861 お客様のコメント
クリック」
質問 1:
You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable?
A. compute.restrictXpnProjectLienRemoval
B. compute.restrictSharedVpcSubnetworks
C. compute.sharedReservationsOwnerProjects
D. compute.restrictSharedVpcHostProjects
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?
A. Cloud Armor
B. NAT Gateway
C. SSL Proxy Load Balancing
D. Network Load Balancing
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Your company is moving to Google Cloud. You plan to sync your users first by using Google Cloud Directory Sync (GCDS). Some employees have already created Google Cloud accounts by using their company email addresses that were created outside of GCDS. You must create your users on Cloud Identity.
What should you do?
A. Configure GCDS and use GCDS search rules to sync these users.
B. Write a custom script to identify existing Google Cloud users and call the Admin SDK: Directory API to transfer their account.
C. Use the transfer tool to migrate unmanaged users.
D. Configure GCDS and use GCDS exclusion rules to ensure users are not suspended.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An office manager at your small startup company is responsible for matching payments to invoices and creating billing alerts. For compliance reasons, the office manager is only permitted to have the Identity and Access Management (IAM) permissions necessary for these tasks.
Which two IAM roles should the office manager have? (Choose two.)
A. Organization Administrator
B. Project Creator
C. Billing Account User
D. Billing Account Viewer
E. Billing Account Costs Manager
正解:D,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet.
Your team requires an authentication layer in front of the application that supports two-factor authentication Which GCP product should the customer implement to meet these requirements?
A. Cloud Identity-Aware Proxy
B. Cloud Armor
C. Cloud Endpoints
D. Cloud VPN
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
You need to centralize your team's logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?
A. Create an aggregate org sink at the parent folder of the production projects, and set the destination to a logs bucket.
B. Create an aggregate org sink at the parent folder of the production projects, and set the destination to a Cloud Storage bucket.
C. Enable Cloud Monitoring workspace, and add the production projects to be monitored.
D. Use Logs Explorer at the organization level and filter for production project logs.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
You manage a Google Cloud organization with many projects located in various regions around the world. The projects are protected by the same Access Context Manager access policy. You created a new folder that will host two projects that process protected health information (PHI) for US-based customers. The two projects will be separately managed and require stricter protections. You are setting up the VPC Service Controls configuration for the new folder. You must ensure that only US-based personnel can access these projects and restrict Google Cloud API access to only BigQuery and Cloud Storage within these projects. What should you do?
A. - Enable Identity Aware Proxy in the new projects.
- Create an Access Context Manager access level with an "IP Subnetworks" attribute condition set to the US-based corporate IP range.
- Enable the "Restrict Resource Service Usage" organization policy at the new folder level with an
"Allow" policy type and set both "storage.googleapis.com" and "bigquery.googleapis.com" under
"Custom values."
B. - Configure a Cloud Interconnect connection or a Virtual Private Network (VPN) between the on- premises environment and the Google Cloud organization.
- Configure the VPC firewall policies within the new projects to only allow connections from the on- premises IP address range.
- Enable the Restrict Resource Service Usage organization policy on the new folder with an
"Allow" policy type, and set both "storage.googleapis.com" and "bigquery.googleapis.com" under
"Custom values."
C. - Edit the organization-level access policy and add the new folder under "Select resources to include in the policy."
- Specify the two new projects as "Resources to protect" in the service perimeter configuration.
- Set "Restricted services" to "all services," set "VPC accessible services" to "Selected services," and specify only BigQuery and Cloud Storage.
- Edit the existing access level to add a "Geographic locations" condition set to "US."
D. - Create a scoped access policy, add the new folder under "Select resources to include in the policy," and assign an administrator under "Manage principals."
- For the service perimeter, specify the two new projects as "Resources to protect" in the service perimeter configuration.
- Set "Restricted services" to "all services," set "VPC accessible services" to "Selected services," and specify only BigQuery and Cloud Storage under "Selected services."
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable?
