Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 251–260 of 483

Q251

A company needs to audit API activity to increase security. What should they enable?

  • A Cloud Logging
  • B Cloud Metrics
  • C Cloud Monitoring
  • D Cloud Functions
Explanation Cloud Logging retains logs of API activity; the others do not focus specifically on logging API actions.
Q252

What happens when you disable the Firewall Rule on a VM instance?

  • A Network traffic is immediately blocked
  • B Traffic is allowed to the VM
  • C All traffic is logged immediately
  • D VM instance is terminated
Explanation Disabling a Firewall Rule allows all incoming traffic; the other options describe incorrect behaviors.
Q253

Which Google Cloud service provides centralized identity management?

  • A Cloud Identity
  • B Cloud IAM
  • C Cloud Storage
  • D Cloud Functions
Explanation Cloud Identity offers centralized management for users and groups, while IAM focuses on access management.
Q254

A company needs to secure its application on GCP from DDoS attacks. Which service should they implement?

  • A Cloud Armor
  • B Cloud Load Balancer
  • C Cloud Firewall
  • D Cloud CDN
Explanation Cloud Armor is designed specifically to protect against DDoS attacks, unlike the other services.
Q255

You are configuring IAM roles for a project. What happens when a user has conflicting roles in IAM?

  • A Only the highest role is applied
  • B All roles are applied simultaneously
  • C Least privilege is granted
  • D User receives no access
Explanation In IAM, if a user has conflicting roles, the highest role's permissions are prioritized.
Q256

Which service enables you to manage encryption keys in Google Cloud?

  • A Cloud Key Management Service
  • B Cloud Identity
  • C Cloud Storage
  • D Cloud IAM
Explanation Cloud Key Management Service specifically manages encryption keys, while the others serve different purposes.
Q257

A company needs to log and monitor access to their Cloud Storage buckets. Which Google Cloud service should they use?

  • A Stackdriver Logging
  • B Cloud Security Command Center
  • C Cloud Audit Logs
  • D Cloud Monitoring
Explanation Cloud Audit Logs specifically tracks access to Cloud Storage, while others are more general or for different uses.
Q258

What happens when you assign the `roles/owner` role to a user in a Google Cloud project?

  • A User can manage everything in the project
  • B User cannot manage IAM roles
  • C User can only view project resources
  • D User has project billing permissions only
Explanation The `roles/owner` role grants full control over the project, unlike other options which are inaccurate limitations or scopes.
Q259

Which GCP service allows secure API access controls?

  • A Cloud Identity and Access Management
  • B Cloud Runtime Security
  • C Cloud Functions Security
  • D Cloud Data Loss Prevention
Explanation Cloud IAM is specifically designed for managing access controls, whereas the other options do not primarily focus on API access management.
Q260

A company needs to securely manage encryption keys for their applications. Which GCP service should they use?

  • A Cloud Storage
  • B Cloud Key Management Service
  • C Cloud Pub/Sub
  • D Cloud Spanner
Explanation Cloud Key Management Service is designed for managing encryption keys, while the other services handle different functionalities.