Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 151–160 of 486

Q151

What does Google Cloud IAM help manage?

  • A Resource access permissions
  • B Cloud billing and costs
  • C Network latency issues
  • D Data backup schedules
Explanation IAM manages who can access which resources; the others are unrelated to access management.
Q152

A company needs to implement logging for all user activity on Google Cloud. What should they use?

  • A Cloud Functions
  • B Cloud Audit Logs
  • C Stackdriver Debugger
  • D Cloud Composer
Explanation Cloud Audit Logs captures user activity and admin actions; the others serve different functions.
Q153

You are configuring a resource with a service account. Which condition will allow only the service account to be used?

  • A Public access enabled to all
  • B IAM Role limited to project admins
  • C Service account assigned with specific roles
  • D Cloud Function exposed to the internet
Explanation Only the specific roles defined for the service account will allow its usage; the others allow broader access or expose the resource.
Q154

Which Google Cloud service provides DDoS protection?

  • A Cloud Armor
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Armor offers DDoS protection, while the others serve different purposes.
Q155

A company needs to ensure sensitive data is encrypted at rest and in transit. What should they implement?

  • A IAM Roles
  • B VPC Peering
  • C Cloud Key Management
  • D Cloud Scheduler
Explanation Cloud Key Management allows for effective data encryption, unlike the other options.
Q156

You are configuring a GCP Virtual Private Cloud (VPC) network. What happens when a firewall rule is set to deny both ingress and egress traffic?

  • A All traffic is allowed
  • B Only internal traffic is allowed
  • C All traffic is blocked
  • D Only outbound traffic is blocked
Explanation A deny rule blocks all matching traffic, hence all is blocked.
Q157

What service should be used for malware scanning on GCP?

  • A Cloud Security Scanner
  • B Data Loss Prevention
  • C Cloud Audit Logs
  • D Stackdriver Monitoring
Explanation Cloud Security Scanner is designed for vulnerability scanning, including malware detection, while the others focus on different functions.
Q158

A company needs to control service account permissions across multiple projects. What is the best practice?

  • A Use Organization Policies
  • B Create project-level IAM policies
  • C Assign roles directly to users
  • D Limit service accounts to one project
Explanation Using Organization Policies allows centralized permission management across projects, unlike project-level policies or user-assigned roles.
Q159

What happens when a GCP firewall rule is configured with 'allow' and no source specified?

  • A Blocks all incoming traffic
  • B Allows all incoming traffic
  • C Alerts admin of misconfiguration
  • D Applies to only internal IPs
Explanation An 'allow' rule without a source opens access to all incoming traffic, while other options misinterpret firewall behaviors.
Q160

Which service provides DDoS protection for applications?

  • A Cloud Armor
  • B Cloud Functions
  • C Cloud Spanner
  • D Cloud Storage
Explanation Cloud Armor specifically protects against DDoS attacks, while the others serve different purposes.