Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 111–120 of 483

Q111

You are configuring VPC Service Controls. What happens if a project is outside the service perimeter?

  • A Full access allowed
  • B Access is read-only
  • C Access to all resources denied
  • D No effect on resources
Explanation Projects outside the perimeter cannot access protected resources, enhancing security.
Q112

Which service helps manage encryption keys in Google Cloud?

  • A Cloud Key Management Service
  • B Cloud Pub/Sub
  • C Cloud Data Loss Prevention
  • D Cloud Identity Aware Proxy
Explanation Cloud Key Management Service securely rotates and manages keys; others don't focus on keys.
Q113

A company needs to ensure compliance with GDPR using Google Cloud. What should they implement?

  • A Cloud Functions
  • B IAM Roles
  • C Cloud Security Command Center
  • D Data Loss Prevention API
Explanation Data Loss Prevention API helps anonymize sensitive data for GDPR; others do not specifically address GDPR.
Q114

What happens when a Google Cloud VM's firewall allows all traffic?

  • A Increased server performance
  • B Enhanced security posture
  • C Vulnerability to attacks
  • D Guaranteed data privacy
Explanation Allowing all traffic exposes the VM to potential attacks; the others suggest security or privacy improvements that are incorrect.
Q115

Which service offers encryption at rest by default?

  • A Google Cloud Storage
  • B Google App Engine
  • C Google Compute Engine
  • D Google Cloud Functions
Explanation Google Cloud Storage provides encryption at rest by default, while other services may require additional configurations.
Q116

A company needs to ensure that only specific team members can access its Google Cloud resources. What should they configure?

  • A API keys
  • B Firewall rules
  • C IAM roles and permissions
  • D VPC peering
Explanation IAM roles and permissions control access to resources effectively, unlike API keys or firewall rules.
Q117

What happens when you apply a DDoS protection policy to a Google Cloud Load Balancer?

  • A Blocks all incoming traffic
  • B Limits traffic from specific regions
  • C Monitors and mitigates attack traffic
  • D Reduces load balancer performance
Explanation DDoS protection policies help monitor and mitigate attack traffic to enhance security, not block all or reduce performance.
Q118

Which service provides DDoS protection for Google Cloud applications?

  • A Cloud Armor
  • B Cloud CDN
  • C Firewall Rules
  • D Load Balancing
Explanation Cloud Armor offers DDoS protection, whereas the others do not specifically address this issue.
Q119

A company needs to ensure its Google Cloud resources follow security compliance policies. What should they implement?

  • A IAM roles only
  • B Organization policies
  • C Cloud Storage permissions
  • D VPC networks
Explanation Organization policies enforce security compliance standards across resources, while IAM roles manage access permissions.
Q120

You are configuring a service account in Google Cloud. What happens when you revoke its access?

  • A Deleted permanently
  • B Cannot be used again
  • C Access is immediately revoked
  • D Adds to audit logs only
Explanation Revoking access immediately prevents the service account from authenticating or accessing resources, others do not reflect the true functionality.