Bash, the Crucial Exams Chat Bot
AI Bot
GCP Security and Compliance (GCP CDL) Flashcards
GCP Cloud Digital Leader Flashcards
| Front | Back |
| How can GCP customers manage encryption keys? | Customers can use Customer-Managed Encryption Keys (CMEK) or Customer-Supplied Encryption Keys (CSEK) for enhanced security and control over data encryption. |
| How does GCP ensure data is secure during transit? | GCP encrypts data in transit by default using HTTPS and Transport Layer Security (TLS) for all communication. |
| How does GCP ensure network security by default? | GCP uses firewalls to allow or deny traffic, and all VPC networks implement a default allow list and deny list. |
| What are Service Accounts in GCP? | Service Accounts are used to securely identify and authorize applications or virtual machines to interact with GCP APIs. |
| What audit tool is provided by GCP for monitoring compliance? | Cloud Audit Logs is used for tracking administrative, data access, and policy activity logs in GCP. |
| What does Cloud Security Posture Management (CSPM) offer in GCP? | CSPM solutions in GCP allow monitoring and improving the security posture of workloads by identifying and remediating misconfigurations. |
| What does GCP’s default encryption cover? | All data written to disk in GCP is automatically encrypted by default at rest. |
| What is a best practice for Identity and Access Management (IAM) in GCP? | Use the principle of least privilege to minimize access rights for users and resources. |
| What is a VPC in GCP? | A Virtual Private Cloud (VPC) is a software-defined network that provides scalable and flexible networking for GCP resources. |
| What is Access Context Manager in GCP? | Access Context Manager allows the creation of access levels based on identity attributes and conditions for securing API and service access. |
| What is Chronicle in GCP? | Chronicle is a cybersecurity intelligence and analytics platform designed to detect, investigate, and respond to threats at scale. |
| What is Cloud DLP in GCP used for? | Cloud Data Loss Prevention (DLP) identifies, classifies, and protects sensitive data such as PII across GCP resources. |
| What is Confidential Computing in GCP? | Confidential Computing encrypts data while it is being processed in memory, providing an additional layer of data protection. |
| What is Forseti Security? | Forseti Security is an open-source tool that helps improve GCP compliance, governance, and security by monitoring configurations and detecting policy violations. |
| What is GCP’s Access Transparency? | It provides audit logs to customers whenever Google accesses their content, ensuring an additional layer of transparency. |
| What is GCP’s Key Management Service (KMS) used for? | KMS allows users to create, manage, and use cryptographic keys for securing their data and workloads. |
| What is GCP’s role in compliance? | GCP provides compliance with many standards like ISO/IEC 27001, SOC, PCI DSS, HIPAA, and more to ensure data storage and processing meet industry requirements. |
| What is GCP’s Workload Identity? | Workload Identity is a solution that lets Kubernetes workloads access GCP services securely using IAM identities. |
| What is Google Cloud Recommender? | It provides AI-driven insights and recommendations on improving GCP resource configurations, including security recommendations. |
| What is IAM Recommender in GCP? | IAM Recommender provides actionable suggestions to improve IAM policies by identifying unused or excessive permissions. |
| What is Shielded VM in GCP? | Shielded VMs are virtual machines with security features like Secure Boot and integrity monitoring to protect against rootkits and bootkits. |
| What is the function of the Firewall Insights in GCP? | Firewall Insights audits, monitors, and provides optimization recommendations for firewall rules in GCP. |
| What is the purpose of Binary Authorization in GCP? | Binary Authorization ensures only trusted container images are deployed to GCP environments, preventing the use of unauthorized software. |
| What is the purpose of Cloud Identity in GCP? | Cloud Identity is a centralized identity management tool for managing users, groups, and access policies across GCP. |
| What is the purpose of GCP’s BeyondCorp security model? | BeyondCorp allows secure access to GCP resources without the need for a traditional VPN by shifting access controls to users and devices. |
| What is the purpose of Google Cloud Threat Intelligence? | It provides actionable insights and threat analysis to help detect, respond to, and mitigate security risks in GCP. |
| What is the purpose of VPC Service Controls? | It helps define security perimeters around GCP resources to mitigate data exfiltration risks. |
| What is the role of Cloud Armor in GCP? | Cloud Armor provides protection against Distributed Denial of Service (DDoS) attacks and helps enforce security policies at the edge. |
| What is the Shared Responsibility Model in GCP? | It is a framework where Google is responsible for the security of the cloud infrastructure while customers are responsible for securing their data and applications within the cloud. |
| What tool in GCP helps scan for vulnerabilities? | The Google Cloud Security Command Center (SCC) helps map vulnerabilities and provide insights into threats. |
Front
What is the Shared Responsibility Model in GCP?
