Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 11–20 of 486

Q11

A company needs to monitor and analyze security logs in real time. Which tool should they use?

  • A Cloud Audit Logs
  • B Cloud Logging
  • C Cloud Trace
  • D Cloud Monitoring
Explanation Cloud Logging allows you to collect and analyze log data, while the others do not focus specifically on logs.
Q12

What happens when you do not set an IAM policy for a Google Cloud resource?

  • A Resource defaults to public access
  • B No access is granted by default
  • C Only admins can access it
  • D Resource becomes read-only by default
Explanation Google Cloud resources deny access by default unless specified, while the other options incorrectly assume defaults or behaviors about access controls.
Q13

Which Google Cloud service facilitates automated security scanning?

  • A Google Cloud Security Command Center
  • B Google BigQuery
  • C Google Compute Engine
  • D Google Cloud Pub/Sub
Explanation Google Cloud Security Command Center provides automated security scanning, while the others serve different purposes like data analytics or messaging.
Q14

A company needs to ensure that all API calls are logged for audit purposes. Which service should they use?

  • A Cloud Tasks
  • B Cloud Logging
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Logging captures logs for all activities including API calls while the others do not focus on logging.
Q15

What happens when a VM instance is set to 'preemptible'?

  • A Instance runs indefinitely but can be resumed
  • B Instance may be terminated at any time
  • C Instance becomes permanently free
  • D Instance cannot be accessed remotely
Explanation Preemptible VMs can be terminated by Google Cloud at any time, unlike the other options.
Q16

Which service is primarily used for managing identity and access in Google Cloud?

  • A Identity and Access Management (IAM)
  • B Cloud Logs
  • C Cloud Storage
  • D Cloud Functions
Explanation IAM manages user access and policies, while others serve different functions.
Q17

A company needs to implement VPC peering between two projects. What is a prerequisite?

  • A Both projects must belong to same organization
  • B Both projects should use the same IP range
  • C Cross-project billing enabled
  • D VPCs cannot have overlapping IP ranges
Explanation VPCs must have non-overlapping IP ranges for successful peering.
Q18

What happens when you disable a Google Cloud service account?

  • A All access rights are revoked
  • B The service account remains active
  • C Only IAM roles are revoked
  • D Billing stops immediately
Explanation Disabling a service account revokes all access rights immediately.
Q19

Which service is best for analyzing real-time streaming data in Google Cloud?

  • A BigQuery
  • B Dataflow
  • C Cloud Storage
  • D Cloud Pub/Sub
Explanation Dataflow is designed for real-time data processing, unlike the other options.
Q20

A company needs to secure its APIs against external threats. Which practice is most effective?

  • A Enable CORS for all APIs
  • B Implement IP whitelisting
  • C Use API keys only
  • D Deploy API on public subnet
Explanation IP whitelisting significantly limits access to trusted sources, whereas the other options provide weaker protections.