Professional-Cloud-Security-Engineer Exam Question 51

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.
Which Cloud Identity password guidelines can the organization use to inform their new requirements?
  • Professional-Cloud-Security-Engineer Exam Question 52

    A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
    How should the DevOps team accomplish this?
  • Professional-Cloud-Security-Engineer Exam Question 53

    A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection.
    Which product should be used to meet these requirements?
  • Professional-Cloud-Security-Engineer Exam Question 54

    Your financial services company is migrating its operations to Google Cloud You are implementing a centralized logging strategy to meet strict regulatory compliance requirements Your company's Google Cloud organization has a dedicated folder for all production projects All audit logs, including Data Access logs from all current and future projects within this production folder, must be securely collected and stored in a central BigQuery dataset for long-term retention and analysis To prevent duplicate log storage and to enforce centralized control, you need to implement a logging solution that intercepts and overrides any project-level log sinks for these audit logs, to ensure that logs are not inadvertently routed elsewhere What should you do?
  • Professional-Cloud-Security-Engineer Exam Question 55

    You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host from public locations so they can access the internal VPC while off-site. How should you enable this access?