Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 241–250 of 483

Q241

Which Google Cloud service provides automated security best practice recommendations?

  • A Security Health Analytics
  • B Cloud Functions
  • C Cloud Build
  • D App Engine
Explanation Security Health Analytics offers best practice recommendations while the others serve different functions.
Q242

A company needs to enforce access control policies for a data lake. Which service should they use?

  • A Cloud Storage
  • B Cloud IAM
  • C BigQuery
  • D Dataflow
Explanation Cloud IAM enforces access control policies, unlike the others that manage data storage or query processes.
Q243

What happens when you set a VPC firewall rule to allow all egress traffic?

  • A Blocks all incoming traffic
  • B Allows external access to all instances
  • C Neutralizes all existing ingress rules
  • D Only allows traffic to specified IPs
Explanation Allowing all egress traffic permits external access to instances, while the other options misinterpret egress rules.
Q244

Which service facilitates managing user identities securely?

  • A Identity and Access Management
  • B Cloud Functions
  • C Cloud Storage
  • D BigQuery
Explanation IAM is designed to securely manage user identities, while the others serve different functions.
Q245

A company needs to restrict access to GCP resources based on users' job roles. Which feature should they use?

  • A Service accounts
  • B IAM roles
  • C VPC networks
  • D BigQuery datasets
Explanation IAM roles specifically allow for access restrictions based on job functions, unlike the others.
Q246

What happens when you enable the Cloud Armor security policy on a load balancer?

  • A Blocks all traffic instantly
  • B Monitors threats only
  • C Applies DDoS protection
  • D Stops malicious content only
Explanation Cloud Armor enhances the load balancer with DDoS protection, whereas the others do not reflect complete functionality.
Q247

Which service allows secure authentication for GCP resources?

  • A Cloud Identity
  • B Google Drive
  • C Cloud Functions
  • D BigQuery
Explanation Cloud Identity provides secure user authentication, while others do not focus on authentication.
Q248

A company needs to ensure Compliance with data protection regulations. Which GCP service is best suited for data encryption at rest?

  • A Cloud SQL
  • B Cloud Key Management Service
  • C Cloud Pub/Sub
  • D Cloud Storage
Explanation Cloud Key Management Service manages encryption keys, while the other services do not specifically handle key management.
Q249

What happens when a VM in an instance group fails?

  • A System shuts down all instances
  • B Load balancer routes to another zone
  • C Instance group automatically recreates VM
  • D Manual intervention is required
Explanation Instance groups automatically recreate failed VMs to ensure availability, unlike the other options.
Q250

Which service provides DDoS protection for applications?

  • A Cloud Armor
  • B Cloud Functions
  • C Cloud Storage
  • D Cloud SQL
Explanation Cloud Armor protects applications from DDoS attacks; the others do not specialize in DDoS protection.