- Home
- Google Cloud Certified - Professional Cloud Security Engineer Exam
- Google.Professional-Cloud-Security-Engineer.v2025-05-21.q124
- Question 91
Valid Professional-Cloud-Security-Engineer Dumps shared by ExamDiscuss.com for Helping Passing Professional-Cloud-Security-Engineer Exam! ExamDiscuss.com now offer the newest Professional-Cloud-Security-Engineer exam dumps, the ExamDiscuss.com Professional-Cloud-Security-Engineer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Professional-Cloud-Security-Engineer dumps with Test Engine here:
Access Professional-Cloud-Security-Engineer Dumps Premium Version
(268 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 91/124
Your organization is transitioning to Google Cloud You want to ensure that only trusted container images are deployed on Google Kubernetes Engine (GKE) clusters in a project. The containers must be deployed from a centrally managed. Container Registry and signed by a trusted authority.
What should you do?
Choose 2 answers
What should you do?
Choose 2 answers
Correct Answer: A,B
* Configure Binary Authorization:
* Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on GKE. It uses attestations to verify the authenticity and integrity of the images.
* Enable Binary Authorization in your project through the Google Cloud Console or using the gcloud command-line tool.
* Define attestation policies that specify which attestors (trusted entities) must sign off on container images before deployment.
* Set Up Attestors:
* Create and configure attestors that will sign the container images. This involves generating cryptographic keys and setting up trusted authorities.
* Attestors can be configured to sign images based on criteria such as vulnerability scanning results, compliance checks, and other security policies.
* Create a Custom Organization Policy Constraint:
* Define an organization policy constraint that enforces Binary Authorization across your GKE clusters.
* This custom constraint ensures that all clusters in the organization must adhere to the Binary Authorization policy, preventing the deployment of unsigned or unauthorized container images.
* Implement and Enforce the Policies:
* Apply the Binary Authorization policy and the organization policy constraint to your GKE clusters.
* Regularly review and update the policies and attestation rules to align with your security and compliance requirements.
References:
* Binary Authorization Documentation
* Creating Attestors
* Organization Policy Constraints
* Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on GKE. It uses attestations to verify the authenticity and integrity of the images.
* Enable Binary Authorization in your project through the Google Cloud Console or using the gcloud command-line tool.
* Define attestation policies that specify which attestors (trusted entities) must sign off on container images before deployment.
* Set Up Attestors:
* Create and configure attestors that will sign the container images. This involves generating cryptographic keys and setting up trusted authorities.
* Attestors can be configured to sign images based on criteria such as vulnerability scanning results, compliance checks, and other security policies.
* Create a Custom Organization Policy Constraint:
* Define an organization policy constraint that enforces Binary Authorization across your GKE clusters.
* This custom constraint ensures that all clusters in the organization must adhere to the Binary Authorization policy, preventing the deployment of unsigned or unauthorized container images.
* Implement and Enforce the Policies:
* Apply the Binary Authorization policy and the organization policy constraint to your GKE clusters.
* Regularly review and update the policies and attestation rules to align with your security and compliance requirements.
References:
* Binary Authorization Documentation
* Creating Attestors
* Organization Policy Constraints
- Question List (124q)
- Question 1: An organization is moving applications to Google Cloud while...
- Question 2: An organization is starting to move its infrastructure from ...
- Question 3: Your organization has on-premises hosts that need to access ...
- Question 4: You are deploying a web application hosted on Compute Engine...
- Question 5: Your DevOps team uses Packer to build Compute Engine images ...
- Question 6: You have been tasked with configuring Security Command Cente...
- Question 7: You are troubleshooting access denied errors between Compute...
- Question 8: Your team needs to configure their Google Cloud Platform (GC...
- Question 9: You work for a large organization where each business unit h...
- Question 10: You are working with protected health information (PHI) for ...
- Question 11: A customer needs an alternative to storing their plain text ...
- Question 12: You are implementing a new web application on Google Cloud t...
- Question 13: Your company is storing sensitive data in Cloud Storage. You...
- Question 14: Your organization processes sensitive health information. Yo...
- Question 15: A customer's data science group wants to use Google Cloud Pl...
- Question 16: You want data on Compute Engine disks to be encrypted at res...
- Question 17: You are deploying regulated workloads on Google Cloud. The r...
- Question 18: You are working with a client that is concerned about contro...
- Question 19: A customer terminates an engineer and needs to make sure the...
- Question 20: You have the following resource hierarchy. There is an organ...
- Question 21: Your organization is moving virtual machines (VMs) to Google...
- Question 22: Your company runs a website that will store PII on Google Cl...
- Question 23: You need to enable VPC Service Controls and allow changes to...
- Question 24: An application running on a Compute Engine instance needs to...
- Question 25: A patch for a vulnerability has been released, and a DevOps ...
- Question 26: Your company must follow industry specific regulations. Ther...
- Question 27: You must ensure that the keys used for at-rest encryption of...
- Question 28: A company migrated their entire data/center to Google Cloud ...
- Question 29: For compliance reasons, an organization needs to ensure that...
- Question 30: You are the security admin of your company. You have 3,000 o...
- Question 31: Which two security characteristics are related to the use of...
- Question 32: Your organization s record data exists in Cloud Storage. You...
- Question 33: You are consulting with a client that requires end-to-end en...
- Question 34: Your organization wants to publish yearly reports of your we...
- Question 35: A company is running workloads in a dedicated server room. T...
- Question 36: A company has redundant mail servers in different Google Clo...
- Question 37: Your security team wants to reduce the risk of user-managed ...
- Question 38: You want to limit the images that can be used as the source ...
