Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 281–290 of 483

Q281

A company needs to securely manage API access for its microservices. What should they implement?

  • A Service Accounts
  • B Cloud Storage
  • C BigQuery
  • D Cloud Load Balancer
Explanation Service Accounts provide secure identification and access management for APIs, the others do not serve this purpose.
Q282

What happens when two firewall rules contradict each other?

  • A First rule takes precedence
  • B Traffic is automatically blocked
  • C Last rule takes precedence
  • D Both rules are ignored
Explanation In Google Cloud, the most recently created rule takes precedence in case of a conflict.
Q283

Which service allows you to automate vulnerability scanning in GCP?

  • A Security Command Center
  • B Cloud Armor
  • C Cloud Functions
  • D Cloud Run
Explanation Security Command Center provides built-in vulnerability scanning, while the others do not focus on this function.
Q284

A company needs to securely store API keys. What is the recommended approach?

  • A Store in plain text files
  • B Use Secret Manager
  • C Hard-code in source code
  • D Store in a database without encryption
Explanation Using Secret Manager encrypts and manages sensitive data securely, unlike the other options.
Q285

What happens when setting IAM policies at the project-level?

  • A Overrides all organization policies
  • B Combines with organization policies
  • C No effect if unused
  • D Grants permissions to all users
Explanation Project-level IAM policies combine with organization policies to define effective permissions.
Q286

Which service should a company use to monitor security vulnerabilities in their Google Cloud environment?

  • A Cloud Security Command Center
  • B Cloud Functions
  • C Cloud Run
  • D Cloud CDN
Explanation Cloud Security Command Center provides comprehensive security monitoring, while the other services do not focus on security monitoring.
Q287

What happens when a Google Cloud IAM policy is attached to a Cloud Storage bucket?

  • A It controls access to the bucket.
  • B It automatically encrypts all objects.
  • C It sets the storage class.
  • D It backs up data every day.
Explanation IAM policies define access control for resources; the others do not directly relate to IAM policies.
Q288

You are configuring a VPC network with restrictive firewall rules. What will happen if a rule has 'deny all' at the end?

  • A All traffic will be allowed.
  • B Only specific traffic is allowed.
  • C No traffic can pass through.
  • D It causes a network outage.
Explanation 'Deny all' blocks all traffic not explicitly allowed by other rules, while A and B are incorrect interpretations of firewall behavior.
Q289

Which Google Cloud service is best for data encryption at rest?

  • A Cloud Key Management Service
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D Compute Engine
Explanation Cloud Key Management Service provides key management solutions for encrypting data at rest, while other options do not specifically focus on encryption.
Q290

A company needs to ensure only authorized personnel can access sensitive bucket data. What practice should they adopt?

  • A Publicly shared IAM roles
  • B Private Cloud Storage bucket
  • C Least privilege access
  • D Privacy data labeling
Explanation Least privilege access minimizes unnecessary permissions to enhance data security, whereas other choices either do not provide sufficient security or limit access inappropriately.