Security, Billing, Resource Hierarchy Flashcards

1
Q

Your organization needs to plan its cloud infrastructure expenditures.
Which should your organization do?

A. Review cloud resource costs frequently, because costs change often based on use
B. Review cloud resource costs annually as part of planning your organization’s overall budget
C. If your organization uses only cloud resources, infrastructure costs are no longer part of your overall budget
D. Involve fewer people in cloud resource planning than your organization did for on-premises resource planning

A

A. Review cloud resource costs frequently, because costs change often based on use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which Google Cloud product can report on and maintain compliance on your entire Google Cloud organization to cover multiple projects?

A. Cloud Logging
B. Identity and Access Management
C. Google Cloud Armor
D. Security Command Center

A

D. Security Command Center

Security Command Center is a centralized security and risk management platform for your Google Cloud resources. It is a single tool that offers a variety of security features including:
1. Gain centralized visibility and control
2. Discover misconfigurations and vulnerabilities
3. Report on and maintain compliance
4. Detect threats targeting your Google Cloud assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which Google Cloud product or feature makes specific recommendations based on security risks and compliance violations?

A. Google Cloud firewalls
B. Security Command Center
C. Cloud Deployment Manager
D. Google Cloud Armor

A

B. Security Command Center

Security Command Center is a centralized security and risk management platform for your Google Cloud resources. It is a single tool that offers a variety of security features including:
1. Gain centralized visibility and control
2. Discover misconfigurations and vulnerabilities
3. Report on and maintain compliance
4. Detect threats targeting your Google Cloud assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are based in Canada should be allowed to view the contents.
What is the most effective and efficient way to satisfy this requirement?

A. Deploy the Cloud Storage bucket to a Google Cloud region in Canada
B. Configure Google Cloud Armor to allow access to the bucket only from IP addresses based in Canada
C. Give each employee who is based in Canada access to the bucket
D. Create a group consisting of all Canada-based employees, and give the group access to the bucket

A

D. Create a group consisting of all Canada-based employees, and give the group access to the bucket

The easiest way to control access to create a Group and then add all canadian employees to that group.

Now allow that canada group to have access to the cloud storage bucket. And ensure that no other group or use has access to that bucket.
Now Any employee not part of that group will not be able to access the bucket.

You can achieve the same effect by allowing each canada employee to have access to that bucket but it would be too cumbersome to do it for say, 300 employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your organization needs to ensure that the Google Cloud resources of each of your departments are segregated from one another. Each department has several environments of its own: development, testing, and production. Which strategy should your organization choose?

A. Create a project per department, and create a folder per environment in each project.
B. Create a folder per department, and create a project per environment in each folder.
C. Create a Cloud Identity domain per department, and create a project per environment in each domain.
D. Create a Cloud Identity domain per environment, and create a project per department in each domain.

A

B. Create a folder per department, and create a project per environment in each folder.

You need to remember the order

Org (has domain)
–> Folder –> Folder ….. Folder
–> Project
–> Cloud Resource (DB, VM etc)

Org - TCS
Domain - gcp.tcs.com

Folder can have Folders
Folders can have Projects
Project will have Resources
Folders directly can not have Resources

A can’t be true because projects can’t have folders

C, D is not ok because you should have a single Org and domain

B is correct.
Org
–> Folder(Finance) –>Project(Dev)
–>Project(Prod)
–> Folder(HR) –>Project(Dev)
–>Project(Prod)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company needs to segment Google Cloud resources used by each team from the others. The teams’ efforts are changing frequently, and you need to reduce operational risk and maintain cost visibility. Which approach does Google recommend?

A. One project per team.
B. One organization per team.
C. One project that contains all of each team’s resources.
D. One top-level folder per team.

A

You need to remember the order

Org (has domain)
–> Folder –> Folder ….. Folder
–> Project
–> Cloud Resource (DB, VM etc)

Org - TCS
Domain - gcp.tcs.com

Folder can have Folders
Folders can have Projects
Project will have Resources
Folders directly can not have Resources

The Q is asking to separate one team from another.
So have a folder at team level. Inside it you can have projects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An organization is planning its cloud expenditure.
What should the organization do to control costs?

A. Consider cloud resource costs as capital expenditure in annual planning.
B. Use only cloud resources; they have no cloud infrastructure costs.
C. Review cloud resource costs frequently because costs depend on usage.
D. Assess cloud resources costs only when SLO is not met by their cloud provider.

A

C. Review cloud resource costs frequently because costs depend on usage.

A is wrong because Cloud is about OpEx and not about CapEx

B is wrong because cost of cloud resources has infra cost included in them

D. Wrong

You should always have a closed eye on how much your cloud is costing you else it may shoot up very quickly and you wont know until you get the bill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your organization meant to purchase a 3-year Committed Use Discount, but accidentally purchased a 1-year Committed Use Discount instead. What should your organization do?

A. Contact your financial institution.
B. Contact Trust and Safety.
C. Contact Cloud Billing Support.
D. Contact Technical Support.

A

C. Contact Cloud Billing Support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A food delivery service needs access to real-time menu information from all partner restaurants. They also need to share customer order information with the restaurants in real time.
What should the organization use?

A. Site reliability engineering (SRE)
B. An application programming interface (API)
C. A customized machine learning model
D. A multi-regional database

A

B. An application programming interface (API)

Whenever you need to provide data to your partners or customers, the best option is to use API. You could still do it by sharing files or providing access to DB but that would be unsafe and completely wrong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An organization wants to collect metrics and metadata from their cloud applications and put them into dashboards.
Which Google Cloud tool should they use?

A. Cloud Monitoring
B. Cloud Trace
C. Cloud Logging
D. Cloud Debugger

A

A. Cloud Monitoring

This reads all cloud services and resources, collect data and shows on dashboards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does Cloud Debugger help an organization do?

