on Compute Engine. ...
- Question 89: You are deploying regulated workloads on Google Cloud. The r...
- Question 90: You are tasked with exporting and auditing security logs for...
- Question 91: You are routing all your internet facing traffic from Google...
- Question 92: A company is backing up application logs to a Cloud Storage ...
- Question 93: You are the project owner for a regulated workload that runs...
- Question 94: A database administrator notices malicious activities within...
- Question 95: When creating a secure container image, which two items shou...
- Question 96: Your company must follow industry specific regulations. Ther...
- Question 97: A customer is collaborating with another company to build an...
- Question 98: You are exporting application logs to Cloud Storage. You enc...
- Question 99: Your organization wants to be compliant with the General Dat...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Security-Engineer.v2023-12-06.q99.pdf