Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 321–330 of 483

Q321

What happens when you assign an IAM role containing 'delete' permissions to a service account?

  • A It can delete all resources.
  • B No resources can be deleted.
  • C Only resources it owns can be deleted.
  • D It can delete but requires confirmation.
Explanation The service account retains delete permission for resources it's allowed to access.
Q322

Which service allows for automated certificate management on Google Cloud?

  • A Google Cloud Certificate Manager
  • B Google Kubernetes Engine
  • C Cloud Identity
  • D Cloud Pub/Sub
Explanation Google Cloud Certificate Manager automates the management of TLS certificates; others do not deal with certificates.
Q323

A company needs to store sensitive data in a secure manner and meet compliance requirements. Which Google Cloud service is best suited for data encryption at rest?

  • A Cloud Firestore
  • B Cloud Storage
  • C Cloud SQL
  • D BigQuery
Explanation Cloud Storage provides built-in encryption at rest, while the others either do not focus on sensitive data or require additional setup.
Q324

You are configuring IAM roles in Google Cloud. What happens when a user is assigned both a role that grants edit access and another that grants view access?

  • A User retains edit permissions only
  • B User retains view permissions only
  • C User retains both permissions
  • D Roles conflict and access denied
Explanation IAM roles are cumulative, so the user retains both edit and view permissions; the other options contradict this cumulative nature.
Q325

Which Google Cloud service provides integrated threat detection?

  • A Cloud Security Command Center
  • B Cloud Pub/Sub
  • C Cloud Spanner
  • D Cloud Load Balancing
Explanation Cloud Security Command Center offers comprehensive threat detection; others do not focus on security assessment or threat intelligence.
Q326

You are configuring IAM permissions for a project. Which role gives complete control over a project?

  • A Viewer
  • B Editor
  • C Owner
  • D Billing Account User
Explanation Only the Owner role has full administrative control, while others have limited permissions.
Q327

What happens when you enable VPC Service Controls?

  • A Improves existing firewall rules
  • B Restricts access to services in VPC
  • C Allows public IP for all services
  • D Increases available bandwidth
Explanation VPC Service Controls enhance security by creating strong perimeters around Google Cloud services; others do not accurately describe its function.
Q328

Which service enables encryption key management for Google Cloud resources?

  • A Cloud Key Management Service
  • B Cloud Storage
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Cloud Key Management Service manages encryption keys, while the others serve different purposes.
Q329

A company needs to anonymize data in a dataset for analysis. What should they use?

  • A Data Loss Prevention API
  • B IAM Policies
  • C VPC Service Controls
  • D Cloud Identity
Explanation The Data Loss Prevention API effectively anonymizes sensitive data, unlike IAM Policies and the others which do not focus on data anonymization.
Q330

What happens when you delete a Google Cloud Storage bucket without enabling Object Versioning?

  • A Data is permanently lost
  • B Data can be recovered easily
  • C Data is archived automatically
  • D Data is preserved for 30 days
Explanation Once a bucket is deleted without versioning, its data is permanently lost; recovery options are not applicable.