Google (PCA) Exam Questions And Answers page 18
Your BigQuery project has several users. For audit purposes, you need to see how many queries each user ran in the last month. What should you do?
In the BigQuery interface, execute a query on the JOBS table to get the required information.
Use bq show to list all jobs. Per job, use bq ls to list job information and get the required information.
Use Cloud Audit Logging to view Cloud Audit Logs, and create a filter on the query operation to get the required information.
Managing and provisioning a cloud solution infrastructure
Managing security and compliance
Your company acquired a healthcare startup and must retain its customers medical information for up to 4 more years, depending on when it was created. Your corporate policy is to securely retain this data, and then delete it as soon as regulations allow.
Which approach should you take?
Which approach should you take?
Store the data in Google Drive and manually delete records as they expire.
Anonymize the data using the Cloud Data Loss Prevention API and store it indefinitely.
Store the data in Cloud Storage and use lifecycle management to delete files when they expire.
Store the data in Cloud Storage and run a nightly batch script that deletes all expired data.
Designing for security and compliance
Managing security and compliance
Your company captures all web traffic data in Google Analytics 360 and stores it in BigQuery. Each country has its own dataset. Each dataset has multiple tables. You want analysts from each country to be able to see and query only the data for their respective countries.
How should you configure the access rights?
How should you configure the access rights?
Create a group per country. Add analysts to their respective country-groups. Create a single group all_analysts , and add all country-groups as members. Grant the all_analysts group the IAM role of BigQuery jobUser. Share the appropriate dataset with view access with each respective analyst country-group.
Create a group per country. Add analysts to their respective country-groups. Create a single group all_analysts , and add all country-groups as members. Grant the all_analysts group the IAM role of BigQuery jobUser. Share the appropriate tables with view access with each respective analyst country-group.
Create a group per country. Add analysts to their respective country-groups. Create a single group all_analysts , and add all country-groups as members. Grant the all_analysts group the IAM role of BigQuery dataViewer. Share the appropriate dataset with view access with each respective analyst country-group.
Create a group per country. Add analysts to their respective country-groups. Create a single group all_analysts , and add all country-groups as members. Grant the all_analysts group the IAM role of BigQuery dataViewer. Share the appropriate table with view access with each respective analyst country-group.
Managing and provisioning a cloud solution infrastructure
Designing for security and compliance
Your company creates rendering software which users can download from the company website. Your company has customers all over the world. You want to minimize latency for all your customers. You want to follow Google-recommended practices.
How should you store the files?
How should you store the files?
Save the files in a Multi-Regional Cloud Storage bucket.
Save the files in a Regional Cloud Storage bucket, one bucket per zone of the region.
Save the files in multiple Regional Cloud Storage buckets, one bucket per zone per region.
Save the files in multiple Multi-Regional Cloud Storage buckets, one bucket per multi-region.
Managing and provisioning a cloud solution infrastructure
Designing for security and compliance
Your company has a Google Cloud project that uses BigQuery for data warehousing. There are some tables that contain personally identifiable information (PII). Only the compliance team may access the PII. The other information in the tables must be available to the data science team. You want to minimize cost and the time it takes to assign appropriate access to the tables. What should you do?
1. From the dataset where you have the source data, create views of tables that you want to share, excluding PII.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
1. From the dataset where you have the source data, create materialized views of tables that you want to share, excluding PII.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
1. Create a dataset for the data science team.
2. Create views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
2. Create views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
1. Create a dataset for the data science team.
2. Create materialized views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
2. Create materialized views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
Managing and provisioning a cloud solution infrastructure
Designing for security and compliance
Your company has a Google Cloud project that uses BigQuery for data warehousing. There are some tables that contain personally identifiable information (PII). Only the compliance team may access the PII. The other information in the tables must be available to the data science team. You want to minimize cost and the time it takes to assign appropriate access to the tables. What should you do?
1. From the dataset where you have the source data, create views of tables that you want to share, excluding PII.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
1. From the dataset where you have the source data, create materialized views of tables that you want to share, excluding PII.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
2. Assign an appropriate project-level IAM role to the members of the data science team.
3. Assign access controls to the dataset that contains the view.
1. Create a dataset for the data science team.
2. Create views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
2. Create views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
1. Create a dataset for the data science team.
2. Create materialized views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
2. Create materialized views of tables that you want to share, excluding PII.
3. Assign an appropriate project-level IAM role to the members of the data science team.
4. Assign access controls to the dataset that contains the view.
5. Authorize the view to access the source dataset.
Managing and provisioning a cloud solution infrastructure
Designing for security and compliance
Your company has a Google Cloud project that uses BigQuery for data warehousing. They have a VPN tunnel between the on-premises environment and Google Cloud that is configured with Cloud VPN. The security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing. What should they do?
Configure Private Google Access for on-premises only.
