Exam Logo

Google (PCSE) Exam Questions And Answers page 10

Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.

How should your team meet these requirements?
Google Cloud Identity and Access Management (IAM) Google Cloud Networking Security
You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.

What should you do?
Google Cloud Identity and Access Management (IAM) Google Cloud Data Security
You want to evaluate GCP for PCI compliance. You need to identify Google s inherent controls.

Which document should you review to find the information?
Google Cloud Identity and Access Management (IAM) Google Cloud Data Security
You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.

What should you do?
Google Cloud Networking Security Google Cloud Data Security
You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices.

What should you do?
Google Cloud Identity and Access Management (IAM)