Free Google Professional-Cloud-Security-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Security-Engineer exam questions and correct answers

Page: 1 / 70

Total 347 Questions | Updated On: Mar 07, 2026

Add To Cart

Question 1

A company is running workloads in a dedicated server room. They must only be accessed from within the

private company network. You need to connect to these workloads from Compute Engine instances within a

Google Cloud Platform project.

Which two approaches can you take to meet the requirements? (Choose two.)

A : Configure the project with Cloud VPN.

B : Configure the project with Shared VPC.

C : Configure the project with Cloud Interconnect.

D : Configure the project with VPC peering.

E : Configure all Compute Engine instances with Private Access.

Answer: A,C

Question 2

Your organization has established a highly sensitive project within a VPC Service Controls perimeter. Youneed to ensure that only users meeting specific contextual requirements such as having a company-manageddevice, a specific location, and a valid user identity can access resources within this perimeter. You want toevaluate the impact of this change without blocking legitimate access. What should you do?

A : Configure a VPC Service Controls perimeter in dry run mode, and enforce strict network segmentationusing firewall rules. Use multi-factor authentication (MFA) for user verification.

B : Use Cloud Audit Logs to monitor user access to the project resources. Use post-incident analysis toidentify unauthorized access attempts.

C : Establish a Context-Aware Access policy that specifies the required contextual attributes, and associatethe policy with the VPC Service Controls perimeter in dry run mode.

D : Use the VPC Service Control Violation dashboard to identify the impact of details about access denialsby service perimeters.

Answer: C

Question 3

You run applications on Cloud Run. You already enabled container analysis for vulnerability scanning.

However, you are concerned about the lack of control on the applications that are deployed. You must ensure

that only trusted container images are deployed on Cloud Run.

What should you do?

Choose 2 answers

A : able Binary Authorization on the existing Kubernetes cluster.

B : t the organization policy constraint constraints/run. allowedBinaryAuthorizationPolicie to the list of allowed Binary Authorization policy names.

C : t the organization policy constraint constraints/compute.trustedimageProjects to the list of protects that contain the trusted container images

D : able Binary Authorization on the existing Cloud Run service

E : Cloud Run breakglass to deploy an image that meets the Binary Authorization policy by default.

Answer: B,D

Question 4

Your organization has an application hosted in Cloud Run. You must control access to the application byusing Cloud Identity-Aware Proxy (IAP) with these requirements:Only users from the AppDev group may have access.Access must be restricted to internal network IP addresses.What should you do?

A : Configure IAP to enforce multi-factor authentication (MFA) for all users and use network intrusiondetection systems (NIDS) to block unauthorized access attempts.

B : Configure firewall rules to limit access to IAP based on the AppDev group and source IP addresses.

C : Create an access level that includes conditions for internal IP address ranges and AppDev groups.Apply this access level to the application's IAP policy.

D : Deploy a VPN gateway and instruct the AppDev group to connect to the company network beforeaccessing the application.

Answer: C

Question 5

A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage

IAM permissions between users in the development and production environment projects.

Which two steps should the company take to meet these requirements? (Choose two.)

A : Create a project with multiple VPC networks for each environment.

B : Create a folder for each development and production environment.

C : Create a Google Group for the Engineering team, and assign permissions at the folder level.

D : Create an Organizational Policy constraint for each folder environment.

E : Create projects for each environment, and grant IAM rights to each engineering user.

Answer: B,C

Page: 1 / 70

Total 347 Questions | Updated On: Mar 07, 2026

Add To Cart