Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 71–80 of 483

Q71

A company needs to securely manage user permissions across multiple Google Cloud projects. Which service should they implement?

  • A Cloud IAM
  • B Cloud Security Scanner
  • C Google Cloud Source Repositories
  • D Stackdriver Monitoring
Explanation Cloud IAM allows centralized permission management across projects.
Q72

What happens when an IAM role is assigned to a service account that also has a denial policy?

  • A Access is granted by the role
  • B Access is denied by the policy
  • C Access is denied unless explicitly allowed
  • D Access is granted under all circumstances
Explanation IAM policies follow a principle of least privilege; denial policies take precedence unless otherwise allowed.
Q73

Which Google Cloud service is best suited for assessing security compliance?

  • A Security Health Analytics
  • B Cloud Monitoring
  • C Cloud Run
  • D BigQuery
Explanation Security Health Analytics evaluates compliance against industry standards; the other options provide different monitoring and data services.
Q74

A company needs to securely share a Google Cloud Storage bucket with external partners while maintaining tight control over access. What is the best approach?

  • A Public access to the bucket
  • B IAM roles for user access
  • C Shared VPC configuration
  • D Cloud Pub/Sub for messaging
Explanation IAM roles allow granular control over who can access the bucket; public access and other options do not provide sufficient security.
Q75

You are configuring Google Cloud’s VPC with an emphasis on security. What happens when you enable VPC Service Controls?

  • A Increased bandwidth for all connections
  • B Enhanced isolation for services
  • C Public accessibility to all resources
  • D Automatic backup of all resources
Explanation VPC Service Controls enhance isolation for specified services, while other options do not pertain to security posture.
Q76

Which service provides unified security management for Google Cloud?

  • A Cloud Security Command Center
  • B Cloud Identity
  • C Cloud Armor
  • D Cloud Data Loss Prevention
Explanation Cloud Security Command Center provides comprehensive security insights, whereas the others focus on specific aspects.
Q77

A company needs to restrict access to its Cloud Storage buckets to specific IP ranges. Which service should they use?

  • A IAM Roles
  • B VPC Service Controls
  • C Service Accounts
  • D Cloud Functions
Explanation VPC Service Controls enhance security around resources by using specific IP restrictions, unlike IAM or Service Accounts.
Q78

You are configuring Google Cloud Armor to protect your application. What happens when you apply a security rule that denies traffic from a specific country?

  • A Connection attempts are logged.
  • B Traffic from that country is blocked.
  • C Traffic is only monitored.
  • D Access is granted with logging enabled.
Explanation Applying a deny rule explicitly blocks traffic from the specified country, while the other options do not prevent access.
Q79

Which service can enforce organization policies across projects?

  • A Organization Policy Service
  • B Cloud Identity
  • C Resource Manager
  • D Cloud Security Command Center
Explanation The Organization Policy Service allows centralized policy enforcement across projects, while others focus on identity or security specific functions.
Q80

A company needs to ensure that sensitive data is encrypted at rest without modifying application code. Which Google Cloud service should they use?

  • A Customer Managed Encryption Keys
  • B Google Cloud Armor
  • C Cloud KMS
  • D Cloud Storage Security
Explanation Customer Managed Encryption Keys allow encryption at rest without code changes, while the others relate to different security needs.