gcp must read
pdf
School
Arizona State University *
*We aren’t endorsed by this school
Course
GCP
Subject
Information Systems
Date
May 24, 2024
Type
Pages
29
Uploaded by HighnessStarBaboon36
h^ēđėÓÕÕÓÙĽŃććąċ×ÙÙ×Ý εП A9čċđıķĽŃįĭijõõóùčċđííëñ =óµµ³¹ĸľÃ³µµ³¹ įĭijēđėĸľ×ÙÙ×ÝÍÏÏÍÓĸľõõóùēđėčċđ
}xyxxsĬѡħ×ÖÖЋÑĩĩўĤ²³²²ϧĬѡħóòòЧíĊĊпąëêêПå êééОäĐĐхċĬѡħ ©¤¥¤¤ϙĐĐхċѱķĬѡħ
}xyxxsĬѡħĐĐхċêééОä×ÖÖЋÑİѥīİѥīóòòЧíĐĐхċĊĊпą²³²²ϧĄĄйÿ
6"ĄĄйÿĐĐхċѱķÒÓÒÒЇÍ ×ÖÖЋÑÌÍÌÌЁÇѱķĬѡħóòòЧíķѬIJҋő
@,ĊĊпąëêêПåóòòЧíĊĊпą×ÖÖЋÑ×ÖÖЋÑĬѡħ PIĐĐхċѱķĬѡħĊĊпą×ÖÖЋÑҋő
Welcome to Module 3: Ensuring Data Protection.
×ÖÖЋÑ҄ŊóòòЧí×ÖÖЋÑ҅ŋ ²³²²ϧĊĊпąÒÓÒÒЇÍ
İѥīķѬIJѱķÒÓÒÒЇÍҋő ĩĩўĤĄĄйÿ²³²²ϧĊĊпąĊĊпąóòòЧíĊĊпąëêêПå
Now let’s review how to use these diagnostic questions to help you identify what to include in your study plan.
Protecting sensitive data and preventing data loss
Managing encryption at rest, in transit, and in use
Planning for security and privacy in ±I
97
©¤¥¤¤ϙĐĐхċѱķĬѡħ İѥīķѬIJѱķÒÓÒÒЇÍҋő ĩĩўĤĄĄйÿ²³²²ϧĊĊпąГ
@,nsuring data protection
98
`
`
99
`
We’ll approach this review by looking at the key areas of this exam section and the questions you just answered about each one. We’ll talk about where you can find out more about each area in the learning path for this certification and/or where to find the information in Google Cloud documentation. As we go through each one, take notes on the specific courses (and modules!), skill badges, and documentation pages you’ll want to emphasize in your study plan.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
}xyxxsĬѡħĐĐхċķѬIJ×ÖÖЋÑÌÍÌÌЁÇķѬIJóòòЧíĊĊпąëêêПå İѥī×ÖÖЋÑĊĊпąİѥīóòòЧíķѬIJóòòЧí҄Ŋ×ÖÖЋÑ ÒÓÒÒЇÍ²³²²ϧķѬIJ²³²²ϧ
²³²²ϧĊĊпąÒÓÒÒЇÍ ĩĩўĤĬѡħ×ÖÖЋÑ҄Ŋ×ÖÖЋÑĊĊпąķѬIJóòòЧíĊĊпąëêêПå ÒÓÒÒЇÍ²³²²ϧķѬIJ²³²²ϧ ĄĄйÿĐĐхċİѥīİѥī
97
`
6"onsiderations include: ●
Inspecting and redacting personally identifiable information (PII)
●
@,nsuring continuous discovery of sensitive data (structured and unstructured)
●
6"onfiguring pseudonymization
●
6"onfiguring format-preserving encryption
●
Restricting access to 5igQuery, 6"loud Storage, and 6"loud SQL datastores
●
Securing secrets with Secrets Manager
●
Protecting and managing compute instance metadata
As a Professional Cloud Security Engineer, you play a critical role in protecting sensitive data. This includes being able to configure and run data-loss prevention (DLP) software such as Sensitive Data Protection. It also includes protecting sensitive data with encryption, access control, service perimeters, and secure techniques for data manipulation with such Google Cloud tools as VPC Service Controls and Secrets Manager.
Question 1 tested your knowledge of configuring DLP to automatically inspect and redact personally identifiable information (PII). Question 2 tested your knowledge of using Sensitive Data Protection features. Question 3 asked you to secure access to BigQuery and question 4 explored your understanding of Secrets Manager.
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΣ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
97
`
±.
Use the 6"loud <(ata Loss Prevention (<(LP) ±PI to make redact image requests. Provide your project I<(, built-in infoTypes, and the scanned copies when you make the requests.
5.
Use the 6"loud Vision ±PI to perform optical code recognition (O6"R) from scanned images. Redact the text using the 6"loud Natural Language ±PI with regular expressions.
6".
Use the 6"loud Vision ±PI to perform optical code recognition (O6"R) from scanned images. Redact the text using the 6"loud <(ata Loss Prevention (<(LP) ±PI with regular expressions.
<(.
Use the 6"loud Vision ±PI to perform text extraction from scanned images. Redact the text using the 6"loud Natural Language ±PI with regular expressions.
6"ymbal 5ank has hired a data analyst team to analyze scanned copies of loan applications. 5ecause this is an external team, 6"ymbal 5ank does not want to share the name, gender, phone number, or credit card numbers listed in the scanned copies. You have been tasked with hiding this PII information while minimizing latency. What should you do?
)KKJHGIQ7
A. Correct! The DLP API can be directly used for image redaction. Built-in infoTypes already include name, gender, phone number, and credit card numbers. B. Incorrect. The Cloud Vision API’s OCR can be used to extract text from images but OCR does not redact the text. The Cloud Natural Language API also cannot help with text redaction. Use the DLP API for this.
