Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 271–280 of 483

Q271

Which service helps manage encryption keys in Google Cloud?

  • A Google Cloud Key Management
  • B Google Cloud Pub/Sub
  • C Google Cloud Functions
  • D Google Cloud Storage
Explanation Google Cloud Key Management allows encryption key management, while others do not manage keys.
Q272

A company needs to ensure all VM instances are scanned for vulnerabilities. Which option should they implement?

  • A Cloud Monitoring
  • B Container Analysis
  • C Google Cloud SecOps
  • D OS Patch Management
Explanation Container Analysis provides vulnerability scanning for images; others do not specifically address VM scans.
Q273

What happens when a shared VPC host project is deleted?

  • A All service projects are deleted
  • B Host and service projects stay intact
  • C Service projects lose network access
  • D All resources in projects revert
Explanation Service projects lose network access when the host project is deleted; other options don't reflect the behavior of VPC.
Q274

Which service provides DDoS protection for applications in Google Cloud?

  • A Cloud Armor
  • B Cloud CDN
  • C Cloud Storage
  • D Cloud SQL
Explanation Cloud Armor is specifically designed for DDoS protection, unlike other services that focus on different use cases.
Q275

A company needs to monitor security events across multiple Google Cloud services in real time. Which tool should they use?

  • A Cloud Watch
  • B Cloud Audit Logs
  • C Cloud Security Command Center
  • D Cloud Scheduler
Explanation Cloud Security Command Center aggregates security findings, while others do not provide real-time and comprehensive security monitoring.
Q276

What happens when you disable a service account in Google Cloud?

  • A All resources become inaccessible
  • B Associated resources remain functional
  • C Immediate revocation of OAuth tokens
  • D Service account can be re-enabled
Explanation Disabling a service account does not impact existing resources; they remain functional until permissions change.
Q277

Which service provides encryption for data at rest in GCP?

  • A Cloud Storage
  • B Compute Engine
  • C Cloud Key Management
  • D Cloud Functions
Explanation Cloud Key Management provides encryption key management; other options do not focus solely on encryption management.
Q278

A company needs to restrict IAM roles for a team. What is the best practice?

  • A Use least privilege access
  • B Grant all roles to the team
  • C Remove all policies from users
  • D Assign roles based on user age
Explanation Least privilege access minimizes exposure by limiting permissions; other options can lead to security risks or unnecessary permissions.
Q279

You are configuring a VPC firewall rule. What happens when you set action to DENY?

  • A Traffic is always permitted
  • B Traffic is blocked based on conditions
  • C Default action is overridden
  • D No changes take effect
Explanation Setting action to DENY blocks traffic matching the rule; other options misinterpret the behavior of the rule.
Q280

Which Google Cloud service provides serverless computing?

  • A Cloud Functions
  • B Cloud Storage
  • C Cloud Pub/Sub
  • D Cloud SQL
Explanation Cloud Functions offers event-driven serverless execution, while others do not.