Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 131–140 of 483

Q131

You are configuring a Google Cloud Armor policy. What will happen when you set a security rule to enforce IP address blacklisting?

  • A All traffic is blocked
  • B Only whitelisted IPs are allowed
  • C Blacklisted IPs are denied access
  • D Traffic is redirected to another service
Explanation Blacklisting an IP denies access to those addresses; the other options describe incorrect behaviors.
Q132

Which Google Cloud service provides audit logs to track accesses and changes to resources?

  • A Cloud Functions
  • B Cloud Logging
  • C Cloud Pub/Sub
  • D Cloud SQL
Explanation Cloud Logging provides audit logs; the other services do not offer logging for access changes.
Q133

Which service provides encryption at rest for GCP resources?

  • A Cloud Key Management Service
  • B Cloud Functions
  • C Cloud Load Balancer
  • D Cloud Pub/Sub
Explanation Cloud Key Management Service manages cryptographic keys for resource encryption, while the others do not focus on encryption.
Q134

A company needs to ensure that VM instances are automatically secured and patched. Which solution should they implement?

  • A Cloud Security Scanner
  • B OS Config
  • C Identity-Aware Proxy
  • D Cloud Armor
Explanation OS Config automates VM patch management and configuration, while the others address different security aspects.
Q135

What happens when an unauthorized user attempts to access a GCP resource with an insufficient IAM role?

  • A Access is granted under an override policy
  • B Access is denied with an error
  • C Access is logged for auditing
  • D Resource remains accessible for limited time
Explanation GCP denies access if IAM roles are insufficient; the other options imply false scenarios.
Q136

Which service provides IAM roles for VM instances?

  • A Google Cloud IAM
  • B Google Kubernetes Engine
  • C Google Pub/Sub
  • D Google Cloud Functions
Explanation Google Cloud IAM allows assigning roles to VM instances, enabling permissions control.
Q137

A company needs to monitor their GCP services for security incidents. Which service should they use?

  • A Google Cloud Monitoring
  • B Google Cloud Pub/Sub
  • C Google Cloud Armor
  • D Google Cloud Storage
Explanation Google Cloud Monitoring is specifically designed for tracking security incidents across GCP services.
Q138

You are configuring VPC Service Controls. What happens when a restricted service is accessed without proper access?

  • A Access is granted with a warning
  • B Access is denied due to violations
  • C Service continues to work normally
  • D Access is logged but allowed
Explanation Access is explicitly denied for restricted services if VPC Service Controls policies are violated.
Q139

You are configuring a Google Cloud IAM policy. What is the default permission for a newly created user?

  • A No permissions assigned
  • B Owner permissions
  • C Editor permissions
  • D Viewer permissions
Explanation Newly created users start with no permissions, ensuring security containment.
Q140

A company needs to store sensitive user data securely while ensuring compliance with regulations. Which Google Cloud service is best suited for this?

  • A Cloud Bigtable
  • B Cloud Storage with Bucket Policy
  • C Secret Manager
  • D Firestore
Explanation Secret Manager provides secure storage and access to sensitive data.