Google chinesedumps legit Professional-cloud-security-engineer Exam Download by Caelan q124 vce pdf

Page: 7 / 17

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	234 Q&A's	Shared By:	caelan

Question 28

You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You only want to allow thee application frontend to access the data in the application's mysql instance on port 3306.

What should you do?

Options:

Configure an ingress firewall rule that allows communication from the src IP range of subnet A to the tag "data-tag" that is applied to the mysql Compute Engine VM on port 3306.

Configure an ingress firewall rule that allows communication from the frontend's unique service account to the unique service account of the mysql Compute Engine VM on port 3306.

Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet B. Then configure an egress firewall rule that allows communication from Compute Engine VMs tagged with data-tag to destination Compute Engine VMs tagged fe-tag.

Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet B. Then configure an ingress firewall rule that allows communication from Compute Engine VMs tagged with fe-tag to destination Compute Engine VMs tagged with data-tag.

Discussion

Question 29

Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.

What should you do?

Options:

Temporarily disable authentication on the Cloud Storage bucket.

Use the undelete command to recover the deleted service account.

Create a new service account with the same name as the deleted service account.

Update the permissions of another existing service account and supply those credentials to the applications.

Discussion

Question 30

You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable?

Options:

compute.restrictSharedVpcHostProjects

compute.restrictXpnProjectLienRemoval

compute.restrictSharedVpcSubnetworks

compute.sharedReservationsOwnerProjects

Discussion

Annabel

I recently used them for my exam and I passed it with excellent score. I am impressed.

Amirah (not set)

I passed too. The questions I saw in the actual exam were exactly the same as the ones in the Cramkey Dumps. I was able to answer the questions confidently because I had already seen and studied them.

Teddie

yes, I passed my exam with wonderful score, Accurate and valid dumps.

Isla-Rose (not set)

Absolutely! The questions in the dumps were almost identical to the ones that appeared in the actual exam. I was able to answer almost all of them correctly.

Anya

I must say they're considered the best dumps available and the questions are very similar to what you'll see in the actual exam. Recommended!!!

Cassius (not set)

Yes, they offer a 100% success guarantee. And many students who have used them have reported passing their exams with flying colors.

Miriam

Highly recommended Dumps. 100% authentic and reliable. Passed my exam with wonderful score.

Milan (not set)

I see. Thanks for the information. I'll definitely keep Cramkey in mind for my next exam.

Vienna

I highly recommend them. They are offering exact questions that we need to prepare our exam.

Jensen (not set)

That's great. I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Question 31

In an effort for your company messaging app to comply with FIPS 140-2, a decision was made to use GCP compute and network services. The messaging app architecture includes a Managed Instance Group (MIG) that controls a cluster of Compute Engine instances. The instances use Local SSDs for data caching and UDP for instance-to-instance communications. The app development team is willing to make any changes necessary to comply with the standard

Which options should you recommend to meet the requirements?

Options:

Encrypt all cache storage and VM-to-VM communication using the BoringCrypto module.

Set Disk Encryption on the Instance Template used by the MIG to customer-managed key and use BoringSSL for all data transit between instances.

Change the app instance-to-instance communications from UDP to TCP and enable BoringSSL on clients' TLS connections.

Set Disk Encryption on the Instance Template used by the MIG to Google-managed Key and use BoringSSL library on all instance-to-instance communications.