Google Cloud Certified – Professional Cloud Security Engineer

Which service provides identity management for GCP resources?

• A Cloud Identity
• B Cloud Functions
• C Cloud Run
• D Cloud Pub/Sub

A company needs to share cloud resources securely between projects. What should they use?

• A VPC Network Peering
• B IAM Roles
• C Service Accounts
• D Cloud Run

You are configuring firewall rules with multiple entries. What happens when packets match multiple rules?

• A First match is applied
• B Last match is applied
• C All matches are applied
• D No match applies

Which service helps you manage Google Cloud IAM roles?

• A Cloud Identity
• B Google Groups
• C Cloud Key Management
• D Cloud Asset Inventory

A company needs to monitor infrastructure security vulnerabilities. Which Google Cloud service should they use?

• A Cloud Monitoring
• B Cloud Security Command Center
• C Cloud Trace
• D Identity-Aware Proxy

You are configuring a VPC with firewall rules. What happens if an incoming request matches multiple rules?

• A The request is blocked by default
• B Only the first matching rule is applied
• C All matching rules are applied
• D The most specific rule is applied

Which service offers key management for encryption in Google Cloud?

• A Cloud Key Management Service
• B Cloud Armor
• C Cloud Identity
• D Compute Engine

A company needs to ensure that its sensitive data stored in GCS is automatically encrypted. What is the best approach?

• A Use IAM roles for data access
• B Turn on Object Versioning
• C Use Google-managed encryption
• D Implement IAM Conditions

What happens when you set a 'deny all' policy in Cloud IAM?

• A All users are blocked
• B Only specified resources are blocked
• C Only service accounts are blocked
• D Only external users are blocked

Which service should you use for identity management in GCP?

• A Cloud Identity
• B Cloud Storage
• C Compute Engine
• D BigQuery