C. Incorrect. The Cloud Vision API’s OCR can be used to extract text from images and then you can redact the text using the DLP API, but this process adds a layer of latency because it involves two steps. You can create custom infoTypes with regular expressions, but these are recommended only in situations where standard infoTypes aren’t supported, such as medical account numbers.
D. Incorrect. The Cloud Vision API’s OCR can be used to extract text from images and then you can redact the text using DLP API, but this process adds a layer of latency because it involves two steps. The Cloud Natural Language API cannot help with text redaction. Use the DLP API for this.
=NKUK WR RRRQ
:
●
https://cloud.google.com/dlp/docs/concepts-image-redaction
●
https://cloud.google.com/dlp/docs/redacting-sensitive-data-images
●
https://cloud.google.com/dlp/docs/infotypes-reference
&RQWKQW SGSSOQM7
●
ILT course: 9KIXUOW\ OQ *RRMRK &RRXJ
○
M10 Content-related Vulnerabilities: Techniques and Best Practices
●
On-demand course: 0OWOMGWOQM 9KIXUOW\ <XRQKUGHOROWOKV RQ *RRMRK &RRXJ
○
M2 Content-related Vulnerabilities: Techniques and Best Practices
9XSSGU\7
The Cloud Data Loss Prevention (DLP) API can redact images, documents, and text. It offers built-in and custom infoTypes that can help identify sensitive information. Using one of the supported programming languages, you can programmatically make redact image requests to the DLP API.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΤ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
97
`
±.
S?Generalize all dates to year and month with bucketing. Use the built-in infoType for customer name. Use a custom infoType for customer type with a custom dictionary.
5.
S?Generalize all dates to year and month with bucketing. Use the built-in infoType for customer name. Use a custom infoType for customer type with regular expression.
6".
S?Generalize all dates to year and month with date shifting. Use a predefined infoType for customer name. Use a custom infoType for customer type with a custom dictionary.
<(.
S?Generalize all dates to year and month with date shifting. Use a predefined infoType for customer name. Use a custom infoType for customer type with regular expression.
6"ymbal 5ank needs to statistically predict the days customers delay the payments for loan repayments and credit card repayments. 6"ymbal 5ank does not want to share the exact dates a customer has defaulted or made a payment with data analysts. ±dditionally, you need to hide the customer name and the customer type, which could be corporate or retail. How do you provide the appropriate information to the data analysts?
)KKJHGIQ7
A. Incorrect. Bucketing can reduce timestamps to smaller groups, but can also lose the sequence of events and time intervals. Generalizing all dates to year and month will also create difficulty for prediction, because the prediction must be in days. The usage of the built-in infoType for customer name and a custom infoType for customer type with a custom dictionary is correct, however.
B. Incorrect. Bucketing can reduce timestamps to smaller groups, but can also lose the sequence of events and time intervals. Generalizing all dates to year and month will also create difficulty for prediction, because the prediction must be in days. Usage of the built-in infoType for customer name is correct. Using a custom InfoType with regular expression will require additional filtering.
C. Correct! If your data is stored in a valid schema, date shifting will shift all dates logically. Built-in infoTypes allow a range of locale-specific and globally identifiable sensitive information pieces like email IDs and phone numbers. Custom dictionaries can be used with a custom infoType that contains predefined key-value pairs.
D. Incorrect. If your data is stored in a valid schema, date shifting will shift all dates logically. Usage of the built-in infoType for customer name is correct. Using a custom InfoType with regular expression will require additional filtering.
=NKUK WR RRRQ
: https://cloud.google.com/dlp/docs/concepts-date-shifting
https://cloud.google.com/dlp/docs/concepts-infotypes
https://cloud.google.com/dlp/docs/pseudonymization
9XSSGU\7
Date shifting and bucketing can help with date-time generalizing. Although bucketing can reduce the timestamp to smaller groups such as month or year, it can lose the sequence of events and time intervals. Date shifting shifts the date-time stamps while preserving the order and time intervals. The shifting period is different for different rows of data, so design the schema wisely.
Sensitive Data Protection uses built-in and custom infoType detectors to scan images, documents, and text. Custom infoTypes can be dictionaries, regular expressions, or dictionaries extracted from BigQuery or Cloud Storage. Use dictionaries when you want to match a list of words or phrases, and use regular expressions when you want to detect matches based on a regex pattern.
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΥ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
97
`
±.
6"reate separate datasets for each department. 6"reate views for each dataset separately. ±uthorize these views to access the source dataset. Share the datasets with departments. Provide the bigquery.dataViewer role to each department’s required users.
5.
6"reate an authorized dataset in 5igQuery’s @,xplorer panel. Write 6"ustomers’ table metadata into a JSON file, and edit the file to add each department’s Project I<( and <(ataset I<(. Provide the bigquery.user role to each department’s required users.
6".
Secure data with classification. Open the <(ata 6"atalog Taxonomies page in the S?Google 6"loud 6"onsole. 6"reate policy tags for required columns and rows. Provide the bigquery.user role to each department’s required users. Provide policy tags access to each department separately.
<(.
6"reate separate datasets for each department. 6"reate authorized functions in each dataset to perform required aggregations. Write transformed data to new tables for each department separately. Provide the bigquery.dataViewer role to each department’s required users.
6"ymbal 5ank stores customer information in a 5igQuery table called ‘Information,’ which belongs to the dataset ‘6"ustomers.’ Various departments of 6"ymbal 5ank, including loan, credit card, and trading, access the information table. ±lthough the data source remains the same, each department needs to read and analyze separate customers and customer-attributes. You want a cost-effective way to configure departmental access to 5igQuery to provide optimal performance.
What should you do?
