Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 221–230 of 486

Q221

A company needs to monitor user activity across its GCP resources. Which service should it use?

  • A Cloud Audit Logs
  • B Cloud Monitoring
  • C Cloud Logging
  • D Cloud Trace
Explanation Cloud Audit Logs specifically tracks user activity, while others provide different monitoring functionalities.
Q222

What happens when you enable VPC flow logs in a GCP network?

  • A All traffic is blocked
  • B Logs of all packets are stored
  • C Traffic is redirected to Cloud Storage
  • D Metadata of traffic is logged
Explanation VPC flow logs log metadata about network traffic, not the packets themselves or storage redirects.
Q223

Which service provides secure access to resources across Google Cloud?

  • A Identity and Access Management
  • B Cloud Load Balancing
  • C Cloud Storage
  • D Cloud Pub/Sub
Explanation IAM manages who can access resources and how.
Q224

A company needs to monitor network traffic to detect intrusions. Which service should they use?

  • A Cloud Audit Logs
  • B Security Command Center
  • C Identity-Aware Proxy
  • D Cloud Functions
Explanation Security Command Center provides comprehensive visibility over security risks.
Q225

What happens when you enable the 'Shared VPC' in a project?

  • A Isolation of network resources
  • B Direct visibility of all resources
  • C Resource sharing across projects
  • D Elimination of IAM policies
Explanation Shared VPC allows network resources to be shared across projects in the host organization.
Q226

Which Google Cloud service provides a relational database?

  • A Cloud SQL
  • B FireStore
  • C Bigtable
  • D Spanner
Explanation Cloud SQL is specifically designed for relational databases, while others target NoSQL or other data structures.
Q227

A company needs to ensure their Compute Engine instances are untainted by external networks. Which security feature should they implement?

  • A VPC Service Controls
  • B Firewall Rules
  • C Identity-Aware Proxy
  • D Cloud Armor
Explanation Firewall Rules control traffic to instances, while others serve different network security purposes.
Q228

You are configuring Stackdriver Monitoring. What happens if you set an alerting policy to send notifications but forget to add notification channels?

  • A Alerts will still be triggered
  • B You will not receive alerts
  • C Notifications will be sent as emails
  • D Alerts will be ignored
Explanation Without notification channels, alerts are logged but not communicated to users.
Q229

Which Google Cloud service is designed for managing and analyzing large datasets?

  • A BigQuery
  • B Cloud Storage
  • C Pub/Sub
  • D Cloud Functions
Explanation BigQuery is specialized for data analytics, while the others serve different purposes.
Q230

A company needs to manage access to sensitive data in Cloud Storage. Which service should they use for fine-grained access control?

  • A IAM Roles
  • B Cloud Audit Logs
  • C VPC Service Controls
  • D Data Loss Prevention
Explanation IAM Roles provide the granularity needed for access control while the other options focus on different security aspects.