Click the card to flip
Back
It is a framework where Google is responsible for the security of the cloud infrastructure while customers are responsible for securing their data and applications within the cloud.
Front
What is the purpose of Google Cloud Threat Intelligence?
Back
It provides actionable insights and threat analysis to help detect, respond to, and mitigate security risks in GCP.
Front
What audit tool is provided by GCP for monitoring compliance?
Back
Cloud Audit Logs is used for tracking administrative, data access, and policy activity logs in GCP.
Front
What is the purpose of GCP’s BeyondCorp security model?
Back
BeyondCorp allows secure access to GCP resources without the need for a traditional VPN by shifting access controls to users and devices.
Front
What does GCP’s default encryption cover?
Back
All data written to disk in GCP is automatically encrypted by default at rest.
Front
What is Shielded VM in GCP?
Back
Shielded VMs are virtual machines with security features like Secure Boot and integrity monitoring to protect against rootkits and bootkits.
Front
What is Access Context Manager in GCP?
Back
Access Context Manager allows the creation of access levels based on identity attributes and conditions for securing API and service access.
Front
What is a VPC in GCP?
Back
A Virtual Private Cloud (VPC) is a software-defined network that provides scalable and flexible networking for GCP resources.
Front
What is GCP’s Key Management Service (KMS) used for?
Back
KMS allows users to create, manage, and use cryptographic keys for securing their data and workloads.
Front
What does Cloud Security Posture Management (CSPM) offer in GCP?
Back
CSPM solutions in GCP allow monitoring and improving the security posture of workloads by identifying and remediating misconfigurations.
Front
What is Google Cloud Recommender?
Back
It provides AI-driven insights and recommendations on improving GCP resource configurations, including security recommendations.
Front
What is IAM Recommender in GCP?
Back
IAM Recommender provides actionable suggestions to improve IAM policies by identifying unused or excessive permissions.
Front
What is the purpose of VPC Service Controls?
Back
It helps define security perimeters around GCP resources to mitigate data exfiltration risks.
Front
What is the function of the Firewall Insights in GCP?
Back
Firewall Insights audits, monitors, and provides optimization recommendations for firewall rules in GCP.
Front
What tool in GCP helps scan for vulnerabilities?
Back
The Google Cloud Security Command Center (SCC) helps map vulnerabilities and provide insights into threats.
Front
How does GCP ensure data is secure during transit?
Back
GCP encrypts data in transit by default using HTTPS and Transport Layer Security (TLS) for all communication.
Front
How does GCP ensure network security by default?
Back
GCP uses firewalls to allow or deny traffic, and all VPC networks implement a default allow list and deny list.
Front
What is the purpose of Cloud Identity in GCP?
Back
Cloud Identity is a centralized identity management tool for managing users, groups, and access policies across GCP.
Front
How can GCP customers manage encryption keys?
Back
Customers can use Customer-Managed Encryption Keys (CMEK) or Customer-Supplied Encryption Keys (CSEK) for enhanced security and control over data encryption.
Front
What is Forseti Security?
Back
Forseti Security is an open-source tool that helps improve GCP compliance, governance, and security by monitoring configurations and detecting policy violations.
Front
What is Confidential Computing in GCP?
Back
Confidential Computing encrypts data while it is being processed in memory, providing an additional layer of data protection.
Front
What is GCP’s Access Transparency?
Back
It provides audit logs to customers whenever Google accesses their content, ensuring an additional layer of transparency.
Front
What is the role of Cloud Armor in GCP?
Back
Cloud Armor provides protection against Distributed Denial of Service (DDoS) attacks and helps enforce security policies at the edge.
Front
What is the purpose of Binary Authorization in GCP?
Back
Binary Authorization ensures only trusted container images are deployed to GCP environments, preventing the use of unauthorized software.
Front
What is a best practice for Identity and Access Management (IAM) in GCP?
Back
Use the principle of least privilege to minimize access rights for users and resources.
Front
What is GCP’s Workload Identity?
Back
Workload Identity is a solution that lets Kubernetes workloads access GCP services securely using IAM identities.
Front
What is Cloud DLP in GCP used for?
Back
Cloud Data Loss Prevention (DLP) identifies, classifies, and protects sensitive data such as PII across GCP resources.
Front
What are Service Accounts in GCP?
Back
Service Accounts are used to securely identify and authorize applications or virtual machines to interact with GCP APIs.
Front
What is Chronicle in GCP?
Back
Chronicle is a cybersecurity intelligence and analytics platform designed to detect, investigate, and respond to threats at scale.
Front
What is GCP’s role in compliance?
Back
GCP provides compliance with many standards like ISO/IEC 27001, SOC, PCI DSS, HIPAA, and more to ensure data storage and processing meet industry requirements.
1/30
This deck details GCP's security models, compliance certifications, and best practices for secure cloud computing.