)KKJHGIQ7
A. Correct! Using authorized views is the right approach. Create a separate dataset for each department, and provide access to views containing filtered rows and columns. B. Incorrect. There could be more tables or views in the ‘Customers’ dataset. Creating an authorized dataset will share all views inside it. The role bigquery.user is not sufficient because bigquery.dataViewer is required to query views.
C. Incorrect. Data classification could fit the scenario and add additional security on top of authorized views. However, authorized views have better performance and flexibility. The role bigquery.user is not sufficient because bigquery.dataViewer is required to query views.
D. Incorrect. Although authorized functions could fit the scenario with the help of user-defined functions (UDF), UDF execution is slower when compared to authorized views. Creating new tables would incur additional cost. Providing the bigquery.dataViewer role to each department’s required users is correct.
=NKUK WR RRRQ
:
●
https://cloud.google.com/bigquery/docs/authorized-views
●
https://cloud.google.com/bigquery/docs/authorized-datasets
&RQWKQW SGSSOQM7
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
●
ILT course: 9KIXUOW\ OQ *RRMRK &RRXJ
○
M6 Securing Cloud Data: Techniques and Best Practices
●
On-demand course: 9KIXUOW\ %KVW 6UGIWOIKV OQ *RRMRK &RRXJ
○
M2 Securing Cloud Data: Techniques and Best Practices
9XSSGU\7
Authorized views and data classification are two approaches for row-level security. Data classification helps with creating policies to access columns and rows. These policies can be assigned to users through Identity and Access Management (IAM). Authorized views help with providing limited control over the data. Both data classification and authorized views let you slice tables and provide different levels of access to BigQuery users.
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΦ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
97
`
±.
Use Secret Zanager. Use the duration attribute to set the expiry period to one year. ±dd the secretmanager.secret±ccessor role for the group that contains external developers.
5.
Use 6"loud QRey Zanagement Service. Use the destination [GIz address and zort attributes to provide access for developers at the external agency. Remove the [GI±Z access after one year and rotate the shared keys. ±dd cloudkms.cryptoQRey@,ncryptor<(ecryptor role for the group that contains the external developers.
6".
Use Secret Zanager. Use the resource attribute to set a key-value pair with key as duration and values as expiry period one year from now. ±dd secretmanager.viewer role for the group that contains external developers.
<(.
Use Secret Zanager for the connection string and username, and use 6"loud QRey Zanagement Service for the password. Use tags to set the expiry period to the timestamp one year from now. ±dd secretmanager.secretVersionZanager and secretmanager.secret±ccessor roles for the group that contains external developers.
6"ymbal 5ank has a 6"loud SQT instance that must be shared with an external agency. The agency’s developers will be assigned roles and permissions through a S?Aoogle S?Aroup in [GIdentity and ±ccess Zanagement ([GI±Z). The external agency is on an annual contract and will require a connection string, username, and password to connect to the database. How would you configure the group’s access?
)KKJHGIQ7
A. Correct! Secret Manager supports time types such as absolute time duration to invoke and revoke access. The Secret Assessor role is required to read the stored secrets in Secret Manager.
B. Incorrect. You can use Cloud KMS to configure and manage Google-managed, customer-managed, and customer-supplied encryption keys. With Cloud KMS, developers will be able to decrypt shared information. Using IP address and Port ranges is incorrect because users are available as a group in IAM.
C. Incorrect. Secret Manager supports time types such as absolute time duration to invoke and revoke access. However, the Viewer role for Secret Manager does not allow users to use secrets.
D. Incorrect. You can use Cloud KMS to configure and manage Google-managed, customer-managed, and customer-supplied encryption keys. All details should be stored only in Secret Manager for our scenario. With Cloud KMS, developers will be able to decrypt shared information.
=NKUK WR RRRQ
:
https://cloud.google.com/secret-manager/docs/access-control
&RQWKQW SGSSOQM7
●
ILT course: 9KIXUOW\ OQ *RRMRK &RRXJ
○
M7 Application Security: Techniques and Best Practices
●
On-demand course: 9KIXUOW\ %KVW 6UGIWOIKV OQ *RRMRK &RRXJ
ż
M3 Application Security: Techniques and Best Practices
9XSSGU\7
Secret Manager helps save confidential details such as passwords and URLs. You can provide access to secrets using IAM. Secret Manager lets organizations share configured secrets instead of confidential information with developers. Cloud KMS is used for storing encryption keys that are either managed by Google or by the customer. Cloud KMS lets you share symmetric and asymmetric keys. Cloud KMS can be used to encrypt/decrypt data, but that will expose critical information to developers in plain text.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
zroprietary + 6"onfidential
Security in S?Aoogle 6"loud
