Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 231–240 of 486

Q231

What happens when a Google Cloud service account's private key is compromised?

  • A Account access remains unchanged
  • B Service account gets deleted
  • C Access to all resources is revoked
  • D Malicious actors can access project resources
Explanation Compromised keys allow unauthorized access, unlike the other options which are incorrect in context.
Q232

Which Google Cloud service offers a fully managed threat detection service?

  • A Cloud Security Command Center
  • B BigQuery
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Security Command Center provides threat detection; others do not focus on security threats.
Q233

A company needs to ensure compliance with GDPR for its GCP resources. What should they implement first?

  • A Setup Cloud IAM permissions
  • B Use Data Loss Prevention API
  • C Deploy a Virtual Private Cloud
  • D Enable Audit Logging
Explanation Data Loss Prevention API is used for protecting sensitive data, key for GDPR compliance; others are less direct for this purpose.
Q234

You are configuring VPCs. What happens when a subnet IP range overlaps with another project’s subnet?

  • A Connectivity is not affected
  • B Load balancing fails
  • C Network routing fails
  • D Access permissions are denied
Explanation Network routing fails due to overlapping IP ranges; others are incorrect regarding how GCP handles these configurations.
Q235

Which service helps manage vulnerabilities in Google Cloud?

  • A Google Cloud Armor
  • B Security Command Center
  • C Google Cloud Functions
  • D Cloud Run
Explanation Security Command Center is specifically designed to identify and manage vulnerabilities, while others serve different functions.
Q236

A company needs to restrict access to its cloud resources based on job roles. What should they implement?

  • A API keys only
  • B Static IAM policies
  • C Attribute-based access control
  • D Firewall rules
Explanation Attribute-based access control allows dynamic access restrictions based on roles, unlike static policies or other options.
Q237

What happens when you enable VPC Service Controls for a project?

  • A Increased network bandwidth
  • B Enhanced security for resources
  • C Reduced cost of services
  • D Automatic backups enabled
Explanation VPC Service Controls enhance the security posture by defining security perimeters, not by affecting costs or resources directly.
Q238

Which service enables security monitoring for APIs?

  • A Cloud Armor
  • B Cloud Security Command Center
  • C API Gateway
  • D Security Scanner
Explanation API Gateway provides security features for APIs, while others focus on different aspects.
Q239

You are configuring IAM roles in a project. What is the effect of granting the 'roles/viewer' role to a user?

  • A Can edit resource configurations
  • B Can only view resources
  • C Can delete resources
  • D Can assign new roles
Explanation The 'roles/viewer' role only allows viewing of resources without modification permissions.
Q240

What happens if you enable VPC flow logs for a project?

  • A Logs only incoming traffic
  • B Logs both incoming and outgoing traffic
  • C Logs are stored in Firestore
  • D VPC becomes publicly accessible
Explanation VPC flow logs capture both incoming and outgoing traffic, providing complete traffic visibility.