Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 251–260 of 486

Q251

A company needs secure architectural patterns implemented for serverless applications on GCP. Which tool should they use?

  • A Cloud Armor
  • B Cloud Functions
  • C Security Scanner
  • D Cloud Deployment Manager
Explanation Cloud Armor provides security for serverless; others are not primarily security tools.
Q252

What happens when you misconfigure IAM permissions for a GCP project?

  • A Protection increases
  • B Access denial may occur
  • C Resources automatically self-delete
  • D Service accounts become inactive
Explanation Misconfiguring IAM can lead to access issues; others are false implications.
Q253

Which service automatically scales your applications based on demand?

  • A Google Kubernetes Engine
  • B Cloud Functions
  • C App Engine
  • D Cloud Run
Explanation App Engine automatically handles scaling; others require manual configuration.
Q254

A company needs to monitor their cloud resources and get alerts on security issues. Which tool should they use?

  • A Cloud Trace
  • B Cloud Monitoring
  • C Cloud Tasks
  • D Cloud Build
Explanation Cloud Monitoring provides alerts and visualizations; others do not primarily focus on monitoring.
Q255

You are configuring IAM roles for a service account. What happens if you don't grant any roles?

  • A Account is deleted.
  • B No access to resources.
  • C Account is suspended.
  • D Account remains active.
Explanation Without roles, the service account has no access; others misinterpret service account status.
Q256

Which Google Cloud service offers DDoS protection?

  • A Cloud Armor
  • B Cloud Storage
  • C Cloud Functions
  • D Cloud SQL
Explanation Cloud Armor provides DDoS protection, while others do not.
Q257

A company needs to store private user data securely on Google Cloud. Which key management practice should they implement?

  • A Use IAM roles for data access
  • B Enable Object Versioning
  • C Use Cloud Key Management Service
  • D Turn on data replication
Explanation Cloud KMS securely manages encryption keys, unlike the others.
Q258

You are configuring logging for a Google Cloud project. What happens when you set the log sink to BigQuery?

  • A Logs will only be stored in GCS
  • B Logs will be deleted after 30 days
  • C Logs will be accessible via SQL queries
  • D Logs won't be retrievable anymore
Explanation Logs in BigQuery can be queried using SQL unlike other options.
Q259

Which Google Cloud service automates security policy enforcement in GKE?

  • A Google Cloud Armor
  • B Binary Authorization
  • C Cloud Security Scanner
  • D VPC Service Controls
Explanation Binary Authorization automatically enforces security policies for Kubernetes images, while others focus on different security aspects.
Q260

A company needs to revocate access for a former employee. What is the best method to achieve this in Google Cloud IAM?

  • A Delete the user account
  • B Remove specific IAM roles
  • C Set conditions on roles
  • D Disable multi-factor authentication
Explanation Deleting the user account immediately revokes access, unlike the other options which may not be as effective.