Free Google Professional-Cloud-Security-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Security-Engineer exam questions and correct answers

Page: 1 / 57

Total 284 Questions | Updated On: Jan 08, 2025

Add To Cart

Question 1

You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?

A : eate an hourly cron job to run a Cloud Function that finds public buckets and makes them private.

B : able the constraints/storage.publicAccessPrevention constraint at the organization level.

C : able the constraints/storage.uniformBucketLevelAccess constraint at the organization level.

D : eate a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.

Answer: B

Question 2

You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?

A : l load balancer types are denied in accordance with the global node's policy.

B : TERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS is denied in accordance with the folder's policy.

C : TERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY are denied in accordance with the project's policy.

D : TERNAL TCP_PROXY, EXTERNAL_SSL_PROXY, INTERNAL TCP_UDP, and INTERNAL_HTTP_HTTPS are denied in accordance with the folder and project's policies.

Answer: D

Question 3

What type of networking design should an electric vehicle manufacturer company use on Google Cloud Platform (GCP) to centralize control over networking resources like firewall rules, subnets, and routes, and allow on-premises resources access back to GCP resources through a private VPN connection while enabling the network security team to control the networking resources?

A : Implementing a hub and spoke model for VPC peering across all engineering projects.

B : Implement a hub and spoke model by creating a Cloud VPN Gateway that connects all engineering projects.

C : The networking team should be given Compute Admin role for every engineering project.

D : A Shared VPC Network consists of a host project and multiple service projects.

Answer: D

Question 4

As a virtual interior design service company, we want to use Google Cloud Platform (GCP) for certain IT workloads. We already use a well-established directory service to manage user identities and lifecycle management, which must remain the `source of truth` directory for identities. What GCP solution can we use to meet our requirements?

A : SAML (Security Assertion Markup Language) is a protocol used for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider.

B : Identity and Access Management (IAM) in Google Cloud is known as Cloud Identity.

C : Pub/Sub is a messaging service provided by Google Cloud.

D : GCDS stands for Google Cloud Directory Sync.

Answer: D

Question 5

As an Online education platform company, you need to develop an internal App Engine application that can access a user's Google Drive without relying on current user credentials, while following Google's recommended practices. What steps should you take to accomplish this using Google Cloud Services?

A : To impersonate the user, you should create a new service account and provide it G Suite domain-wide delegation, which the application can use.

B : To ensure secure operations of the application, it is recommended to use a separate G Suite Admin account and authenticate the application's activities using these credentials.

C : Generate a fresh Service account and assign Service Account User role to all the users of the application.

D : To grant access to all application users, a new Service account should be created and a Google Group should be created and all application users should be added to this group. Then, grant the Service Account User role to this group.

Answer: A

Page: 1 / 57

Total 284 Questions | Updated On: Jan 08, 2025

Add To Cart