0
0
GCPcloud~20 mins

Security design principles in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Security Design Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding the Principle of Least Privilege

Which option best describes the principle of least privilege in cloud security?

AUsers and services are given only the permissions they need to perform their tasks, no more.
BPermissions are assigned randomly to users to speed up deployment.
CAll users are given full access to all resources to avoid permission errors.
DUsers share a single account with admin rights to simplify management.
Attempts:
2 left
💡 Hint

Think about minimizing access to reduce risk.

Architecture
intermediate
2:00remaining
Designing a Secure Network Architecture

In a GCP environment, which design best isolates sensitive data from public internet access?

AAllow direct SSH access from the internet to all instances storing sensitive data.
BStore sensitive data in a public subnet with firewall rules allowing all traffic.
CUse a single VPC with all resources having public IPs for easy access.
DPlace sensitive data in a private subnet with no external IPs and use Cloud VPN for access.
Attempts:
2 left
💡 Hint

Think about how to keep data away from the public internet.

security
advanced
2:00remaining
Identifying the Impact of Misconfigured IAM Roles

What is the most likely outcome if a GCP service account is granted the 'Owner' role instead of a more restrictive role?

AThe service account will be unable to access any resources, causing failures.
BThe service account will have read-only access, preventing changes to resources.
CThe service account can modify or delete any resource in the project, increasing risk if compromised.
DThe service account will only access storage buckets but not compute resources.
Attempts:
2 left
💡 Hint

Consider what the 'Owner' role allows.

Best Practice
advanced
2:00remaining
Implementing Defense in Depth in Cloud Security

Which option best illustrates the defense in depth strategy in GCP security?

ARelying solely on network firewalls to protect all resources.
BUsing multiple layers of security controls like firewalls, IAM, encryption, and monitoring together.
CUsing only encryption without access controls or monitoring.
DAllowing open access and relying on user vigilance to prevent attacks.
Attempts:
2 left
💡 Hint

Think about combining different security measures.

service_behavior
expert
2:00remaining
Analyzing the Effect of Enabling VPC Service Controls

What is the primary effect of enabling VPC Service Controls around a GCP project?

AIt creates a security perimeter that restricts data access to trusted networks and prevents data exfiltration.
BIt automatically encrypts all data at rest without any configuration needed.
CIt allows unrestricted access to resources from any network for easier collaboration.
DIt disables all external internet access to the project resources permanently.
Attempts:
2 left
💡 Hint

Consider how VPC Service Controls protect data boundaries.