Security

Question 1

What is the principle of separation of duties?

Answer 1

A security principle that ensures no single individual has control over all aspects of any critical process.

Question 2

What does ‘defense in depth’ refer to?

Answer 2

A layered security approach that uses multiple security measures to protect data.

Question 3

What is the default encryption status of data in Google Cloud?

Answer 3

Everything is always encrypted at rest and in transit.

Question 4

What is BeyondCorp?

Answer 4

A security model that focuses on identity rather than network location.

Question 5

What is Cloud Identity?

Answer 5

An Identity as a Service (IDaaS) solution that centrally manages users and groups.

Question 6

What does Cloud Identity prevent?

Answer 6

Prevents users from using personal accounts to access corporate resources.

Question 7

How can existing corporate directories like Microsoft AD be used with Cloud Identity?

Answer 7

By scheduling a one-way sync using Google Cloud Directory Sync (GCDS).

Question 8

What is the purpose of Identity and Access Management (IAM) in Google Cloud?

Answer 8

It provides authorization controls to Google Cloud resources.

Question 9

What is a role in IAM?

Answer 9

A collection of permissions granted to users.

Question 10

What are primitive roles in IAM?

Answer 10

Basic roles that are project-level and often too broad.

Question 11

What are predefined roles in IAM?

Answer 11

Roles that provide granular access to specific resources.

Question 12

What is the maximum number of member bindings allowed per IAM policy?

Answer 12

1,500 member bindings.

Question 13

True or False: Child policies can restrict access granted at a higher level.

Answer 13

False.

Question 14

What are IAM Conditions used for?

Answer 14

To define and enforce conditional, attribute-based access for resources.

Question 15

What is the best practice regarding IAM roles?

Answer 15

Use groups instead of individual accounts.

Question 16

What is the command to undelete a custom role within 7 days?

Answer 16

gcloud iam roles undelete.

Question 17

What do service accounts provide?

Answer 17

An identity for carrying out server-to-server interactions.

Question 18

What is Cloud Armor?

Answer 18

Edge-level protection from DDoS and other attacks on global HTTP(S) LB.

Question 19

What does the Cloud DLP API do?

Answer 19

Finds and optionally redacts sensitive information in unstructured data streams.

Question 20

What is Cloud Security Command Center (Cloud SCC)?

Answer 20

GCP’s SIEM for reviewing and managing security across services.

Question 21

What is Cloud KMS?

Answer 21

Google’s low-latency service to manage and use keys.

Question 22

What is the purpose of Cloud HSM?

Answer 22

To host encryption keys and perform cryptography operations.

Question 23

Fill in the blank: All data on GCP is encrypted in transit and at rest by default using _______.

Answer 23

customer-supplied encryption keys.

Question 24

What is the 24-hour delay in Cloud KMS for?

Answer 24

To prevent accidental or malicious data loss during key deletion.

Question 25

What are service accounts authenticated with?

Answer 25

Keys.

Question 26

What is the function of the Activity Analyzer?

Answer 26

To see reports about service accounts’ latest usage.

Question 27

What is the role of Organizational Policy Service?

Answer 27

To provide centralized control over the organization’s cloud resources.

Question 28

What are ‘Security Marks’ used for in Cloud SCC?

Answer 28

To group, track, and manage resources.

Question 29

What is a characteristic of Google App Engine’s Security Scanner?

Answer 29

It is free but limited and has very low false positive rates.