Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 21–30 of 483

Q21

You are configuring a service account in Google Cloud. What happens if you do not grant any roles to the service account?

  • A It can perform any action
  • B It has no permissions at all
  • C It inherits project permissions
  • D It can access storage only
Explanation Without roles, a service account has no permissions to access resources, ensuring the principle of least privilege is maintained.
Q22

Which service in Google Cloud provides a secure environment for deploying applications and services?

  • A Google Kubernetes Engine
  • B Google App Engine
  • C Cloud Functions
  • D BigQuery
Explanation Google App Engine is a fully managed serverless platform designed for security.
Q23

A company needs to enforce encryption for data at rest in Google Cloud Storage. Which feature should they enable?

  • A Bucket Policies
  • B Object Lifecycle Management
  • C Default Encryption Keys
  • D Storage Class
Explanation Default Encryption Keys automatically encrypts data at rest for better security.
Q24

What happens when a network firewall rule is deleted in Google Cloud?

  • A Traffic is blocked by default
  • B The rule is archived
  • C Existing connections are unaffected
  • D The rule can be restored easily
Explanation Deleting a firewall rule does not affect existing connections but blocks new ones as per default rules.
Q25

Which service enables encryption of data at rest?

  • A Cloud Key Management
  • B Cloud SQL
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Key Management allows you to manage encryption keys, whereas the others primarily provide different services.
Q26

A company needs to configure a firewall for their Cloud VPC. Which feature should they use to restrict outbound traffic?

  • A Ingress rules
  • B Egress rules
  • C Cloud Armor
  • D Route Tables
Explanation Egress rules control outbound traffic, while ingress rules control incoming traffic.
Q27

What happens when you revoke a user's access to a GCP resource?

  • A Access remains until session ends
  • B Immediate termination of all access
  • C Access is temporarily disabled
  • D User is notified via email
Explanation Access remains until the user's current session ends; the revoke is effective for new sessions only.
Q28

Which service can enforce organization-wide security policies in GCP?

  • A Organization Policies
  • B IAM Roles
  • C Cloud Audit Logs
  • D VPC Service Controls
Explanation Organization Policies enable administrators to set constraints on GCP resources, while the others focus on access control or auditing.
Q29

A company needs to ensure that sensitive data in BigQuery is encrypted during transit. What should they configure?

  • A IAM permissions on datasets
  • B Data Loss Prevention (DLP) API
  • C Customer-managed encryption keys
  • D SSL/TLS settings for connections
Explanation SSL/TLS settings ensure encryption in transit, while others relate to different aspects of data security.
Q30

You are configuring a firewall rule to restrict external access. What happens if you set it to allow all traffic?

  • A No traffic will pass through
  • B Traffic will only be blocked from specific IPs
  • C All traffic will be permitted
  • D Firewall rule will be denied
Explanation Allowing all traffic means unrestricted access, which defeats security purposes, while others suggest ineffective configurations.