●
Z5 Securing 6"ompute @,ngine: Techniques and 5est zractices
●
Z6 Securing 6"loud <(ata: Techniques and 5est zractices
●
Z7 ±pplication Security: Techniques and 5est zractices
●
Z10 6"ontent-Related Vulnerabilities: Techniques and 5est zractices
Image inspection and redaction | <(ata Loss
Prevention <(ocumentation | S?Google 6"loud
Redacting sensitive data from images | <(ata
Loss Prevention <(ocumentation | S?Google 6"loud
InfoType detector reference | <(ata Loss
Prevention <(ocumentation | S?Google 6"loud Pseudonymization | <(ata Loss Prevention
<(ocumentation | S?Google 6"loud
±uthorized views | 5igQuery | S?Google 6"loud
±uthorized datasets | 5igQuery | S?Google 6"loud Sharing across perimeters with bridges | VP6"
Service 6"ontrols | S?Google 6"loud
6"reating a perimeter bridge | VP6" Service
6"ontrols | S?Google 6"loud
6"ontext-aware access with ingress rules | VP6"
Service 6"ontrols | S?Google 6"loud
R>Frequently asked questions | I±M
<(ocumentation
±ccess control with I±M | Secret Manager
<(ocumentation | S?Google 6"loud
Security 5est zractices in S?Aoogle 6"loud
●
Z1 Securing 6"ompute @,ngine: Techniques and 5est zractices
●
Z2 Securing 6"loud <(ata: Techniques and 5est zractices
●
Z3 ±pplication Security: Techniques and 5est zractices
Zitigating Security Vulnerabilities in
S?Aoogle 6"loud
●
Z2 6"ontent-Related Vulnerabilities: Techniques and 5est zractices
}xyxxsĬѡħĐĐхċķѬIJ×ÖÖЋÑÌÍÌÌЁÇķѬIJóòòЧíĊĊпąëêêПå İѥī×ÖÖЋÑĊĊпąİѥīóòòЧíķѬIJóòòЧí҄Ŋ×ÖÖЋÑ ÒÓÒÒЇÍ²³²²ϧķѬIJ²³²²ϧ
²³²²ϧĊĊпąÒÓÒÒЇÍ ĩĩўĤĬѡħ×ÖÖЋÑ҄Ŋ×ÖÖЋÑĊĊпąķѬIJóòòЧíĊĊпąëêêПå ÒÓÒÒЇÍ²³²²ϧķѬIJ²³²²ϧ ĄĄйÿĐĐхċİѥīİѥī
<(ĐĐхċÌÍÌÌЁÇѱķĉĉоĄ×ÖÖЋÑĊĊпąķѬIJ²³²²ϧķѬIJóòòЧíĐĐхċĊĊпą
6"ĐĐхċѱķĬѡħİѥī×ÖÖЋÑİѥī
97
`
Let’s take a moment to consider resources that can help you build your knowledge and skills in this area. The concepts in the diagnostic questions we just reviewed are covered in these modules and in this documentation. Reviewing the documentation is highly recommended. You’ll find this list in your workbook so you can take a note of what you want to include later when you build your study plan. Based on your experience with the diagnostic questions, you may want to include some or all of these. ●
https://cloud.google.com/dlp/docs/concepts-image-redaction ●
https://cloud.google.com/dlp/docs/redacting-sensitive-data-images ●
https://cloud.google.com/dlp/docs/infotypes-reference
●
https://cloud.google.com/dlp/docs/pseudonymization ●
https://cloud.google.com/bigquery/docs/authorized-views ●
https://cloud.google.com/bigquery/docs/authorized-datasets ●
https://cloud.google.com/vpc-service-controls/docs/share-across-perimeters ●
https://cloud.google.com/vpc-service-controls/docs/create-perimeter-bridges ●
https://cloud.google.com/vpc-service-controls/docs/context-aware-access ●
https://cloud.google.com/iam/docs/faq#how_do_i_grant_permissions_to_reso
urces_in_my_project_to_someone_who_is_not_part_of_my_organization ●
https://cloud.google.com/secret-manager/docs/access-control
Z]S²³²²ϧĊĊпą²³²²ϧëêêПåóòòЧíĊĊпąëêêПå ×ÖÖЋÑĊĊпąÌÍÌÌЁÇĬѡħҋőĩĩўĤķѬIJóòòЧíĐĐхċĊĊпą ²³²²ϧķѬIJ Ĭѡħ×ÖÖЋÑİѥīķѬIJЎ
óòòЧíĊĊпą ķѬIJĬѡħ²³²²ϧĊĊпąİѥīóòòЧíķѬIJЎ ²³²²ϧĊĊпąÒÓÒÒЇÍ óòòЧíĊĊпą ѱķİѥī×ÖÖЋÑ
98
`
6"onsiderations include: ●
Identifying use cases for S?Google default encryption, customer-managed encryption keys (6"M@,K), 6"loud @,xternal Key Manager (@,KM), and 6"loud HSM
●
6"reating and managing encryption keys for 6"M@,K and @,KM
●
±pplying S?Google's encryption approach to use cases
●
6"onfiguring object lifecycle policies for 6"loud Storage
●
@,nabling confidential computing
A Professional Cloud Security Engineer should also have a clear understanding of the considerations involved in managing encryption at rest, and be able to apply Google’s encryption approach to a variety of use cases. You should be familiar with customer-managed encryption keys (CMEK), Cloud External Key Manager (EKM), and Cloud HSM. Question 5 tested your knowledge of Cloud Storage object lifecycle management. Question 6 asked you to identify the steps necessary to apply encryption settings. Question 7 tested your understanding of confidential VMs and their benefits.
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΧ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
±.
Import the spreadsheets to 5igQuery, and create separate tables for Sales and Marketing. Set table expiry rules to 365 days for both tables. 6"reate jobs scheduled to run every quarter for Marketing and every month for Sales.
5.
Upload the spreadsheets to 6"loud Storage. Select the Nearline storage class for the sales department and 6"oldline storage for the marketing department. Use object lifecycle management rules to set the storage class to ±rchival after 365 days. Process the data on 5igQuery using jobs that run monthly for Sales and quarterly for Marketing. 6".
Import the spreadsheets to 6"loud SQL, and create separate tables for Sales and Marketing. R>For Table @,xpiration, set 365 days for both tables. Use stored procedures to calculate incentives. Use ±pp @,ngine cron jobs to run stored procedures monthly for Sales and quarterly for Marketing.
<(.
Import the spreadsheets into 6"loud Storage and create NoSQL tables. Use ±pp @,ngine cron jobs to run monthly for Sales and quarterly for Marketing. Use a separate job to delete the data after 1 year.
