Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 141–150 of 486

Q141

You are configuring VPC peering between two projects. What happens when there are overlapping IP ranges?

  • A Peering connection fails silently
  • B Traffic is routed correctly
  • C VPC peering is established
  • D IP ranges are automatically modified
Explanation Overlapping IP ranges cause the peering to fail; no automatic adjustments are made.
Q142

Which service provides real-time threat detection for workloads?

  • A Google Cloud Security Command Center
  • B Google Cloud Pub/Sub
  • C Google Cloud Functions
  • D Google Compute Engine
Explanation Security Command Center analyzes threats in real-time; the others do not focus on threat detection.
Q143

A company needs to allow dynamic IPs access to their Cloud SQL database. What should they configure?

  • A Public IP with authorized networks
  • B Private IP only
  • C VPC peering
  • D Cloud Armor rules
Explanation Public IP with authorized networks allows dynamic IPs, while others restrict access in various ways.
Q144

What happens when a service account is deleted from IAM?

  • A Disabled but accessible until revoked
  • B All its permissions are removed
  • C Revoke all tokens immediately
  • D Service accounts cannot be deleted
Explanation Deleted service accounts are disabled but retained; others imply immediate effects or incorrect policies.
Q145

Which service provides real-time threat detection?

  • A Chronicle
  • B GKE
  • C Cloud Storage
  • D BigQuery
Explanation Chronicle offers advanced threat intelligence and detection capabilities, while the other options do not focus solely on threat detection.
Q146

A company needs to enable access control for their VM instances. Which service should they use?

  • A Firewall Rules
  • B IAM Roles
  • C VPC Peering
  • D Cloud Load Balancing
Explanation IAM Roles allow for fine-grained access control, whereas the other options do not provide access control functionalities.
Q147

What happens when a Cloud Function exceeds its timeout limit?

  • A Function continues until completed
  • B Function is paused
  • C Function automatically retries
  • D Function fails and is terminated
Explanation When a Cloud Function exceeds the timeout, it fails and is terminated; the other options incorrectly depict the function's behavior.
Q148

Which Google Cloud service is primarily used for log management?

  • A Cloud Monitoring
  • B Cloud Logging
  • C Cloud Storage
  • D Cloud Functions
Explanation Cloud Logging is designed specifically for log management, while others serve different purposes.
Q149

A company needs to secure data in transit between their on-premises services and Google Cloud. What should they implement?

  • A Cloud Identity
  • B VPC Peering
  • C Cloud VPN
  • D Cloud SQL
Explanation Cloud VPN establishes secure tunnels for data in transit, while the others do not focus on securing data transfer.
Q150

You are configuring IAM roles for a service account. What happens if you assign both a viewer and an editor role to the same account?

  • A Editor role overrides viewer role
  • B Service account becomes restricted
  • C Roles conflict, access denied
  • D IAM roles are cumulative
Explanation IAM roles are additive, granting all permissions assigned to the account.