Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 411–420 of 483

Q411

What happens when you set Google Cloud Storage Object ACLs to 'public-read'?

  • A Anyone can write to the object
  • B Only project owners can access it
  • C Anyone can view the object
  • D IP restrictions are bypassed
Explanation Public-read allows anyone to view the object; others do not accurately describe access rights.
Q412

Which service encrypts data at rest by default?

  • A Cloud Storage
  • B Compute Engine
  • C Dataflow
  • D Cloud Functions
Explanation Cloud Storage automatically encrypts data at rest, while other services may require configuration.
Q413

A company needs to control access to its GCP resources using group memberships. What do they need to configure?

  • A VPC Service Controls
  • B IAM Roles
  • C Resource Policies
  • D Backup Policies
Explanation IAM Roles can utilize group memberships to manage access, unlike the other options.
Q414

You are configuring logging for multiple services in GCP. What happens when you set a default log sink?

  • A Only selected logs will be included
  • B It overrides existing sinks
  • C All logs will be filtered
  • D Logs are sent to Cloud Storage
Explanation Setting a default log sink overrides existing sinks unless explicitly excluded, whereas others are incorrect interpretations.
Q415

Which service is primarily used for data encryption at rest in GCP?

  • A Google Cloud Key Management Service
  • B Google BigQuery
  • C Google Cloud Storage
  • D Google Cloud Pub/Sub
Explanation Google Cloud Key Management Service provides data encryption management, while others serve different functions.
Q416

A company needs to implement Identity-Aware Proxy for their application hosted on GCP. What is the primary benefit of using it?

  • A Scalable storage solutions
  • B Granular access control for applications
  • C Serverless event-driven architecture
  • D Backup and recovery management
Explanation Identity-Aware Proxy provides granular access controls based on identity and context, unlike other options.
Q417

You are configuring a Google Cloud VPC. What happens when you delete a firewall rule?

  • A No further traffic restrictions apply
  • B All traffic is blocked
  • C Existing connections are maintained
  • D Service accounts lose permissions
Explanation Existing connections are maintained until they are closed, whereas new connections may be affected by other firewall rules.
Q418

Which Google Cloud service provides integrated security policies for workloads?

  • A Cloud Armor
  • B Identity-Aware Proxy
  • C Security Command Center
  • D VPC Service Controls
Explanation Security Command Center consolidates and provides security policies while the others focus on specific areas.
Q419

A company needs to securely connect their on-premises data center to their GCP environment. What should they use?

  • A Cloud VPN
  • B Cloud SQL
  • C Cloud Storage
  • D Cloud Functions
Explanation Cloud VPN securely establishes connections between on-prem and GCP, whereas the others do not provide networking capabilities.
Q420

You are configuring IAM roles and permissions for a service account. What happens if you assign 'roles/editor' to the service account?

  • A Full access to all GCP services
  • B Read-only access
  • C No access at all
  • D Viewer access only
Explanation 'roles/editor' grants full access to all GCP resources, unlike the other options which restrict access.