Professional-Cloud-Security-Engineer Exam Question 31
Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet.
What should your team grant to Engineering Group A to meet this requirement?
What should your team grant to Engineering Group A to meet this requirement?
Professional-Cloud-Security-Engineer Exam Question 32
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities.
Which service should be used to accomplish this?
Which service should be used to accomplish this?
Professional-Cloud-Security-Engineer Exam Question 33
You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?
How should you prevent and fix this vulnerability?
Professional-Cloud-Security-Engineer Exam Question 34
Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud.
What should you do?
What should you do?
Professional-Cloud-Security-Engineer Exam Question 35
You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.
What should you do?
What should you do?