Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 181–190 of 483

Q181

Which Google Cloud service provides detailed logging of access and usage for tracking potential security issues?

  • A Cloud Audit Logs
  • B Cloud Storage Logs
  • C Cloud Asset Inventory
  • D Cloud Monitoring
Explanation Cloud Audit Logs capture detailed access logs; the other options serve different logging functions.
Q182

A company needs to ensure their Google Cloud resources are secured against DDoS attacks. Which service should they implement?

  • A Cloud CDN
  • B Cloud Armor
  • C Cloud Load Balancing
  • D Cloud Security Command Center
Explanation Cloud Armor provides DDoS protection; the others do not specialize in this aspect.
Q183

You are configuring identity access for a project and wish to minimize excessive permissions. What is the best practice?

  • A Assign roles at the organization level
  • B Use the principle of least privilege
  • C Allow all permissions by default
  • D Assign roles to individual users only
Explanation The principle of least privilege minimizes risk; the other options could lead to over-privileged access.
Q184

Which Google Cloud service manages secrets and API keys?

  • A Secret Manager
  • B Cloud Storage
  • C Cloud Functions
  • D Identity-Aware Proxy
Explanation Secret Manager securely stores secrets; Cloud Storage is for file storage, while others do not handle secrets.
Q185

A company needs to ensure access to resources is logged and evaluated. Which service should they use?

  • A Orchestration
  • B Logging and Monitoring
  • C IAM Policies
  • D Cloud Security Command Center
Explanation Cloud Security Command Center helps in access logging and evaluation; others focus on different aspects.
Q186

You are configuring a VPC with private subnets. What happens to internet access for instances in private subnets?

  • A Full direct access
  • B No access unless configured
  • C Access but with limitations
  • D Only outbound access
Explanation Instances in private subnets have no internet access unless a NAT is configured; others provide misinformation about subnet access.
Q187

Which service provides real-time data access control in Google Cloud?

  • A Cloud Identity and Access Management
  • B Cloud Datastore
  • C Cloud Functions
  • D Cloud Run
Explanation Cloud Identity and Access Management manages access control, while the others focus on data processing or execution.
Q188

A company needs to secure their APIs against malicious requests. What is the best way to achieve this in Google Cloud?

  • A Use API Gateway with WAF
  • B Enable Bucket Policies
  • C Implement Cloud Pub/Sub
  • D Use Cloud Storage signed URLs
Explanation API Gateway with WAF provides robustAPI security against threats unlike the other options.
Q189

You are configuring a Google Cloud Storage bucket for sensitive data. What should you disable to enhance security?

  • A Uniform bucket-level access
  • B Public access prevention
  • C Versioning
  • D Object Lifecycle Management
Explanation Public access prevention is crucial for securing sensitive data; the others are either unrelated or beneficial.
Q190

Which service is best for managing VPC security policies?

  • A Cloud IAM
  • B Cloud Security Command Center
  • C Cloud Armor
  • D VPC Firewall Rules
Explanation VPC Firewall Rules manage access to resources, while others serve different purposes.