Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 391–400 of 483

Q391

Which Google Cloud service offers serverless container execution?

  • A Cloud Run
  • B Google Kubernetes Engine
  • C Cloud Functions
  • D Compute Engine
Explanation Cloud Run is specifically designed for running containerized applications in a serverless environment, while the others are not fully serverless.
Q392

A company needs to enforce encryption for sensitive data stored in Cloud Storage. Which approach should they take?

  • A Enable Object Versioning
  • B Use Customer-Supplied Encryption Keys
  • C Set up IAM Policies
  • D Limit Access to Cloud Console
Explanation Customer-Supplied Encryption Keys provide direct control over data encryption, while the other options do not enhance encryption.
Q393

What happens when you set a Google Cloud IAM policy binding with 'roles/storage.admin' to a service account in a folder context?

  • A Access to all project resources
  • B Access only to storage in the project
  • C Access to all folders within the project
  • D Access to storage and management features
Explanation 'roles/storage.admin' allows full control over storage resources, including management capabilities, while others misrepresent permissions.
Q394

Which service provides a centralized identity repository in Google Cloud?

  • A Cloud Identity
  • B Cloud Storage
  • C BigQuery
  • D Compute Engine
Explanation Cloud Identity provides a centralized identity management solution, while the others are unrelated services.
Q395

A company needs to securely store sensitive data while allowing access based on user roles. Which Google Cloud feature should they use?

  • A IAM Roles
  • B Cloud Pub/Sub
  • C App Engine
  • D Cloud Functions
Explanation IAM Roles enable fine-grained access control, while the other options do not specifically manage access based on roles.
Q396

What happens when a Google Cloud Storage bucket policy allows public access to objects?

  • A Objects are private to the owner.
  • B Anyone can read the objects.
  • C Objects are encrypted automatically.
  • D Access must be requested via IAM.
Explanation Public access allows anyone to read the objects, while the other options do not accurately reflect the implications of public access.
Q397

Which service is best for managing user roles in GCP?

  • A IAM
  • B Cloud Functions
  • C Cloud Storage
  • D BigQuery
Explanation IAM is specifically designed for managing user roles, while others serve different functions.
Q398

A company needs to securely store sensitive data. Which GCP feature is most appropriate?

  • A Cloud SQL Encryption
  • B Cloud Functions
  • C Cloud CDN
  • D Google Kubernetes Engine
Explanation Cloud SQL offers encryption for sensitive data at rest and in transit, unlike the other options.
Q399

What happens when a policy is changed in GCP IAM after a role has been assigned?

  • A Role remains unchanged
  • B Role is immediately revoked
  • C Role is updated to new policy
  • D Role is temporarily suspended
Explanation Changes in IAM policies impact assigned roles in real-time, updating permissions accordingly.
Q400

Which service provides identity federation in Google Cloud?

  • A Identity and Access Management (IAM)
  • B Cloud Identity
  • C Google Kubernetes Engine (GKE)
  • D Cloud Identity-Aware Proxy
Explanation Cloud Identity enables identity federation; others do not.