Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 361–370 of 483

Q361

Which service would you use for DDoS protection in Google Cloud?

  • A Cloud Armor
  • B Cloud Functions
  • C App Engine
  • D BigQuery
Explanation Cloud Armor provides DDoS protection, while others serve different functions.
Q362

A company needs to ensure that their sensitive data is encrypted end-to-end. Which Google Cloud service should they implement?

  • A Cloud Storage
  • B Cloud Key Management
  • C Data Loss Prevention
  • D Google Workspace
Explanation Cloud Key Management enables end-to-end encryption, unlike the other options.
Q363

You are configuring IAM policies for a project. What happens if you attach multiple IAM roles to a single user?

  • A All roles are combined.
  • B Only the first role applies.
  • C Roles must be distinct.
  • D Roles conflict and cause errors.
Explanation All roles are cumulative, granting the user all permissions from each role.
Q364

Which Google Cloud service provides a managed key storage solution?

  • A Cloud Key Management Service
  • B Cloud Pub/Sub
  • C Cloud Storage
  • D Cloud Functions
Explanation Cloud Key Management Service manages encryption keys, while others do not focus on key management.
Q365

A company needs to restrict personnel access to virtual machine instances based on job roles. Which feature should they use?

  • A IAM Roles & Permissions
  • B VPC Firewall Rules
  • C Cloud Armor Policies
  • D Service Accounts
Explanation IAM Roles & Permissions control access based on roles, unlike the other options which serve different purposes.
Q366

What happens when you assign a Service Account the 'Editor' role on a Cloud Project?

  • A Full access to project resources
  • B Restricted access to logs only
  • C No access granted
  • D Owner rights to database only
Explanation The 'Editor' role provides broad access to manage and access resources, while other options limit permissions significantly.
Q367

Which service is best for DDoS protection?

  • A Google Cloud Armor
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D BigQuery
Explanation Google Cloud Armor provides specialized DDoS protection; other options focus on different functions.
Q368

A company needs to share sensitive data without compromising security. Which capability should they use?

  • A IAM roles with least privilege
  • B Public bucket access
  • C Service accounts for each user
  • D Bucket versioning only
Explanation IAM roles enforce least privilege access, ensuring security while sharing data.
Q369

What happens when a bucket is set to public with access control on Cloud Storage?

  • A Only objects are public
  • B Bucket is entirely private
  • C Public access to bucket and objects
  • D No user can access it
Explanation Setting a bucket to public grants access to both bucket and all contained objects.
Q370

Which service simplifies the management of cryptographic keys?

  • A Google Cloud Key Management Service
  • B Google Cloud Pub/Sub
  • C Google Cloud Functions
  • D Google Cloud Firestore
Explanation Google Cloud Key Management Service allows easy management of cryptographic keys, unlike the others which serve different purposes.