Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 341–350 of 483

Q341

A company needs to implement proactive threat detection on its GCP resources. Which tool should they use?

  • A Cloud Armor
  • B Cloud DLP
  • C Cloud Security Command Center
  • D Dataflow
Explanation Cloud Security Command Center provides comprehensive security insight, unlike the other tools focused on different capabilities.
Q342

What happens when you assign a role to a GCP service account?

  • A Service account credentials are revoked
  • B Access permissions are modified according to the role
  • C Projects are deleted automatically
  • D IAM policies are bypassed
Explanation Assigning a role modifies access permissions, while the other options misrepresent IAM behavior.
Q343

Which Google Cloud service is best for monitoring network traffic and identifying threats?

  • A Cloud Armor
  • B Network Intelligence Center
  • C Security Command Center
  • D Cloud Logging
Explanation Security Command Center provides comprehensive threat detection, while others focus on different aspects of security.
Q344

A company needs to store sensitive data encrypted in transit and at rest. Which strategy should they use?

  • A Use only client-side encryption
  • B Use Google-managed encryption keys only
  • C Use SSL/TLS for data in transit and Google-managed encryption keys for data at rest
  • D Use public encryption keys
Explanation Using SSL/TLS and Google-managed keys ensures both encryption in transit and at rest.
Q345

You are configuring IAM roles for a team working on multiple projects. What happens if a team member is assigned 'Viewer' role on a project and 'Editor' role on another?

  • A Viewer role takes precedence.
  • B Editor role overrides the Viewer role.
  • C User has view access only.
  • D User has no access.
Explanation Role-based access is additive, where the highest privileges apply to the user, which in this case is the Editor role.
Q346

Which service provides comprehensive threat detection and response on GCP?

  • A Cloud Security Command Center
  • B Cloud IAM
  • C Cloud CDN
  • D Cloud Filestore
Explanation Cloud Security Command Center offers threat detection, while the others serve different purposes.
Q347

A company needs to restrict access to its GCP project only from specific IP addresses. What should they configure?

  • A IAM Roles
  • B VPC Firewall Rules
  • C Cloud Functions
  • D Cloud Armor
Explanation VPC Firewall Rules allow IP-based access restrictions, whereas IAM roles manage permissions.
Q348

What happens when a service account is granted multiple conflicting IAM roles in GCP?

  • A Access is denied
  • B Least privilege takes effect
  • C Union of permissions applies
  • D First role overrides others
Explanation In GCP, the permissions from all roles are combined, resulting in the union of permissions.
Q349

Which service is best for managing secrets?

  • A Secret Manager
  • B Cloud Storage
  • C BigQuery
  • D Cloud Pub/Sub
Explanation Secret Manager is specifically designed for managing secrets while the others serve different purposes.
Q350

You are configuring IAM roles for a GCP project. A user needs access to create Cloud Functions but cannot view other resources. What role should you assign?

  • A Cloud Functions Developer
  • B Viewer
  • C Editor
  • D Owner
Explanation Cloud Functions Developer allows creation without viewing other resources; others provide broader access.