Security 2 Flashcards
(24 cards)
What are the two tiers available for Cloud Armor?
a. Premium
b. Standard
c. Managed Protection Plus
d. Bonus Protection
Standard
Managed Protection Plus
Cloud Armor is a ________ and ________ service
a. Virus protection, Networking
b. DDOS protection, Web Application Firewall (WAF)
c. DDOS protection, WiFi
d. Storage management, Web Application Firewall (WAF)
DDOS protection, Web Application Firewall (WAF)
What is a malicious attempt to disrupt normal traffic by flooding a website with large amounts of fake traffic?
a DDoS (Distributed Denial of Service) Attack
What service allows you to package Google cloud resources into a service offering that can be then made available and discoverable in a catalog internally to your organization to quickly deploy governed stacks and workloads?
a. Cloud Identity
b. Private Catalog
c. IAM
d. Cloud Armor
b. Private Catalog
What does the Threat detection feature in Security Command Center do?
a. audits your cloud resources for security vulnerability
b. continuously scans for malicious attempts
c. inventory and historical information about your google cloud resources
d. fix security misconfiguration with single-click remediation
a. audits your cloud resources for security vulnerability
What does the “Asset discovery and inventory” feature in Security Command Center do?
a. audits your cloud resources for security vulnerability
b. collection of event logs for threat detection
c. provides inventory and historical information about your google cloud resources
d. fix security misconfiguration with single-click remediation
c. provides inventory and historical information about your google cloud resources
What is a centralized security and risk management platform for your google cloud resources?
Security Command Center
Birthday, government ID, full name, email address, mailing address are examples of …
a. Cloud Identity
b. Private Catalog
c. Personally identifiable information (PII)
d. Personally/Protected Health Information (PHI)
Personally identifiable information (PII)
What is any data that can be used to identify health information about a patient?
a. Personally identifiable information (PII)
b. Personally/Protected Health Information (PHI)
c. Cloud Identity
d. Security Command Center
Personally/Protected Health Information (PHI)
What is used to detect and protect sensitive information within GCP storage repositories?
Cloud Data Loss Prevention (DLP)
What are BeyondCorp’s principles? (Choose 3)
a. Access to services must not be determined by the network from which you connect
b. Access to services is granted based on contextual factors from the user and their device
c. Access to services related to storage and data is secondary
d. Access to services must be authenticated, authorized, and encrypted
a. Access to services must not be determined by the network from which you connect
b. Access to services is granted based on contextual factors from the user and their device
d. Access to services must be authenticated, authorized, and encrypted
What is NOT a feature of BeyondCorp?
a. access control policies
b. single sign-on
c. IP-based
d. access proxy
c. IP-based
What puts identity as the primary security perimeter to be protected?
A Zero Trust model
When creating an access policy, what attributes can you use to determine the level of access?
All of the options
Operating System
IP Address
Device Type
User Identity
All of the options
Access Context Manager keeps mobile workforces utilizing ________ secure.
Bring-Your-Own-Devices (BYOD)
Networking devices
On-premise infrastructure
Pay as you go Service (PAYG)
Bring-Your-Own-Devices (BYOD)
What allows Google Cloud organization admins to define fine-grained, attribute-based access control for projects and resources in Google Cloud.?
Access Context Manager
VPC Service Perimeters function like a firewall for GCP APIs
False
True
True
What is automatically created for you when you create an access level, service perimeter, or turn on IAP?
GCP APIs
VPC Service Perimeters
VPC Service Controls
Access policies
Access policies
What is VPC Service Controls?
VPC Service Controls allows you to create a service perimeter
What lets you manage who has access to services hosted on App Engine, Compute Engine, or an HTTPS Load Balancer?
Access Context Manager
Identity-Aware Proxy (IAP)
Security Command Center
Private Catalog
Identity-Aware Proxy (IAP)
What allows you to establish a central authorization layer for HTTPS-enabled applications, allowing you to utilize an application-level access control model rather than depending on network-level firewalls?
Cloud Identity-Aware Proxy (IAP)
Which BeyondCorp Enterprise feature prevents data loss, stops common threats, and provides real-time alerts, and detailed reporting?
Integrated threat and data protection
Identity and context-aware access control
Rely on Google Cloud’s global infrastructure
Support your environment: cloud, on-premises, or hybrid
Integrated threat and data protection
What does the “Rely on Google Cloud’s global infrastructure” in BeyondCorp Enterprise mean? (Choose 2)
scale, reliability, and security of Google’s network
non-disruptive overlay to your existing architecture
no need to install additional agents
144 edge locations in over 200 countries and territories
scale, reliability, and security of Google’s network
144 edge locations in over 200 countries and territories
What is enabled through Chrome Browser Cloud Management so you can protect against threats such as malware and phishing for your Chrome users as they download and upload files?
BeyondCorp Enterprise
