Managing Security in Google Cloud: Foundations of Google Cloud Security (Module 02 Quizes and Answers)

1. Which ONE of the following statements is TRUE concerning Google's built-in security measures? 

• An organization's on-premises resources are not allowed to connect to Google Cloud in order to lower the risk of DDoS attacks.
• To guard against phishing attacks, all Google employee accounts require the use of U2F compatible security keys.
• Customers always have the option to configure their instances to encrypt all of their data while it is "at rest" within Google Cloud.
• Only Google-managed encryption keys are allowed to be used within Google Cloud.

Incorrect: You may wish to review Lesson 1 before attempting this quiz again.

2. Which of the following statements is TRUE regarding Shared Security Responsibility Model in Google Cloud? 

• Google is responsible for the complete stack including application security and access control. 
• The customer is responsible for the complete stack including application security and access control.
• It is a shared responsibility between the customer and Google.

Correct! The customer is responsible for everything brought into the cloud as well as access management, the appropriate configuration of firewalls, app security, etc. Google is responsible for the security of the cloud (i.e. the underlying layer).

3. Which TWO of the following statements are TRUE regarding regulatory compliance on Google Cloud?

• Proper configuration of encryption and firewalls is not the only requirement for achieving regulatory compliance.
• Correct! You also need data protection that is in compliance with the regulatory standards you wish to meet.
• Google's Cloud products regularly undergo independent verification of security, privacy, and compliance controls.
• Correct! Google works to achieve certifications against global standards so we can earn your trust.
• Contacting your regulatory compliance certification agency is the only way to find out whether Google currently supports that particular standard.
• Google has no plans at this time to expand its already-extensive portfolio of regulatory compliance certifications.

4. For Platform-as-a-Service (PaaS) offerings, which of the following is NOT a customer-managed component of the shared security responsibility model? 

• Web application security 
• Access policies
• Network security
• Deployment 

Correct! Network security is customer-managed for Infrastructure-as-a-Service (IaaS) offerings. This is Google-managed for Platform-as-a-Service (PaaS) offerings.