Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 241–250 of 486

Q241

Which Google Cloud service provides managed instances of Redis?

  • A Cloud Memorystore
  • B Google Cloud SQL
  • C Cloud Bigtable
  • D Firestore
Explanation Cloud Memorystore is specifically for Redis and Memcached, while others serve different purposes.
Q242

A company needs to audit IAM policy changes. What should they use?

  • A Cloud Audit Logs
  • B IAM Recommender
  • C Stackdriver Monitoring
  • D Cloud Security Scanner
Explanation Cloud Audit Logs records actions taken on resources, unlike the other options.
Q243

You are configuring VPC peering between two projects. What happens if they use overlapping IP ranges?

  • A Peering is established magically
  • B Peering cannot be established
  • C Traffic is routed to the wrong project
  • D Error will only occur during traffic
Explanation VPC peering fails if there are overlapping IP ranges, unlike how other options describe the situation.
Q244

Which service is best for managing secrets securely?

  • A Cloud Secret Manager
  • B Cloud Firestore
  • C Cloud Pub/Sub
  • D Cloud Data Loss Prevention
Explanation Cloud Secret Manager is designed for secure management of secrets, unlike the others which serve different purposes.
Q245

A company needs to monitor network traffic to identify anomalies. Which Google Cloud service should they use?

  • A Google Cloud Logging
  • B VPC Flow Logs
  • C Cloud Debugger
  • D Stackdriver Monitoring
Explanation VPC Flow Logs capture traffic details that help identify anomalies in network traffic, while the others are not focused on network anomaly detection.
Q246

You are configuring Cloud Identity-Aware Proxy (IAP). What happens when a user's authentication fails?

  • A Access is granted with limited permissions
  • B User is redirected to a login page
  • C Access is denied to the resource
  • D User is automatically logged out
Explanation Access is denied when authentication fails, unlike the other options which do not accurately represent IAP behavior.
Q247

Which Google Cloud service provides DDoS protection?

  • A Cloud Armor
  • B Cloud Data Loss Prevention
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Armor provides protection against DDoS attacks, while other services focus on different functionalities.
Q248

A company needs to securely manage API keys across multiple applications. What should they use?

  • A Google Cloud Secrets Manager
  • B Google Cloud Storage
  • C Google Cloud Run
  • D Google Cloud Pub/Sub
Explanation Google Cloud Secrets Manager is designed for secure storage and management of sensitive information like API keys, unlike the other options.
Q249

What happens when you enable VPC Service Controls?

  • A Blocks all network traffic
  • B Enhances data security controls
  • C Increases billing costs significantly
  • D Disables all IAM permissions
Explanation Enabling VPC Service Controls enhances security by defining a security perimeter, but it does not block traffic or change IAM permissions.
Q250

Which Google Cloud service allows you to create custom IAM roles?

  • A IAM Roles API
  • B Cloud Functions
  • C Cloud Run
  • D Cloud Storage
Explanation IAM Roles API enables custom role creation; others do not offer that functionality.