Tech Books Yard have 259 Computer Sciences for Free Download
An auditor needs to review audit logs. You assign read-only permission to a custom role you create for auditors. What security best practice are you following?
- A. Defense in depth
- B. Least privilege
- C. Separation of duties
- D. Vulnerability scanning
- Correct Answer: Option B
What options are available for filtering log messages when viewing audit logs?
- A. Period time and log level only
- B. Resource, type of log, log level, and period of time only
- C. Resource and period of time only
- D. Type of log only
- Correct Answer: Option B
What GCP service is used to view audit logs?
- A. Compute Engine
- B. Cloud Storage
- C. Stackdriver Logging
- D. Custom logging
- Correct Answer: Option C
What gcloud command would you use to assign a service account when creating a VM?
- A. gcloud compute instances create [INSTANCE_NAME] --service account [SERVICE_ACCOUNT_EMAIL]
- B. gcloud compute instances create-service-account [INSTANCE_NAME] [SERVICE_ACCOUNT_EMAIL]
- C. gcloud compute instances define-service-account [INSTANCE_NAME] [SERVICE_ACCOUNT_EMAIL]
- D. gcloud compute create instances-service-account [INSTANCE_NAME] [SERVICE_ACCOUNT_EMAIL]
- Correct Answer: Option A
What gcloud command would you use to set scopes?
- A. gcloud compute instances set-scopes
- B. gcloud compute instances set-service-account
- C. gcloud compute service-accounts set-scopes
- D. gcloud compute service-accounts define-scopes
- Correct Answer: Option B
What are the options for setting scopes in a VM?
- A. Allow Default Access and Allow Full Access only
- B. Allow Default Access, Allow Full Access, and Set Access for Each API
- C. Allow Full Access or Set Access For Each API only
- D. Allow Default Access and Set Access For Each API only
- Correct Answer: Option B
A VM instance is trying to read from a Cloud Storage bucket. Reading the bucket is allowed by IAM roles granted to the service account of the VM. Reading buckets is denied by the scopes assigned to the VM. What will happen if the VM tries to read from the bucket?
- A. The application performing the read will skip over the read operation
- B. The read will execute because the most permissive permission is allowed.
- C. The read will not execute because both scopes and IAM roles are applied to determine what operations can be performed.
- D. The read operation will succeed, but a message will be logged to Stackdriver Logging.
- Correct Answer: Option C
A scope is identified using what kind of identifier?
- A. A randomly generated ID
- B. A URL beginning with https://www.googleserviceaccounts/
- C. A URL beginning with https://www.googleapis.com/auth/
- D. A URL beginning with https://www.googleapis.com/auth/PROJECT_ID
- Correct Answer: Option C
A DevOps engineer is confused about the purpose of scopes. Scopes are access controls that are applied to what kind of resources?
- A. Storage buckets
- B. VM instances
- C. Persistent disks
- D. Subnets
- Correct Answer: Option B
The gcloud command to create a custom role is what?
- A. gcloud project roles create
- B. gcloud iam roles create
- C. gcloud project create roles
- D. gcloud iam create roles
- Correct Answer: Option B