Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Associate Cloud Engineer Exam - Topic 3 Question 74 Discussion

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google CloudProject. What should you do?
A) Enable Audit Logs for all APIs that are related to data storage.
B) Review the IAM permissions for any role that allows for data access.
C) Review the Identity-Aware Proxy settings for each resource.
D) Create a Data Loss Prevention job.

Google Associate Cloud Engineer Exam - Topic 3 Question 74 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 74
Topic #: 3
[All Associate Cloud Engineer Questions]

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud

Project. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A, E

Before you run the gcloud compute instances list command, you need to do two things: authenticate with your user account and set the default project for gcloud CLI.

To authenticate with your user account, you need to run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.This will authorize the gcloud CLI to access Google Cloud resources on your behalf1.

To set the default project for gcloud CLI, you need to run gcloud config set project $my_project, where $my_project is the ID of the project that contains the instances you want to list.This will save you from having to specify the project flag for every gcloud command2.

Option B is not recommended, because using a service account key increases the risk of credential leakage and misuse.It is also not necessary, because you can use your user account to authenticate to the gcloud CLI3. Option C is not correct, because there is no such thing as a Cloud Identity user account key.Cloud Identity is a service that provides identity and access management for Google Cloud users and groups4. Option D is not required, because the gcloud compute instances list command does not depend on the default zone. You can list instances from all zones or filter by a specific zone using the --filter flag.


1: https://cloud.google.com/sdk/docs/authorizing

2: https://cloud.google.com/sdk/gcloud/reference/config/set

3: https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys

4: https://cloud.google.com/identity/docs/overview

: https://cloud.google.com/sdk/gcloud/reference/compute/instances/list

by Fausto at Dec 25, 2023, 05:53 AM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Layla
6 months ago
D sounds cool, but not really for this situation, right?
upvoted 0 times
...
Ruthann
7 months ago
C seems less relevant for just checking data access.
upvoted 0 times
...
Leonida
7 months ago
Wait, can you really see all data access just by reviewing IAM?
upvoted 0 times
...
Deandrea
7 months ago
A is important too, but B should come first.
upvoted 0 times
...
Veda
7 months ago
Definitely B, checking IAM permissions is key!
upvoted 0 times
...
Leonora
7 months ago
Creating a Data Loss Prevention job seems more about protecting data rather than checking who can view it. I think it’s not the right choice here.
upvoted 0 times
...
Thora
8 months ago
I feel like checking the Identity-Aware Proxy settings might be relevant, but I can't recall how it ties into data access specifically.
upvoted 0 times
...
Barney
8 months ago
I remember practicing a question about audit logs, but I don't think they specifically show who has access, just what actions were taken.
upvoted 0 times
...
Bonita
8 months ago
I think reviewing IAM permissions is crucial since it directly relates to who can access the data. But I'm not entirely sure if that's the only step needed.
upvoted 0 times
...
Bernadine
8 months ago
I'm a little confused by this question. There are a few different options, and I'm not sure which one is the best approach. I think I'll start by reviewing the IAM permissions, as option B suggests, and then see if I need to do anything else based on what I find.
upvoted 0 times
...
Annelle
8 months ago
Okay, I've got this. The key here is to focus on access control and permissions. Option B is the way to go - reviewing the IAM permissions is the best way to see who has access to the data. I feel confident about this one.
upvoted 0 times
...
Brittni
8 months ago
Hmm, I'm a bit unsure about this one. I'm trying to decide between options A and B. Enabling audit logs could be helpful, but reviewing the IAM permissions might give me a more complete picture. I'll have to think this through carefully.
upvoted 0 times
...
Roselle
8 months ago
This looks like a straightforward security check question. I think I'll go with option B - reviewing the IAM permissions for any role that allows for data access. That seems like the most direct way to identify who has access to the data.
upvoted 0 times
...
Refugia
8 months ago
I'm pretty sure the answer is D. Impairment-free transmission is not an advantage of super-channels, since they still have some impairments to deal with.
upvoted 0 times
...
Cheryl
8 months ago
Hmm, I'm a little confused on the unit conversions here. How many pints are in a gallon? I need to make sure I have that right before I can solve this.
upvoted 0 times
...
Arlette
1 year ago
Hey, at least you're not the one in charge of the 'Data Disappearance Prevention' team. That's a tough gig!
upvoted 0 times
Lorean
12 months ago
C) Review the Identity-Aware Proxy settings for each resource.
upvoted 0 times
...
Ashley
12 months ago
B) Review the IAM permissions for any role that allows for data access.
upvoted 0 times
...
Zita
1 year ago
A) Enable Audit Logs for all APIs that are related to data storage.
upvoted 0 times
...
...
Precious
1 year ago
I'm a little confused. Why can't I just use Option C and review the Identity-Aware Proxy settings? That sounds like it would do the trick.
upvoted 0 times
Mabel
12 months ago
User1: True, having multiple layers of security checks is always a good idea.
upvoted 0 times
...
Maurine
12 months ago
User3: Enabling Audit Logs for data storage APIs is also a good practice to track access.
upvoted 0 times
...
Lorrie
12 months ago
User2: I agree with User1, it's crucial to check all roles that have access to data.
upvoted 0 times
...
Jennifer
1 year ago
User1: Option B is also important to review the IAM permissions for data access.
upvoted 0 times
...
...
Ezekiel
1 year ago
I believe enabling Audit Logs for data storage APIs is also important to track access.
upvoted 0 times
...
Omega
1 year ago
I agree with Arlyne, checking IAM permissions is crucial for security.
upvoted 0 times
...
Arlyne
1 year ago
I think we should review the IAM permissions for data access.
upvoted 0 times
...
Laura
1 year ago
D seems like the best choice. A Data Loss Prevention job can help you monitor and protect your data.
upvoted 0 times
Paz
1 year ago
D) Create a Data Loss Prevention job.
upvoted 0 times
...
Lashon
1 year ago
B) Review the IAM permissions for any role that allows for data access.
upvoted 0 times
...
Noble
1 year ago
D) Create a Data Loss Prevention job.
upvoted 0 times
...
Tamra
1 year ago
B) Review the IAM permissions for any role that allows for data access.
upvoted 0 times
...
...
Paulina
1 year ago
I believe enabling Audit Logs for data storage APIs is also important to track access.
upvoted 0 times
...
Xochitl
1 year ago
I agree with Marilynn, checking IAM permissions is crucial for security.
upvoted 0 times
...
Leah
1 year ago
I'm going with Option A. Enabling Audit Logs is a great way to track who's been accessing the data.
upvoted 0 times
Ezekiel
1 year ago
Definitely, it's important to have a comprehensive approach to data security.
upvoted 0 times
...
Brendan
1 year ago
We should also review IAM permissions to ensure only authorized users have access.
upvoted 0 times
...
Olga
1 year ago
I agree, enabling Audit Logs will help us monitor who has been viewing the data.
upvoted 0 times
...
Anastacia
1 year ago
Option A sounds like a good choice. It's important to track data access.
upvoted 0 times
...
...
Gayla
1 year ago
Option B looks like the right answer. Reviewing the IAM permissions is the way to go to see who has access to the data.
upvoted 0 times
...
Marilynn
1 year ago
I think we should review the IAM permissions for data access.
upvoted 0 times
...

Save Cancel