Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 101–110 of 483

Q101

A company needs to securely share data stored in Google Cloud Storage. Which is the best option?

  • A Public access settings
  • B Signed URLs
  • C Bucket versioning
  • D Cloud Functions
Explanation Signed URLs enable controlled temporary access; public settings expose data widely.
Q102

You are configuring IAM roles for a cloud project. What happens if you assign 'roles/editor' to a user?

  • A Read-only access to resources
  • B Manage resources and permissions
  • C No access to resources
  • D View usage logs only
Explanation 'Roles/editor' provides broad management capabilities, while other options do not reflect this role's true permissions.
Q103

Which service allows you to manage IAM policies for your resources?

  • A Google Cloud Identity
  • B Cloud Data Loss Prevention
  • C Cloud Monitoring
  • D Cloud Resource Manager
Explanation Cloud Resource Manager is designed to manage IAM policies; others focus on different functions.
Q104

A company needs to secure its containerized applications on GKE. What should be prioritized?

  • A Network policy enforcement
  • B Reducing node count
  • C Using preemptible VMs
  • D Increasing logging duration
Explanation Network policies enforce access rules; others do not directly enhance security.
Q105

What happens when you enable VPC Service Controls for your Google Cloud project?

  • A Access to APIs is blocked
  • B Data exfiltration protections are added
  • C Service accounts are disabled
  • D IAM roles are modified automatically
Explanation VPC Service Controls enhance data security by preventing exfiltration; others do not.
Q106

Which Google Cloud service offers scalable object storage?

  • A Cloud Storage
  • B Cloud SQL
  • C Compute Engine
  • D BigQuery
Explanation Cloud Storage is designed for scalable object storage; others serve different purposes.
Q107

A company needs to securely manage API keys for its applications on Google Cloud. What should they use?

  • A Cloud Key Management Service
  • B Secret Manager
  • C Identity and Access Management
  • D Cloud Pub/Sub
Explanation Secret Manager is best suited for managing sensitive information like API keys; other services focus on different functionalities.
Q108

You are configuring IAM roles for a new project. What happens if you mistakenly assign overly permissive roles?

  • A Users may lose access immediately
  • B It does not affect access rights
  • C Users gain unnecessary permissions
  • D IAM roles will revert to defaults
Explanation Overly permissive roles grant users unnecessary access which can pose security risks; other options are misleading about the effects of role assignments.
Q109

Which service helps manage IAM policies centrally?

  • A Cloud Identity
  • B Cloud Functions
  • C Cloud Run
  • D Cloud SQL
Explanation Cloud Identity centralizes identity management, while others do not.
Q110

A company needs to audit GCP resource usage effectively. What should they implement?

  • A Cloud Monitoring
  • B Cloud Logging
  • C Cloud Functions
  • D Cloud Firestore
Explanation Cloud Logging captures and allows auditing of all resource usage on GCP.