Join the discussion
Question 104/121
You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted dat a. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?
How should you prevent and fix this vulnerability?
Correct Answer: D
Reference:
https://cloud.google.com/security-scanner/docs/remediate-findings
https://cloud.google.com/security-scanner/docs/remediate-findings
Add Comments
- Other Question (121q)
- Q1. Your team needs to make sure that a Compute Engine instance does not have access to the in...
- Q2. An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT worklo...
- Q3. A patch for a vulnerability has been released, and a DevOps team needs to update their run...
- Q4. How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM...
- Q5. You are creating an internal App Engine application that needs to access a user's Google D...
- Q6. An application running on a Compute Engine instance needs to read data from a Cloud Storag...
- Q7. When creating a secure container image, which two items should you incorporate into the bu...
- Q8. You need to set up two network segments: one with an untrusted subnet and the other with a...
- Q9. A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP...
- Q10. A business unit at a multinational corporation signs up for GCP and starts moving workload...
- Q11. A company's application is deployed with a user-managed Service Account key. You want to u...
- Q12. What are the steps to encrypt data using envelope encryption?...
- Q13. Your team needs to make sure that a Compute Engine instance does not have access to the in...
- Q14. Your customer is moving their corporate applications to Google Cloud Platform. The securit...
- Q15. Your company wants to collect and analyze CVE information for packages in container images...
- Q16. Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your...
- Q17. Applications often require access to "secrets" -small pieces of sensitive data at build or...
- Q18. Which international compliance standard provides guidelines for information security contr...
- Q19. A patch for a vulnerability has been released, and a DevOps team needs to update their run...
- Q20. You are troubleshooting access denied errors between Compute Engine instances connected to...
- Q21. A customer deploys an application to App Engine and needs to check for Open Web Applicatio...
- Q22. A company is running workloads in a dedicated server room. They must only be accessed from...
- Q23. What are the steps to encrypt data using envelope encryption?...
- Q24. You are a security administrator at your company. Per Google-recommended best practices, y...
- Q25. You are a member of the security team at an organization. Your team has a single GCP proje...
- Q26. You want to limit the images that can be used as the source for boot disks. These images w...
- Q27. You need to provide a corporate user account in Google Cloud for each of your developers a...
- Q28. Your team wants to centrally manage GCP IAM permissions from their on-premises Active Dire...
- Q29. You need to enable VPC Service Controls and allow changes to perimeters in existing enviro...
- Q30. A company has been running their application on Compute Engine. A bug in the application a...
- Q31. Your company is deploying their applications on Google Kubernetes Engine. You want to foll...
- Q32. You are responsible for protecting highly sensitive data in BigQuery. Your operations team...
- Q33. A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute E...
- Q34. You are exporting application logs to Cloud Storage. You encounter an error message that t...
- Q35. In a shared security responsibility model for IaaS, which two layers of the stack does the...
- Q36. A company is deploying their application on Google Cloud Platform. Company policy requires...
- Q37. An organization's typical network and security review consists of analyzing application tr...
- Q38. When working with agents in a support center via online chat, an organization's customers ...
- Q39. Your team wants to centrally manage GCP IAM permissions from their on-premises Active Dire...
- Q40. A DevOps team will create a new container to run on Google Kubernetes Engine. As the appli...
- Q41. You want to evaluate GCP for PCI compliance. You need to identify Google's inherent contro...
- Q42. You want to limit the images that can be used as the source for boot disks. These images w...
- Q43. An organization receives an increasing number of phishing emails. Which method should be u...
- Q44. You want to evaluate GCP for PCI compliance. You need to identify Google's inherent contro...
- Q45. A company has been running their application on Compute Engine. A bug in the application a...
- Q46. A company has been running their application on Compute Engine. A bug in the application a...
- Q47. A customer needs to rely on their existing user directory with the requirements of native ...
- Q48. Applications often require access to "secrets" - small pieces of sensitive data at build o...
- Q49. Your company is storing sensitive data in Cloud Storage. You want a key generated on-premi...
- Q50. You plan to use a Google Cloud Armor policy to prevent common attacks such as cross-site s...
- Q51. A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute En...
- Q52. Your company is storing files on Cloud Storage. To comply with local regulations, you want...
- Q53. A company is running workloads in a dedicated server room. They must only be accessed from...
- Q54. A customer wants to use Cloud Identity as their primary IdP. The customer wants to use oth...
- Q55. An employer wants to track how bonus compensations have changed over time to identify empl...
- Q56. You will create a new Service Account that should be able to list the Compute Engine insta...
- Q57. An organization is starting to move its infrastructure from its on-premises environment to...
- Q58. Which two implied firewall rules are defined on a VPC network? (Choose two.)...
- Q59. A customer wants to make it convenient for their mobile workforce to access a CRM web inte...
- Q60. An employer wants to track how bonus compensations have changed over time to identify empl...
- Q61. A customer's company has multiple business units. Each business unit operates independentl...
- Q62. Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your...
- Q63. A customer wants to make it convenient for their mobile workforce to access a CRM web inte...
- Q64. A customer wants to make it convenient for their mobile workforce to access a CRM web inte...
- Q65. A retail customer allows users to upload comments and product reviews. The customer needs ...
- Q66. Your organization has had a few recent DDoS attacks. You need to authenticate responses to...
- Q67. A customer's internal security team must manage its own encryption keys for encrypting dat...
- Q68. A customer's data science group wants to use Google Cloud Platform (GCP) for their analyti...
- Q69. You need to set up a Cloud interconnect connection between your company's on-premises data...
- Q70. You want to prevent users from accidentally deleting a Shared VPC host project. Which orga...
- Q71. Applications often require access to "secrets" - small pieces of sensitive data at build o...
- Q72. Last week, a company deployed a new App Engine application that writes logs to BigQuery. N...
- Q73. Which two implied firewall rules are defined on a VPC network? (Choose two.)...
- Q74. A company has redundant mail servers in different Google Cloud Platform regions and wants ...
- Q75. Which type of load balancer should you use to maintain client IP by default while using th...
- Q76. You are the security admin of your company. You have 3,000 objects in your Cloud Storage b...
- Q77. Your Security team believes that a former employee of your company gained unauthorized acc...
- Q78. You are asked to recommend a solution to store and retrieve sensitive configuration data f...
- Q79. You recently joined the networking team supporting your company's Google Cloud implementat...
- Q80. Your team wants to make sure Compute Engine instances running in your production project d...
- Q81. A manager wants to start retaining security event logs for 2 years while minimizing costs....
- Q82. Your team needs to make sure that a Compute Engine instance does not have access to the in...
- Q83. You are part of a security team investigating a compromised service account key. You need ...
- Q84. Your organization acquired a new workload. The Web and Application (App) servers will be r...
- Q85. Your company is using GSuite and has developed an application meant for internal usage on ...
- Q86. You need to connect your organization's on-premises network with an existing Google Cloud ...
- Q87. Last week, a company deployed a new App Engine application that writes logs to BigQuery. N...
- Q88. While migrating your organization's infrastructure to GCP, a large number of users will ne...
- Q89. What are the steps to encrypt data using envelope encryption?...
- Q90. An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT worklo...
- Q91. A large financial institution is moving its Big Data analytics to Google Cloud Platform. T...
- Q92. A company allows every employee to use Google Cloud Platform. Each department has a Google...
- Q93. Your team needs to obtain a unified log view of all development cloud projects in your SIE...
- Q94. Your organization recently deployed a new application on Google Kubernetes Engine. You nee...
- Q95. A customer is collaborating with another company to build an application on Compute Engine...
- Q96. Your team needs to configure their Google Cloud Platform (GCP) environment so they can cen...
- Q97. A company has been running their application on Compute Engine. A bug in the application a...
- Q98. As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need...
- Q99. A retail customer allows users to upload comments and product reviews. The customer needs ...
- Q100. A company's application is deployed with a user-managed Service Account key. You want to u...
- Q101. A customer has 300 engineers. The company wants to grant different levels of access and ef...
- Q102. Your company wants to determine what products they can build to help customers improve the...
- Q103. A DevOps team will create a new container to run on Google Kubernetes Engine. As the appli...
- Q104. You are on your company's development team. You noticed that your web application hosted i...
- Q105. An organization's security and risk management teams are concerned about where their respo...
- Q106. You are in charge of migrating a legacy application from your company datacenters to GCP b...
- Q107. Your team wants to make sure Compute Engine instances running in your production project d...
- Q108. A DevOps team will create a new container to run on Google Kubernetes Engine. As the appli...
- Q109. An organization is starting to move its infrastructure from its on-premises environment to...
- Q110. As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need...
- Q111. You are a member of the security team at an organization. Your team has a single GCP proje...
- Q112. Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your...
- Q113. A company is running workloads in a dedicated server room. They must only be accessed from...
- Q114. You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud K...
- Q115. A security team at an e-commerce company wants to define an automatic incident response pr...
- Q116. While migrating your organization's infrastructure to GCP, a large number of users will ne...
- Q117. Your company has deployed an application on Compute Engine. The application is accessible ...
- Q118. A customer wants to move their sensitive workloads to a Compute Engine-based cluster using...
- Q119. An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT worklo...
- Q120. You are in charge of migrating a legacy application from your company datacenters to GCP b...
- Q121. You have an application where the frontend is deployed on a managed instance group in subn...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Security-Engineer.v2022-07-24.q121.pdf