6"ymbal 5ank calculates employee incentives on a monthly basis for the sales department and on a quarterly basis for the marketing department. The incentives are released with the next month’s salary. @,mployee’s performance documents are stored as spreadsheets, which are retained for at least one year for audit. You want to configure the most cost-effective storage for this scenario. 98
`
What should you do?
)KKJHGIQ7
A. Incorrect. Although this solution works, it is not the most cost-effective. Use BigQuery if you need a high-performance solution to disburse salary immediately after processing. Use Cloud Storage and load external data into BigQuery to lower the cost.
B. Correct! Cloud Storage storage classes let you lower the storage cost for data that you access less frequently and don’t require for real-time applications. Use object lifecycle rules to change storage classes and expire data. For processing, use BigQuery, which has a free daily quota. C. Incorrect. Cloud SQL is a more expensive choice than Cloud Storage storage classes. App Engine has a free quota that can be used to run your cron jobs, but your solutions need to run once a month and once a quarter. App Engine is good for scenarios that require web availability or high availability.
D. Incorrect. Use Datastore for NoSQL transactional applications or semi-structured information such as categories, subcategories, product descriptions, logs, and variable sensor data. Using Datastore for highly structured information is possible, but is not the product use case. You will also need to run additional infrastructure to manipulate all aspects of data.
=NKUK WR RRRQ
:
●
https://cloud.google.com/storage/docs/storage-classes
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
●
https://cloud.google.com/storage/docs/lifecycle
&RQWKQW SGSSOQM7
●
ILT course: 9KIXUOW\ OQ *RRMRK &RRXJ
○
M6 Securing Cloud Data: Techniques and Best Practices
●
On-demand course: 9KIXUOW\ %KVW 6UGIWOIKV OQ *RRMRK &RRXJ
ż
M2 Securing Cloud Data: Techniques and Best Practices
9XSSGU\7
Cloud Storage lets you use storage classes that are less expensive than standard storage. These storage classes use low-performance HDDs compared to standard SDDs. The cost-performance trade-off lets you build low-cost, resilient applications that still have the fastest read access and lowest latency in the cloud space. Cloud Storage object lifecycle rules let you change storage classes or set expiration rules to further reduce storage costs.
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΨ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
±.
In the S?Google 6"loud console, navigate to
S?Google Kubernetes @,ngine. Select your cluster
and the boot node inside the cluster. @,nable
customer-managed encryption. Use 6"loud HSM to generate random bytes and provide an additional layer of security.
5.
6"reate a new S?GK@, cluster with customer-managed encryption and HSM enabled. <(eploy the containers to this cluster. <(elete the old S?GK@, cluster. Use 6"loud HSM to generate random bytes and provide an additional layer of security.
6".
6"reate a new key ring using 6"loud Key Management Service. @,xtract this key to a certificate. Use the kubectl command to update the Kubernetes configuration. Validate using M±6" digital signatures, and use a startup script to generate random bytes.
<(.
6"reate a new key ring using 6"loud Key Management Service. @,xtract this key to a certificate. Use the S?Google 6"loud console to update the Kubernetes configuration. Validate using M±6" digital signatures, and use a startup script to generate random bytes.
6"ymbal 5ank uses S?Google Kubernetes @,ngine (S?GK@,) to deploy its <(ocker containers. You want to encrypt the boot disk for a cluster running a custom image so that the key rotation is controlled by the 5ank. S?GK@, clusters will also generate up to 1024 randomized characters that will be used with the keys with <(ocker containers. 98
`
What steps would you take to apply the encryption settings with a dedicated hardware security layer?
)KKJHGIQ7
A. Incorrect. A Kubernetes cluster can be accessed through the kubectl command. Usage of Cloud HSM is correct.
B. Correct! Building a new cluster and deleting the old one is the solution. Cloud HSM provides an additional layer of dedicated hardware security and generates random bytes of up to 1024 characters.
C. Incorrect. Validating using MAC digital signatures is not helpful because they are used to verify messages. However, a startup script can be used to generate a random sequence.
D. Incorrect. The Google Cloud console cannot be used to edit a Kubernetes configuration. Validating using MAC digital signatures is not helpful because they are used to verify messages. However, a startup script can be used to generate a random sequence.
=NKUK WR RRRQ
:
●
https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek#boot-dis
ks
●
https://cloud.google.com/kubernetes-engine/docs/how-to/custom-boot-disks
●
https://cloud.google.com/kms/docs/using-other-products#cmek_integrations
&RQWKQW SGSSOQM7
●
ILT course: 9KIXUOW\ OQ *RRMRK &RRXJ
○
M5 Securing Compute Engine: Techniques and Best Practices
○
M6 Securing Cloud Data: Techniques and Best Practices
○
M8 Securing Google Kubernetes Engine
●
On-demand course: 9KIXUOW\ %KVW 6UGIWOIKV OQ *RRMRK &RRXJ
ż
M1 Securing Compute Engine: Techniques and Best Practices
ż
M2 Securing Cloud Data: Techniques and Best Practices
○
M4 Securing Google Kubernetes Engine
●
Skill badge: Ensure Access & Identity in Google Cloud
9XSSGU\7
All Google Cloud resources default to have data encrypted at rest. You can use Google-managed encryption keys to further encrypt GKE clusters, Compute Engine instance boot disks, Cloud Storage, and BigQuery. Alternatively, you could use customer-managed encryption keys to rotate keys.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą Ω <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
±.
6"reate a 6"onfidential VM instance with 6"ustomer-Supplied @,ncryption Keys. In 6"loud Logging, collect all logs for sevLaunch±ttestationReport@,vent.
5.
6"reate a Shielded VM instance with 6"ustomer-Supplied @,ncryption Keys. In 6"loud Logging, collect all logs for early5ootReport@,vent.
6".
6"reate a 6"onfidential VM instance with 6"ustomer-Managed @,ncryption Keys. In 6"loud Logging, collect all logs for early5ootReport@,vent.
