Bash, the Crucial Exams Chat Bot
AI Bot
GCP Security and Compliance (GCP CDL) Flashcards
GCP Cloud Digital Leader Flashcards
| Front | Back |
| How can GCP customers manage encryption keys? | Customers can use Customer-Managed Encryption Keys (CMEK) or Customer-Supplied Encryption Keys (CSEK) for enhanced security and control over data encryption. |
| How does GCP ensure data is secure during transit? | GCP encrypts data in transit by default using HTTPS and Transport Layer Security (TLS) for all communication. |
| How does GCP ensure network security by default? | GCP uses firewalls to allow or deny traffic, and all VPC networks implement a default allow list and deny list. |
| What are Service Accounts in GCP? | Service Accounts are used to securely identify and authorize applications or virtual machines to interact with GCP APIs. |
| What audit tool is provided by GCP for monitoring compliance? | Cloud Audit Logs is used for tracking administrative, data access, and policy activity logs in GCP. |
| What does Cloud Security Posture Management (CSPM) offer in GCP? | CSPM solutions in GCP allow monitoring and improving the security posture of workloads by identifying and remediating misconfigurations. |
| What does GCP’s default encryption cover? | All data written to disk in GCP is automatically encrypted by default at rest. |
| What is a best practice for Identity and Access Management (IAM) in GCP? | Use the principle of least privilege to minimize access rights for users and resources. |
| What is a VPC in GCP? | A Virtual Private Cloud (VPC) is a software-defined network that provides scalable and flexible networking for GCP resources. |
| What is Access Context Manager in GCP? | Access Context Manager allows the creation of access levels based on identity attributes and conditions for securing API and service access. |
| What is Chronicle in GCP? | Chronicle is a cybersecurity intelligence and analytics platform designed to detect, investigate, and respond to threats at scale. |
| What is Cloud DLP in GCP used for? | Cloud Data Loss Prevention (DLP) identifies, classifies, and protects sensitive data such as PII across GCP resources. |
| What is Confidential Computing in GCP? | Confidential Computing encrypts data while it is being processed in memory, providing an additional layer of data protection. |
| What is Forseti Security? | Forseti Security is an open-source tool that helps improve GCP compliance, governance, and security by monitoring configurations and detecting policy violations. |
| What is GCP’s Access Transparency? | It provides audit logs to customers whenever Google accesses their content, ensuring an additional layer of transparency. |
| What is GCP’s Key Management Service (KMS) used for? | KMS allows users to create, manage, and use cryptographic keys for securing their data and workloads. |
| What is GCP’s role in compliance? | GCP provides compliance with many standards like ISO/IEC 27001, SOC, PCI DSS, HIPAA, and more to ensure data storage and processing meet industry requirements. |
| What is GCP’s Workload Identity? | Workload Identity is a solution that lets Kubernetes workloads access GCP services securely using IAM identities. |
| What is Google Cloud Recommender? | It provides AI-driven insights and recommendations on improving GCP resource configurations, including security recommendations. |
| What is IAM Recommender in GCP? | IAM Recommender provides actionable suggestions to improve IAM policies by identifying unused or excessive permissions. |
| What is Shielded VM in GCP? | Shielded VMs are virtual machines with security features like Secure Boot and integrity monitoring to protect against rootkits and bootkits. |
| What is the function of the Firewall Insights in GCP? | Firewall Insights audits, monitors, and provides optimization recommendations for firewall rules in GCP. |
| What is the purpose of Binary Authorization in GCP? | Binary Authorization ensures only trusted container images are deployed to GCP environments, preventing the use of unauthorized software. |
| What is the purpose of Cloud Identity in GCP? | Cloud Identity is a centralized identity management tool for managing users, groups, and access policies across GCP. |
| What is the purpose of GCP’s BeyondCorp security model? | BeyondCorp allows secure access to GCP resources without the need for a traditional VPN by shifting access controls to users and devices. |
| What is the purpose of Google Cloud Threat Intelligence? | It provides actionable insights and threat analysis to help detect, respond to, and mitigate security risks in GCP. |
| What is the purpose of VPC Service Controls? | It helps define security perimeters around GCP resources to mitigate data exfiltration risks. |
| What is the role of Cloud Armor in GCP? | Cloud Armor provides protection against Distributed Denial of Service (DDoS) attacks and helps enforce security policies at the edge. |
| What is the Shared Responsibility Model in GCP? | It is a framework where Google is responsible for the security of the cloud infrastructure while customers are responsible for securing their data and applications within the cloud. |
| What tool in GCP helps scan for vulnerabilities? | The Google Cloud Security Command Center (SCC) helps map vulnerabilities and provide insights into threats. |
This deck details GCP's security models, compliance certifications, and best practices for secure cloud computing.