Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 401–410 of 483

Q401

A company needs to securely manage their encryption keys. Which Google Cloud tool should they utilize?

  • A Cloud IAM
  • B Cloud Key Management Service (KMS)
  • C Cloud Storage
  • D BigQuery
Explanation Cloud KMS is designed for managing encryption keys; others do not specialize in key management.
Q402

What happens when you assign a custom IAM role without any permissions?

  • A User has limited access.
  • B User retains default permissions.
  • C User has no access.
  • D User can create roles.
Explanation Assigning a custom role with no permissions results in no access; other options imply incorrect access levels.
Q403

A company needs to encrypt sensitive data at rest and in transit within Google Cloud. Which service serves this purpose effectively?

  • A Google Cloud Key Management
  • B Google Cloud Firestore
  • C Google Cloud Pub/Sub
  • D Google Cloud Bigtable
Explanation Google Cloud Key Management allows for encryption management, while the others do not focus specifically on encryption features.
Q404

What happens when a Google Cloud IAM policy is incorrectly set to 'allow all'?

  • A Complete access granted to everyone
  • B Access denied for all users
  • C Default account access only
  • D Access granted only to admins
Explanation Setting policies to 'allow all' grants all users access, while other options imply restrictions.
Q405

You are configuring a Google Cloud environment with a backend service. What feature ensures high availability of instances?

  • A Instance Groups
  • B Cloud Functions
  • C BigQuery
  • D Cloud Spanner
Explanation Instance Groups automatically manage instances to achieve high availability; the others do not provide provisioning of instances.
Q406

Which service provides DDoS protection in Google Cloud?

  • A Cloud Armor
  • B Cloud CDN
  • C Cloud Load Balancing
  • D Cloud Identity
Explanation Cloud Armor specifically offers DDoS protection, while the others serve different purposes.
Q407

A company needs to ensure data at rest in Cloud Storage is encrypted. Which option shows achieving this?

  • A Use customer-managed keys.
  • B Disable encryption.
  • C Use only public storage.
  • D Store data in plain text.
Explanation Using customer-managed keys ensures that data at rest is encrypted, while the other options compromise security.
Q408

What happens when you assign an IAM role with least privilege to a user?

  • A User has too many permissions.
  • B User may lack necessary permissions.
  • C User has no access.
  • D User can access every resource.
Explanation Least privilege may limit necessary permissions; however, this is safer than being over-privileged.
Q409

Which service would you use to automate security assessments in GCP?

  • A Cloud Security Command Center
  • B Cloud Pub/Sub
  • C Google KMS
  • D Cloud Functions
Explanation Cloud Security Command Center automates security assessments; others do not.
Q410

A company needs to manage IAM roles across multiple GCP projects. Which solution should they implement?

  • A Service Accounts
  • B Resource Manager
  • C Organization Policies
  • D IAM Policies
Explanation Organization Policies manage IAM roles across projects; other options focus on specific resources.