Free Google Professional-Cloud-Security-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Security-Engineer exam questions and correct answers

Page: 1 / 70

Total 347 Questions | Updated On: Jan 15, 2026

Add To Cart

Question 1

Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way. What should you do?

A : eate a service account key and add it to the GitHub pipeline configuration file

B : eate a service account key and add it to the GitHub repository content

C : nfigure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.

D : nfigure workload identity federation to use GitHub as an identity pool provider.

Answer: D

Question 2

As a virtual interior design service company, we want to use Google Cloud Platform (GCP) for certain IT workloads. We already use a well-established directory service to manage user identities and lifecycle management, which must remain the `source of truth` directory for identities. What GCP solution can we use to meet our requirements?

A : SAML (Security Assertion Markup Language) is a protocol used for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider.

B : Identity and Access Management (IAM) in Google Cloud is known as Cloud Identity.

C : Pub/Sub is a messaging service provided by Google Cloud.

D : GCDS stands for Google Cloud Directory Sync.

Answer: D

Question 3

Your organization relies heavily on virtual machines (VMs) in Compute Engine. Due to team growth andresource demands. VM sprawl is becoming problematic. Maintaining consistent security hardening and timelypackage updates poses an increasing challenge. You need to centralize VM image management and automatethe enforcement of security baselines throughout the virtual machine lifecycle. What should you do?

A : Activate Security Command Center Enterprise. Use VM discovery and posture management features tomonitor hardening state and trigger automatic responses upon detection of issues.B. Create a CloudBuild trigger to build a pipeline that generates hardened VM images. Run vulnerability scans in thepipeline, and store images with passing scans in a registry. Use instance templates pointing to thisregistry.

B : Configure the sole-tenancy feature in Compute Engine for all projects. Set up custom organization policies in Policy Controller to restrict the operating systems and image sources that teams are allowed to use.

C : Use VM Manager to automatically distribute and apply patches to VMs across your projects. IntegrateVM Manager with hardened. organization-standard VM images stored in a central repository.

Answer: B

Question 4

You will create a new Service Account that should be able to list the Compute Engine instances in the project.

You want to follow Google-recommended practices.

What should you do?

A : eate an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.

B : eate a custom role with the permission compute.instances.list and grant the Service Account this role

C : ve the Service Account the role of Compute Viewer, and use the new Service Account for all instances

D : ve the Service Account the role of Project Viewer, and use the new Service Account for all instances.

Answer: B

Question 5

You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?

A : l load balancer types are denied in accordance with the global node's policy.

B : TERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS is denied in accordance with the folder's policy.

C : TERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY are denied in accordance with the project's policy.

D : TERNAL TCP_PROXY, EXTERNAL_SSL_PROXY, INTERNAL TCP_UDP, and INTERNAL_HTTP_HTTPS are denied in accordance with the folder and project's policies.

Answer: D

Page: 1 / 70

Total 347 Questions | Updated On: Jan 15, 2026

Add To Cart