Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 471–480 of 483

Q471

What happens when you set a Compute Engine instance to 'stopped' state?

  • A Data is deleted
  • B Billing continues
  • C Instance can be restarted
  • D Instance becomes inaccessible
Explanation A stopped instance retains data and can be restarted, while others misrepresent the state effects.
Q472

Which service provides centralized access control across Google Cloud resources?

  • A Identity and Access Management (IAM)
  • B Cloud Storage
  • C Cloud Functions
  • D Compute Engine
Explanation IAM manages permissions across resources, while others do not serve access control directly.
Q473

A company needs to securely regulate traffic to its API. What is the best approach?

  • A Use Cloud Firewalls to control requests
  • B Enable Stackdriver Logging for transparency
  • C Implement SSL certificates only
  • D Allow all traffic by default
Explanation Cloud Firewalls effectively filter and control API traffic, unlike the others which do not directly enforce traffic restrictions.
Q474

What happens when a Google Cloud Storage bucket has uniform permissions applied?

  • A Permissions apply only to objects
  • B Access is limited to bucket creators
  • C All objects inherit bucket permissions
  • D Only predefined ACLs are used
Explanation Uniform permissions mean all objects in the bucket inherit the bucket's permission settings, unlike other options which misinterpret permission relationships.
Q475

Which service offers hardware security modules in Google Cloud?

  • A Cloud KMS
  • B Cloud Functions
  • C App Engine
  • D BigQuery
Explanation Cloud KMS provides HSM capabilities for key management.
Q476

A company needs to restrict access to its Cloud Storage buckets to specific users based on their roles. What should they implement?

  • A Service Accounts
  • B IAM Policies
  • C VPC Peering
  • D Firewall Rules
Explanation IAM Policies control user access based on roles.
Q477

You are configuring a Google Cloud VPN. What happens when both sides have different tunnels configured?

  • A Traffic will only use one tunnel.
  • B Both tunnels will be used suddenly.
  • C The configuration will fail altogether.
  • D Traffic will balance between the tunnels.
Explanation Only one tunnel is used for traffic unless configured otherwise.
Q478

Which Google Cloud service can help securely manage API keys?

  • A Cloud Identity
  • B Secrets Manager
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Secrets Manager securely manages sensitive data like API keys, while others serve different purposes.
Q479

A company needs to ensure that all data in a Google Cloud Storage bucket remains encrypted at rest. What should they do?

  • A Enable Object Lifecycle Management
  • B Set Bucket Policy Only
  • C Use Google-managed encryption keys
  • D Configure IAM roles on the bucket
Explanation Google-managed keys automatically encrypt data at rest, while others don’t directly ensure encryption.
Q480

You are configuring firewall rules in Google Cloud. What happens if you set a rule with a priority of 1000?

  • A It has the highest priority
  • B It is ignored entirely
  • C It has a low priority
  • D It blocks all traffic
Explanation Lower numerical values indicate higher priority, hence 1000 is a low priority.