A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the appropriate log entries.Where should you export the logs?
For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on `in-scope` Nodes only. These Nodes can only contain the`in-scope` Pods.How should the organization achieve this objective?
In an effort for your company messaging app to comply with FIPS 140-2, a decision was made to use GCP compute and network services. The messaging app architecture includes a Managed Instance Group (MIG) that controls a cluster of Compute Engine instances. The instances use Local SSDs for data caching andUDP for instance-to-instance communications. The app development team is willing to make any changes necessary to comply with the standardWhich options should you recommend to meet the requirements?
A customer has an analytics workload running on Compute Engine that should have limited internet access.Your team created an egress firewall rule to deny (priority 1000) all traffic to the internet.The Compute Engine instances now need to reach out to the public repository to get security updates.What should your team do?
You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and AccessManagement (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.What should you do?
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.Which two settings must remain disabled to meet these requirements? (Choose two.)
