Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 91–100 of 483

Q91

What service can you use for real-time analysis of logs?

  • A Cloud Pub/Sub
  • B Cloud Functions
  • C Cloud Logging
  • D Google Cloud Storage
Explanation Cloud Logging captures log data for analysis, while the others serve different purposes.
Q92

You are configuring IAM roles for a new service account. What should you do last?

  • A Define service account name
  • B Grant permissions
  • C Create the service account
  • D Assign to a project
Explanation You should assign the service account to a project after it's created and configured.
Q93

What happens when a VM is stopped in Google Cloud?

  • A Data is deleted
  • B Static IPs are released
  • C Resources are billed hourly
  • D Persistent disks remain attached
Explanation Stopping a VM keeps its persistent disks intact, while other options are incorrect.
Q94

Which service provides identity and access management in Google Cloud?

  • A Google Cloud Identity
  • B Google Cloud Functions
  • C Google Cloud Pub/Sub
  • D Google Kubernetes Engine
Explanation Google Cloud Identity manages user identities and access, while the others serve different functions.
Q95

A company needs to enforce organization-wide security policies in Google Cloud Storage. What should they do?

  • A Use IAM roles only
  • B Implement bucket policies
  • C Set up VPC Service Controls
  • D Enable Object Lifecycle Management
Explanation VPC Service Controls help protect storage data by enforcing security policies, unlike other options which don't enforce wide policies directly.
Q96

You are configuring a firewall rule that allows egress traffic on port 80. What happens when you apply this rule?

  • A Blocks all inbound traffic
  • B Allows outbound HTTP requests
  • C Allows all traffic entirely
  • D Applies only to specific services
Explanation The rule specifically allows outbound traffic for HTTP requests on port 80, unlike the other options which do not reflect its purpose accurately.
Q97

Which Google Cloud service helps manage SSL/TLS certificates?

  • A Cloud Identity
  • B Cloud Run
  • C Certificate Manager
  • D Cloud Armor
Explanation Certificate Manager centralizes SSL/TLS management, unlike others.
Q98

A company needs to automate IAM role assignments on newly created Compute Engine instances. What should they use?

  • A Google Workspace
  • B Service Account
  • C Instance Templates
  • D Identity-Aware Proxy
Explanation Instance Templates can include predefined IAM roles for instances.
Q99

You are configuring a VPC with a private subnet and no external IPs. What is the consequence?

  • A Direct Internet access permitted
  • B Internal traffic only allowed
  • C Outside access via VPN possible
  • D Public IP assignment automatic
Explanation No external IPs restrict traffic to internal only, unlike other options.
Q100

Which Google Cloud service helps automate compliance checks?

  • A Assured Workloads
  • B Cloud Run
  • C Cloud Pub/Sub
  • D Cloud Spanner
Explanation Assured Workloads provides automation for compliance frameworks; other options do not focus on compliance.