Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 121–130 of 483

Q121

What is the primary purpose of Google Cloud IAM roles?

  • A Define user access permissions
  • B Store user credentials
  • C Encrypt data at rest
  • D Create virtual networks
Explanation IAM roles define what actions users can perform, while other options are unrelated to access control.
Q122

A company needs to restrict access to a GKE cluster based on user attributes. Which feature should they employ?

  • A VPC Service Controls
  • B Policy-based access controls
  • C Node auto-scaling
  • D Firewall rules
Explanation Policy-based access controls can limit access based on attributes, while others do not serve this purpose.
Q123

What happens when a Google Cloud Storage bucket's versioning is enabled and an object is overwritten?

  • A The previous version is deleted
  • B Only the new version is accessible
  • C Both versions are retained
  • D An error occurs during upload
Explanation Enabling versioning retains previous versions, unlike the other options which are incorrect.
Q124

Which Google Cloud service handles security key management?

  • A Google Cloud Key Management Service
  • B Google Cloud Pub/Sub
  • C Google Cloud Firestore
  • D Google Cloud Functions
Explanation Google Cloud Key Management Service manages encryption keys, while others serve different purposes.
Q125

A company needs to ensure that sensitive data in Cloud Storage is encrypted before being uploaded. What should they do?

  • A Use Customer-Supplied Encryption Keys
  • B Enable Object Lifecycle Management
  • C Deploy Cloud Armor
  • D Set Bucket Access Control
Explanation Customer-Supplied Encryption Keys allow control over encryption before data is uploaded; the others do not handle encryption.
Q126

You are configuring IAM roles for a project. What happens if a user is assigned multiple roles with conflicting permissions?

  • A User gets no permissions granted
  • B User gets combined permissions granted
  • C Only the highest role permissions apply
  • D User's permissions default to deny
Explanation Google Cloud IAM combines permissions across roles for users, allowing access based on their total permissions set.
Q127

Which service helps protect applications from DDoS attacks in Google Cloud?

  • A Cloud Armor
  • B Cloud Load Balancing
  • C Cloud Router
  • D App Engine
Explanation Cloud Armor is specifically designed for DDoS protection, while the other options serve different purposes.
Q128

A company needs to manage user access for its applications. What Google Cloud service should they use?

  • A Cloud Identity
  • B Cloud SQL
  • C BigQuery
  • D Cloud Functions
Explanation Cloud Identity is intended for user access management, whereas the others are services for data processing and storage.
Q129

You are configuring IAM roles in GCP. What happens if you grant a user both 'Viewer' and 'Editor' roles on the same resource?

  • A User capabilities are merged
  • B User permissions are blocked
  • C User gets no permissions
  • D User can only view resources
Explanation In IAM, permissions are additive when roles are combined, so users will have merged capabilities.
Q130

A company wants to use Cloud Identity to manage user identities. Which functionality does Cloud Identity offer?

  • A User lifecycle management
  • B Load balancing traffic
  • C Data encryption at rest
  • D Serverless computing options
Explanation Cloud Identity provides user lifecycle management; the other options are unrelated services.