Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 261–270 of 483

Q261

What happens when a firewall rule is set to allow all ingress traffic on Google Cloud?

  • A All internal traffic is blocked
  • B All external traffic is blocked
  • C All traffic is allowed
  • D No effect on existing rules
Explanation Allowing all ingress traffic permits all connections, unlike the other options which suggest traffic restriction or no effect.
Q262

Which service provides secure identity management?

  • A Cloud Identity
  • B Cloud Datastore
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Cloud Identity offers comprehensive identity management, while the others serve different purposes.
Q263

A company needs to implement a key rotation strategy. Which Google Cloud service is best suited?

  • A Cloud Storage
  • B Cloud Key Management Service
  • C AI Platform
  • D Cloud Bigtable
Explanation Cloud Key Management Service specializes in managing cryptographic keys, critical for key rotation.
Q264

What happens when a Cloud Function executes multiple times concurrently?

  • A It switches to sequential execution
  • B Concurrency can lead to resource limits
  • C It crashes due to overload
  • D It always executes on the same instance
Explanation Concurrency in Cloud Functions can exceed resource limits, affecting performance, while the other options are incorrect.
Q265

Which service offers encryption at rest by default?

  • A Cloud Storage
  • B BigQuery
  • C Compute Engine
  • D Cloud Functions
Explanation Cloud Storage encrypts data automatically, while others require manual configuration.
Q266

A company needs to securely share Cloud Storage data. What should they use?

  • A IAM Roles
  • B Public Access
  • C Signed URLs
  • D Data Loss Prevention
Explanation Signed URLs provide secure temporary access, while IAM Roles may not limit access time.
Q267

You are configuring a VPN between on-premises and Google Cloud. What happens if the BGP session fails?

  • A Traffic reroutes instantly
  • B Traffic is dropped
  • C Session retries indefinitely
  • D No impact on routing
Explanation Traffic will not be rerouted if the BGP session fails, leading to dropped connections.
Q268

Which Google Cloud service allows for event-driven architectures?

  • A Cloud Functions
  • B Cloud Storage
  • C Compute Engine
  • D Cloud Bigtable
Explanation Cloud Functions enables serverless, event-driven execution, while others serve different purposes.
Q269

A company needs to enforce a policy that users can only access resources based on their department. What should they implement?

  • A IAM Roles
  • B VPC Service Controls
  • C Cloud Resource Manager
  • D Organization Policies
Explanation Organization Policies can enforce restrictions based on attributes, while IAM Roles simply grant access.
Q270

What happens when a user is assigned a new IAM role but the previous role had permissions to modify IAM policies?

  • A Permissions are combined
  • B User loses all permissions
  • C User retains previous permissions
  • D Permissions are blocked temporarily
Explanation IAM permissions are additive; the user retains all granted permissions from both roles.