Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 121–130 of 486

Q121

Which Google Cloud service provides threat detection and response?

  • A Cloud Security Command Center
  • B Cloud Logging
  • C Cloud Storage
  • D Compute Engine
Explanation Cloud Security Command Center specifically detects threats; the others provide different functionalities.
Q122

A company needs to manage permissions across multiple GCP projects for compliance. What should they use?

  • A Organization Policies
  • B IAM Roles
  • C VPC Peering
  • D Cloud Functions
Explanation Organization Policies can enforce compliance policies across projects; IAM roles are project-specific.
Q123

When configuring a Google Kubernetes Engine (GKE), what happens if you use default network policies?

  • A No traffic is allowed
  • B All traffic is allowed
  • C Only pod-to-pod traffic allowed
  • D Ingress from internet is blocked
Explanation Default network policies allow all traffic; restrictive policies must be defined explicitly.
Q124

Which service helps to protect applications against DDoS attacks?

  • A Google Cloud Armor
  • B Cloud Identity
  • C VPC Service Controls
  • D Data Loss Prevention
Explanation Google Cloud Armor provides DDoS protection while the others serve different purposes.
Q125

A company needs to manage access to its GCP resources efficiently. What should they use?

  • A Service accounts
  • B IAM roles and policies
  • C Instance templates
  • D DNS settings
Explanation IAM roles and policies enable fine-grained access control, while service accounts are used for specific applications.
Q126

What happens when you remove a user from a Google Cloud IAM role?

  • A User loses access immediately
  • B User retains access for 30 days
  • C Role is deleted permanently
  • D User is notified via email
Explanation Removing a user from a role revokes access immediately; the other options are incorrect.
Q127

Which service is best for managing API keys securely?

  • A Google Cloud Secret Manager
  • B Google Cloud Functions
  • C Google Cloud Storage
  • D Google Cloud Pub/Sub
Explanation Google Cloud Secret Manager securely stores sensitive data like API keys; the others are not designed for secure storage of secrets.
Q128

A company needs to implement VPC for security purposes. What should they consider first?

  • A Default routing configurations
  • B Firewall rules for the VPC
  • C IP address ranges to use
  • D Subnetwork names
Explanation Selecting appropriate IP address ranges is crucial as it defines the VPC boundaries; other options are important but come after IPC planning.
Q129

What happens when a Cloud IAM policy is misconfigured?

  • A Access is granted to everyone
  • B Access is denied for all roles
  • C Only specific users are affected
  • D Auditing is disabled
Explanation A misconfigured IAM policy could inadvertently open access broadly unless constraints are specified; others do not accurately describe misconfiguration effects.
Q130

Which service can help in analyzing security logs from Google Cloud?

  • A Cloud Audit Logs
  • B Cloud Storage
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Cloud Audit Logs specifically track access and security events, while the others serve different purposes.