Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 11–20 of 483

Q11

What happens when you enable VPC Flow Logs on a subnet?

  • A Increased network latency
  • B Logs all inbound traffic
  • C Debits extra charges per flow
  • D Logs all egress and ingress traffic
Explanation VPC Flow Logs capture metadata for ingress and egress traffic, not just inbound or traffic-related charges.
Q12

You are configuring a service account with least privilege access. Which role grants minimal access to Google Cloud resources?

  • A Viewer
  • B Editor
  • C Owner
  • D Custom Role
Explanation Creating a Custom Role allows specifying only necessary permissions, whereas predefined roles may provide excess permissions.
Q13

Which Google Cloud service provides serverless execution for event-driven tasks?

  • A Cloud Functions
  • B Compute Engine
  • C App Engine
  • D Cloud Run
Explanation Cloud Functions is designed for serverless execution, while the others are not serverless alternatives.
Q14

A company needs to ensure compliance with GDPR for their data in Google Cloud. What should they configure?

  • A Data Loss Prevention API
  • B Cloud Identity
  • C Stackdriver Monitoring
  • D BigQuery ML
Explanation Data Loss Prevention API helps identify and protect sensitive data, which is crucial for GDPR compliance.
Q15

You are configuring IAM policies for a project. What happens if a user has roles at both the project and folder level?

  • A Folder roles override project roles
  • B Project roles override folder roles
  • C Both roles combine for permissions
  • D User has no permissions at all
Explanation In IAM, permissions from both levels aggregate, enhancing access.
Q16

Which service offers logging and monitoring for Google Cloud resources?

  • A Cloud Logging
  • B Cloud SQL
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Logging provides centralized logging capabilities, while the other options do not primarily focus on logging.
Q17

A company needs to ensure their virtual machines are protected from unauthorized access. What is the best security posture?

  • A Use default firewall rules
  • B Implement Identity-Aware Proxy
  • C Disable authentication
  • D Use strong Identity and IAM roles
Explanation Strong IAM and roles provide granular access control; the other options introduce vulnerabilities.
Q18

You are configuring a bucket with specific access controls. What will happen if you set a bucket policy to allow public access?

  • A Only the owner can view files
  • B All users can view files
  • C Files will be deleted immediately
  • D Only authenticated users can access
Explanation Setting public access allows anyone to view files, contradicting the other options' restrictions.
Q19

Which Google Cloud service offers DDoS protection?

  • A Cloud Armor
  • B Cloud Function
  • C Cloud CDN
  • D Cloud Run
Explanation Cloud Armor provides DDoS attack mitigation, while others do not focus on this security aspect.
Q20

A company needs to implement customer identity verification for its application. What Google Cloud service should they use?

  • A Cloud Identity
  • B Cloud Functions
  • C Cloud SQL
  • D Cloud Storage
Explanation Cloud Identity is designed for managing identities and verification, while the others do not offer this specific functionality.