Free Google Professional-Cloud-Security-Engineer Exam Questions

Question 1

You have just created a new log bucket to replace the _Default log bucket. You want to route all log entries that are currently routed to the _Default log bucket to this new log bucket in the most efficient manner. What should you do?

A : Create a user-defined sink with inclusion filters copied from the _Default sink. Select the new log bucket as the sink destination.

B : Create exclusion filters for the _Default sink to prevent it from receiving new logs. Create a userdefined sink, and select the new log bucket as the sink destination.

C : Disable the _Default sink. Create a user-defined sink and select the new log bucket as the sink destination.

D : Edit the _Default sink, and select the new log bucket as the sink destination.

Answer: D

Question 2

A company is running workloads in a dedicated server room. They must only be accessed from within the

private company network. You need to connect to these workloads from Compute Engine instances within a

Google Cloud Platform project.

Which two approaches can you take to meet the requirements? (Choose two.)

A : Configure the project with Cloud VPN.

B : Configure the project with Shared VPC.

C : Configure the project with Cloud Interconnect.

D : Configure the project with VPC peering.

E : Configure all Compute Engine instances with Private Access.

Answer: A,C

Question 3

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

A : Perform data masking with the DLP API and store that data in BigQuery for later use

B : Perform data redaction with the DLP API and store that data in BigQuery for later use

C : Perform data inspection with the DLP API and store that data in BigQuery for later use.

D : Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

Answer: D

Question 4

A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage

IAM permissions between users in the development and production environment projects.

Which two steps should the company take to meet these requirements? (Choose two.)

A : Create a project with multiple VPC networks for each environment.

B : Create a folder for each development and production environment.

C : Create a Google Group for the Engineering team, and assign permissions at the folder level.

D : Create an Organizational Policy constraint for each folder environment.

E : Create projects for each environment, and grant IAM rights to each engineering user.

Answer: B,C

Question 5

You have just created a new log bucket to replace the _Default log bucket. You want to route all log entries that are currently routed to the _Default log bucket to this new log bucket in the most efficient manner. What should you do?

A : Create a user-defined sink with inclusion filters copied from the _Default sink. Select the new log bucket as the sink destination.

B : Create exclusion filters for the _Default sink to prevent it from receiving new logs. Create a userdefined sink, and select the new log bucket as the sink destination.

C : Disable the _Default sink. Create a user-defined sink and select the new log bucket as the sink destination.

D : Edit the _Default sink, and select the new log bucket as the sink destination.

Answer: D