Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 441–450 of 483

Q441

You are configuring a Google Cloud VPC. What happens when you set the subnet to auto-assign a public IP address?

  • A Resources gain unique external IPs
  • B Resources cannot reach the internet
  • C Firewall rules become irrelevant
  • D Resources lose their internal IPs
Explanation Setting auto-assign public IPs enables resources to communicate externally; the other options incorrectly represent VPC behavior.
Q442

You are configuring IAM policies for a project. Which role should you assign to allow a user to create service accounts only?

  • A Service Account User
  • B Service Account Admin
  • C Service Account Creator
  • D Viewer
Explanation Service Account Creator allows the creation of service accounts, while others either provide broader permissions or no relevant permissions.
Q443

A company needs to protect sensitive data in BigQuery. Which feature provides the maximum level of data protection?

  • A Policy Tags
  • B Row-level Security
  • C Cloud Key Management
  • D Data Loss Prevention
Explanation Row-level Security restricts access to individual rows in a dataset based on user attributes, providing fine-grained data protection.
Q444

What happens when you enable VPC Service Controls for a GCP project?

  • A Increased billing rates apply.
  • B Data remains accessible from anywhere.
  • C Access to resources is restricted.
  • D No services can connect externally.
Explanation VPC Service Controls create security perimeters to restrict access to resources, enhancing data protection against threats.
Q445

Which service provides encryption at rest in Google Cloud?

  • A Cloud Storage
  • B Cloud Functions
  • C BigQuery
  • D Cloud Run
Explanation Cloud Storage offers built-in encryption at rest, while the others focus on execution or processing services.
Q446

A company needs to assign multiple roles to a single user without creating new groups. What is the best approach?

  • A Use IAM policy bindings
  • B Create a service account
  • C Edit user's group membership
  • D Remove existing roles from user
Explanation Using IAM policy bindings allows you to assign multiple roles to a user directly without group management.
Q447

What happens when a bucket policy is altered to disallow public access in GCP?

  • A Public access is permitted
  • B No users can access the bucket
  • C Only authenticated users have access
  • D All access is denied instantly
Explanation Disallowing public access restricts access to only authenticated users without denying all access.
Q448

Which service provides DDoS protection in GCP?

  • A Cloud Armor
  • B Cloud CDN
  • C Cloud Firestore
  • D Cloud Functions
Explanation Cloud Armor provides DDoS protection, while the others do not focus on this aspect.
Q449

A company needs to securely access its VM instances remotely. What should they use?

  • A GCP Console
  • B Cloud Shell
  • C SSH keys with OS login
  • D Cloud VPN
Explanation SSH keys with OS login ensure secure access, unlike the other options which do not provide the same level of security.
Q450

What happens when you disable the default firewall rules in GCP?

  • A Only egress rules apply
  • B All traffic is blocked
  • C Ingress traffic is unaffected
  • D VMs cannot access the internet
Explanation Disabling default firewall rules blocks all incoming traffic unless specifically allowed, unlike the other options.