Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 1–10 of 486

Q1

Which service can help prevent DDoS attacks on GCP?

  • A Google Cloud Armor
  • B Cloud Firewall
  • C Cloud CDN
  • D Compute Engine
Explanation Google Cloud Armor provides DDoS protection, while others serve different purposes.
Q2

A company needs to log and monitor API call activities. Which service should they use?

  • A Cloud Audit Logs
  • B Cloud Trace
  • C Stackdriver Monitoring
  • D BigQuery
Explanation Cloud Audit Logs records API activities, unlike others, which serve different functions.
Q3

What happens when you disable a service account in GCP?

  • A All associated keys are deleted
  • B Tasks using it are immediately aborted
  • C Access to resources is blocked
  • D Billing ceases for that account
Explanation Disabling a service account blocks access to resources, whereas others involve different implications.
Q4

Which service provides threat detection in GCP?

  • A Google Cloud Armor
  • B Google Cloud Security Command Center
  • C Google Cloud Logging
  • D Google Cloud IAM
Explanation Google Cloud Security Command Center helps detect threats, while the others provide different functionalities.
Q5

A company needs to securely manage API keys. What should they use?

  • A Cloud Key Management Service
  • B Secret Manager
  • C Cloud IAM
  • D Google Cloud Functions
Explanation Secret Manager is designed for securing API keys, while the other options serve different purposes.
Q6

What happens when a firewall rule denies traffic?

  • A Traffic is logged and ignored
  • B Traffic is immediately dropped
  • C Traffic is routed to a different network
  • D Traffic is accepted without notification
Explanation A denied rule causes the traffic to be dropped immediately, while the other options misrepresent firewall behavior.
Q7

Which Google Cloud service helps in threat detection?

  • A Cloud Security Command Center
  • B Cloud Storage
  • C BigQuery
  • D Cloud Spanner
Explanation Cloud Security Command Center aggregates threat data, while the others serve different primary functions.
Q8

A company needs to implement encryption for data in transit. Which service should they use?

  • A Cloud VPN
  • B Cloud CDN
  • C Cloud SQL
  • D Cloud Pub/Sub
Explanation Cloud VPN establishes secure tunnels for data, whereas others do not provide specific encryption for transit.
Q9

What happens when a Cloud IAM policy is changed?

  • A Changes are retroactive immediately
  • B Changes require a service restart
  • C Policy updates can fail silently
  • D Only new users are affected
Explanation IAM policies are enforced immediately, while the other options imply delays or specific scope of impact that are incorrect.
Q10

Which Google Cloud service is primarily used for identity management?

  • A Cloud Identity
  • B Cloud Storage
  • C Compute Engine
  • D BigQuery
Explanation Cloud Identity is designed for identity and access management, while the others serve different technical purposes.