Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 371–380 of 483

Q371

A company needs to enforce organization-wide security policies across all its projects. Which tool should they use?

  • A IAM Permissions
  • B Organization Policies
  • C VPC Service Controls
  • D Firewall Rules
Explanation Organization Policies enforce security policies across projects; IAM Permissions apply to individual resources.
Q372

What happens when you use a Service Account without proper OAuth2 scopes?

  • A Access is fully granted automatically
  • B Access is denied based on scopes
  • C Only data loss occurs
  • D Access remains unrestricted
Explanation Without proper OAuth2 scopes, access to resources is denied, contrary to the other options suggesting otherwise.
Q373

Which Google Cloud service offers dedicated hardware for sensitive workloads?

  • A Confidential Computing
  • B Cloud Functions
  • C Cloud Run
  • D App Engine
Explanation Confidential Computing allows processing data in secure enclaves, while the others are not designed for dedicated hardware.
Q374

A company needs to audit IAM policy changes. Which audit log type should they enable?

  • A Admin Activity Logs
  • B Data Access Logs
  • C System Event Logs
  • D Policy Change Logs
Explanation Admin Activity Logs record changes to IAM policies, while others track different logs.
Q375

What happens when you set an organization policy to deny all ingress traffic on a specific VPC?

  • A All traffic is permitted in that VPC
  • B Existing connections are unaffected
  • C Only egress traffic is blocked
  • D New incoming connections are blocked
Explanation Denying ingress traffic prevents new connections, but existing ones may still function temporarily.
Q376

Which service provides a dedicated interconnect solution to connect on-premises data centers with Google Cloud?

  • A Google Cloud VPN
  • B Cloud Interconnect
  • C Cloud Functions
  • D App Engine
Explanation Cloud Interconnect offers direct network connections, whereas the other options do not provide dedicated interconnect solutions.
Q377

A company needs to audit access to sensitive data in Cloud Storage. What is the best approach?

  • A Enable Uniform Bucket Level Access
  • B Set object ACLs for data
  • C Configure Cloud Audit Logs
  • D Limit bucket name access
Explanation Configuring Cloud Audit Logs will provide detailed access records, while other options won't effectively track audits.
Q378

What happens when you remove a role from a Google Cloud IAM user?

  • A They lose all permissions immediately
  • B Their permissions are retained temporarily
  • C Only some permissions are removed
  • D They may retain access through groups
Explanation Removing a role instantly revokes all associated permissions for that user, while other options misinterpret IAM behavior.
Q379

Which Google Cloud service provides a managed solution for API security?

  • A Cloud API Gateway
  • B Cloud Functions
  • C Compute Engine
  • D Cloud SQL
Explanation Cloud API Gateway securely manages API traffic; others do not focus on APIs.
Q380

A company needs to store sensitive data with strict access controls in Google Cloud. Which service should they use?

  • A Cloud Firestore
  • B Cloud Spanner
  • C Cloud Storage with IAM
  • D Cloud Pub/Sub
Explanation Cloud Storage with IAM allows fine-grained access control; others do not provide equivalent security management.