Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 291–300 of 483

Q291

You are configuring a Google Kubernetes Engine cluster with strict Pod security policies. What happens if a Pod requests elevated privileges?

  • A It will be permitted automatically.
  • B The Pod will be scheduled.
  • C The Pod will be rejected.
  • D It will require manual approval.
Explanation Under strict Pod security policies, elevated privilege requests are rejected to enhance security, while other options suggest incorrect outcomes for policy enforcement.
Q292

Which service provides DDoS protection in Google Cloud?

  • A Cloud Armor
  • B Cloud Load Balancing
  • C Cloud Pub/Sub
  • D Cloud CDN
Explanation Cloud Armor specifically protects against DDoS attacks; the others do not provide this feature.
Q293

A company needs to store sensitive data but wants to ensure compliance with regulations. Which Google Cloud service should they use for data classification?

  • A Cloud KMS
  • B Cloud Identity
  • C Data Loss Prevention
  • D BigQuery
Explanation Data Loss Prevention helps classify and protect sensitive data; others do not focus on data classification.
Q294

What happens when you configure a firewall rule to allow egress traffic but not ingress in Google Cloud?

  • A All inbound traffic is blocked
  • B Only outbound traffic is allowed
  • C No traffic flows at all
  • D Only authorized users can connect
Explanation Allowing egress traffic means outbound is permitted; inbound traffic is controlled separately, so it won't be blocked unless configured.
Q295

Which service provides DDoS protection for applications?

  • A Cloud Armor
  • B Cloud Pub/Sub
  • C Cloud Storage
  • D Cloud Functions
Explanation Cloud Armor is specifically designed for DDoS protection, while others serve different purposes.
Q296

A company needs to restrict access to sensitive data in BigQuery. What should they configure?

  • A IAM Roles
  • B Cloud Functions
  • C Bucket Policies
  • D Cloud Run Permissions
Explanation IAM Roles allow precise access management in BigQuery, while other options do not apply to it directly.
Q297

What happens when an organization uploads data with no encryption to Google Cloud Storage?

  • A Data is stored as-is, unencrypted
  • B Data is automatically encrypted at rest
  • C Data must be decrypted first
  • D Data is deleted immediately
Explanation Data without encryption is stored in plaintext unless specified otherwise, while the other options misrepresent the behavior.
Q298

Which service allows secure access to VM instances?

  • A Identity-Aware Proxy
  • B Cloud Load Balancing
  • C Cloud Pub/Sub
  • D Cloud SQL
Explanation Identity-Aware Proxy provides secure access, while others serve different purposes.
Q299

A company needs to monitor the security state of its GCP resources. Which tool should they use?

  • A Cloud Resource Manager
  • B Cloud Security Command Center
  • C Cloud Monitoring
  • D Cloud Identity
Explanation Cloud Security Command Center focuses on security state, unlike the other tools.
Q300

What happens when you enable VPC flow logs?

  • A Logs are stored in GCS
  • B Traffic is encrypted
  • C Logs of IP traffic are collected
  • D VPC firewall rules are changed
Explanation VPC flow logs capture IP traffic, while others describe different functionalities.