Cloud Security and Compliance

Questions and Answers

What is the primary benefit of using lifecycle-managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes?

• Improved data durability
• Reduced maintenance costs (correct)
• Enhanced data security
• Increased storage capacity

Which Google Cloud service is best suited for storing 20 TB of log archives retained for legal reasons?

• Persistent Disk SSD storage
• Cloud Storage (correct)
• Cloud Datastore
• Cloud SQL

What is the primary purpose of using StatefulSets in Kubernetes?

• To manage container networks
• To set environment variables for containers
• To maintain a consistent set of hostnames for pods (correct)
• To manage role-based access control

Which of the following is not a suitable solution for storing customer session state data that requires low latency and high durability?

Cloud Storage for customer session state data (A)

What is the primary benefit of using Managed Instance Groups in Compute Engine?

Simplified instance management (C)

Which feature of Google Cloud Identity and Access Management (IAM) is used to control access to resources within a project?

Roles (B)

What should you do to test the resilience of an authentication layer that consists of a regional managed instance group serving a public REST API that reads from and writes to a Cloud SQL instance?

Configure a read replica for your Cloud SQL instance in a different zone than the master, and then manually trigger a failover while monitoring KPIs for your REST API. (A)

Which of the following is a key benefit of using Virtual Private Cloud (VPC) in Google Cloud?

Enhanced data security (A)

How can you view the number of queries each user ran in your BigQuery project for audit purposes?

Use Cloud Audit Logging to view Cloud Audit Logs, and create a filter on the query operation to get the required information. (A)

What is the primary benefit of creating a read replica instance in a different region?

To provide high availability in case of a regional outage (A)

What should you do to automate the creation of a managed instance group with many OS package dependencies and minimize the startup time for new VMs?

Use Terraform to create the managed instance group and a startup script to install the OS package dependencies. (C)

What is the primary purpose of using Persistent Disk SSD storage in Compute Engine?

To provide low-latency storage for databases (B)

What is a benefit of using a managed instance group in Compute Engine?

It allows you to create a group of identical virtual machines that can be managed as a single entity. (B)

What is the recommended approach to optimize the performance of a stateless application running on a Compute Engine instance?

Create a custom image from the existing disk and create an autoscaled managed instance group (A)

How can you restrict communications between VM instances in a VPC?

Use firewall rules based on network tags attached to the compute instances (C)

What should you do to ensure that only authorized users can access your Virtual Private Cloud (VPC) network?

Use Cloud IAM to create a custom role with permissions to access the VPC network. (C)

What is a benefit of using a read replica in Cloud SQL?

It provides high availability and disaster recovery for your Cloud SQL instance. (A)

What is the purpose of a managed instance group?

To manage a group of VM instances with identical configurations (A)

What should you do to disable and then discontinue use of all GCP services and APIs that are not HIPAA-compliant?

Disable and then discontinue use of all non-HIPAA-compliant services and APIs manually. (A)

How can you ensure high availability for a Compute Engine instance?

Create a failover replica instance in a different region (D)

What is a benefit of using Cloud Audit Logging?

It provides audit logs for GCP resources, such as BigQuery queries. (C)

What is the benefit of using instance templates in a managed instance group?

To create a consistent configuration across instances (C)

How can you autoscale a Compute Engine instance?

Create a managed instance group and set autoscaling policies (B)

What is the purpose of a VPC?

To provide a secure and isolated network for Compute Engine instances (D)

Study Notes

Resilience Testing

• To test the resilience of an authentication layer, deploy a read replica for the Cloud SQL instance in a different zone and trigger a failover while monitoring KPIs for the REST API.

BigQuery Auditing

• To see how many queries each user ran in the last month, use Cloud Audit Logging to view Cloud Audit Logs and create a filter on the query operation.

Automating Instance Group Creation

• To automate the creation of a managed instance group with many OS package dependencies, use Terraform to create the managed instance group and a startup script to install the dependencies.

High Availability

• To introduce high availability, create a read replica instance in a different region.

Optimizing Application Performance

• To optimize the application's performance, create a snapshot of the existing disk, create an instance template from the snapshot, and then create an autoscaled managed instance group from the instance template.

Restricting Communications

• To restrict communications between instances, use firewall rules based on network tags attached to the compute instances.

Cost-Effective Storage Allocation

• For cost-effective storage allocation, recommend using local SSD for customer session state data and lifecycle-managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes.

Consistent Hostnames

• To achieve consistent hostnames even after pod scaling and relaunches, use StatefulSets in Kubernetes.

Description

This quiz tests your knowledge of Cloud security and compliance, including HIPAA compliance, authentication layer resilience testing, and data protection.