Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 301–310 of 483

Q301

Which Google Cloud service mainly provides DDoS protection?

  • A Cloud Armor
  • B Cloud CDN
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Armor is designed to protect against DDoS attacks, whereas the others serve different purposes.
Q302

A company needs to restrict IAM roles to only allow specific IPs. What should they implement?

  • A Service Accounts
  • B Firewall Rules
  • C IAM Conditions
  • D Identity-Aware Proxy
Explanation IAM Conditions allow context-based access control, while the others do not restrict IAM roles by IP.
Q303

What happens when a Google Kubernetes Engine (GKE) node runs out of disk space?

  • A Pods automatically restart on another node
  • B New pods cannot be scheduled on it
  • C Cluster enters a maintenance mode
  • D Existing pods resume without issues
Explanation When a node runs out of space, new pods cannot be scheduled until space is freed, while the existing ones may face issues.
Q304

Which service enables centralized logging in GCP?

  • A Cloud Logging
  • B Cloud Functions
  • C Cloud Spanner
  • D Cloud Storage
Explanation Cloud Logging collects and stores log data, while the others serve different purposes.
Q305

A company needs to enforce sign-in restrictions based on location. What should they use?

  • A Service Accounts
  • B Identity-Aware Proxy
  • C VPC Service Controls
  • D IAM Roles
Explanation Identity-Aware Proxy can enforce access based on user identity and origin, unlike the other options.
Q306

You are configuring a firewall rule in GCP. What happens if you set 'allow=all' for all inbound traffic?

  • A No traffic is allowed
  • B All outbound traffic is blocked
  • C All inbound traffic is allowed
  • D Traffic is restricted to a specific zone
Explanation 'allow=all' permits all inbound traffic, while the others imply restrictions.
Q307

Which service is best for identity management in GCP?

  • A Cloud Identity
  • B BigQuery
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Cloud Identity provides user and access management, while others do not.
Q308

A company needs to ensure that their GCP logs are immutable. What should they do?

  • A Use Cloud Storage with Object Lifecycle
  • B Enable log sinks with IAM roles
  • C Use Cloud Audit Logs in a bucket
  • D Apply retention policies on log buckets
Explanation Applying retention policies ensures logs cannot be deleted before expiration, which enforces immutability.
Q309

You are configuring firewall rules. What happens when you set 'Allow' for TCP traffic on a port?

  • A Blocks all traffic on that port
  • B Only allows incoming TCP traffic
  • C Allows incoming and outgoing traffic
  • D Ignores all rules for that port
Explanation 'Allow' applies to both incoming and outgoing traffic unless specifically configured otherwise.
Q310

Which Google Cloud service provides key management capabilities?

  • A Cloud Key Management Service
  • B Cloud IAM
  • C Cloud Storage
  • D Cloud Pub/Sub
Explanation Cloud Key Management Service allows for key management; the others do not focuses on key management.