Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 461–470 of 483

Q461

A company needs to restrict its Cloud Storage bucket to specific users. What should they configure?

  • A Bucket IAM policies
  • B VPC Service Controls
  • C Cloud Armor
  • D Data Loss Prevention
Explanation Bucket IAM policies enforce user permissions directly on storage resources, whereas other options are less related to bucket access control.
Q462

You are configuring firewall rules for a virtual machine. What happens if you set a rule to allow traffic at a lower priority than a deny rule?

  • A Allow traffic always
  • B Deny traffic always
  • C Allow traffic if rule conditions meet
  • D Deny traffic based on deny rule
Explanation Deny rules always take precedence over lower-priority allow rules, which means traffic will be denied.
Q463

Which service helps protect against distributed denial-of-service (DDoS) attacks in Google Cloud?

  • A Cloud Armor
  • B Cloud CDN
  • C Firebase Hosting
  • D Stackdriver Monitoring
Explanation Cloud Armor provides DDoS protection, while other options do not directly address DDoS.
Q464

A company needs to encrypt sensitive data at rest in Google Cloud. Which service should they use?

  • A Cloud Key Management Service
  • B BigQuery
  • C Cloud Firestore
  • D Cloud Storage Transfer
Explanation Cloud Key Management Service manages cryptographic keys for encryption.
Q465

What happens when you enable VPC flow logs in Google Cloud?

  • A Detailed logging of all API calls
  • B Traffic logs for network introspection
  • C Increased latency for traffic
  • D More expensive network data transfers
Explanation VPC flow logs capture network traffic details, not API calls.
Q466

Which service provides DDoS protection in Google Cloud?

  • A Google Cloud Armor
  • B Cloud DNS
  • C Compute Engine
  • D Cloud Functions
Explanation Google Cloud Armor offers DDoS protection, while others do not focus on this feature.
Q467

A company needs to secure its API using OAuth 2.0. Which Google Cloud product should they use?

  • A Google Identity
  • B API Gateway
  • C Cloud Run
  • D Cloud Functions
Explanation API Gateway provides native support for OAuth 2.0 authentication for APIs, unlike others on the list.
Q468

What happens when you enable VPC Service Controls?

  • A Restrict access to GCP services
  • B Increase resource availability
  • C Speed up data transfer
  • D Enable automatic scaling
Explanation Enabling VPC Service Controls restricts access to GCP services based on defined perimeters, unlike other options.
Q469

Which service provides managed DDoS protection on Google Cloud?

  • A Cloud Armor
  • B Cloud Load Balancing
  • C VPC Network
  • D Cloud CDN
Explanation Cloud Armor is specifically designed for DDoS protection, while the others serve different purposes.
Q470

A company needs to securely share data with external partners while maintaining strict access controls. Which feature would best support this requirement?

  • A Service Accounts
  • B Cloud Identity-Aware Proxy
  • C IAM Roles
  • D Federated Access
Explanation Cloud Identity-Aware Proxy allows secure access control for external users, unlike the other options.