Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 161–170 of 483

Q161

A company needs to secure sensitive data stored in Google Cloud Storage. What is the best practice?

  • A Use signed URLs
  • B Public access settings
  • C Standard storage class
  • D Disable versioning
Explanation Using signed URLs ensures controlled access to sensitive data, while others undermine security.
Q162

You are configuring IAM policies. What happens if you grant a user 'roles/viewer' and a service account 'roles/editor'?

  • A User can edit resources
  • B Service account takes precedence
  • C Both roles are ignored
  • D User can only view resources
Explanation The service account's 'roles/editor' allows it to edit, overriding the user's viewer role.
Q163

Which Google Cloud service helps manage encryption keys?

  • A Cloud Key Management Service
  • B Cloud Storage
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Key Management Service manages encryption keys, while the others serve different functions.
Q164

A company needs to restrict access to a GCP project to only specific users. What is the best approach?

  • A Use IAM policies
  • B Enable VPC firewall rules
  • C Implement Cloud Armor
  • D Use Cloud Identity-Aware Proxy
Explanation IAM policies are designed for managing access, whereas the others control network traffic or provide web security.
Q165

What happens when a user accidentally disables Cloud Audit Logging?

  • A All logs stored previously are deleted
  • B No logs are captured afterward
  • C Archives previous logs indefinitely
  • D Logging is automatically re-enabled
Explanation Disabling Cloud Audit Logging prevents future logs from being captured; it doesn't affect existing logs.
Q166

Which service provides automated security assessments for GCP resources?

  • A Google Cloud Security Health Analytics
  • B Google Cloud Storage
  • C Google Cloud Monitoring
  • D Google Cloud Functions
Explanation Google Cloud Security Health Analytics automates security assessments, while others focus on storage, monitoring, or cloud functions.
Q167

A company needs to enforce strict identity management policies. Which of the following should they implement?

  • A IAM Roles and Permissions
  • B Cloud Pub/Sub
  • C Compute Engine instances
  • D Cloud Storage Buckets
Explanation IAM Roles and Permissions control access rights, while others do not directly enforce identity management policies.
Q168

You are configuring a GKE cluster and need to ensure that all workloads are running with minimal privileges. What should you do?

  • A Use Pod Security Standards
  • B Set node auto-upgrade
  • C Increase cluster node size
  • D Enable Kubernetes dashboard
Explanation Pod Security Standards enforce security context for workloads, while the other options do not limit privileges.
Q169

Which Google Cloud service provides centralized logging and monitoring?

  • A Cloud Logging
  • B Cloud Functions
  • C Cloud Pub/Sub
  • D Cloud Spanner
Explanation Cloud Logging allows centralized access to logs, while others serve different purposes.
Q170

A company needs to manage user access to Google Cloud resources. What should they use?

  • A Service Accounts
  • B Cloud IAM
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud IAM explicitly manages access to Google Cloud resources, whereas others do not focus on user permissions.