Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 41–50 of 483

Q41

A company needs to secure APIs using OAuth 2.0 with Google Cloud. Which service should they use?

  • A Cloud Endpoints
  • B Cloud Functions
  • C Cloud Run
  • D Cloud Storage
Explanation Cloud Endpoints allows secure API management with OAuth 2.0, while the others are not specifically designed for this use case.
Q42

What happens when you configure a virtual machine with default settings in Google Cloud?

  • A Exposed to public internet
  • B Installs extra security measures
  • C Automatically encrypts all data
  • D Default service account is disabled
Explanation By default, VMs allow external traffic unless configured otherwise; the other options are incorrect behaviors.
Q43

Which Google Cloud service is best for managing access across projects?

  • A Cloud IAM
  • B Cloud Functions
  • C Cloud Storage
  • D BigQuery
Explanation Cloud IAM allows for granular access control, whereas the others serve different functions.
Q44

A company needs to secure sensitive data in transit. Which tool should they use to encrypt this data?

  • A VPC Service Controls
  • B Cloud Armor
  • C Cloud Data Loss Prevention
  • D Cloud Pub/Sub
Explanation VPC Service Controls provide advanced data protection, while the others do not specifically address encryption in transit.
Q45

What happens when a service account is deleted in Google Cloud?

  • A All access credentials are revoked.
  • B User access is unaffected.
  • C Only the IAM roles remain.
  • D The service account can be restored.
Explanation Deleting a service account revokes all its credentials and permissions; the others incorrectly imply retention of access or the ability to restore.
Q46

Which Google Cloud service is ideal for DDoS protection?

  • A Google Cloud Armor
  • B Cloud Load Balancing
  • C Cloud CDN
  • D Data Loss Prevention
Explanation Google Cloud Armor provides DDoS protection while the others do not specialize in this functionality.
Q47

A company needs to ensure its IAM roles have minimum privileges for users. Which principle should they implement?

  • A Least Privilege Principle
  • B Role-based Access Control
  • C Atomic Security Model
  • D Single Sign-On Implementation
Explanation The Least Privilege Principle ensures users only have necessary permissions.
Q48

You are configuring logging for a Cloud Function that processes sensitive data. What happens when you set the log level to 'Debug'?

  • A Only errors are logged.
  • B All function invocations are logged.
  • C Sensitive data is excluded from logs.
  • D More detailed logs include sensitive data.
Explanation Setting 'Debug' increases verbosity and may log sensitive information, unlike the error-only setting.
Q49

Which service provides firewall rules in Google Cloud?

  • A Cloud Storage
  • B Cloud Armor
  • C VPC Network
  • D Cloud Functions
Explanation VPC Network provides the features for creating firewall rules, while the other options serve different purposes.
Q50

A company needs to ensure that only authorized users can view sensitive data stored in Cloud Storage. What should they use?

  • A Bucket Policies
  • B IAM Roles
  • C Object Lifecycle Management
  • D Service Accounts
Explanation IAM Roles allow fine-grained access control for sensitive data, unlike Bucket Policies which provide overall configurations.