Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 111–120 of 486

Q111

You are configuring IAM policies for a GCP project. What happens if you assign a user a role that only grants permission to list resources?

  • A They can edit resources.
  • B They cannot view resource details.
  • C They can create resources.
  • D They can view resources list only.
Explanation The user can list resources but has no permissions to modify or create them.
Q112

Which service is used for security logging in GCP?

  • A Cloud Audit Logs
  • B Cloud DLP
  • C Cloud Identity
  • D Cloud Functions
Explanation Cloud Audit Logs provides security logging, while others serve different functions.
Q113

A company needs to limit SSH access to a VM. What is the best practice?

  • A Install a firewall rule
  • B Use OS login
  • C Disable the VM instance
  • D Change the default port
Explanation Using OS login is a best practice for managing SSH access securely.
Q114

You are configuring IAM permissions. What happens if a user is granted contradictory roles?

  • A User has no permissions
  • B Permissions will be averaged
  • C Deny permissions take precedence
  • D All permissions are granted
Explanation In GCP, if roles grant different permissions, the user receives all permissible rights.
Q115

Which Google Cloud service offers automatic threat detection?

  • A Cloud Security Command Center
  • B Cloud Pub/Sub
  • C Cloud Storage
  • D BigQuery
Explanation Cloud Security Command Center provides threat detection features, while others do not specialize in security.
Q116

A company needs to centrally manage user access to multiple Google Cloud projects. Which service should they use?

  • A Cloud Identity
  • B Cloud Functions
  • C Cloud Spanner
  • D BigQuery
Explanation Cloud Identity facilitates centralized access management, while the others do not focus on user management.
Q117

What happens when you enable VPC Flow Logs on a Google Cloud VPC network?

  • A Traffic metrics are recorded.
  • B Network costs increase immediately.
  • C Active firewall rules are disabled.
  • D Packet data is preserved indefinitely.
Explanation VPC Flow Logs capture and store traffic metrics, while the other options are incorrect scenarios or misunderstandings.
Q118

Which Google Cloud service is primarily used for monitoring and logging resources?

  • A Cloud Monitoring
  • B Cloud Functions
  • C Cloud Storage
  • D Cloud Pub/Sub
Explanation Cloud Monitoring assists in resource monitoring and logging, while the others serve different functions.
Q119

A company needs to secure sensitive data at rest in Google Cloud. What should they implement?

  • A IAM roles
  • B Cloud Encryption
  • C VPC Peering
  • D Cloud Firestore
Explanation Cloud Encryption protects data at rest, whereas the other options do not focus on encryption specifically.
Q120

What happens when you enable IAM Conditions on a Google Cloud resource?

  • A Policies become active immediately
  • B Users see fewer permissions
  • C Access is restricted based on conditions
  • D Resource gets deleted automatically
Explanation IAM Conditions restrict access based on specified factors, while the other options are incorrect scenarios.