Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 211–220 of 486

Q211

Which Google Cloud service is best for real-time data processing?

  • A Cloud Dataflow
  • B Cloud Storage
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Dataflow is designed specifically for real-time data processing, unlike the others which serve different purposes.
Q212

A company needs to secure sensitive data in Cloud Storage; which method is most effective?

  • A Use IAM roles only
  • B Enable bucket versioning
  • C Use customer-managed encryption keys
  • D Set public access prevention
Explanation Customer-managed encryption keys offer robust control over data encryption, while others emphasize accessibility or versioning rather than security.
Q213

What happens when you use a service account without proper IAM permissions?

  • A Access is allowed by default
  • B Access is denied
  • C Limited access to some resources
  • D Access logs are not generated
Explanation Without appropriate IAM permissions, service account access will be denied, protecting resources from unauthorized usage.
Q214

Which service can help monitor and respond to security events in Google Cloud?

  • A Cloud Audit Logs
  • B Cloud Armor
  • C Cloud Operations Suite
  • D Cloud Run
Explanation Cloud Operations Suite provides monitoring and incident response while others offer logging or protection features.
Q215

A company needs to restrict user access to specific Google Cloud resources based on IAM roles. Which feature should they use?

  • A VPC Peering
  • B Service Accounts
  • C IAM Policies
  • D Load Balancing
Explanation IAM Policies are designed for access control, unlike the other options.
Q216

What happens when a Firewall Rule is applied to a Google Cloud project?

  • A It affects all regions only.
  • B It applies to that specific project only.
  • C It goes into effect after a week.
  • D It requires user reboot.
Explanation Firewall Rules are project-specific, affecting only resources within that project, unlike the other options which are incorrect.
Q217

Which service can be used for real-time threat detection in Google Cloud?

  • A Cloud Audit Logs
  • B Cloud Security Command Center
  • C BigQuery
  • D Cloud NAT
Explanation Cloud Security Command Center provides real-time threat detection, while the other options serve different purposes.
Q218

A company needs to log activities of IAM users in Google Cloud. What service should they use?

  • A Cloud Pub/Sub
  • B Cloud Logging
  • C Cloud Functions
  • D Cloud Run
Explanation Cloud Logging captures IAM user activities, while the others are for different functionalities.
Q219

You are configuring security for a Compute Engine instance. What happens when you disable the instance's firewall?

  • A No access to the instance
  • B All access is blocked
  • C All traffic is allowed
  • D Only SSH is allowed
Explanation Disabling the firewall allows all incoming and outgoing traffic, unlike the other options.
Q220

Which service allows you to manage Secrets on GCP?

  • A Cloud Secrets Manager
  • B Cloud Key Management Service
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Secrets Manager securely manages secrets, unlike other options which serve different purposes.