Amazon wants to determine what products they can build to help customers improve their credit scores depending on their age range. To achieve this, you need to join user information in the company's banking app with customers' credit score data received from a third party. While using this raw data will allow you to complete this task, it exposes sensitive data, which could be propagated into new systems. This risk needs to be addressed using de-identification and tokenization with Cloud Data Loss Prevention while maintaining the referential integrity across the database. Which cryptographic token format should you use to meet these requirements?

An office manager at your small startup company is responsible for matching payments to invoices and creating billing alerts. For compliance reasons, the office manager is only permitted to have the Identity and Access Management (IAM) permissions necessary for these tasks. Which two IAM roles should the office manager have? (Choose two.)

You are designing a new governance model for your organization's secrets that are stored in Secret Manager. Currently, secrets for Production and NonProduction applications are stored and accessed using service accounts. Your proposed solution must:

✑ Provide granular access to secrets

✑ Give you control over the rotation schedules for the encryption keys that wrap your secrets

✑ Maintain environment separation

✑ Provide ease of management

Which approach should you take?

You are a security engineer at a finance company. Your organization plans to store data on Google Cloud, but your leadership team is worried about the security of their highly sensitive data. Specifically, your company is concerned about internal Google employees' ability to access your company's data on Google Cloud. What solution should you propose?

You want to use the gcloud command-line tool to authenticate using a third-party single sign-on (SSO) SAML identity provider. Which options are necessary to ensure that authentication is supported by the third-party identity provider (IdP)? (Choose two.)

You work for a large organization where each business unit has thousands of users. You need to delegate management of access control permissions to each business unit. You have the following requirements:

✑ Each business unit manages access controls for their own projects.

✑ Each business unit manages access control permissions at scale.

✑ Business units cannot access other business units' projects.

✑ Users lose their access if they move to a different business unit or leave the company.

✑ Users and access control permissions are managed by the on-premises directory service.

What should you do? (Choose two.)

Your organization recently deployed a new application on Google Kubernetes Engine. You need to deploy a solution to protect the application. The solution has the following requirements:

✑ Scans must run at least once per week

✑ Must be able to detect cross-site scripting vulnerabilities

✑ Must be able to authenticate using Google accounts

Which solution should you use?