Quizlet #8

Question 1

defense-in-depth process for storing data in Google Cloud

Answer 1

1. Data is broken into many pieces in memory. 2. These pieces, or “chunks”, are encrypted with their own data encryption key or ‘DEK’. 3. These DEKs are then encrypted a second time with key encryption key or ‘KEK’. 4. Encrypted chunks and wrapped KEKs are distributed across Google’s infrastructure

Question 2

Identity layer protection

Answer 2

Google Cloud operates a zero-trust model. This means that every user and every machine that tries to access data or services must strongly authenticate identity at each stage for each file

Question 3

Network layer protection

Answer 3

Encryption in transit protects data as it moves across a network. Multiple layers of defense are in place to help protect customers against network attacks, like DDoS attacks

Question 4

Operations layer of protection

Answer 4

Operations layer of protection A global operations team of more than 900 security experts monitor the system 24 hours a day, 365 days a year. Their role is to detect attacks and other issues and to respond to them

Question 5

Front end user access

Answer 5

None of the 4 (view logs, modify settings, modify users, or modify applications)

Question 6

Manager access

Answer 6

Modify users and applications

Question 7

Admin user access All 4 (view logs, modify settings, modify users, or modify applications)

Answer 7

Admin user access All 4 (view logs, modify settings, modify users, or modify applications)

Question 8

Who of IAM policy

Answer 8

A Google account, a Google group, a service account, or a Google Workspace or Cloud Identity domain

Question 9

What of IAM policy

Answer 9

If you’re a viewer on a given resource, you can examine it, but not change its state. If you’re an editor, you can do everything a viewer can do plus change its state. And if you’re an owner, you can do everything an editor can do plus manage roles and permissions on the resource

Question 10

“least-privilege” model

Answer 10

Each person in your organization is given the minimal amount of privilege needed to do their job

Question 11

Resource Hierarchy

Answer 11

The way your IT team can organize your business’ Google Cloud environment and how that service structure maps to your organization’s actual structure.

Question 12

Google Cloud Roles

Answer 12

Primitive, Predefined, Custom

Question 13

Primitave Roles

Answer 13

Broad roles, such as Owner, Editor, or Viewer

Question 14

Predefined Roles

Answer 14

Predefined Roles Collection of permissions, such as roles for Compute Engine only.

Question 15

Custom Roles

Answer 15

Roles created specifically for each person or sets of persons, usually mapped by job function for group

Question 16

Domain Top-level of management,

Answer 16

Domain Top-level of management, managed through cloud identity, manages user profiles

Question 17

Organization

Answer 17

Managed through cloud console, and lets admin see and control permissions

Question 18

Developers

Answer 18

Responsible for writing code for systems and applications, and operators are responsible for ensuring that those systems and applications operate reliably. Expected to be agile. Their aim is to release new functions frequently, increase core business value with new features, and release fixes fast for an overall better user experience

Question 19

Operators

Answer 19

Expected to keep systems stable, and so they often prefer to work more slowly to ensure reliability and consistency

Question 20

Success in Cloud

Answer 20

Adjust expectations for service availability and Adopt best practices from DevOps and Site Reliability Engineering