Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 1 Question 58 Discussion

You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?
D) EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY, INTERNAL_TCP_UDP, and INTERNAL_HTTP_HTTPS are denied in accordance with the folder and project's policies.
A) All load balancer types are denied in accordance with the global node's policy.
B) INTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS is denied in accordance with the folder's policy.
C) EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY are denied in accordance with the project's policy.

Google Professional Cloud Security Engineer Exam - Topic 1 Question 58 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 58
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Annmarie at Dec 28, 2022, 03:59 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tiffiny
7 months ago
I think D covers all bases, better safe than sorry!
upvoted 0 times
...
Corrie
7 months ago
B seems right, only internal types are denied.
upvoted 0 times
...
Leana
7 months ago
Wait, are you sure about that? I thought some internal types were allowed.
upvoted 0 times
...
Francine
8 months ago
Totally agree, the global policy overrides everything.
upvoted 0 times
...
Julieta
8 months ago
All load balancer types are denied in VPC A.
upvoted 0 times
...
Ezekiel
8 months ago
I feel like the folder's policy might only deny the internal types, but I'm confused about how the project policy interacts with that.
upvoted 0 times
...
Micaela
8 months ago
If I recall correctly, the global policy usually has the highest precedence, so maybe all load balancer types are denied in VPC A?
upvoted 0 times
...
Evette
8 months ago
I think I practiced a similar question where we had to identify denied resources based on hierarchy, but I can't recall the specifics.
upvoted 0 times
...
Rosalind
8 months ago
I remember that organization policies can override lower-level policies, but I'm not sure how that applies here.
upvoted 0 times
...
Socorro
8 months ago
Hmm, I'm a bit confused. The question mentions that the false positives continue even after updating to the new pattern file, so I'm not sure if rolling back to the previous version would actually fix the issue. Option C about manually copying the older file seems more reliable.
upvoted 0 times
...
Vannessa
8 months ago
Ah, I remember learning about this in class. The default options for the OpenSSH server are set in the /etc/ssh/sshd_config file. That's the one I'll be editing.
upvoted 0 times
...
Elouise
8 months ago
Okay, let me think this through. The token is being added to an email, and the ":default=there" part is the key. I'm pretty sure the answer is D - to populate the first name field with 'there' if the field First Name is empty.
upvoted 0 times
...
Mahesh
3 years ago
Answer should be A. To specify where you want a deny policy to apply, you attach it to a project, folder, or organization. When a deny policy is attached to one of these resources, the principals in the policy can't use the specified permissions to access the resource, or any of the resource's descendants. https://cloud.google.com/iam/docs/deny-overview
upvoted 1 times
...

Save Cancel