Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 221–230 of 483

Q221

A company needs to securely store and share sensitive data. Which service should they use?

  • A Cloud Firestore
  • B Cloud Storage with Customer Encryption
  • C BigQuery
  • D Dataproc
Explanation Cloud Storage with Customer Encryption ensures secure data storage and sharing, unlike the other options that do not focus on sensitive data security.
Q222

What happens when a role is deleted from IAM?

  • A Users lose all permissions immediately
  • B Permissions remain until session ends
  • C Role's permissions are transferred
  • D Affected users must reapply for roles
Explanation Permissions tied to a deleted role are maintained until active sessions are closed.
Q223

Which service provides the ability to manage encryption keys?

  • A Cloud Key Management Service
  • B Cloud Functions
  • C Cloud Run
  • D BigQuery
Explanation Cloud Key Management Service manages encryption keys, while the others serve different purposes.
Q224

A company needs to monitor its applications for security threats in real-time. Which Google Cloud service should they use?

  • A Cloud Logging
  • B Cloud Security Command Center
  • C Cloud Storage
  • D Cloud Scheduler
Explanation Cloud Security Command Center is designed for security threat monitoring, unlike the other options.
Q225

What happens when you set an IAM role with 'Deny' permissions in Google Cloud?

  • A Access is always denied.
  • B It overrides Allow permissions.
  • C Roles do not apply.
  • D Only some permissions are denied.
Explanation Deny permissions override any Allow permissions set for a user, while the other options are incorrect about IAM behavior.
Q226

Which service is used for identity management in GCP?

  • A Cloud Identity
  • B BigQuery
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Identity provides user and group management; the others are unrelated services.
Q227

A company needs to encrypt data at rest for all its Google Cloud resources. Which method is preferred?

  • A Use Cloud KMS for customer-managed keys
  • B Use the default encryption only
  • C Encrypt data in application code
  • D Use public keys from GPG
Explanation Cloud KMS allows for customer-managed encryption keys; the other options lack sufficient control or security.
Q228

You are configuring IAM permissions for Google Cloud resources. What happens when two conflicting roles are assigned to a user?

  • A Least privilege is enforced
  • B All permissions are denied
  • C Most privileged role is applied
  • D Role with earliest creation time is used
Explanation In conflicts, the permissions of the highest privilege role are applied; the other options misunderstand IAM conflict resolution.
Q229

Which Google Cloud service is best for detecting threats in real time?

  • A Cloud Security Scanner
  • B Cloud Armor
  • C Cloud Security Command Center
  • D Identity-Aware Proxy
Explanation Cloud Security Command Center provides real-time threat detection, while others serve different security functionalities.
Q230

A company needs to encrypt data at rest for compliance. Which Google Cloud service should they use?

  • A Cloud Pub/Sub
  • B Cloud Storage
  • C Cloud Functions
  • D BigQuery
Explanation Cloud Storage offers built-in encryption for data at rest; the others do not primarily focus on data storage.