Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 91–100 of 486

Q91

Which service provides security command center features?

  • A Cloud Security Command Center
  • B Cloud Identity
  • C Cloud Armor
  • D Cloud Audit Logs
Explanation Cloud Security Command Center enables comprehensive visibility of security assets, making it the right choice.
Q92

A company needs to ensure compliance for GCP environments. Which service should they use?

  • A GCP Policy Intelligence
  • B Cloud Asset Inventory
  • C Cloud Security Scanner
  • D Cloud Compliance Center
Explanation Cloud Asset Inventory provides visibility to manage compliance effectively across GCP services.
Q93

You are configuring audit logging for sensitive GCP services. What happens when you set logging to 'Data Access'?

  • A Logs all system events only
  • B Logs access to sensitive data only
  • C Logs both admin and access events
  • D No logging occurs
Explanation 'Data Access' logging captures both Admin activity and access to resources for comprehensive monitoring.
Q94

Which Google Cloud service provides malware scanning for Cloud Storage?

  • A Cloud Security Command Center
  • B Cloud Storage
  • C Pub/Sub
  • D Cloud Functions
Explanation Cloud Security Command Center offers malware scanning; other options do not provide this feature.
Q95

A company needs to secure sensitive data at rest in Google Cloud. Which encryption strategy should they implement?

  • A Client-Side Encryption
  • B Standard Encryption
  • C Public Encryption
  • D Data Loss Prevention
Explanation Client-Side Encryption protects data before it reaches the cloud; others do not ensure this level of security.
Q96

What happens when a virtual machine's firewall rules allow all traffic?

  • A Improved performance for the VM
  • B Increased risk of attacks
  • C No external connectivity
  • D Enhanced data encryption
Explanation Allowing all traffic significantly raises the attack risk; others don't accurately reflect the implications of this configuration.
Q97

Which Google Cloud service is primarily used for identifying and mitigating DDoS attacks?

  • A Cloud Armor
  • B Cloud CDN
  • C Stackdriver Monitoring
  • D Cloud Pub/Sub
Explanation Cloud Armor provides security against DDoS attacks, while others do not address DDoS specifically.
Q98

A company needs to ensure that their Google Cloud VMs restart in a different zone if the current zone experiences an outage. What should they implement?

  • A Preemptible VMs
  • B Regional Managed Instance Groups
  • C Standard Instances
  • D Snapshots
Explanation Regional Managed Instance Groups can automatically restart VMs in a different zone; the other options do not provide this feature.
Q99

You are configuring IAM roles and notice direct permissions are greater than the inherited permissions. What happens when a user has both?

  • A Inherited permissions override direct
  • B Direct permissions override inherited
  • C Neither permission applies
  • D Permissions cannot be combined
Explanation Direct permissions have higher precedence than inherited ones, while the others incorrect about permission behavior.
Q100

Which Google Cloud service provides identity management for your applications?

  • A Cloud Identity
  • B Compute Engine
  • C BigQuery
  • D Cloud Pub/Sub
Explanation Cloud Identity offers identity management, whereas others provide different functionalities.