Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 381–390 of 483

Q381

You are configuring VPC Service Controls. What happens if the policy is applied incorrectly?

  • A Access is granted by default
  • B Sensitive data is exposed
  • C No impact on resources
  • D Access is denied by default
Explanation VPC Service Controls deny access if misconfigured; granting access by default is not how it operates.
Q382

Which service provides real-time threat detection in GCP?

  • A Cloud Security Command Center
  • B Google Cloud Logging
  • C Cloud Data Loss Prevention
  • D Cloud Monitoring
Explanation Cloud Security Command Center offers real-time threat detection, while other options do not specialize in threat detection.
Q383

A company needs to securely manage its API keys. What is a best practice?

  • A Store keys in code repositories
  • B Use Google Secret Manager
  • C Expose keys as environment variables
  • D Share keys in team communication
Explanation Using Google Secret Manager ensures secure storage of API keys, avoiding exposure that other options present.
Q384

What happens when a Google Cloud IAM policy is changed?

  • A Immediate activation across region
  • B Changes are versioned automatically
  • C Respective permissions are revoked
  • D Only effective in future sessions
Explanation IAM policy changes take effect immediately across all resources, while the other options are incorrect regarding IAM behavior.
Q385

Which service is primarily used for managing access control in Google Cloud?

  • A IAM
  • B Cloud Run
  • C BigQuery
  • D Cloud Storage
Explanation IAM manages user access, while others are services for application deployment and data processing.
Q386

A company needs to ensure that only specific services can access its Cloud SQL instances. What should they implement?

  • A Service Accounts
  • B VPC peering
  • C Firewall rules
  • D Load balancers
Explanation Service Accounts securely manage permissions for services, unlike VPC peering and others which aren't focused on permissions.
Q387

You are analyzing the security event logs on Google Cloud. What happens when a user exceeds their IAM permissions?

  • A Actions blocked, logged as errors
  • B User access is permanently revoked
  • C User is notified automatically
  • D Actions allowed under least privilege
Explanation Actions are blocked and logged; users aren't removed or notified automatically.
Q388

Which Google Cloud service provides managed Kubernetes containers?

  • A Cloud Run
  • B App Engine
  • C Google Kubernetes Engine
  • D Cloud Functions
Explanation Google Kubernetes Engine (GKE) is specifically designed for running and managing Kubernetes clusters, unlike the other options which serve different functions.
Q389

A company needs to secure their data stored in Cloud Storage using encryption. What should they use?

  • A Default Google-managed encryption keys
  • B Only public key encryption
  • C Symmetric encryption without keys
  • D Custom customer-managed encryption keys
Explanation Custom customer-managed encryption keys provide the most control for securing data, while other options are less flexible or secure.
Q390

What happens when a service account is granted overly permissive roles?

  • A Less security risk for GCP resources
  • B Increased potential for misconfigurations
  • C Reputation damage only to the service
  • D Only important data is at risk
Explanation Granting overly permissive roles exposes resources to more security risks and potential misconfigurations.