Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 211–220 of 483

Q211

Which service provides Identity and Access Management in Google Cloud?

  • A Cloud Identity
  • B Cloud Data Loss Prevention
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Cloud Identity is specifically for managing identities; the others do not provide IAM functions.
Q212

A company needs to secure their Google Cloud storage. What is the best way to implement encryption at rest?

  • A Enable Cloud Storage Bucket Encryption
  • B Use IAM roles for access control
  • C Store data in multiple regions
  • D Utilize VPC Service Controls
Explanation Enabling bucket encryption ensures data confidentiality at rest; the other options focus on access control or data distribution.
Q213

What happens when a user fails to meet the condition in a Google Cloud IAM policy?

  • A User gets access denied
  • B User receives a warning
  • C User is granted temporary access
  • D Policy is ignored
Explanation If a user does not meet IAM policy conditions, access is denied, while the others do not occur.
Q214

Which service provides the ability to manage encryption keys in Google Cloud?

  • A Cloud Key Management Service
  • B Cloud Storage
  • C Cloud Identity
  • D Cloud Functions
Explanation Cloud Key Management Service allows secure key management, while the other options don't focus on key management.
Q215

A company needs to monitor traffic between its Google Cloud resources. Which service should they implement?

  • A Cloud Firewall
  • B VPC Flow Logs
  • C Cloud Load Balancing
  • D Cloud Armor
Explanation VPC Flow Logs record network traffic, while the firmware and security options do not focus on monitoring traffic specifically.
Q216

You are configuring IAM policies for your Google Cloud project. What happens when a user is part of two conflicting roles?

  • A Access is denied
  • B Most permissive permissions apply
  • C Access is granted only to one
  • D Conflicting roles override each other
Explanation The most permissive permissions apply, ensuring users can access resources when multiple roles are assigned.
Q217

Which service can provide real-time threat detection?

  • A Cloud Security Scanner
  • B Cloud Pub/Sub
  • C Cloud Logging
  • D Cloud Functions
Explanation Cloud Security Scanner identifies vulnerabilities in applications, while the others do not focus on threat detection.
Q218

A company needs to share data securely across multiple projects. What should they use?

  • A Service Accounts
  • B IAM Roles
  • C Cloud Storage Shared Access
  • D VPC Peering
Explanation IAM Roles allow secure data sharing across projects, while the other options do not offer this capability effectively.
Q219

What happens when you enable audit logs for a Google Cloud project?

  • A Reduces overall project performance
  • B Tracks API calls and resource accesses
  • C Automatically secures all data
  • D Removes user access restrictions
Explanation Enabling audit logs specifically tracks API interactions, whereas the others are inaccurate effects of logging.
Q220

Which Google Cloud service provides DDoS protection?

  • A Cloud Armour
  • B Cloud CDN
  • C Cloud Functions
  • D Cloud Logging
Explanation Cloud Armour specifically offers DDoS protection, while others serve different purposes.