Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 31–40 of 483

Q31

Which Google Cloud service is best for analyzing large datasets?

  • A BigQuery
  • B Cloud Functions
  • C Cloud Storage
  • D Compute Engine
Explanation BigQuery is optimized for large-scale data analysis, while others serve different purposes.
Q32

A company needs to expose its API securely. What should it use?

  • A Public IP address
  • B IAM roles
  • C API Gateway
  • D Cloud SQL
Explanation API Gateway provides enhanced security and routing for APIs, unlike the other options.
Q33

What happens when you disable a firewall rule in Google Cloud?

  • A Traffic is denied completely
  • B Traffic is allowed
  • C Rules become inactive only
  • D Monitoring stops instantly
Explanation Disabling a firewall rule allows traffic through, while others misrepresent the outcome or effects.
Q34

Which IAM role is best suited for managing Google Cloud Billing?

  • A Billing Account Administrator
  • B Project Viewer
  • C Storage Object Viewer
  • D Compute Admin
Explanation The Billing Account Administrator role provides full access to billing info, while others do not relate to billing management.
Q35

A company needs to ensure that their data is encrypted both in transit and at rest. What is the best approach?

  • A Use SSL/TLS for transit; Google-managed encryption for rest.
  • B Only encrypt data at rest.
  • C Use only client-side encryption.
  • D Transport Layer Security is enough.
Explanation Using SSL/TLS for transit ensures data protection while Google-managed encryption secures it at rest.
Q36

You are configuring VPCs for multiple teams in an organization. What happens if you enable VPC Peering between two VPCs without shared CIDR ranges?

  • A Peering will be established without issues.
  • B No connection will be established.
  • C Peering is established but may cause packet loss.
  • D Both VPCs will expose public IPs.
Explanation VPC peering can be established as long as there are no overlapping CIDR ranges.
Q37

Which service would you use to detect vulnerabilities in VM instances?

  • A Google Cloud Armor
  • B Cloud Security Scanner
  • C Cloud IAM
  • D Stackdriver Monitoring
Explanation Cloud Security Scanner identifies security vulnerabilities, while the others serve different purposes.
Q38

A company needs to ensure that sensitive data is only accessible to employees in specific roles. What should they implement?

  • A Cloud Function
  • B IAM Roles and Policies
  • C Service Accounts
  • D VPC Peering
Explanation IAM Roles and Policies control access to resources, unlike the others that have different functions.
Q39

What happens when you delete a Google Cloud Storage bucket?

  • A Data is permanently lost.
  • B Data is moved to Gmail.
  • C Bucket is marked for recovery.
  • D Bucket becomes read-only.
Explanation Deleting a bucket permanently removes all data in it, while the others are incorrect states.
Q40

Which service provides Insight Recommendations for security vulnerabilities?

  • A Security Command Center
  • B Cloud Identity
  • C Cloud Audit Logs
  • D Cloud Armor
Explanation Security Command Center identifies security issues, while the others focus on identity, logging, and DDoS protection.