Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 191–200 of 483

Q191

A company needs to secure sensitive data in BigQuery; what should they use?

  • A Cloud Functions
  • B Encryption at Rest
  • C Cloud Spanner
  • D Cloud CDN
Explanation Encryption at Rest ensures data is stored securely, which is essential for sensitive data.
Q192

What happens when you misconfigure IAM permissions on a GCP project?

  • A All users lose access
  • B Project becomes unrecoverable
  • C Certain users get elevated access
  • D No change in access levels
Explanation Misconfiguration can inadvertently grant elevated access to users.
Q193

What happens when you enable VPC Flow Logs?

  • A Logs network traffic data
  • B Increases data latency
  • C Disables external access
  • D Removes firewall rules
Explanation Enabling VPC Flow Logs captures and logs network traffic data; the other options are incorrect as they do not accurately describe the function of Flow Logs.
Q194

A company needs to encrypt their data at rest in Google Cloud Storage. Which service should they use?

  • A Google Cloud KMS
  • B Google Pub/Sub
  • C Google Cloud Functions
  • D Google Dataflow
Explanation Google Cloud KMS (Key Management Service) is designed for managing encryption keys for data at rest, unlike the other services listed.
Q195

You are configuring IAM policies for a Google Cloud project. What happens if you grant a user both 'Viewer' and 'Editor' roles?

  • A User has 'Editor' permissions
  • B User loses 'Viewer' permissions
  • C User is denied access
  • D Policies conflict and break functionality
Explanation In IAM, the most permissive role is applied, so the user has 'Editor' permissions despite having 'Viewer' as well; the other options are incorrect due to IAM's policy hierarchy.
Q196

Which service can provide DDoS protection for applications?

  • A Cloud Armor
  • B Cloud Data Loss Prevention
  • C Cloud Interconnect
  • D Cloud Pub/Sub
Explanation Cloud Armor is specifically designed for DDoS protection, while the others serve different purposes.
Q197

A company needs to encrypt sensitive data at REST in Google Cloud. Which service should they use?

  • A Cloud Spanner
  • B Cloud Storage
  • C Data Loss Prevention API
  • D BigQuery
Explanation Cloud Storage supports server-side encryption for data at rest; other options either apply to different use cases or don't handle encryption directly.
Q198

What happens when you enable Audit Logging in a Google Cloud project?

  • A Logs all user activity immediately
  • B Stops logging sensitive data
  • C Logs only IAM changes
  • D Monitors only network traffic
Explanation Audit Logging captures all user activity, while the others limit logging scope or are unrelated tasks.
Q199

Which service provides managed encryption keys?

  • A Cloud Key Management Service
  • B Cloud Storage
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Key Management Service manages encryption keys, while the others provide different services.
Q200

A company needs to ensure VM instances have minimal access to the internet. What should they configure?

  • A Private Google Access
  • B Public IPs
  • C Firewall Rules
  • D Cloud NAT
Explanation Private Google Access allows secure access without public IPs, while the others do not restrict internet access effectively.