Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 201–210 of 486

Q201

What happens when you enable VPC flow logs for a subnet?

  • A Increased bandwidth usage
  • B Traffic data is logged
  • C Latency is reduced
  • D Firewall rules are modified
Explanation Enabling VPC flow logs captures and logs network traffic data; it does not impact bandwidth or latency.
Q202

Which service is used for DDoS attack protection?

  • A Cloud Armor
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D BigQuery
Explanation Cloud Armor provides DDoS protection, while others serve different functions.
Q203

A company needs to audit their IAM roles usage monthly. Which tool should they utilize?

  • A Cloud Compliance
  • B Cloud Audit Logs
  • C IAM Policy Management
  • D Resource Manager
Explanation Cloud Audit Logs maintain IAM role usage records.
Q204

You are configuring a firewall rule to allow traffic to a VM. What happens when priorities are equal?

  • A Allow rule takes priority
  • B Deny rule takes priority
  • C No rule is applied
  • D Prioritization fails with an error
Explanation When priorities are equal, deny rules take precedence over allow rules.
Q205

Which service provides real-time security insights?

  • A Google Cloud Security Command Center
  • B Google Cloud Resource Manager
  • C Google Kubernetes Engine
  • D Google App Engine
Explanation Google Cloud Security Command Center offers security insights while the other services focus on resource management or application deployment.
Q206

A company needs to enable logging for Cloud Functions. What should they configure?

  • A Cloud Logging
  • B Pub/Sub
  • C Cloud Run
  • D Identity and Access Management
Explanation Cloud Logging integrates directly with Cloud Functions, while the other options are unrelated to logging specifically.
Q207

You are configuring IAM policies. What happens if a user belongs to two conflicting roles?

  • A Higher privilege wins
  • B Lower privilege wins
  • C No access granted
  • D Access depends on resource type
Explanation In IAM, roles that grant higher permissions take precedence unless overridden by a deny rule, while the other options do not accurately reflect IAM behavior.
Q208

Which service provides automated threat detection in GCP?

  • A Cloud Security Command Center
  • B Cloud Functions
  • C Cloud Spanner
  • D Cloud Pub/Sub
Explanation Cloud Security Command Center provides automated threat detection, while the others serve different functions.
Q209

A company needs to securely manage sensitive data across its GCP resources. What is the best approach?

  • A Use IAM roles only
  • B Implement VPC Service Controls
  • C Store data in public buckets
  • D Disable logging to avoid exposure
Explanation Implementing VPC Service Controls enhances security for sensitive data management, while the other options expose data risks.
Q210

What happens when you assign the 'roles/logging.logWriter' role to a service account?

  • A Can read logs only
  • B Can delete logs
  • C Can write logs
  • D Can retrieve log bucket metadata
Explanation The 'roles/logging.logWriter' role allows writing logs, while the other options do not reflect this role's capabilities.