- Question 39: After completing a security vulnerability assessment, you le...
- Question 40: You have noticed an increased number of phishing attacks acr...
- Question 41: A customer wants to make it convenient for their mobile work...
- Question 42: You want to use the gcloud command-line tool to authenticate...
- Question 43: An administrative application is running on a virtual machin...
- Question 44: Your organization is building a real-time recommendation eng...
- Question 45: As adoption of the Cloud Data Loss Prevention (DLP) API grow...
- Question 46: Your Google Cloud organization allows for administrative cap...
- Question 47: Your team uses a service account to authenticate data transf...
- Question 48: Your Security team believes that a former employee of your c...
- Question 49: You have numerous private virtual machines on Google Cloud. ...
- Question 50: You are designing a new governance model for your organizati...
- Question 51: Which type of load balancer should you use to maintain clien...
- Question 52: A company is backing up application logs to a Cloud Storage ...
- Question 53: Your company's Chief Information Security Officer (CISO) cre...
- Question 54: You need to centralize your team's logs for production proje...
- Question 55: You are a member of your company's security team. You have b...
- Question 56: You manage a mission-critical workload for your organization...
- Question 57: You are the project owner for a regulated workload that runs...
- Question 58: Your organization is using Vertex AI Workbench Instances. Yo...
- Question 59: You are a consultant for an organization that is considering...
- Question 60: Your organization operates Virtual Machines (VMs) with only ...
- Question 61: Users are reporting an outage on your public-facing applicat...
- Question 62: You are a Security Administrator at your organization. You n...
- Question 63: A large financial institution is moving its Big Data analyti...
- Question 64: You are working with a client who plans to migrate their dat...
- Question 65: You want to evaluate GCP for PCI compliance. You need to ide...
- Question 66: You are a security engineer at a finance company. Your organ...
- Question 67: You perform a security assessment on a customer architecture...
- Question 68: A company allows every employee to use Google Cloud Platform...
- Question 69: You manage a fleet of virtual machines (VMs) in your organiz...
- Question 70: A customer implements Cloud Identity-Aware Proxy for their E...
- Question 71: Your organization uses Google Workspace Enterprise Edition t...
- Question 72: Your application is deployed as a highly available cross-reg...
- Question 73: Your organization wants to be continuously evaluated against...
- Question 74: Your company's new CEO recently sold two of the company's di...
- Question 75: You have been tasked with inspecting IP packet data for inva...
- Question 76: Applications often require access to "secrets" - small piece...
- Question 77: You define central security controls in your Google Cloud en...
- Question 78: Your organization has had a few recent DDoS attacks. You nee...
- Question 79: Your organization's Google Cloud VMs are deployed via an ins...
- Question 80: Your company operates an application instance group that is ...
- Question 81: You need to use Cloud External Key Manager to create an encr...
- Question 82: A customer wants to run a batch processing system on VMs and...
- Question 83: Your team needs to obtain a unified log view of all developm...
- Question 84: Your organization uses a microservices architecture based on...
- Question 85: When creating a secure container image, which two items shou...
- Question 86: Which Identity-Aware Proxy role should you grant to an Ident...
- Question 87: Your organization wants to protect all workloads that run on...
- Question 88: Your company is concerned about unauthorized parties gaming ...
- Question 89: Your team wants to make sure Compute Engine instances runnin...
- Question 90: Your company is moving to Google Cloud. You plan to sync you...
- Question 91: Your organization is transitioning to Google Cloud You want ...
- Question 92: Your company plans to move most of its IT infrastructure to ...
- Question 93: You're developing the incident response plan for your compan...
- Question 94: Your organization leverages folders to represent different t...
- Question 95: A manager wants to start retaining security event logs for 2...
- Question 96: An engineering team is launching a web application that will...
- Question 97: You run applications on Cloud Run. You already enabled conta...
- Question 98: In order to meet PCI DSS requirements, a customer wants to e...
- Question 99: You need to implement an encryption at-rest strategy that re...
- Question 100: Your team wants to centrally manage GCP IAM permissions from...
- Question 101: You are exporting application logs to Cloud Storage. You enc...
- Question 102: A database administrator notices malicious activities within...
- Question 103: You want to make sure that your organization's Cloud Storage...
- Question 104: Your company is using Cloud Dataproc for its Spark and Hadoo...
- Question 105: You plan to deploy your cloud infrastructure using a CI/CD c...
- Question 106: You have been tasked with implementing external web applicat...
- Question 107: Your organization deploys a large number of containerized ap...
- Question 108: You are creating a new infrastructure CI/CD pipeline to depl...
- Question 109: Your company has deployed an application on Compute Engine. ...
- Question 110: You work for an organization in a regulated industry that ha...
- Question 111: Your organization strives to be a market leader in software ...
- Question 112: In a shared security responsibility model for IaaS, which tw...
- Question 113: Your organization is using GitHub Actions as a continuous in...
- Question 114: An organization's typical network and security review consis...
- Question 115: A company is using Google Kubernetes Engine (GKE) with conta...
- Question 116: You are creating an internal App Engine application that nee...
- Question 117: A customer is collaborating with another company to build an...
- Question 118: You want to update your existing VPC Service Controls perime...
- Question 119: Your company is using GSuite and has developed an applicatio...
- Question 120: You are setting up a new Cloud Storage bucket in your enviro...
- Question 121: Your organization is using Vertex AI Workbench Instances. Yo...
- Question 122: You need to enforce a security policy in your Google Cloud o...
- Question 123: A customer is running an analytics workload on Google Cloud ...
- Question 124: A business unit at a multinational corporation signs up for ...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Security-Engineer.v2025-05-21.q124.pdf