Module 2: Foundations of Google Cloud Security
Looking for ‘Managing Security in Google Cloud Module 2 Answers’?
In this post, I provide complete, accurate, and detailed explanations for the answers to Module 2: Foundations of Google Cloud Security of Course 9: Managing Security in Google Cloud – Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certificate.
Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!
Foundations of Google Cloud Security
Graded Assignment
1. Which ONE of the following statements is TRUE concerning Google's built-in security measures?
- Customers always have the option to configure their instances to encrypt all of their data while it is “at rest” within Google Cloud.
- Only Google-managed encryption keys are allowed to be used within Google Cloud.
- An organization’s on-premises resources are not allowed to connect to Google Cloud in order to lower the risk of DDoS attacks.
- To guard against phishing attacks, all Google employee accounts require the use of U2F compatible security keys. ✅
Explanation:
Google enforces strict internal security and requires all its employees to use Universal 2nd Factor (U2F) compatible security keys to mitigate phishing threats.
2. Which of the following statements is TRUE regarding Shared Security Responsibility Model in Google Cloud?
- Google is responsible for the complete stack including application security and access control.
- It is a shared responsibility between the customer and Google. ✅
- The customer is responsible for the complete stack including application security and access control.
Explanation:
In the Shared Responsibility Model, Google manages the security of the cloud (infrastructure), while customers manage security in the cloud (apps, data, configurations).
3. Which TWO of the following statements are TRUE regarding regulatory compliance on Google Cloud?
- Contacting your regulatory compliance certification agency is the only way to find out whether Google currently supports that particular standard.
- Google’s Cloud products regularly undergo independent verification of security, privacy, and compliance controls. ✅
- Proper configuration of encryption and firewalls is not the only requirement for achieving regulatory compliance. ✅
- Google has no plans at this time to expand its already-extensive portfolio of regulatory compliance certifications.
Explanation:
Google Cloud undergoes regular third-party audits and certifications. Regulatory compliance also involves organizational policies, identity access management, logging, monitoring, etc., beyond just encryption and firewall settings.
4. For Platform-as-a-Service (PaaS) offerings, which of the following is NOT a customer-managed component of the shared security responsibility model?
- Network security ✅
- Access policies
- Web application security
- Deployment
Explanation:
In the PaaS model, Google (the cloud provider) is responsible for managing the underlying infrastructure, which includes:
- Deployment
- Network infrastructure and security
- Operating system and runtime
The customer, on the other hand, is responsible for:
- Access policies
- Web application security
- Configuration of their application
Related contents:
You might also like:
Course 1: Preparing for Your Professional Cloud Security Engineer Journey
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Networking in Google Cloud: Fundamentals
Course 4: Networking in Google Cloud: Routing and Addressing
Course 5: Networking in Google Cloud: Network Architecture
Course 6: Networking in Google Cloud: Network Security
Course 7: Networking in Google Cloud: Load Balancing
Course 10: Security Best Practices in Google Cloud
Course 11: Mitigating Security Vulnerabilities on Google Cloud
Course 12: Logging and Monitoring in Google Cloud
Course 13: Observability in Google Cloud
Course 14: Hands-On Labs in Google Cloud for Security Engineers