When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.

Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

A. Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.

B. Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.

C. Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.

D. Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects.

Which two steps should the company take to meet these requirements? (Choose two.)

A. Create a project with multiple VPC networks for each environment.

B. Create a folder for each development and production environment.

C. Create a Google Group for the Engineering team, and assign permissions at the folder level.

D. Create an Organizational Policy constraint for each folder environment.

E. Create projects for each environment, and grant IAM rights to each engineering user.

Your organization wants to protect all workloads that run on Compute Engine VM to ensure that the instances weren't compromised by boot-level or kernel-level malware. Also, you need to ensure that data in use on the VM cannot be read by

the underlying host system by using a hardware-based solution.

What should you do?

A. 1 Use Google Shielded VM including secure boot Virtual Trusted Platform Module (vTPM) and integrity monitoring 2 Create a Cloud Run function to check for the VM settings generate metrics and run the function regularly

B. 1 Activate Virtual Machine Threat Detection in Security Command Center (SCO Premium 2 Monitor the findings in SCC

C. 1 Use Google Shielded VM including secure boot Virtual Trusted Platform Module (vTPM) and integrity monitoring 2 Activate Confidential Computing 3 Enforce these actions by using organization policies

D. 1 Use secure hardened images from the Google Cloud Marketplace 2 When deploying the images activate the Confidential Computing option 3 Enforce the use of the correct images and Confidential Computing by using organization policies

You manage a fleet of virtual machines (VMs) in your organization. You have encountered issues with lack of patching in many VMs. You need to automate regular patching in your VMs and view the patch management data across multiple projects.

What should you do? (Choose two.)

A. View patch management data in VM Manager by using OS patch management.

B. View patch management data in Artifact Registry.

C. View patch management data in a Security Command Center dashboard.

D. Deploy patches with Security Command Genter by using Rapid Vulnerability Detection.

E. Deploy patches with VM Manager by using OS patch management.

For data residency requirements, you want your secrets in Google Clouds Secret Manager to only have payloads in europe-west1 and europe-west4. Your secrets must be highly available in both regions. What should you do?

A. Create your secret with a user managed replication policy, and choose only compliant locations.

B. Create your secret with an automatic replication policy, and choose only compliant locations.

C. Create two secrets by using Terraform, one in europe-west1 and the other in europe-west4.

D. Create your secret with an automatic replication policy, and create an organizational policy to deny secret creation in non-compliant locations.