Free Google Professional-Cloud-Security-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Security-Engineer exam questions and correct answers

Page: 1 / 70

Total 347 Questions | Updated On: Apr 22, 2026

Add To Cart

Question 1

You have just created a new log bucket to replace the _Default log bucket. You want to route all log entries that are currently routed to the _Default log bucket to this new log bucket in the most efficient manner. What should you do?

A : Create a user-defined sink with inclusion filters copied from the _Default sink. Select the new log bucket as the sink destination.

B : Create exclusion filters for the _Default sink to prevent it from receiving new logs. Create a userdefined sink, and select the new log bucket as the sink destination.

C : Disable the _Default sink. Create a user-defined sink and select the new log bucket as the sink destination.

D : Edit the _Default sink, and select the new log bucket as the sink destination.

Answer: D

Question 2

Your organization uses Google Workspace as the primary identity provider for Google Cloud Users in yourorganization initially created their passwords. You need to improve password security due to a recent securityevent. What should you do?

A : Audit user activity for suspicious logins by using the audit and investigation tool.

B : Conduct a security awareness training session, and set the password expiration settings to require more frequent updates.

C : Check the Enforce strong password box, and set the password expiration to occur more frequently.

D : Check the Enforce strong password box, and check Enforce password policy at the next sign-in.

Answer: D

Question 3

Your organization must comply with the regulation to keep instance logging data within Europe. Yourworkloads will be hosted in the Netherlands in region europe-west4 in a new project. You must configureCloud Logging to keep your data in the country.What should you do?

A : Configure the organization policy constraint gcp.resourceLocations to europe-west4.

B : Set the logging storage region to eurcpe-west4 by using the gcloud CLI logging settings update.

C : Create a new tog bucket in europe-west4. and redirect the _Def auit bucKet to the new bucket.

D : Configure log sink to export all logs into a Cloud Storage bucket in europe-west4.

Answer: D

Question 4

You define central security controls in your Google Cloud environment for one of the folders in your organization you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later you receive an alert about a new VM with an external IP address under that folder. What could have caused this alert?

A : VM was created with a static external IP address that was reserved in the project before the organizational policy rule was set.

B : organizational policy constraint wasn't properly enforced and is running in "dry run mode.

C : project level, the organizational policy control has been overwritten with an 'allow' value.

D : policy constraint on the folder level does not have any effect because of an allow" value for that constraint on the organizational level

Answer: A

Question 5

You run applications on Cloud Run. You already enabled container analysis for vulnerability scanning.

However, you are concerned about the lack of control on the applications that are deployed. You must ensure

that only trusted container images are deployed on Cloud Run.

What should you do?

Choose 2 answers

A : able Binary Authorization on the existing Kubernetes cluster.

B : t the organization policy constraint constraints/run. allowedBinaryAuthorizationPolicie to the list of allowed Binary Authorization policy names.

C : t the organization policy constraint constraints/compute.trustedimageProjects to the list of protects that contain the trusted container images

D : able Binary Authorization on the existing Cloud Run service

E : Cloud Run breakglass to deploy an image that meets the Binary Authorization policy by default.

Answer: B,D

Page: 1 / 70

Total 347 Questions | Updated On: Apr 22, 2026

Add To Cart