Scribd
Upload
13 views10 pages

Quiz 3

The document discusses various Google Cloud security concepts and services including Cloud Armor, IAP, Access Context Manager, customer-managed encryption keys, audit logs, IAM, service accounts, Cloud CDN, and DLP.

Uploaded by

Marlon Moreno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views10 pages

Quiz 3

The document discusses various Google Cloud security concepts and services including Cloud Armor, IAP, Access Context Manager, customer-managed encryption keys, audit logs, IAM, service accounts, Cloud CDN, and DLP.

Uploaded by

Marlon Moreno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

4/30/24, 1:28 PM Security General

Security General Total points 11/20

_______________security policies enable you to allow, deny, rate-limit, or 0/1


redirect requests to your global external HTTP(S) load balancer, global
external HTTP(S) load balancer (classic)s, TCP proxy load balancers, or
SSL proxy load balancers at the Google Cloud edge

VPC Firewall Rules

Data Loss Prevention API

Cloud CDN

Cloud Armor

Correct answer

Cloud Armor

You can use _________ preconfigured rules to mitigate the following 0/1
attacks:SQL injection,Cross-site scripting,Protocol attack

VPC Firewall Rules

Data Loss Prevention API

Cloud CDN

Cloud Armor

Correct answer

Cloud Armor

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 1/10
4/30/24, 1:28 PM Security General

__________ lets you establish a central authorization layer for applications 0/1
accessed by HTTPS, so you can use an application-level access control
model instead of relying on network-level firewalls.

DLP

IAP

Cloud Armor

Cloud Endpoints

Correct answer

IAP

Using an OpenAPI Specification or one of our API frameworks, _________ 1/1


gives you the tools you need for API development and provides insight with
Cloud Logging, Cloud Monitoring, and Cloud Trace.

DLP

IAP

Cloud Armor

Cloud Endpoints

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 2/10
4/30/24, 1:28 PM Security General

______________ allows Google Cloud organization administrators to define 0/1


fine-grained, attribute based access control for projects and resources in
Google Cloud.

DLP

IAP

Cloud Endpoints

Access Context Manager

Correct answer

Access Context Manager

With _______ you can define "Service perimeters" this define sandboxes of 1/1
resources which can freely exchange data within the perimeter, but are not
allowed to export data outside of it

VPC

IAM

Access Context Manager

Cloud Endpoints

Is an API Gateway option in Google Cloud 1/1

DLP

IAP

Cloud Endpoints

IAM

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 3/10
4/30/24, 1:28 PM Security General

firewall policies let you create and enforce a consistent firewall policy 1/1
across your organization

True

False

Masking sensitive data by partially or fully replacing characters with a 0/1


symbol, such as an asterisk (*) or hash (#).Replacing each instance of
sensitive data with a token, or surrogate, string.Encrypting and replacing
sensitive data using a randomly generated or pre-determined key. This can
be done with_________

Cloud CDN

Data Loss Prevention API

Cloud Armor

VPC Firewall Rules

Correct answer

Data Loss Prevention API

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 4/10
4/30/24, 1:28 PM Security General

____________ can be enabled on a bucket in order to retain older versions of 0/1


objects. When the live version of an object is deleted or replaced, it
becomes noncurrent if versioning is enabled on the bucket. If you
accidentally delete a live object version, you can restore the noncurrent
version of it back to the live version.

Retention Policy

Object Hold

Object Versioning

Signed URL

Correct answer

Object Versioning

Feedback

https://cloud.google.com/storage/docs/control-data-lifecycles

If you need more control over key operations than what Google-managed 1/1
encryption keys allows, you can use_________________. These keys are
created and managed using Cloud Key Management Service (Cloud KMS),
and you store the keys as software keys, in an HSM cluster, or externally.

customer-managed encryption keys

customer-supplied encryption keys

ssh keys

service accounts

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 5/10
4/30/24, 1:28 PM Security General

Contain log entries for Google Cloud actions that modify the configuration 1/1
of resources

Admin Activity audit log¡s

Data Access audit logs

System event audit logs

Policy Denied audit logs

_____________ include Owner, Editor, and Viewer roles that existed prior to 1/1
the introduction of IAM.

Basic Roles

Predefined Roles

Custom Roles

Service Account

Is the service that allows you create principals in Google Cloud. 1/1

IAM

Cloud Identity

Firebase

IAP

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 6/10
4/30/24, 1:28 PM Security General

You can grant a permission to the user directly 0/1

Yes

No

Correct answer

Yes

Is a collection of statements that define who has what type of access 1/1

Role

Service Account

Policy

Permission

You can set an allow policy at any level in the resource hierarchy: the 0/1
organization level, the folder level, the project level, or the resource level.

True

False

Correct answer

True

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 7/10
4/30/24, 1:28 PM Security General

___________ is a special kind of account used by an application or compute 1/1


workload, such as a Compute Engine virtual machine (VM) instance, rather
than a person.

Role

Policy

Service Account

Permission

________________ uses Google's global edge network to serve content closer 1/1
to users, which accelerates your websites and applications.

Memcache

Cloud CDN

Cloud Storage

DLP

Fully managed service designed to help you discover, classify, and protect 0/1
your most sensitive data.

BigQuery

Data Catalog

DLP

Vision API

Correct answer

DLP

This form was created inside of itseniors. Report Abuse

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 8/10
4/30/24, 1:28 PM Security General

Forms

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5_… 9/10
4/30/24, 1:28 PM Security General

https://docs.google.com/forms/d/e/1FAIpQLSc2u_lu2TN5WUNOFjJf8SY9ft3Zq3wnlGCdOPlf943SOgbj2A/viewscore?viewscore=AE0zAgAtzkGwx5… 10/10

You might also like