Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 351–360 of 483

Q351

What happens when you set a bucket's IAM policy to public access?

  • A Access is granted to everyone
  • B Bucket can only be accessed by admins
  • C Bucket is deleted automatically
  • D Public access is blocked completely
Explanation Setting public access grants everyone access to the bucket, while other options are either incorrect or misleading.
Q352

Which service automatically manages SSL certificates for HTTPS?

  • A Google Cloud Load Balancer
  • B Google Cloud Functions
  • C Google Cloud Storage
  • D Google Kubernetes Engine
Explanation Google Cloud Load Balancer handles SSL certificate management; the others do not manage SSL directly.
Q353

A company needs to protect sensitive data at rest in Cloud Storage. What should be enabled?

  • A Firebase Auth
  • B Client-side Encryption
  • C IAM Role Changes
  • D Project Quotas
Explanation Client-side encryption ensures data protection at rest; the other options do not provide this protection.
Q354

What happens when you configure a VM with an internal IP only?

  • A Internet access is enabled
  • B It fails to start
  • C It can communicate with other VMs
  • D It has a public DNS record
Explanation A VM with only an internal IP can communicate with other internal resources; the other options are incorrect regarding its network configuration.
Q355

Which service is used for managing IAM policies in Google Cloud?

  • A Cloud IAM
  • B Cloud Key Management
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud IAM is specifically designed for managing Identity and Access Management policies; the others serve different functions.
Q356

A company needs to ensure that sensitive data in Google Cloud Storage is encrypted at rest and in transit. What should they do?

  • A Use lifecycle management rules
  • B Enable Uniform Bucket-Level Access
  • C Utilize Google-managed encryption keys
  • D Set up VPC Service Controls
Explanation Google-managed encryption keys automatically encrypt data at rest and in transit; the other options do not ensure both encryption types effectively.
Q357

What happens when a service account is deleted in Google Cloud?

  • A All its permissions are revoked
  • B All associated resources are deleted
  • C Permissions switch to the project's owner
  • D The service account can be restored
Explanation Deleting a service account revokes all its permissions; deleted accounts and their roles are not retained, and the associated resources are not automatically deleted.
Q358

Which service helps to identify misconfigured IAM policies?

  • A Policy Troubleshooter
  • B Cloud Storage
  • C Activity Logs
  • D Network Manager
Explanation Policy Troubleshooter shows IAM misconfigurations, while others manage different resources.
Q359

A company needs to comply with GDPR for user data stored in Google Cloud services. What should they enable?

  • A Data Loss Prevention API
  • B Cloud Pub/Sub
  • C Virtual Private Cloud
  • D Cloud Functions
Explanation Data Loss Prevention API helps identify and redact sensitive data for compliance.
Q360

What happens when you set a VPC firewall rule to deny all traffic?

  • A Sessions are logged only.
  • B All traffic is blocked.
  • C Only incoming traffic is affected.
  • D It creates an error.
Explanation A deny rule blocks all traffic that matches it, including incoming and outgoing.