Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 431–440 of 483

Q431

A company needs to ensure their Cloud Functions runtime is protected from VPC exposure. What should they configure?

  • A Allow unauthenticated invocations
  • B Use Serverless VPC Access connector
  • C Deploy only in public subnets
  • D Associate static IP address
Explanation Using a Serverless VPC Access connector enables Cloud Functions to connect securely to VPC without exposing them publicly.
Q432

What happens when you disable a Google Cloud IAM role on a project?

  • A User retains their permissions
  • B Role permissions are immediately removed
  • C Permissions are overridden by higher roles
  • D Existing sessions remain unaffected
Explanation When a role is disabled, all users assigned to it lose their corresponding permissions immediately.
Q433

Which Google Cloud service provides DDoS protection?

  • A Cloud Armor
  • B Cloud CDN
  • C Load Balancing
  • D Pub/Sub
Explanation Cloud Armor offers DDoS protection, while others do not provide this specifically.
Q434

A company needs to manage access to resources using a resource hierarchy. What should they implement?

  • A Service Accounts
  • B IAM Policies
  • C Projects and Folders
  • D Virtual Private Cloud
Explanation Projects and folders create a hierarchy for managing access, unlike the other options.
Q435

What happens when a VM instance is deleted without a snapshot?

  • A Data is permanently lost
  • B Data is recoverable from the cloud
  • C VM state is saved
  • D Instance can be restarted later
Explanation Deleting a VM without a snapshot results in permanent data loss, while other options are incorrect outcomes.
Q436

Which Google Cloud service provides DDoS protection?

  • A Google Cloud Armor
  • B Google Cloud Functions
  • C Google Cloud Pub/Sub
  • D Google Cloud Run
Explanation Google Cloud Armor is specifically designed for DDoS protection, while the others serve different purposes.
Q437

A company needs to log access to sensitive data stored in BigQuery. Which feature should they use?

  • A Audit Logs
  • B Access Control Lists
  • C Data Encryption
  • D Bucket Policies
Explanation Audit Logs provide a record of access to BigQuery data, unlike the other options which serve different functions.
Q438

What happens when you configure a firewall rule to allow egress traffic to all IPs?

  • A Only local traffic is allowed
  • B All outbound traffic is permitted
  • C Traffic to the Internet is blocked
  • D Only high-priority traffic is allowed
Explanation Allowing egress traffic to all IPs permits unrestricted outbound connections, whereas the other options do not accurately describe the effect.
Q439

Which Google Cloud service provides DDoS attack protection?

  • A Cloud Armor
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Armor defends applications against DDoS attacks; the other services do not provide direct DDoS protection.
Q440

A company needs to automatically rotate its Cloud IAM service account keys. Which service should they use?

  • A Cloud Scheduler
  • B Cloud Key Management
  • C Secret Manager
  • D Cloud Functions
Explanation Secret Manager securely manages and automates key rotation; the others do not handle automatic key rotation specifically.