PCSE Supporting compliance requirements • Complete Question Bank
Complete PCSE Supporting compliance requirements question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
Error log from a Cloud Run service:
```
{
"severity": "ERROR",
"message": "Failed to access Secret Manager secret 'projects/my-project/secrets/my-api-key/versions/latest'.",
"service": "my-service",
"reason": "Permission denied on resource 'projects/my-project/secrets/my-api-key/versions/latest'"
}
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Same key for encrypt and decrypt
Public key encrypt, private key decrypt
Private key signs, public key verifies
Periodically generate new key material
Bring your own key (BYOK) into Cloud KMS
Drag a concept onto its matching description — or click a concept then click the description.
Payment card data security
Protected health information privacy and security
Service organization controls for security, availability, etc.
Cloud security for U.S. federal agencies
Information security management system standard
Refer to the exhibit.
Exhibit: Contents of an organization policy constraint JSON applied to a folder:
```json
{
"name": "organizations/123456789/policies/iam.disableServiceAccountKeyUpload",
"spec": {
"rules": [
{
"enforce": true
}
]
}
}
```Refer to the exhibit.
Exhibit: Cloud Audit Log entry (partial):
```json
{
"logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity",
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {
"principalEmail": "user@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.5",
"callerSuppliedUserAgent": "gcloud/363.0.0"
},
"serviceName": "compute.googleapis.com",
"methodName": "v1.compute.instances.insert",
"resourceName": "projects/my-project/zones/us-central1-a/instances/new-instance",
"response": {
"insertId": "abc123"
},
"status": {}
}
}
```Refer to the exhibit. Exhibit: BigQuery query results: ```sql SELECT column1, column2 FROM `my-project.my_dataset.my_table` WHERE column1 LIKE '%ssn%' ``` Output: Returns one row with column1 = "SSN: 123-45-6789".
Refer to the exhibit.
```json
{
"name": "projects/my-project/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key",
"primary": {
"state": "ENABLED",
"createTime": "2024-01-01T00:00:00Z"
},
"purpose": "ENCRYPT_DECRYPT",
"rotationPeriod": null,
...
}
```Refer to the exhibit.
```json
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": ["user:alice@example.com"],
"condition": {
"title": "restrict_to_uk",
"expression": "resource.location.type == 'region' && resource.location.startsWith('europe-west')"
}
}
]
}
```Refer to the exhibit.
```json
{
"insertId": "xxx",
"logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Faccess_transparency",
"protoPayload": {
"methodName": "google.cloud.storage.Storage.GetObject",
"principalEmail": "system@google.com",
...
}
}
```{
"constraint": "constraints/gcp.resourceLocations",
"listPolicy": {
"allowedValues": ["us-central1", "us-east1"]
}
}audit_config {
service = "allServices"
audit_log_configs {
log_type = "DATA_READ"
exempted_members = ["serviceAccount:my-service-account@my-project.iam.gserviceaccount.com"]
}
audit_log_configs {
log_type = "DATA_WRITE"
exempted_members = []
}
}{
"name": "projects/123/locations/global/perimeters/pci-perimeter",
"status": {
"resources": ["projects/123"],
"restrictedServices": ["bigquery.googleapis.com"],
"vpcAccessibleServices": {
"allowedServices": ["storage.googleapis.com"]
}
}
}Refer to the exhibit.
```json
{
"kind": "storage#bucket",
"name": "compliance-bucket",
"retentionPolicy": {
"retentionPeriod": "31536000",
"effectiveTime": "2024-01-01T00:00:00Z",
"isLocked": true
},
"iamConfiguration": {
"uniformBucketLevelAccess": {
"enabled": true
}
}
}
```