Topic 3 Flashcards
Question #: 1
Topic #: 3
For this question, refer to the Helicopter Racing League (HRL) case study. Your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. You need to implement a custom card tokenization service that meets the following requirements:
* It must provide low latency at minimal cost.
* It must be able to identify duplicate credit cards and must not store plaintext card numbers.
* It should support annual key rotation.
Which storage approach should you adopt for your tokenization service?
A. Store the card data in Secret Manager after running a query to identify duplicates. B. Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode. C. Encrypt the card data with a deterministic algorithm and shard it across multiple Memorystore instances. D. Use column-level encryption to store the data in Cloud SQL.
https://www.examtopics.com/discussions/google/view/65937-exam-professional-cloud-architect-topic-3-question-1/
B. Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode.
Deterministic output means that a given set of inputs (card number, expiration, and userID) will always generate the same token. This is useful if you want to rely on the token value to deduplicate your token stores. You can simply match a newly generated token to your existing catalog of tokens to determine whether the card has been previously stored. Depending on your application architecture, this can be a very useful feature. However, this could also be accomplished using a salted hash of the input values.
Firestore is the next major version of Datastore. Firestore can run in Datastore mode, which uses the same API as Datastore and scales to millions of writes per
Question #: 2
Topic #: 3
For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer. Which command should you use?
A.
gcloud compute security-policies rules update 1000 \
–security-policy from-fastly \
–src-ip-ranges * \
–action “allow”
B.
gcloud compute firewall rules update sourceiplist-fastly \
–priority 1000 \
–allow tcp:443
C.
gcloud compute firewall rules update hlr-policy \
–priority 1000 \
–target-tags=sourceiplist-fastly \
–allow tcp:443
D.
gcloud compute security-policies rules update 1000 \
–security-policy hlr-policy \
–expression “evaluatePreconfiguredExpr(‘sourceiplist-fastly’)” \
–action “allow”
https://www.examtopics.com/discussions/google/view/68709-exam-professional-cloud-architect-topic-3-question-2/
D.
gcloud compute security-policies rules update 1000 \
–security-policy hlr-policy \
–expression “evaluatePreconfiguredExpr(‘sourceiplist-fastly’)” \
–action “allow”
https://cloud.google.com/armor/docs/configure-security-policies#gcloud_11
