Podcast Beta
Questions and Answers
Which setting can be used to prevent a Compute Engine instance from accessing the internet or Google APIs/services?
Which type of firewall rules are implied in a VPC network?
How can plain text secrets be securely stored in Cloud Storage?
Study Notes
- Compute Engine instance can be configured to not have access to internet or Google APIs/services by disabling Public IP and Private Google Access settings.
- VPC network has implied firewall rules that deny all inbound connections and allow all outbound connections.
- Storing plain text secrets in SCM system can be avoided by encrypting them with a CMEK and storing them in Cloud Storage.
- Cloud Directory Sync can be set up to sync groups and manage IAM permissions from on-premises Active Directory Service.
- Secure container images should incorporate only necessary tools and a single app.
- PID 1 should not be used to run the app in a secure container image.
- Cloud Source Repositories can be used to store code.
- IAM Network User Role and Static routes settings should remain disabled for Compute Engine instance with no internet access.
- Cloud Data Loss Prevention API can be used to scan secrets.
- SAML 2.0 Single Sign-On can be set up to manage IAM permissions.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Are you interested in learning more about cloud infrastructure security and best practices? Test your knowledge with our quiz! This quiz covers topics such as secure container images, IAM permissions, VPC network firewall rules, and more. Sharpen your skills and see how much you know about securing your cloud environment.
