Google Cloud

Google Cloud Certified – Professional Cloud Security Engineer

PR000224
Popular Trending

Get certified as a Professional Cloud Security Engineer with exam code PR000224 to validate your security skills in Google Cloud.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 81–90 of 483

Q81

You are configuring IAM roles. What happens when a user has both admin and viewer roles on the same resource?

  • A Admin role takes precedence
  • B Viewer role is ignored
  • C No permissions granted
  • D Only viewer permissions apply
Explanation The Admin role provides broader access and takes precedence over Viewer permissions, making the user fully authorized.
Q82

Which service provides Google Cloud's identity management?

  • A Cloud Identity
  • B Cloud Run
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Cloud Identity manages user identities, while the others serve different purposes.
Q83

A company needs to ensure that only specific IP ranges can access its Cloud Storage buckets. What should it implement?

  • A Bucket policies
  • B Access Control Lists
  • C Firewall rules
  • D VPC Service Controls
Explanation Firewall rules control traffic from IP ranges, while the others do not restrict at the IP level.
Q84

What happens when you generate a new service account key in Google Cloud?

  • A The old key is deleted.
  • B A new unique key is created.
  • C The service account is disabled.
  • D Permissions are reset automatically.
Explanation A new unique key is added, and previous keys remain active unless manually revoked.
Q85

Which service provides identity and access management in GCP?

  • A Google IAM
  • B Google Cloud Storage
  • C Google VPC
  • D Google Compute Engine
Explanation Google IAM manages user identities and permissions; the others do not focus on access management.
Q86

A company needs to encrypt sensitive data at rest in GCP. Which service should they use?

  • A Google Cloud Key Management
  • B Google Cloud Pub/Sub
  • C Google Cloud Functions
  • D Google Cloud SQL
Explanation Google Cloud Key Management provides encryption tools; the others do not specifically address encryption at rest.
Q87

What happens when you enable Organization Policy constraints in GCP?

  • A It overrides all IAM permissions
  • B It restricts resource access based on policies
  • C It deletes existing resources automatically
  • D It disables all user accounts
Explanation Enabling Organization Policy constraints restricts access to resources by defined policies; the other options misrepresent the consequences of these constraints.
Q88

Which service can be used to manage security policies for Google Cloud resources?

  • A Cloud Security Command Center
  • B Cloud Functions
  • C Firestore
  • D Cloud Pub/Sub
Explanation Cloud Security Command Center provides security insights; the other options do not focus on security management.
Q89

You are configuring IAM roles for a data science team. What should you avoid while granting permissions?

  • A Least privilege principle
  • B Over-provisioned access
  • C Custom roles based on needs
  • D Role bindings at the organization level
Explanation Over-provisioned access violates security best practices, unlike the other options.
Q90

What happens when you delete a Google Cloud Storage bucket that contains objects?

  • A Objects are moved to Trash
  • B Objects are lost permanently
  • C Objects become archived
  • D Deletion is reversible with a backup
Explanation Deleting the bucket permanently removes all contained objects; the other options imply a recoverable state that does not exist.