Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 61–70 of 483

Q61

Which Google Cloud service can enforce security policies across multiple projects?

  • A Organization Policy Service
  • B Cloud Security Scanner
  • C Cloud Monitoring
  • D Cloud Armor
Explanation The Organization Policy Service centrally manages security policies, while other options do not focus on multi-project policy enforcement.
Q62

A company needs to ensure its Google Cloud services comply with GDPR. What should they enable?

  • A Resource Labels
  • B Data Loss Prevention API
  • C Identity-Aware Proxy
  • D Cloud Pub/Sub
Explanation The Data Loss Prevention API identifies and helps mitigate data exposure, crucial for GDPR compliance.
Q63

You are configuring a firewall rule for a Compute Engine VM. What happens when you set the action to 'deny'?

  • A Blocks incoming traffic only
  • B Allows all incoming traffic
  • C Blocks all matching traffic
  • D Does not affect traffic
Explanation Setting the action to 'deny' blocks all traffic that matches specified rules, unlike other options.
Q64

Which service provides identity and access management in GCP?

  • A IAM
  • B Cloud Storage
  • C BigQuery
  • D Compute Engine
Explanation IAM is specifically designed for managing identities and access permissions, while the others serve different purposes.
Q65

What happens when you assign multiple firewall rules to a GCP project?

  • A The most permissive rule applies
  • B All rules must match
  • C Only the first rule is effective
  • D Blocked if any rule blocks
Explanation GCP firewall rules are evaluated in order of priority, with the most permissive rule taking precedence.
Q66

A company needs to enforce network segmentation between production and development environments in GCP. What is the best approach?

  • A Use VPCs for segmentation
  • B Use IAM roles for segregation
  • C Deploy shared VPNs
  • D Restrict cloud function access
Explanation Using separate VPCs provides the strongest isolation between environments, unlike the other options which do not ensure physical separation.
Q67

Which service enforces policies on Google Cloud resources?

  • A Organization Policies
  • B Cloud Monitoring
  • C Identity-Aware Proxy
  • D Cloud Functions
Explanation Organization Policies allow you to enforce policies across resources; the others are not designed for policy enforcement.
Q68

A company needs to ensure their data encrypted at rest is also encrypted in transit. Which combination of services should they use?

  • A Cloud Storage and SSL
  • B Cloud Pub/Sub and HTTP
  • C Cloud Storage and FTP
  • D BigQuery and TCP
Explanation Cloud Storage with SSL enables data encryption both at rest and in transit, while the other options do not provide encryption in both scenarios.
Q69

You are configuring a firewall rule that should deny ingress traffic from a specific IP range. What happens if you prioritize this rule after a general allow rule?

  • A Deny rule supersedes allow rule
  • B Allow rule takes precedence over deny
  • C Traffic is logged but not blocked
  • D Configuration will fail
Explanation In Google Cloud, a higher priority rule will always take precedence, so the allow rule will allow traffic before the deny rule can act.
Q70

Which Google Cloud service provides DDoS protection?

  • A Google Cloud Armor
  • B Cloud CDN
  • C Cloud Interconnect
  • D Cloud Functions
Explanation Google Cloud Armor specifically offers DDoS protection, while others do not.