Professional-Cloud-Security-Engineer Exam Question 26

Your application is deployed as a highly available cross-region solution behind a global external HTTP(S) load balancer. You notice significant spikes in traffic from multiple IP addresses but it is unknown whether the IPs are malicious. You are concerned about your application's availability. You want to limit traffic from these clients over a specified time interval.
What should you do?
  • Professional-Cloud-Security-Engineer Exam Question 27

    You're developing the incident response plan for your company. You need to define the access strategy that your DevOps team will use when reviewing and investigating a deployment issue in your Google Cloud environment. There are two main requirements:
    Least-privilege access must be enforced at all times.
    The DevOps team must be able to access the required resources only during the deployment issue.
    How should you grant access while following Google-recommended best practices?
  • Professional-Cloud-Security-Engineer Exam Question 28

    You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You only want to allow thee application frontend to access the data in the application's mysql instance on port 3306.
    What should you do?
  • Professional-Cloud-Security-Engineer Exam Question 29

    Your organization is using Vertex AI Workbench Instances. You must ensure that newly deployed instances are automatically kept up-to-date and that users cannot accidentally alter settings in the operating system. What should you do?
  • Professional-Cloud-Security-Engineer Exam Question 30

    Your organization is moving virtual machines (VMs) to Google Cloud. You must ensure that operating system images that are used across your projects are trusted and meet your security requirements.
    What should you do?