Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 12 question 5 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 5
Topic #: 12
[All Professional Cloud Architect Questions]

For this question, refer to the Dress4Win case study. You are responsible for the security of data stored in Cloud Storage for your company, Dress4Win. You have already created a set of Google Groups and assigned the appropriate users to those groups. You should use Google best practices and implement the simplest design to meet the requirements.
Considering Dress4Win's business and technical requirements, what should you do?

  • A. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements. Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.
  • B. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements. Enable default storage encryption before storing files in Cloud Storage.
  • C. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Google's default encryption at rest when storing files in Cloud Storage.
  • D. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by JoeShmoe at Nov. 15, 2019, 11:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JoeShmoe
Highly Voted 5 years ago
C is the simplest
upvoted 34 times
AWS56
4 years, 10 months ago
I am a bit confused "You should use Google best practices and implement the simplest design to meet the requirements." ---> Simplest -- agree with D, but for googles best practice I will go with A
upvoted 3 times
AWS56
4 years, 10 months ago
Ignore my comment, Agree C is the simple -- https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
upvoted 4 times
tartar
4 years, 3 months ago
C is ok
upvoted 5 times
...
...
rockstar9622
4 years, 10 months ago
c is correct - going by simplest design whereas google manages the encrytion though by default and thats sufficient
upvoted 2 times
...
...
nitinz
3 years, 8 months ago
ans is C
upvoted 3 times
...
kimharsh
2 years, 7 months ago
how come it's C , and for best practice we need to use Custom Roles
upvoted 1 times
...
...
newbie2020
Highly Voted 4 years, 10 months ago
There 2 requirements 1) best practices = least privilege = custom role 2) simplest = default encryption as : If you use customer-supplied encryption keys or client-side encryption, you must securely manage your keys and ensure that they are not lost. If you lose your keys, you are no longer able to read your data, and you continue to be charged for storage of your objects until you delete them.
upvoted 12 times
Dannyygcp
4 years, 9 months ago
What about option B..default encryption[which is simple to manage] + Custom role[which is secure compared to predefined and not difficult to create]
upvoted 3 times
sivass
4 years, 6 months ago
I agrre. I will go with B.
upvoted 5 times
...
...
GCP_Azure
4 years, 6 months ago
It has to be B
upvoted 4 times
Rafaa
4 years, 6 months ago
there is no option to 'enable default encyption' as such! It is provided by default if you dont do anything.
upvoted 2 times
...
...
Vika
3 years, 7 months ago
Check out this link - https://cloud.google.com/iam/docs/using-iam-securely Basic roles include thousands of permissions across all Google Cloud services. In production environments, do not grant basic roles unless there is no alternative. Instead, grant the most limited predefined roles or custom roles that meet your needs.
upvoted 1 times
...
...
tlopsm
Most Recent 5 months, 2 weeks ago
Selected Answer: C
C is answer
upvoted 1 times
...
Ahmed_Safwat
1 year ago
Selected Answer: D
Encrypt Cloud Storage data with Cloud KMS
upvoted 1 times
...
SAMBIT
2 years, 8 months ago
B custom IAM & out of box encryption
upvoted 1 times
...
joe2211
3 years ago
Selected Answer: C
vote C
upvoted 2 times
...
kopper2019
3 years, 4 months ago
hey guys new Qs posted as of July 12th, 2021, All 21 new Qs in Question #152
upvoted 1 times
...
kopper2019
3 years, 4 months ago
hey guys new Qs posted as of July 12th, 2021, All 21 new Qs in Question #152
upvoted 1 times
...
victory108
3 years, 4 months ago
C. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Googleג€™s default encryption at rest when storing files in Cloud Storage.
upvoted 2 times
...
MamthaSJ
3 years, 4 months ago
Answer is B
upvoted 1 times
...
wilwong
3 years, 4 months ago
C is correct
upvoted 1 times
...
Pb55
3 years, 7 months ago
C. Best practice is predefined not custom. Only use custom when predefined to broard.
upvoted 1 times
...
ansh0692
3 years, 7 months ago
From "Google's best practices and simplest design" Answer should be C
upvoted 1 times
...
Skeeter
3 years, 7 months ago
Cloud storage encryption is enabled by default. Why would you need to enable it as stated in B? Answer is A, use CSEK and specify a .boto file during upload with gsutil, simple!
upvoted 2 times
Ausias18
3 years, 7 months ago
it says simple, what you say is not as easy as possible... default encryption is easier
upvoted 1 times
...
...
Ausias18
3 years, 8 months ago
Answer is B
upvoted 1 times
...
lynx256
3 years, 8 months ago
IMO - C is ok. Simplest --> predefined roles + default encryption
upvoted 2 times
...
Rightsaidfred
3 years, 9 months ago
C is the 'Google' answer here :)
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel