Skip to content

Security :Reliable Google Cloud Infrastructure: Design and Process (Preparing for Google Cloud Certification: Cloud Architect Professional Certificate) Answers 2025

Question 1

What do you have to do to enable encryption when using Cloud Storage?

🟩 Nothing as encryption is enabled by default.
❌ Create an encryption key using Cloud KMS
❌ Enable encryption and upload a key
❌ Simply enable encryption when configuring a bucket

Explanation:

Cloud Storage always encrypts data at rest by default using Google-managed keys.
Customer-managed keys (CMEK) are optionalβ€”not required.

Question 2

Which Google Cloud features could help reduce the risk of DDoS attacks?

❌ Global external Application Load Balancer
🟩 All of these
❌ Google Cloud Armor
❌ Cloud CDN

Explanation:

All listed features contribute to DDoS mitigation:

  • Cloud Armor β†’ DDoS protection & WAF

  • Cloud CDN β†’ reduces load on origin servers

  • Global Load Balancer β†’ distributes traffic globally

Therefore, All of these is correct.

Question 3

You don’t want programmers to have access to production resources. What’s the easiest solution?

❌ Use different service accounts
❌ Create firewall rules
🟩 Create development and production projects, and don’t give developers access to production.
❌ Use private access + IAP

Explanation:

The simplest and recommended Google Cloud practice is:
Separate dev/test and prod into different projects and restrict IAM access.

Question 4

What Google Cloud service helps enforce least privilege?

❌ Firewall rules
❌ SSL certificates
🟩 IAM members and roles
❌ Encryption keys

Explanation:

Least privilege means giving each user only the permissions needed.
This is exactly what IAM roles and policies enforce.

🧾 Summary Table

Q# Correct Answer Key Concept
1 Encryption enabled by default Cloud Storage encrypts all data automatically
2 All of these Multiple GCP features help mitigate DDoS
3 Separate dev & prod projects Project-level isolation is best practice
4 IAM members and roles Enforces least privilege