• A. Enable Cloud Monitoring workspace, and add the production projects to be monitored.

sdfB. Use Logs Explorer at the organization level and filter for production project logs.

• C. Create an aggregate org sink at the parent folder of the production projects, and set the destination to a Cloud Storage bucket.

D. Create an aggregate org sink at the parent folder of the production projects, and set the destination to a logs bucket.

• A. 1. Create or use an existing key with a unique uniform resource identifier (URI) in your Google Cloud project. 2. Grant your Google Cloud project access to a supported external key management partner system.

• B. 1. Create or use an existing key with a unique uniform resource identifier (URI) in Cloud Key Management Service (Cloud KMS). 2. In Cloud KMS, grant your Google Cloud project access to use the key.

C. 1. Create or use an existing key with a unique uniform resource identifier (URI) in a supported external key management partner system. 2. In the external key management partner system, grant access for this key to use your Google Cloud project.

• D. 1. Create an external key with a unique uniform resource identifier (URI) in Cloud Key Management Service (Cloud KMS). 2. In Cloud KMS, grant your Google Cloud project access to use the key.

• A. Identity Aware-Proxy

B. Cloud NAT

• C. TCP/UDP Load Balancing

• D. Cloud DNS

Hide Solution

• A. Remove Owner roles from end users, and configure Cloud Data Loss Prevention.

• B. Remove Owner roles from end users, and enforce domain restricted sharing in an organization policy.

C. Configure uniform bucket-level access, and enforce domain restricted sharing in an organization policy

• D. Remove *.setIamPolicy permissions from all roles, and enforce domain restricted sharing in an organization policy.

Hide Solution

• A. Use Identity Platform to provision users and groups to Google Cloud.

• B. Use Cloud Identity SAML integration to provision users and groups to Google Cloud.

C. Install Google Cloud Directory Sync and connect it to Active Directory and Cloud Identity.

D. Create Identity and Access Management (IAM) roles with permissions corresponding to each Active Directory group.

• E. Create Identity and Access Management (IAM) groups with permissions corresponding to each Active Directory group.

• A. Create an access level in the Google Admin console to prevent super admin from logging in to Google Cloud.

• B. Disable any Identity and Access Management (IAM) roles for super admin at the organization level in the Google Cloud Console.

C. Use a physical token to secure the super admin credentials with multi-factor authentication (MFA)

• D. Use a private connection to create the super admin accounts to avoid sending your credentials over the Internet.

E. Provide non-privileged identities to the super admin users for their day-to-day activities.

A. Create a Cloud Storage bucket to store your logs in the EUROPE-WEST1 region. Modify your application code to ship logs directly to your bucket for increased efficiency.

• B. Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years.

• C. Use a Pub/Sub topic to forward your application logs to a Cloud Storage bucket in the EUROPE-WEST1 region.

• D. Configure a custom retention policy of 12 years on your Google Cloud's operations suite log bucket in the EUROPE-WEST1 region.

Hide Solution