Google PCA Design for security and compliance • Complete Question Bank
Complete Google PCA Design for security and compliance question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```yaml
# organization_policy.yaml
constraint: constraints/iam.allowedPolicyMemberDomains
listPolicy:
allowedValues:
- C0xxxxxxx # Google Cloud organization ID
- A1b2C3d4E5f6G7h8I9j0K1l2M3n4O5p6 # Cloud Identity domain: example.com
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Virtual machines with full control
Managed Kubernetes clusters
Serverless containers
Platform as a Service (PaaS)
Event-driven serverless functions
Drag a concept onto its matching description — or click a concept then click the description.
Stream and batch data processing (Apache Beam)
Managed Hadoop and Spark clusters
Asynchronous messaging for event ingestion
Visual data integration pipelines
Workflow orchestration (Apache Airflow)
Refer to the exhibit.
```json
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": [
"user:alice@example.com"
]
},
{
"role": "roles/storage.objectAdmin",
"members": [
"user:bob@example.com",
"serviceAccount:sa@project.iam.gserviceaccount.com"
]
}
]
}
```Refer to the exhibit. ``` gcloud compute firewall-rules describe my-rule --- allowed: - IPProtocol: tcp ports: - 80 - 443 direction: INGRESS sourceRanges: - 10.0.0.0/8 - 192.168.0.0/16 targetTags: - web-server ```
Refer to the exhibit.
```bash
$ gcloud projects set-iam-policy my-project policy.json
Updated IAM policy for project [my-project].
$
```
Contents of policy.json:
```json
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": [
"user:alice@example.com",
"serviceAccount:sa-bucket-reader@my-project.iam.gserviceaccount.com"
]
}
],
"etag": "BwVY3Y8Y8Y8="
}
```Refer to the exhibit.
IAM policy for project my-project:
```json
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": ["user:alice@example.com"]
},
{
"role": "roles/storage.objectAdmin",
"members": ["user:alice@example.com"]
}
],
"denyRules": [
{
"denialCondition": {
"expression": "resource.name.startsWith('projects/my-project/buckets/secret-bucket')"
},
"members": ["user:alice@example.com"],
"role": "roles/storage.objectViewer"
}
]
}
```Refer to the exhibit.
Cloud Audit Log entry:
```json
{
"protoPayload": {
"methodName": "v1.compute.firewalls.insert",
"resourceName": "projects/my-project/global/firewalls/allow-ssh",
"authenticationInfo": {
"principalEmail": "admin@example.com"
},
"authorizationInfo": [
{
"permission": "compute.firewalls.create",
"granted": false,
"resourceAttributes": {
"name": "projects/my-project/global/firewalls"
}
}
],
"status": {
"code": 7,
"message": "Permission denied"
}
}
}
```Refer to the exhibit.
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": [
"user:alice@example.com",
"serviceAccount:my-sa@project.iam.gserviceaccount.com"
]
},
{
"role": "roles/storage.objectCreator",
"members": [
"user:bob@example.com"
]
}
],
"etag": "BwWw=="
}