Free Google Professional-Cloud-Security-Engineer Exam Questions

Question 1

Your organization is building a real-time recommendation engine using ML models that process live user activity data stored in BigQuery and Cloud Storage. Each new model developed is saved to Artifact Registry. This new system deploys models to Google Kubernetes Engine and uses Pub/Sub for message queues. Recent industry news has been reporting attacks exploiting ML model supply chains. You need to enhance the security in this serverless architecture, specifically against risks to the development and deployment pipeline. What should you do?

A : Limit external libraries and dependencies that are used for the ML models as much as possible. Continuously rotate encryption keys that are used to access the user data from BigQuery and Cloud Storage.

B : Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CI/CD) pipeline.

C : Thoroughly sanitize all training data prior to model development to reduce risk of poisoning attacks. Use IAM for authorization, and apply role-based restrictions to code repositories and cloud services.

D : Develop strict firewall rules to limit external traffic to Cloud Run instances. Integrate intrusion detection systems (IDS) for real-time anomaly detection on Pub/Sub message flows.

Answer: B

Question 2

Your organization must comply with the regulation to keep instance logging data within Europe. Yourworkloads will be hosted in the Netherlands in region europe-west4 in a new project. You must configureCloud Logging to keep your data in the country.What should you do?

A : Configure the organization policy constraint gcp.resourceLocations to europe-west4.

B : Set the logging storage region to eurcpe-west4 by using the gcloud CLI logging settings update.

C : Create a new tog bucket in europe-west4. and redirect the _Def auit bucKet to the new bucket.

D : Configure log sink to export all logs into a Cloud Storage bucket in europe-west4.

Answer: D

Question 3

Your organization is building a real-time recommendation engine using ML models that process live user activity data stored in BigQuery and Cloud Storage. Each new model developed is saved to Artifact Registry. This new system deploys models to Google Kubernetes Engine and uses Pub/Sub for message queues. Recent industry news has been reporting attacks exploiting ML model supply chains. You need to enhance the security in this serverless architecture, specifically against risks to the development and deployment pipeline. What should you do?

A : Limit external libraries and dependencies that are used for the ML models as much as possible. Continuously rotate encryption keys that are used to access the user data from BigQuery and Cloud Storage.

B : Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CI/CD) pipeline.

C : Thoroughly sanitize all training data prior to model development to reduce risk of poisoning attacks. Use IAM for authorization, and apply role-based restrictions to code repositories and cloud services.

D : Develop strict firewall rules to limit external traffic to Cloud Run instances. Integrate intrusion detection systems (IDS) for real-time anomaly detection on Pub/Sub message flows.

Answer: B

Question 4

Your organization relies heavily on virtual machines (VMs) in Compute Engine. Due to team growth andresource demands. VM sprawl is becoming problematic. Maintaining consistent security hardening and timelypackage updates poses an increasing challenge. You need to centralize VM image management and automatethe enforcement of security baselines throughout the virtual machine lifecycle. What should you do?

A : Activate Security Command Center Enterprise. Use VM discovery and posture management features tomonitor hardening state and trigger automatic responses upon detection of issues.B. Create a CloudBuild trigger to build a pipeline that generates hardened VM images. Run vulnerability scans in thepipeline, and store images with passing scans in a registry. Use instance templates pointing to thisregistry.

B : Configure the sole-tenancy feature in Compute Engine for all projects. Set up custom organization policies in Policy Controller to restrict the operating systems and image sources that teams are allowed to use.

C : Use VM Manager to automatically distribute and apply patches to VMs across your projects. IntegrateVM Manager with hardened. organization-standard VM images stored in a central repository.

Answer: B

Question 5

Your organization uses Google Workspace as the primary identity provider for Google Cloud Users in yourorganization initially created their passwords. You need to improve password security due to a recent securityevent. What should you do?

A : Audit user activity for suspicious logins by using the audit and investigation tool.

B : Conduct a security awareness training session, and set the password expiration settings to require more frequent updates.

C : Check the Enforce strong password box, and set the password expiration to occur more frequently.

D : Check the Enforce strong password box, and check Enforce password policy at the next sign-in.

Answer: D