Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 231–240 of 483

Q231

You are configuring IAM roles. What happens when a user is granted the "Viewer" role on a project?

  • A User can delete resources
  • B User can modify resources
  • C User can view resources only
  • D User can create resources
Explanation The "Viewer" role only allows viewing resources, with no permissions to modify or create.
Q232

A company needs to comply with GDPR. Which Google Cloud service aids in data residency and protection?

  • A Cloud Storage
  • B Cloud Pub/Sub
  • C Data Loss Prevention
  • D Cloud Firestore
Explanation Data Loss Prevention (DLP) helps manage sensitive data, ensuring GDPR compliance, while others do not specifically address legal requirements.
Q233

You are configuring service accounts. What happens when you delete a service account with active IAM roles?

  • A IAM roles remain active indefinitely
  • B Roles transfer to another account
  • C Roles get deleted with account
  • D Access is immediately revoked for users
Explanation When a service account is deleted, all associated IAM roles are also removed, unlike other options.
Q234

Which Google service can be integrated for automated compliance checking?

  • A Cloud Spanner
  • B Cloud Asset Inventory
  • C BigQuery
  • D Cloud Functions
Explanation Cloud Asset Inventory tracks resources and enables compliance checking, while others serve different purposes.
Q235

Which Google Cloud service encrypts data at rest automatically?

  • A Cloud Storage
  • B Cloud Functions
  • C Cloud Pub/Sub
  • D Firestore
Explanation Cloud Storage encrypts data at rest automatically by default; other services may not handle encryption similarly.
Q236

A company needs to manage internal and external policies for its APIs. Which tool should they use?

  • A Cloud IAM
  • B Apigee API Management
  • C Cloud Armor
  • D Cloud Functions
Explanation Apigee API Management provides features for managing API policies, unlike the other options.
Q237

What happens when an unauthorized user attempts to access a resource in Google Cloud with denied IAM permissions?

  • A Access is granted temporarily.
  • B Access is explicitly denied.
  • C User receives a warning.
  • D Resource is hidden from user.
Explanation Access is explicitly denied, preventing unauthorized access, unlike warnings or resource hiding.
Q238

Which Google Cloud service is designed to secure workloads in containers?

  • A Google Kubernetes Engine
  • B Cloud Run
  • C Cloud Storage
  • D Cloud Functions
Explanation Google Kubernetes Engine provides built-in security features for containerized applications, unlike the other services.
Q239

A company needs to restrict access to a sensitive Cloud Storage bucket. What should they implement?

  • A Public Access Prevention
  • B Default object permissions
  • C Data Loss Prevention (DLP)
  • D IAM roles
Explanation IAM roles properly control access, whereas the other options do not sufficiently restrict access.
Q240

What happens when you enable VPC Service Controls on a project?

  • A Data exported to the public internet
  • B Increased network latency
  • C Enhanced data security boundaries
  • D Automatic service account creation
Explanation VPC Service Controls enforce security boundaries around resources, while others do not provide security benefits.