Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 171–180 of 486

Q171

What happens when you set a firewall rule to allow ingress traffic from '0.0.0.0/0' in GCP?

  • A Allow all incoming traffic
  • B Block all incoming traffic
  • C Allow only specific IP traffic
  • D Require authenticated access
Explanation '0.0.0.0/0' permits all incoming connections; others contradict it.
Q172

Which service helps automate incident response workflows?

  • A Cloud Functions
  • B Cloud Run
  • C Cloud Task
  • D Security Command Center
Explanation Cloud Functions can automate workflows through triggered responses, while others focus on service deployment or security monitoring.
Q173

A company needs to monitor the security of all its GCP resources. What is the best tool to use?

  • A Google Kubernetes Engine
  • B Cloud Security Analyzer
  • C Cloud Identity
  • D Cloud Logging
Explanation Cloud Security Analyzer specifically addresses resource security monitoring, while the others do not focus comprehensively on security.
Q174

What happens when a Google Cloud VM instance’s firewall rules are misconfigured?

  • A VM becomes unreachable remotely
  • B VM automatically shuts down
  • C VM incurs additional costs
  • D VM data gets deleted
Explanation Misconfigured firewall rules can prevent remote access without affecting the VM's operation or data directly.
Q175

Which service can be used for DDoS protection in Google Cloud?

  • A Cloud Armor
  • B Cloud Security Scanner
  • C Identity-Aware Proxy
  • D VPC Peering
Explanation Cloud Armor provides DDoS defense, while others focus on different security aspects.
Q176

A company needs to restrict access to a Cloud Storage bucket to a specific IP range. What should they implement?

  • A Service Accounts
  • B IAM roles
  • C Signed URLs
  • D Bucket Policy
Explanation Bucket Policies can specify access conditions such as IP ranges, unlike the others.
Q177

You are configuring a secure VPN connection to Google Cloud. What might happen if you choose to use open-source VPN software?

  • A No security issues
  • B Vendor support available
  • C Possible configuration vulnerabilities
  • D Increased latency
Explanation Open source software may have security vulnerabilities if misconfigured, unlike vendor-supported solutions.
Q178

Which service enables automated security monitoring and management?

  • A Cloud Security Command Center
  • B Cloud Spanner
  • C Cloud Run
  • D Cloud Functions
Explanation Cloud Security Command Center provides comprehensive security insights, while the others are compute services not focused on security monitoring.
Q179

A company needs to control access to a cloud resource based on the device being used. What should they implement?

  • A VPC Service Controls
  • B IAM Conditions
  • C Service Account Roles
  • D Resource Policies
Explanation IAM Conditions allow fine-grained access control based on device attributes, while the others do not focus on device-based policies.
Q180

You are configuring a firewall rule in GCP. What happens when you select 'allow' in the default action?

  • A All traffic is blocked
  • B Only specific traffic is allowed
  • C All traffic is allowed
  • D No traffic filtering occurs
Explanation Selecting 'allow' in a firewall allows all matching traffic, while the others describe incorrect behaviors for firewall actions.