A customer implements Cloud Identity

单选题 A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy. What should the customer do to meet these requirements?

A、 Make sure that the ERP system can validate the JWT assertion in the HTTP requests.

B、 Make sure that the ERP system can validate the identity headers in the HTTP requests.

C、 Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.

D、 Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.

查看答案

下载APP答题

由4l***8q提供分享举报纠错

相关试题

单选题 A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system. How should the customer achieve this using Google Cloud Platform?

A、 Use Cloud Source Repositories, and store secrets in Cloud SQL.

B、 Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.

C、 Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.

D、 Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.

查看答案

单选题 Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership. What should your team do to meet these requirements?

A、 Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.

B、 Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.

C、 Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.

D、 Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

查看答案

单选题 A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack. Which solution should this customer use?

A、 VPC Flow Logs

B、 Cloud Armor

C、 DNS Security Extensions

D、 Cloud Identity-Aware Proxy

查看答案

单选题 A customer's data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite. How should you best advise the Systems Engineer to proceed with the least disruption?

A、 Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain.

B、 Register a new domain name, and use that for the new Cloud Identity domain.

C、 Ask Google to provision the data science manager's account as a Super Administrator in the existing domain.

D、 Ask customer's management to discover any other uses of Google managed services, and work with the existing Super Administrator.

查看答案

单选题 A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?

A、 Cloud Armor

B、 Google Cloud Audit Logs

C、 Web Security Scanner

D、 Anomaly Detection

查看答案

单选题 A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection. Which product should be used to meet these requirements?

A、 Cloud Armor

B、 VPC Firewall Rules

C、 Cloud Identity and Access Management

D、 Cloud CDN

查看答案

单选题 Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization. Which logging export strategy should you use to meet the requirements?

A、 1. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project. 2. Subscribe SIEM to the topic.

B、 1. Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project. 2. Process Cloud Storage objects in SIEM.

C、 1. Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project. 2. Subscribe SIEM to the topic.

D、 1. Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project. 2. Process Cloud Storage objects in SIEM.

查看答案

单选题 A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re- occurs. What should you do?

A、 Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.

B、 Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.

C、 Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.

D、 Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

查看答案