A. Implement code updates in real time without affecting the service level objective (SLO).
B. Inspect source code in real time without affecting user downtime.
C. Manage code and accelerate application development.
D. Analyze live source code during user downtime.

A

B. Inspect source code in real time without affecting user downtime.

If there is a production defect, you can use Cloud Debugger to debug the code in production itself and without stopping the production application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An organization needs to search an application’s source code to identify a potential issue. The application is distributed across multiple containers.
Which Google Cloud product should the organization use?

A. Google Cloud Console
B. Cloud Trace
C. Cloud Monitoring
D. Cloud Logging

A

B. Cloud Trace

It can show how your data is flowing across different components eg App->Server->DB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Cloud Logging help an organization do?

A. Analyze live source code and log code updates.
B. Deploy infrastructure as code.
C. Analyze logs and accelerate application troubleshooting.
D. Manage storage of custom VM images.

A

C. Analyze logs and accelerate application troubleshooting.

Cloud Logging enables logging data collection from over 150 common application components, on-premises systems, and hybrid cloud systems. It supports storing, searching, analyzing, monitoring, and alerting on logging data and events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is logging within the context of cloud technology?

A. Writing application and operating system events as text
B. Monitoring network and resource limitations
C. Tracking source code across an organization
D. Recording infrastructure and hardware expenditure

A

A. Writing application and operating system events as text

Cloud Logging enables logging data collection from over 150 common application components, on-premises systems, and hybrid cloud systems. It supports storing, searching, analyzing, monitoring, and alerting on logging data and events.

You can collect logging data/events from most of the application on cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An organization wants to leverage tooling and automation as part of its new DevOps philosophy.
Which operational challenge will this resolve?

A. Repetitive manual tasks that hinder workflows
B. Time-consuming supervision of creative tasks
C. Distribution and supply-chain issues
D. Defective technical equipment that limits innovation

A

A. Repetitive manual tasks that hinder workflows

DevOps is about automation and we use automation to avoid Repetitive manual tasks. hence A to be correct !

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An employee receives an email from their internet service provider asking for their bank account number and password.
Which cybersecurity threat is this?

A. Ransomware
B. Distributed Denial of Service (DDos)
C. Spamming
D. Phishing

A

D. Phishing

Ransomware - I have change password of your email. Give me money and I will send your teh password

DDoS - I am attacking your server with thousands of fake requests so that your actual user will see “page not responding”

Spam - Sending marketing emails, calls

Phishing - I am calling from Bank. What is your Card PIN?

17
Q

An organization wants to evaluate the performance of their entire cloud infrastructure, including metrics like server uptime and response rate reports. Which Google Cloud tool should the organization use?

A) Cloud Profiler
B) Cloud Debugger
C) Cloud Trace
D) Cloud Monitoring

A

D) Cloud Monitoring

A) is not correct. Cloud Profiler helps analyze application performance by gathering CPU usage and memory-allocation information.
B) is not correct. Cloud Debugger helps debug source code in production without shutting it down
C) is not correct. Cloud Trace helps track flow between containers to different services like VM, DB
D) is correct because Cloud Monitoring enables users to monitor the performance of their entire cloud infrastructure.

18
Q

A large organization is struggling to manage their cloud costs effectively. They want to increase visibility into cloud costs. Which cost management approach should the organization use?

A) Appoint a single person to monitor cloud spending across the organization.
B) Review any cloud spending that exceeds the organization’s error budget.
C) Increase monitoring of on-premises infrastructure and services.
D) Establish a partnership between finance, technology, and business teams.

A

D) Establish a partnership between finance, technology, and business teams.

A) is not correct. This approach might work for a small organization, but would be problematic for a large organization.
B) is not correct. An error budget is not related to cost management. Instead it is the difference between an SLO (service level objective) and an SLA (service level agreement).
C) is not correct. Cloud costs are not impacted by on-premises infrastructure and services.
D) is correct because cross-team partnerships are part of the visibility cost management strategy.

19
Q

How does a least privilege resource access model contribute to cloud security?

A) Only managers and other senior employees have cloud resource access.
B) Employees only have access to the cloud resources necessary for their job.
C) Employees may only access on-premises software with special permission.
D) Google is responsible for determining access to cloud resources.

A

A) is not correct. This access model could impede an organization’s ability to operate in the cloud.

B) is correct. This is the definition of a least privilege model.

C) is not correct. Access to on-premises software is not directly related to cloud resource security.
D) is not correct. Organizations are responsible for determining access to cloud resources.

20
Q

Your organization has customer data on-premise but wants to take advantage of the cloud’s storage security and durability. The data contains Personally Identifiable Information (PII) and the organization wants to ensure PIIs are de-identified via masking to keep this information safe.

What service would offer this protection?

BeyondCorp

HIPAA Compliance Program

Cloud Data Loss Prevention

Cloud Storage

A

Cloud Data Loss Prevention (DLP)

Use DLP to protect customer information

21
Q

An organization is reviewing its monthly operational expenditure on the Google Cloud platform and breaking down spending per region.

Which built-in cloud billing report would be ideal for visualization regional spending?

Cost Breakdown Report

Committed use discounts reports

Billing Reports

Cost Table Reports

A

Billing Reports

22
Q

An organization wants to move from a tactical cloud adoption approach to a transformational approach.
How should they change their cloud security?
A. Provide staff identities using only Google Cloud authentication.
B. Provide multiple layers of network security using a zero-trust model.
C. Emphasize strong perimeter security and trust in their private network.
D. Emphasize three main Identity Access Management roles: owner, editor, and viewer.

A

B. Provide multiple layers of network security using a zero-trust model.