Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 161–170 of 486

Q161

A company needs to securely manage VM access without using SSH keys. What should they use?

  • A Identity-Aware Proxy
  • B Service Accounts
  • C Cloud VPN
  • D Firewall Rules
Explanation Identity-Aware Proxy manages access without SSH keys, unlike the others which do not focus on user-based access control.
Q162

What happens when a non-existent IAM role is assigned to a user?

  • A Access is granted immediately
  • B User’s access is denied
  • C Role is created automatically
  • D User is notified of creation
Explanation Access is denied when an invalid role is assigned, the other options suggest incorrect behaviors not supported by IAM operations.
Q163

Which service automates security compliance checks in GCP?

  • A Cloud Security Command Center
  • B Google Kubernetes Engine
  • C Cloud Functions
  • D BigQuery
Explanation Cloud Security Command Center provides tools for security and compliance checks, while the others serve different functions.
Q164

A company needs to securely share an API with partners. What should they implement?

  • A Public access with API key
  • B Service account authentication
  • C OAuth 2.0 authorization
  • D IP whitelisting only
Explanation OAuth 2.0 provides a secure way to allow access for partners, whereas the other options lack adequate security measures.
Q165

What happens when you delete an IAM role in GCP?

  • A Removes all policies related
  • B Policies remain intact
  • C Errors in permissions logging
  • D Role assignment can still exist
Explanation Deleting a role removes its associated policies, making it ineffective, unlike the other options which are inaccurate.
Q166

What happens when you enable VPC Flow Logs in Google Cloud?

  • A Logs traffic to and from resources
  • B Blocks unwanted outbound traffic
  • C Encrypts traffic in transit
  • D Automatically scales network resources
Explanation VPC Flow Logs provide visibility into network traffic, while the others describe unrelated functionalities.
Q167

A company needs to implement Identity-Aware Proxy (IAP) for their web applications. What must be done first?

  • A Install IAP agent on servers
  • B Enable IAP API for project
  • C Set up VPN to secure traffic
  • D Configure SSL certificates for services
Explanation Enabling the IAP API is necessary before configuring IAP, while the other options are not prerequisites.
Q168

You are configuring a Cloud Armor Security Policy. What happens when you set a rule to deny requests from a specific IP range?

  • A User is notified about denial
  • B Requests from IPs are blocked
  • C Traffic is redirected to firewall
  • D Logging is disabled for that range
Explanation Traffic from the specified IP range will be blocked, while the other options describe incorrect outcomes.
Q169

Which service provides centralized logging and monitoring in Google Cloud?

  • A Cloud Logging
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Logging centralizes logs; others serve different purposes.
Q170

A company needs to prevent public access to their Google Cloud Storage buckets. What should they configure?

  • A IAM roles for public data
  • B Bucket policy only
  • C Uniform bucket-level access
  • D Pre-signed URLs
Explanation Uniform bucket-level access prevents public access when enabled; the others do not directly restrict it.