Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 131–140 of 486

Q131

A company needs to ensure that sensitive data remains encrypted in transit. What should they do?

  • A Use private IP addresses
  • B Implement TLS/SSL
  • C Deploy a VPN only
  • D Utilize firewall rules
Explanation Implementing TLS/SSL secures data in transit, while the other options do not specifically guarantee encryption.
Q132

You are configuring Identity and Access Management (IAM) roles. What happens when you grant a user a 'Viewer' role on a project?

  • A Full access to all resources
  • B Read-only access to resources
  • C Ability to modify resources
  • D No access at all
Explanation The 'Viewer' role grants permissions for read-only access, not modification or full access.
Q133

Which IAM role provides the least privilege for managing Cloud Identity services?

  • A Cloud Identity Admin
  • B Project Editor
  • C Viewer
  • D Billing Administrator
Explanation Viewer can only read resources, ensuring least privilege, while others can edit or manage.
Q134

A company needs to monitor real-time system logs. Which service should they use?

  • A Stackdriver Alerts
  • B Cloud Logging
  • C Cloud Monitoring
  • D Cloud Pub/Sub
Explanation Cloud Logging captures and stores logs in real-time, unlike the others.
Q135

What happens when a Compute Engine instance exceeds its quota limits?

  • A Instance automatically stops
  • B No new resources can be created
  • C Instance is downgraded to lower tier
  • D Quota is temporarily increased
Explanation Exceeding quotas restricts creating new resources, while existing ones continue to run.
Q136

Which Google Cloud service allows for real-time threat detection?

  • A Cloud Security Command Center
  • B Cloud Dataflow
  • C Cloud Functions
  • D Cloud Composer
Explanation Cloud Security Command Center provides visibility and threat detection, while others serve different purposes.
Q137

A company needs to archive its logs for regulatory compliance. Which storage class should they use?

  • A Standard Storage
  • B Nearline Storage
  • C Coldline Storage
  • D Archive Storage
Explanation Archive Storage is designed specifically for long-term storage of data that is rarely accessed.
Q138

You are configuring Cloud IAM policies. What happens when a user is granted permissions in multiple overlapping roles?

  • A Only the highest role applies
  • B All permissions are combined
  • C Permissions are ignored
  • D Configuration fails to apply
Explanation All effective permissions are combined when roles overlap; ordering does not diminish permissions.
Q139

Which service provides real-time security information and event management?

  • A Cloud Security Command Center
  • B VPC Flow Logs
  • C Identity-Aware Proxy
  • D Cloud Logging
Explanation Cloud Security Command Center aggregates security data, while the others do not serve as real-time SIEM tools.
Q140

A company needs to prevent unauthorized changes to IAM roles. What should they implement?

  • A Cloud Composer
  • B IAM Audit Logging
  • C Instance Groups
  • D Virtual Private Cloud
Explanation IAM Audit Logging tracks role changes; the others don't provide this capability.