Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 191–200 of 486

Q191

A company needs to monitor its cloud functions for anomalies. Which GCP service should they use?

  • A Cloud Functions
  • B Cloud Monitoring
  • C Cloud Spanner
  • D Compute Engine
Explanation Cloud Monitoring provides visibility into GCP services, unlike the others.
Q192

You are configuring logging for your GCP project. What happens when you set log retention to 0 days?

  • A Logs are never retained
  • B Logs can be accessed monthly
  • C Logs are retained for 30 days
  • D Logs are archived indefinitely
Explanation Setting retention to 0 days means logs won't be kept.
Q193

Which service provides security policies for GCP resources?

  • A Cloud IAM
  • B Cloud Functions
  • C Cloud Pub/Sub
  • D Cloud Storage
Explanation Cloud IAM manages access policies, while others are service-specific.
Q194

A company needs to ensure data at rest is encrypted in Cloud Storage. What should they consider?

  • A Only use public access buckets
  • B Use encryption keys managed externally
  • C Enable Object Versioning
  • D Utilize Google-managed encryption keys
Explanation Google-managed keys provide automatic encryption without user management.
Q195

You are configuring audit logging for your Google Cloud projects. What happens when you turn on Data Access audit logs?

  • A Logs only admin actions
  • B Logs read and write operations
  • C Logs exclude Cloud Functions
  • D Logs only errors and warnings
Explanation Data Access logs include all read and write operations, unlike admin logs which track access changes.
Q196

Which service provides auditing capabilities for Google Cloud resources?

  • A Google Cloud Audit Logs
  • B Google Cloud Storage
  • C Google Cloud Functions
  • D Google Compute Engine
Explanation Google Cloud Audit Logs tracks and logs all administrative actions and resource access, while the others do not specifically focus on auditing.
Q197

A company needs to ensure only specific users can access sensitive data in Cloud Storage. What should they configure?

  • A Bucket policies
  • B Firewall rules
  • C IAM roles
  • D Load balancer
Explanation IAM roles directly control user access rights, while the others do not regulate access to sensitive data.
Q198

What happens when a Compute Engine instance reaches its CPU quota limit?

  • A Instance automatically terminates
  • B Instance becomes read-only
  • C New instances cannot be created
  • D Existing instances will be paused
Explanation Reaching the CPU quota prevents the creation of new instances, while existing instances remain unaffected unless manually stopped or terminated.
Q199

Which Google Cloud service exclusively manages SSL certificates?

  • A Google Cloud SSL Manager
  • B Google Cloud Load Balancing
  • C Google Cloud Storage
  • D Google Cloud Certificate Manager
Explanation Google Cloud Certificate Manager is specifically designed for SSL certificate management; the other options do not provide this service.
Q200

A company needs to restrict SSH access to only certain IP addresses. What is the most efficient way to implement this?

  • A Use IAM roles
  • B Configure firewall rules
  • C Set up a VPN
  • D Enable OS-level restrictions
Explanation Configuring firewall rules is the most efficient method to restrict SSH access by IP; IAM roles do not control network access.