In this article i am gone to share Coursera Course: Managing Security in Google Cloud Coursera Quiz Answers with you..

Enrol Link: Managing Security in Google Cloud

Managing Security in Google Cloud Coursera Quiz Answers

Foundations of Google Cloud Security Quiz Answers

Question 1)
Which ONE of the following statements is TRUE concerning Google’s built-in security measures?

• Customers always have the option to configure their instances to encrypt all of their data while it is “at rest” within Google Cloud.
• To guard against phishing attacks, all Google employee accounts require the use of U2F compatible security keys.
• Only Google-managed encryption keys are allowed to be used within Google Cloud.
• An organization’s on-premises resources are not allowed to connect to Google Cloud in order to lower the risk of DDoS attacks.

Question 2)
Which TWO of the following statements are TRUE regarding regulatory compliance on Google Cloud?

• Contacting your regulatory compliance certification agency is the only way to find out whether Google currently supports that particular standard.
• Google’s Cloud products regularly undergo independent verification of security, privacy, and compliance controls.
• Google has no plans at this time to expand its already-extensive portfolio of regulatory compliance certifications.
• Proper configuration of encryption and firewalls is not the only requirement for achieving regulatory compliance.

Question 3)
Which TWO of the following statements are TRUE regarding Google’s ability to protect its customers from DoS attacks?

• Application-aware defense is not currently supported on Google Cloud, although support for this is planned in the very near future.
• Google Front End can detect when an attack is taking place and can drop or throttle traffic associated with that attack.
• A single Google data center has many times the bandwidth of even a large DoS attack, enabling it to simply absorb the extra load.

Question 4)
For Platform-as-a-Service (PaaS) offerings, which of the following is NOT a customer-managed component of the shared security responsibility model?

• Access policies
• Network security
• Deployment
• Web application security

Securing Access to Google Cloud Quiz Answers

Question 1)
Which of the following statements is TRUE for the use of Cloud Identity?

• You cannot use both Cloud Identity and Google Workspace services to manage your users across your domain.
• A Google Workspace or Cloud Identity account can be associated with more than one Organization.
• Cloud Identity can work with any domain name that is able to receive email.
• Your organization must use Google Workspace services in order to use Cloud Identity.

Question 2)
The main purpose of Google Cloud Directory Sync is to: (choose ONE option below)

• Completely replace an Active Directory or LDAP service.
• Enable two-way data synchronization between Google Cloud and AD/LDAP accounts.
• Help simplify provisioning and de-provisioning user accounts.

Question 3)
Which TWO of the following are considered authentication “best practices?”

• Requiring 2-Step Verification (2SV) is only recommended for super-admin accounts.
• Avoid managing permissions on an individual user basis where possible.
• Organization Admins should never remove the default Organization-level permissions from users after account creation.
• You should have no more than three Organization admins.

Identity and Access Management Quiz Answers

Question 1)
Which FOUR of the following are Cloud IAM Objects that can be used to organize resources in Google Cloud?

• Member
• Folder
• Instance
• Bucket
• Container
• Organization
• Role

Question 2)
Projects in Google Cloud provide many management-related features, including the ability to (choose TWO)

• Selectively enable specific services and APIs.
• Track and manage quota usage.
• Balance server load between different Projects.
• Keep on-prem AD/LDAP accounts synced up with user’s Google Cloud resources.

Question 3)
Which TWO of the following statements about Cloud IAM Policies is TRUE?

• An organization policy can only be applied to the organization node.
• A Policy binding binds a list of members to a role.
• A less restrictive parent policy will not override a more restrictive child resource policy.
• A policy is a collection of access statements attached to a resource.

Configuring Virtual Private Cloud for Isolation and Security Quiz Answers

Question 1)
Which TWO of the following statements about VPCs is TRUE?

• Google Cloud Firewall allows rules by default only affect traffic flowing in one direction.
• Every VPC network functions as a distributed firewall where firewall rules are defined at the network level.
• A connection is considered active if it has at least one packet sent over a one hour period.
• VPC firewall rules in Google Cloud are global in scope.

Question 2)
Which FOUR of the following are firewall rule parameters?

• Action
• Project
• Organization
• Source
• Direction
• IP Address
• Timestamp

Question 3)
Which ONE of the following statements is TRUE when discussing the SSL capabilities of Google Cloud Load Balancer?

• If no SSL policy is set, the SSL policy is automatically set to the most constrained policy, which is RESTRICTED.
• Google Cloud Load Balancers require, and will only accept, a Google-managed SSL Cert.
• The Google-managed profile, COMPATIBLE, allows clients which support out-of-date SSL features.
• You must use one of the 3 pre-configured “Google-managed profiles” to specify the level of compatibility appropriate for your application.

Question 4)
Which statement about VPC Service Controls is false?

• VPC Service Controls protect resources within a perimeter so they can only be privately accessed from clients within authorized VPC networks.
• VPC Service Controls restrict Internet access to resources within a perimeter using allowlisted IPv4 and IPv6 ranges.
• VPC Service Controls restrict Internet access to resources within a perimeter by checking permissions assigned to Cloud Identity and Active Directory accounts only.
• VPC Service Controls prevent data from being copied to unauthorized resources outside the perimeter using service operations.