<(.
6"reate a Shielded VM instance with 6"ustomer-Managed @,ncryption Keys. In 6"loud Logging, collect all logs for sevLaunch±ttestationReport@,vent.
6"ymbal 5ank needs to migrate existing loan processing applications to S?Google 6"loud. These applications transform confidential financial information. ±ll the data should be encrypted at all stages, including sharing between sockets and R±M. ±n integrity test should also be performed every time these instances boot. You need to use 6"ymbal 5ank’s encryption keys to configure the 6"ompute @,ngine instances. 98
`
What should you do?
)KKJHGIQ7
A. Correct! Use Customer-Supplied Encryption Keys because you need to use your own encryption keys. Confidential VMs have a unique launch attestation event that can be read from Cloud Logging.
B. Incorrect. Although using Customer-Supplied Encryption Keys is the correct choice, earlyBootReportEvent is not the parameter for booting. Use the launch attestation event from Cloud Logging.
C. Incorrect. Customer-Managed Encryption Keys will only let you manage key rotation, but you need to use your own encryption keys. Use the launch attestation event from Cloud Logging because earlyBootReportEvent is not the parameter for booting.
D. Incorrect. Customer-Managed Encryption Keys only let you manage key rotation, but you need to use your own encryption keys. However, Confidential VMs have a unique launch attestation event that can be read from Cloud Logging, so sevLaunchAttestationReportEvent is the correct choice.
=NKUK WR RRRQ
:
https://cloud.google.com/compute/confidential-vm/docs/about-cvm
&RQWKQW SGSSOQM7
●
ILT course: 9KIXUOW\ OQ *RRMRK &RRXJ
○
M5 Securing Compute Engine: Techniques and Best Practices
●
On-demand course: 9KIXUOW\ %KVW 6UGIWOIKV OQ *RRMRK &RRXJ
ż
M1 Securing Compute Engine: Techniques and Best Practices
9XSSGU\7
Confidential VMs use AMD’s Secure Encrypted Virtualization, which keeps data encrypted in RAM. They can be managed using Customer-Supplied or Customer-Managed Encryption Keys. These instances contain dedicated AES engines that encrypt data as it flows out of sockets and decrypt data when it is read.
When restarting, Confidential VMs generate a unique log called Launch Attestation. Cloud Logging can be used to filter the logs and collect sevLaunchAttestationReportEvent.
zroprietary + 6"onfidential
Security in S?Aoogle 6"loud
●
Z5 Securing 6"ompute @,ngine: Techniques and 5est zractices
●
Z6 Securing 6"loud <(ata: Techniques and 5est zractices
●
Z8 Securing S?Aoogle QRubernetes @,ngine
Storage classes | S?Google 6"loud
Object Lifecycle Management | 6"loud Storage Use customer-managed encryption keys
(6"M@,K) | Kubernetes @,ngine <(ocumentation |
S?Google 6"loud
6"onfiguring a custom boot disk | Kubernetes
@,ngine <(ocumentation | S?Google 6"loud
Using 6"loud KMS with other products
Rotating keys | 6"loud KMS <(ocumentation
6"onfidential VM and 6"ompute @,ngine | S?Google
6"loud Security 5est zractices in S?Aoogle 6"loud
●
Z1 Securing 6"ompute @,ngine
●
Z2 Securing 6"loud <(ata
●
Z4 Securing S?Aoogle QRubernetes @,ngine
Z]S²³²²ϧĊĊпą²³²²ϧëêêПåóòòЧíĊĊпąëêêПå ×ÖÖЋÑĊĊпąÌÍÌÌЁÇĬѡħҋőĩĩўĤķѬIJóòòЧíĐĐхċĊĊпą ²³²²ϧķѬIJ Ĭѡħ×ÖÖЋÑİѥīķѬIJЎ
óòòЧíĊĊпą ķѬIJĬѡħ²³²²ϧĊĊпąİѥīóòòЧíķѬIJЎ ²³²²ϧĊĊпąÒÓÒÒЇÍ óòòЧíĊĊпą ѱķİѥī×ÖÖЋÑ
<(ĐĐхċÌÍÌÌЁÇѱķĉĉоĄ×ÖÖЋÑĊĊпąķѬIJ²³²²ϧķѬIJóòòЧíĐĐхċĊĊпą
ĂāāжüóòòЧíĄĄйÿĄĄйÿ 5²³²²ϧÒÓÒÒЇÍëêêПå×ÖÖЋÑİѥī
6"ĐĐхċѱķĬѡħİѥī×ÖÖЋÑİѥī
ÖÁÁìµØ
6"loud
A9čċđıķĽŃįĭij×ÙÙ×Ý ±ÍÏÏÍÓÍÏÏÍÓ×ÙÙ×Ýıķıķ óµµ³¹čċđÓÕÕÓÙ
\THÓÕÕÓÙ×ÙÙ×Ýčċđĸľõõóùĸľŝ õõóùčċđ
TL@ēđėēđėííëñććąċ×ÙÙ×Ý
7ććąċēđėĽŃÓÕÕÓÙ
98
`
Let’s take a moment to consider resources that can help you build your knowledge and skills in this area. The concepts in the diagnostic questions we just reviewed are covered in these modules and in this documentation. Reviewing the documentation is highly recommended. You’ll find this list in your workbook so you can take a note of what you want to include later when you build your study plan. Based on your experience with the diagnostic questions, you may want to include some or all of these. ●
https://cloud.google.com/storage/docs/storage-classes ●
https://cloud.google.com/storage/docs/lifecycle
●
https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek#boot-dis
ks
●
https://cloud.google.com/kubernetes-engine/docs/how-to/custom-boot-disks
●
https://cloud.google.com/kms/docs/using-other-products#cmek_integrations ●
https://cloud.google.com/kms/docs/rotating-keys ●
https://cloud.google.com/compute/confidential-vm/docs/about-cvm
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
99
`
6"onsiderations include: ●
Implementing security controls for ±I/ML systems (e.g., protecting against unintentional exploitation of data or models)
●
<(etermining security requirements for IaaS-hosted and PaaS-hosted training models
}xyxxsĄĄйÿ²³²²ϧĊĊпąĊĊпąóòòЧíĊĊпąëêêПå êééОäĐĐхċĬѡħ İѥī×ÖÖЋÑÌÍÌÌЁÇѱķĬѡħóòòЧíķѬIJҋő ²³²²ϧĊĊпąÒÓÒÒЇÍ
ĩĩўĤĬѡħóòòЧí҄Ŋ²³²²ϧÌÍÌÌЁÇҋő óòòЧíĊĊпą ±[GM=
A Professional Cloud Security Engineer should be able to implement security controls for AI/ML systems and to determine security requirements for IaaS-hosted and PaaS-hosted training models.
