Complete Security Best Practices in Google Cloud Coursera Quiz Answers

Get All Modules Security Best Practices in Google Cloud Coursera Quiz Answers

Module 02: Securing Compute Engine: Techniques and Best Practices

Q1. Which of the following TWO statements about Google Cloud service accounts are TRUE?

• Service accounts are a type of identity
• Virtual Machine (VM) instances use service accounts to run API requests on your behalf.

Explanation: Service accounts are a form of identity used to authenticate applications or VMs in Google Cloud. VM instances often use service accounts to make API requests on behalf of the user.

Q2. Which TWO recommendations below ARE considered to be Compute Engine “best practices?”

• Utilize projects and IAM roles to control access to your VMs.
• Cloud Interconnect or Cloud VPN can be used to securely extend your data center network into Google Cloud projects.

Explanation: Using projects and IAM roles ensures fine-grained access control. Cloud Interconnect and Cloud VPN provide secure connectivity between on-premises data centers and Google Cloud.

Q3. Which TWO of the following statements is TRUE when discussing the Organization Policy Service?

• To define an Organization Policy, you will choose and then define a constraint against either a Google Cloud service or a group of Google Cloud services.
• Organization Policy Services allow centralized control for how your organization’s resources can be used.

Explanation: Organization Policy Service enables centralized management of constraints on Google Cloud resources, ensuring compliance and governance across the organization.

Module 03 Graded Quiz Answers

Q1. Which TWO of the following statements are TRUE when discussing Cloud Storage and IAM permissions?

• Access can be granted to Cloud Storage at the organization, folder, project, or bucket levels.
• Using deny rules prevent certain principals from using certain permissions, regardless of the roles they’re granted.

Explanation:

• Permissions can be applied at various levels, offering hierarchical control
• Deny rules explicitly override any granted permissions to block access, regardless of roles.

Q2. Which TWO of the following statements are TRUE when discussing storage and BigQuery best practices?

• Do not use any personally identifiable information as object names.
• One option to serve content securely to outside users is to use signed URLs.

Explanation:

• Signed URLs provide temporary access to Cloud Storage objects for outside users securely.
• Using sensitive data as object names can lead to unintended exposure and privacy risks.

Q3. Which TWO of the following statements is TRUE with regards to security in BigQuery and its datasets?

• A BigQuery Authorized View allows administrators to restrict users to viewing only subsets of a dataset.
• Using IAM, you can grant users granular permissions to BigQuery tables, rows and columns.

Explanation:

• IAM allows fine-grained access control for BigQuery resources, including specific tables and columns.
• Authorized Views are a powerful feature to control data visibility by creating filtered views on datasets.

Module 04: Application Security: Techniques and Best Practices

Q1. Which TWO of the following statements about Application Security are TRUE?

• Applications are the most common target of cyberattack.
• Applications in general, including many web applications, do not properly protect sensitive user data.

Explanation:

• Many applications fail to implement proper security measures, leading to data breaches.
• Applications, especially web applications, are frequently targeted by attackers due to their accessibility and potential vulnerabilities.

Q2. Which TWO of the following vulnerabilities are scanned for when you use Cloud Security Scanner?

• Outdated or insecure libraries.
• Insecure logins.

Explanation:

• Web Security Scanner identifies outdated or insecure dependencies in applications.
• The scanner checks for vulnerabilities in authentication mechanisms, such as insecure logins.

Q3. Which TWO of the following statements are TRUE when discussing the threat of OAuth and Identity Phishing?

• Being “hacked” on a social site can lead to being “hacked” on more critical websites, depending on your social site’s account settings.
• Even small, unimportant pieces of personal data need to be secured from phishing attacks.

Explanation:

• Social media breaches can cascade to other platforms due to linked accounts or reused credentials.
• Attackers can leverage seemingly insignificant data to build more effective phishing campaigns.

Module 05: Securing Google Kubernetes Engine: Techniques and Best Practices

Q1. “Kubernetes service account” and “Google service account” are different names for the same type of service account.

• False

Explanation: Kubernetes service accounts and Google service accounts are distinct. Kubernetes service accounts are for managing pod permissions within a Kubernetes cluster, while Google service accounts are used for interacting with Google Cloud resources.

Q2. Which ONE of the following is NOT a security best practice on Kubernetes.

• Disable Workload Identity.

Explanation: Disabling Workload Identity is NOT a security best practice. Workload Identity is a recommended method to securely grant Google Cloud permissions to Kubernetes workloads.

Q3. GKE has logging and monitoring functions built-in.

• True

Explanation: Google Kubernetes Engine (GKE) has built-in logging and monitoring capabilities through integrations with Cloud Logging and Cloud Monitoring.

Find more Google Cloud Quiz Answers >>

Industrial IoT on Google Cloud Platform Coursera Quiz Answers

Google Cloud Platform Big Data and Machine Learning Fundamentals Quiz Answers

Infrastructure and Application Modernization with Google Cloud Quiz Answers

Essential Google Cloud Infrastructure: Foundation Coursera Quiz Answers