A. compute.restrictXpnProjectLienRemoval
B. compute.restrictSharedVpcSubnetworks
C. compute.sharedReservationsOwnerProjects
D. compute.restrictSharedVpcHostProjects
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?
A. Cloud Armor
B. NAT Gateway
C. SSL Proxy Load Balancing
D. Network Load Balancing
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Your company is moving to Google Cloud. You plan to sync your users first by using Google Cloud Directory Sync (GCDS). Some employees have already created Google Cloud accounts by using their company email addresses that were created outside of GCDS. You must create your users on Cloud Identity.
What should you do?
A. Configure GCDS and use GCDS search rules to sync these users.
B. Write a custom script to identify existing Google Cloud users and call the Admin SDK: Directory API to transfer their account.
C. Use the transfer tool to migrate unmanaged users.
D. Configure GCDS and use GCDS exclusion rules to ensure users are not suspended.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An office manager at your small startup company is responsible for matching payments to invoices and creating billing alerts. For compliance reasons, the office manager is only permitted to have the Identity and Access Management (IAM) permissions necessary for these tasks.
Which two IAM roles should the office manager have? (Choose two.)
A. Organization Administrator
B. Project Creator
C. Billing Account User
D. Billing Account Viewer
E. Billing Account Costs Manager
正解:D,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet.
Your team requires an authentication layer in front of the application that supports two-factor authentication Which GCP product should the customer implement to meet these requirements?
A. Cloud Identity-Aware Proxy
B. Cloud Armor
C. Cloud Endpoints
D. Cloud VPN
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
You need to centralize your team's logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?
A. Create an aggregate org sink at the parent folder of the production projects, and set the destination to a logs bucket.
B. Create an aggregate org sink at the parent folder of the production projects, and set the destination to a Cloud Storage bucket.
C. Enable Cloud Monitoring workspace, and add the production projects to be monitored.
D. Use Logs Explorer at the organization level and filter for production project logs.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
You manage a Google Cloud organization with many projects located in various regions around the world. The projects are protected by the same Access Context Manager access policy. You created a new folder that will host two projects that process protected health information (PHI) for US-based customers. The two projects will be separately managed and require stricter protections. You are setting up the VPC Service Controls configuration for the new folder. You must ensure that only US-based personnel can access these projects and restrict Google Cloud API access to only BigQuery and Cloud Storage within these projects. What should you do?
A. - Enable Identity Aware Proxy in the new projects.
- Create an Access Context Manager access level with an "IP Subnetworks" attribute condition set to the US-based corporate IP range.
- Enable the "Restrict Resource Service Usage" organization policy at the new folder level with an
"Allow" policy type and set both "storage.googleapis.com" and "bigquery.googleapis.com" under
"Custom values."
B. - Configure a Cloud Interconnect connection or a Virtual Private Network (VPN) between the on- premises environment and the Google Cloud organization.
- Configure the VPC firewall policies within the new projects to only allow connections from the on- premises IP address range.
- Enable the Restrict Resource Service Usage organization policy on the new folder with an
"Allow" policy type, and set both "storage.googleapis.com" and "bigquery.googleapis.com" under
"Custom values."
C. - Edit the organization-level access policy and add the new folder under "Select resources to include in the policy."
- Specify the two new projects as "Resources to protect" in the service perimeter configuration.
- Set "Restricted services" to "all services," set "VPC accessible services" to "Selected services," and specify only BigQuery and Cloud Storage.
- Edit the existing access level to add a "Geographic locations" condition set to "US."
D. - Create a scoped access policy, add the new folder under "Select resources to include in the policy," and assign an administrator under "Manage principals."
- For the service perimeter, specify the two new projects as "Resources to protect" in the service perimeter configuration.
- Set "Restricted services" to "all services," set "VPC accessible services" to "Selected services," and specify only BigQuery and Cloud Storage under "Selected services."
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
Aizawa -
Professional-Cloud-Security-Engineerの問題集を購入して翌日にPass4Testから最新版を送られて、それげ受験してやっぱり合格だ。