Question 8 tested your knowledge on how to protect data and prevent the misuse of a model. Question 9 asked you what should you prioritize when defining security requirements. Question 10 checked your knowledge on how to plan for AI/ML specific security controls when developing a system.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΪ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
±.
@,nable S?Google 6"loud ±rmor on your deployed model to block malicious requests.
5.
Store all model training data in 5igQuery with public access for transparency.
6".
6"onfigure I±M roles to grant full access to the model for all S?Google 6"loud users.
<(.
<(eploy the model in a region with the highest data security standards.
@,.
Monitor the model's performance for anomalies and biases, then manually intervene if needed.
You are building an ±I model on S?Google 6"loud to analyze customer data and predict purchase behavior. This model will have access to sensitive information like purchase history and demographics. 99
`
To protect this data and prevent misuse of the model, what THR@,@, security controls are most important to implement?
)KKJHGIQ7
A. Correct! This actively protects the model from external threats and unauthorized access attempts, which is crucial for preventing data exploitation.
B. That’s incorrect. While transparency is valuable, publicly exposing sensitive training data directly contradicts the goal of protecting it from unauthorized access and exploitation.
C. That’s incorrect. This violates the principle of least privilege and significantly increases the risk of accidental or malicious misuse of the model.
D. Correct! This ensures compliance with regional regulations and data residency requirements, further safeguarding sensitive customer information.
E. Correct! Proactive monitoring and human oversight are essential for detecting potential misuse, bias, or unintended consequences of the AI model.
=NKUK WR RRRQ
:
●
https://cloud.google.com/blog/products/identity-security/how-sensitive-data-pro
tection-can-help-secure-generative-ai-workloads &RQWKQW SGSSOQM7
●
ILT course:
9KIXUOW\ OQ *RRMRK &RRXJ
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
○
M6 Securing Cloud Data
○
M10 Content-Related Vulnerabilities
●
On-demand course: 9KIXUOW\ %KVW 6UGIWOIKV OQ *RRMRK &RRXJ
ż
M2 Securing Cloud Data: Techniques and Best Practices
●
On-demand course: 0OWOMGWOQM 9KIXUOW\ <XRQKUGHOROWOKV RQ *RRMRK &RRXJ
○
M2 Content-Related Vulnerabilities: Techniques and Best Practices
9XSSGU\7
Leverage Google Cloud Armor, which provides a layer of protection against malicious requests targeting your deployed model. It acts as a firewall, filtering out traffic based on predefined rules and patterns designed to identify common web attacks.
Choose a deployment region that aligns with the highest data security standards applicable to your project. Consider factors like regulatory compliance (e.g., GDPR), industry-specific security certifications, and Google Cloud's own security measures in different regions.
Implement continuous monitoring of your model's performance. Look for anomalies that could indicate attempts to compromise the model's integrity or biases that may lead to discriminatory outcomes. Manual intervention allows you to take corrective actions when these issues are detected.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą ۜΫ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
99
`
±.
Network traffic inspection and intrusion detection
5.
6"ompliance with internal security policies
6".
<(ata location and residency restrictions
<(.
S?Granular access controls and permissions
@,.
Physical server hardening and security patches
You're building a machine learning model on S?Google 6"loud. You're choosing between two options: managing the infrastructure yourself (IaaS) or using S?Google's managed services (PaaS). To ensure the best security posture for both the model and its data, which TWO factors should you prioritize when defining security requirements for each hosting option?
)KKJHGIQ7
A. That’s incorrect. While valuable for overall security, these measures are not specific to IaaS or PaaS hosting. Both options can implement them independently of the chosen hosting model.
B. That’s incorrect. Internal security policies are important, but they apply equally to both IaaS and PaaS models and don't differentiate the specific security considerations for each hosting option.
C. Correct! In PaaS, Google manages the infrastructure, so you need to ensure data residency aligns with your compliance and privacy requirements.
D. Correct! Controlling who accesses the model and data is crucial for securing both IaaS and PaaS environments.
E. That’s incorrect. While crucial for IaaS where you manage the underlying infrastructure, this becomes less relevant in PaaS. Google manages and secures the physical servers in PaaS, reducing your direct responsibility for hardening and patching.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
=NKUK WR RRRQ
:
●
https://cloud.google.com/learn/paas-vs-iaas-vs-saas
&RQWKQW SGSSOQM7
●
ILT course:
9KIXUOW\ OQ *RRMRK &RRXJ
○
M2 Securing Access to Google Cloud
○
M10 Content-Related Vulnerabilities
●
On-demand course: 0GQGMOQM 9KIXUOW\ OQ *RRMRK &RRXJ
ż
M2 Securing Access to Google Cloud
●
On-demand course: 0OWOMGWOQM 9KIXUOW\ <XRQKUGHOROWOKV RQ *RRMRK &RRXJ
○
M2 Content-Related Vulnerabilities: Techniques and Best Practices
9XSSGU\7
Understand the specific regulations and compliance requirements that dictate where your data can be stored and processed. Configure your cloud environment to enforce these restrictions to maintain control over data location.
