Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 421–430 of 483

Q421

Which service provides DDoS protection for applications?

  • A Cloud Armor
  • B Cloud Functions
  • C Cloud Pub/Sub
  • D Cloud SQL
Explanation Cloud Armor specifically provides DDoS protection; others do not share this functionality.
Q422

A company needs to securely share sensitive data with specific partners. What Google Cloud service should they use?

  • A Cloud Storage Signed URLs
  • B Google Maps API
  • C BigQuery Data Transfer
  • D Dataflow Pipelines
Explanation Cloud Storage Signed URLs allow secure access to specific data; the others focus on different functionalities.
Q423

What happens when a Google Cloud IAM role is modified?

  • A All permissions are revoked immediately
  • B Changes apply to all previous members
  • C Only new members are affected
  • D Cloud Audit Logs are reset
Explanation IAM role changes affect both new and existing members, not just new ones.
Q424

Which Google Cloud service provides a managed Kubernetes environment?

  • A Google Kubernetes Engine
  • B Cloud Run
  • C App Engine
  • D Cloud Functions
Explanation Google Kubernetes Engine (GKE) specifically manages Kubernetes clusters, while others serve different purposes.
Q425

A company needs to encrypt sensitive data at rest on Google Cloud Storage. Which service should be used?

  • A Cloud Data Loss Prevention
  • B Encryption Key Management Service
  • C Cloud Pub/Sub
  • D Cloud Firestore
Explanation Encryption Key Management Service enables management of encryption keys used for data at rest.
Q426

What happens when you remove a service account from a project in Google Cloud?

  • A The service account gains more access.
  • B All roles assigned are removed.
  • C Only its keys are deleted.
  • D It stops functioning immediately.
Explanation Removing a service account deletes all its permissions and role bindings within that project.
Q427

Which Google Cloud service provides a comprehensive web application firewall?

  • A Cloud Armor
  • B Cloud Functions
  • C BigQuery
  • D Cloud Pub/Sub
Explanation Cloud Armor protects applications from attacks; others do not provide WAF capabilities.
Q428

A company needs to ensure compliant data handling in their GCP environment. What service should they use?

  • A Cloud Compliance
  • B Cloud Security Command Center
  • C Data Loss Prevention API
  • D Cloud Logging
Explanation Data Loss Prevention API helps identify sensitive data; others do not specifically manage compliance.
Q429

What happens when you assign an IAM role at the folder level?

  • A Inherited by all sub-folders only
  • B Inherits for folder and projects
  • C Applied only to the root folder
  • D Ignored by all sub-resources
Explanation Roles assigned at the folder level apply to all resources within it; others misinterpret the scope of IAM inheritance.
Q430

Which service should be used for managing cryptographic keys in Google Cloud?

  • A Cloud Key Management Service
  • B Cloud Identity
  • C Cloud Storage
  • D Cloud SQL
Explanation Cloud Key Management Service is specifically designed for managing encryption keys, while the others serve different purposes.