The practice exam translated into Japanese is in “Professional Cloud Security Engineer 模擬問題集 （2020.02.24）“.
Google Cloud Certified – Professional Cloud Security Engineer Practice Exam (45 Q)
When creating a secure container image, which two items should you incorporate into the build if possible ? (Choose two.)
- A. Ensure that the app does not run as PID 1.
- B. Package a single app as a container.
- C. Remove any unnecessary tools not needed by the app.
- D. Use public container images as a base image for the app.
- E. Use many container image layers to hide sensitive information.
Correct Answer: B, C
– Best practices for building containers
A company is running workloads in a dedicated server room.
They must only be accessed from within the private company network.
You need to connect to these workloads from Google Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)
- A. Configure the project with Google Cloud VPN.
- B. Configure the project with Shared VPC.
- C. Configure the project with Cloud Interconnect.
- D. Configure the project with VPC peering.
- E. Configure all Google Compute Engine instances with Private Access.
Correct Answer: D, E
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Google Compute Engine.
Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy.
What should the customer do to meet these requirements ?
- A. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
- B. Make sure that the ERP system can validate the identity headers in the HTTP requests.
- C. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
- D. Make sure that the ERP system can validate the user’s unique identifier headers in the HTTP requests.