Implement a fine-grained approach to authorization. Define precise permissions that determine who can access specific models and what actions they can perform. This minimizes the risk of unauthorized access or model misuse.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
<(óòòЧí²³²²ϧëêêПåĊĊпąĐĐхċİѥīķѬIJóòòЧíÌÍÌÌЁÇ ѱķ×ÖÖЋÑİѥīķѬIJóòòЧíĐĐхċĊĊпą Σۜ <(óòòЧíİѥīÌÍÌÌЁÇѱķİѥīİѥīóòòЧíĐĐхċĊĊпą
99
`
What ±I/ML-specific security controls do you need to plan for when developing this system?
±.
Select S?Google 6"loud ±I services that leverage a PaaS model. These are the only ones that can guarantee a secure-by-design foundation. 5.
<(eploy your ±I solution using managed instance groups (MIS?Gs). These have baked in security controls specific to running ±I workloads. 6".
Leverage an ±I model-specific threat detection scanner. Threats between ±I systems and non-±I systems have very little in common. <(.
±I systems are more interconnected than non-±I systems. Prepare for new attack vectors, as attackers can exploit vulnerabilities in one system to attack another.
You are tasked with developing an ±I system on S?Google 6"loud for a telecommunications business. This ±I system will conduct sentiment analysis on conversations agents have with customers, and provide conversational recommendations to improve customer satisfaction in the future.
)KKJHGIQ7
A. That’s incorrect. All of Google Cloud’s AI products are built atop a scalable technical infrastructure underpinned by a secure-by-design foundation and supported by robust logical, operational and physical controls to achieve defense in depth, at scale, and by default.
B. That’s incorrect. MIGs do not contain security controls that are specific to running AI workloads.
C. That’s incorrect. Many threats between AI systems and non-AI systems are the same. Both systems need to be protected from unauthorized access, modification, and destruction of data — as well as other common threats.
D. Correct! AI systems are more interconnected. AI systems are often connected to other systems, inside and outside of an organization. This interconnectedness can create new attack vectors, as attackers can exploit vulnerabilities in one system to attack another.
&RQWKQW SGSSOQM7
●
ILT course:
9KIXUOW\ OQ *RRMRK &RRXJ
○
M6 Securing Cloud Data
○
M11 Monitoring, Logging, Auditing, and Scanning
●
On-demand course: 9KIXUOW\ %KVW 6UGIWOIKV OQ *RRMRK &RRXJ
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
ż
M2 Securing Cloud Data: Techniques and Best Practices
●
On-demand course: 0OWOMGWOQM 9KIXUOW\ <XRQKUGHOROWOKV OQ *RRMRK &RRXJ
ż
M3 Monitoring, Logging, Auditing and Scanning
9XSSGU\7
AI systems often have complex dependencies on other systems and data sources. This interconnectedness introduces new attack surfaces that may not be present in traditional software. Thoroughly map out these dependencies and potential vulnerabilities to proactively mitigate risks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
zroprietary + 6"onfidential
How-sensitive-data-protection-can-help-secur
e-generative-ai-workloads
Paas-vs-iaas-vs-saas
}xyxxsĄĄйÿ²³²²ϧĊĊпąĊĊпąóòòЧíĊĊпąëêêПå êééОäĐĐхċĬѡħ İѥī×ÖÖЋÑÌÍÌÌЁÇѱķĬѡħóòòЧíķѬIJҋő ²³²²ϧĊĊпąÒÓÒÒЇÍ
ĩĩўĤĬѡħóòòЧí҄Ŋ²³²²ϧÌÍÌÌЁÇҋő óòòЧíĊĊпą ±[GM=
<(ĐĐхċÌÍÌÌЁÇѱķĉĉоĄ×ÖÖЋÑĊĊпąķѬIJ²³²²ϧķѬIJóòòЧíĐĐхċĊĊпą
99
`
Security in S?Aoogle 6"loud
●
Z2 Securing ±ccess to S?Aoogle 6"loud
●
Z6 Securing 6"loud <(ata: Techniques and 5est zractices
●
Z10 6"ontent-Related Vulnerabilities: Techniques and 5est zractices
●
Z11 Zonitoring, Togging, ±uditing, and Scanning
Security 5est zractices in
S?Aoogle 6"loud
●
Z2 Securing 6"loud <(ata: Techniques and 5est zractices
Zitigating Security Vulnerabilities
on S?Aoogle 6"loud
●
Z2 6"ontent-Related Vulnerabilities: Techniques and 5est zractices
●
Z3 Zonitoring, Togging, ±uditing and Scanning
6"ĐĐхċѱķĬѡħİѥī×ÖÖЋÑİѥī
Zanaging Security in S?Aoogle 6"loud
●
Z2 Securing ±ccess to S?Aoogle 6"loud
Let’s take a moment to consider resources that can help you build your knowledge and skills in this area. The concepts in the diagnostic questions we just reviewed are covered in these modules and in this documentation. Reviewing the documentation is highly recommended. You’ll find this list in your workbook so you can take a note of what you want to include later when you build your study plan. Based on your experience with the diagnostic questions, you may want to include some or all of these. ●
https://cloud.google.com/blog/products/identity-security/how-sensitive-data-pro
tection-can-help-secure-generative-ai-workloads ●
https://cloud.google.com/learn/paas-vs-iaas-vs-saas
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help