Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 181–190 of 486

Q181

Which Google Cloud service helps monitor and manage access to resources?

  • A Identity and Access Management (IAM)
  • B Compute Engine
  • C Cloud Functions
  • D BigQuery
Explanation IAM is specifically designed for managing access and permissions for Google Cloud resources. The other services focus on computation, storage, or querying data.
Q182

A company needs to store sensitive data with strict access controls. Which GCP service should they use?

  • A Cloud Storage
  • B Cloud Spanner
  • C BigQuery
  • D Secret Manager
Explanation Secret Manager is designed for securely storing and managing sensitive data like API keys and credentials, while the others are more general storage solutions.
Q183

What happens when enabling VPC Service Controls on a Google Cloud project?

  • A Increased latency for all services
  • B New firewall rules are created
  • C Enhanced data protection across services
  • D Migration of resources is enforced
Explanation VPC Service Controls enhance data protection by creating security perimeters around your services, while the other options do not accurately describe the effect.
Q184

Which service offers automated threat detection and response?

  • A Cloud Security Command Center
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Security Command Center provides threat detection, while others do not specialize in security.
Q185

A company needs to log all changes to its Cloud IAM policies. What should they enable?

  • A Cloud Audit Logs
  • B Cloud Error Reporting
  • C Stackdriver Monitoring
  • D Cloud Trace
Explanation Cloud Audit Logs capture all IAM policy changes; the others track different aspects.
Q186

You are configuring VPC Service Controls. What happens if a resource is outside the access level?

  • A Full access is granted.
  • B Access is denied.
  • C Access is granted with limitations.
  • D Access is only logged.
Explanation Resources outside the access level cannot be accessed, unlike options A, C, and D, which are incorrect assumptions.
Q187

Which service provides real-time threat detection in GCP?

  • A Cloud Security Command Center
  • B Cloud Armor
  • C Cloud Firewall
  • D Data Loss Prevention
Explanation Cloud Security Command Center detects threats proactively, while others focus on access control or protection.
Q188

A company needs to ensure data stored in Cloud Storage is encrypted. Which option meets this need without manual intervention?

  • A Use default encryption in Cloud Storage
  • B Manually encrypt all objects uploaded
  • C Use Google Drive for encryption
  • D Rely on client-side encryption only
Explanation Default encryption in Cloud Storage automatically encrypts data at rest without additional action.
Q189

What happens when you delete a Google Cloud project?

  • A All resources are permanently removed
  • B The project is archived for recovery
  • C Policies are inherited by root organization
  • D Billing accounts remain active
Explanation Deleting a project permanently removes all its resources, while archiving and recovery options do not exist.
Q190

Which service allows automated incident response actions?

  • A Security Command Center
  • B Cloud Pub/Sub
  • C IAM Roles
  • D Cloud Storage
Explanation Security Command Center enables automated incident response via configurations, while the others do not.