Perform the following tasks:
1. Create a service account.
2. Give the BigQuery JobUser role and Storage Reader role to the service account.
3. Remove all other IAM access from the project.
1. Create a service account.
2. Give the BigQuery JobUser role and Storage Reader role to the service account.
3. Remove all other IAM access from the project.
Configure VPC Service Controls and configure Private Google Access.
Configure Private Google Access.
Designing for security and compliance
Managing security and compliance
Your company has a Google Workspace account and Google Cloud Organization. Some developers in the company have created Google Cloud projects outside of the Google Cloud Organization.
You want to create an Organization structure that allows developers to create projects, but prevents them from modifying production projects. You want to manage policies for all projects centrally and be able to set more restrictive policies for production projects.
You want to minimize disruption to users and developers when business needs change in the future. You want to follow Google-recommended practices. Now should you design the Organization structure?
You want to create an Organization structure that allows developers to create projects, but prevents them from modifying production projects. You want to manage policies for all projects centrally and be able to set more restrictive policies for production projects.
You want to minimize disruption to users and developers when business needs change in the future. You want to follow Google-recommended practices. Now should you design the Organization structure?
1. Create a second Google Workspace account and Organization.
2. Grant all developers the Project Creator IAM role on the new Organization.
3. Move the developer projects into the new Organization.
4. Set the policies for all projects on both Organizations.
5. Additionally, set the production policies on the original Organization.
2. Grant all developers the Project Creator IAM role on the new Organization.
3. Move the developer projects into the new Organization.
4. Set the policies for all projects on both Organizations.
5. Additionally, set the production policies on the original Organization.
1. Create a folder under the Organization resource named Production.
2. Grant all developers the Project Creator IAM role on the new Organization.
3. Move the developer projects into the new Organization.
4. Set the policies for all projects on the Organization.
5. Additionally, set the production policies on the Production folder.
2. Grant all developers the Project Creator IAM role on the new Organization.
3. Move the developer projects into the new Organization.
4. Set the policies for all projects on the Organization.
5. Additionally, set the production policies on the Production folder.
1. Create folders under the Organization resource named Development and Production.
2. Grant all developers the Project Creator IAM role on the Development folder.
3. Move the developer projects into the Development folder.
4. Set the policies for all projects on the Organization.
5. Additionally, set the production policies on the Production folder.
2. Grant all developers the Project Creator IAM role on the Development folder.
3. Move the developer projects into the Development folder.
4. Set the policies for all projects on the Organization.
5. Additionally, set the production policies on the Production folder.
1. Designate the Organization for production projects only.
2. Ensure that developers do not have the Project Creator IAM role on the Organization.
3. Create development projects outside of the Organization using the developer Google Workspace accounts.
4. Set the policies for all projects on the Organization.
5. Additionally, set the production policies on the individual production projects.
2. Ensure that developers do not have the Project Creator IAM role on the Organization.
3. Create development projects outside of the Organization using the developer Google Workspace accounts.
4. Set the policies for all projects on the Organization.
5. Additionally, set the production policies on the individual production projects.
Designing and planning a cloud solution architecture
Designing for security and compliance
Your company has a Kubernetes application that pulls messages from Pub/Sub and stores them in Filestore. Because the application is simple, it was deployed as a single pod. The infrastructure team has analyzed Pub/Sub metrics and discovered that the application cannot process the messages in real time. Most of them wait for minutes before being processed. You need to scale the elaboration process that is I/O-intensive. What should you do?
Use kubectl autoscale deployment APP_NAME --max 6 --min 2 --cpu-percent 50 to configure Kubernetes autoscaling deployment.
Configure a Kubernetes autoscaling deployment based on the subscription/push_request_latencies metric.
Use the --enable-autoscaling flag when you create the Kubernetes cluster.
Configure a Kubernetes autoscaling deployment based on the subscription/num_undelivered_messages metric.
Managing and provisioning a cloud solution infrastructure
Designing for security and compliance
Your company has an application deployed on Anthos clusters (formerly Anthos GKE) that is running multiple microservices. The cluster has both Anthos Service Mesh and Anthos Config Management configured. End users inform you that the application is responding very slowly. You want to identify the microservice that is causing the delay. What should you do?
Use the Service Mesh visualization in the Cloud Console to inspect the telemetry between the microservices.
Use Anthos Config Management to create a ClusterSelector selecting the relevant cluster. On the Google Cloud Console page for Google Kubernetes Engine, view the Workloads and filter on the cluster. Inspect the configurations of the filtered workloads.
Use Anthos Config Management to create a namespaceSelector selecting the relevant cluster namespace. On the Google Cloud Console page for Google Kubernetes Engine, visit the workloads and filter on the namespace. Inspect the configurations of the filtered workloads.
Reinstall istio using the default istio profile in order to collect request latency. Evaluate the telemetry between the microservices in the Cloud Console.
Managing and provisioning a cloud solution infrastructure
Designing for security and compliance
Comments