Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 1–10 of 483

Q1

Which service is used for managing encryption keys in Google Cloud?

  • A Cloud Key Management Service
  • B Cloud Storage
  • C Data Loss Prevention
  • D Cloud SQL
Explanation Cloud Key Management Service securely manages encryption keys, while other options serve different purposes.
Q2

A company needs to restrict access to its Cloud Storage buckets. Which IAM role should be granted for this purpose?

  • A Storage Object Viewer
  • B Storage Admin
  • C Viewer
  • D Storage Object Creator
Explanation Storage Admin role provides complete control over bucket access, unlike the other roles listed.
Q3

What happens when a VM instance's service account is mistakenly deleted?

  • A VM stops functioning immediately
  • B VM continues with default service account
  • C VM remains functional for 30 days
  • D VM has no internet access
Explanation The VM automatically falls back to a default service account, maintaining functionality.
Q4

Which Google Cloud service provides unified security management?

  • A Cloud Security Command Center
  • B Cloud Armor
  • C Stackdriver Monitoring
  • D Identity-Aware Proxy
Explanation Cloud Security Command Center provides centralized security management, while others serve different purposes.
Q5

A company needs to prevent data loss in Google Cloud Storage. What should they implement?

  • A Bucket Versioning
  • B IAM Policies
  • C Data Loss Prevention API
  • D Cloud Functions
Explanation Bucket Versioning preserves deleted object data, unlike IAM Policies and others.
Q6

You are configuring Firewall Rules in Google Cloud. What happens when a rule allows all egress traffic?

  • A Blocks all incoming connections
  • B Allows any outbound traffic
  • C Overrides all ingress rules
  • D Restricts network traffic
Explanation Allowing all egress traffic permits outbound communication, while other options misinterpret the function.
Q7

Which service provides security for APIs in GCP?

  • A Cloud Endpoints
  • B Cloud Functions
  • C Secret Manager
  • D App Engine
Explanation Cloud Endpoints secures APIs, while others do not focus on API security.
Q8

A company needs to store sensitive information securely in GCP. Which storage option is ideal for data encryption at rest and in transit?

  • A Cloud Bigtable
  • B Cloud SQL
  • C Cloud Storage
  • D Firestore
Explanation Cloud Storage provides robust encryption capabilities compared to others listed.
Q9

What happens when you misconfigure IAM permissions granting broader access than needed?

  • A Enhanced security for resources
  • B Potential data breaches increase
  • C Increased service performance
  • D No impact on system access
Explanation Misconfigured IAM permissions can lead to potential data breaches, whereas the other options are incorrect effects.
Q10

A company needs to enforce a strong password policy for all their GCP users. Which service should they use?

  • A Identity and Access Management (IAM)
  • B Cloud Identity
  • C Cloud Resource Manager
  • D VPC Service Controls
Explanation Cloud Identity supports custom password policies, while IAM focuses on user permissions.