Professional-Cloud-Security-Engineer Exam Question 66

Your company's chief information security officer (CISO) is requiring business data to be stored in specific locations due to regulatory requirements that affect the company's global expansion plans. After working on a plan to implement this requirement, you determine the following:
The services in scope are included in the Google Cloud data residency requirements.
The business data remains within specific locations under the same organization.
The folder structure can contain multiple data residency locations.
The projects are aligned to specific locations.
You plan to use the Resource Location Restriction organization policy constraint with very granular control. At which level in the hierarchy should you set the constraint?
  • Professional-Cloud-Security-Engineer Exam Question 67

    A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.
    What should they do?
  • Professional-Cloud-Security-Engineer Exam Question 68

    You discovered that sensitive personally identifiable information (PII) is being ingested to your Google Cloud environment in the daily ETL process from an on-premises environment to your BigQuery datasets. You need to redact this data to obfuscate the PII, but need to re-identify it for data analytics purposes. Which components should you use in your solution? (Choose two.)
  • Professional-Cloud-Security-Engineer Exam Question 69

    Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.
    How should your team design this network?
  • Professional-Cloud-Security-Engineer Exam Question 70

    Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process.
    What should you do?