Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 261–270 of 486

Q261

You are configuring a service perimeter in Google Cloud. What happens if you mistakenly include a service that does not support VPC Service Controls?

  • A It will throw an error and not save
  • B Data will be exposed outside the perimeter
  • C It will be excluded automatically
  • D No changes will occur, it saves normally
Explanation Including an unsupported service causes an error, ensuring correct configurations prior to saving.
Q262

What is the primary purpose of Google Cloud Armor?

  • A DDoS protection and mitigation
  • B Network storage management
  • C API rate limiting
  • D User identity management
Explanation Google Cloud Armor specifically provides DDoS protection; other options pertain to different services.
Q263

A company needs to ensure that its data in Google Cloud Storage is encrypted at rest and in transit. What should they enable?

  • A Object Lifecycle Management
  • B Customer-managed key encryption
  • C Bucket versioning
  • D Static website hosting
Explanation Customer-managed key encryption ensures data is encrypted at rest and can secure in-transit data; others serve different purposes.
Q264

You are configuring IAM policies for a sensitive project in Google Cloud. What is a best practice to follow?

  • A Use the Owner role for all users
  • B Implement least privilege access
  • C Assign roles based on user convenience
  • D Enable all permissions for flexibility
Explanation Implementing least privilege access minimizes exposure to risks; other options increase vulnerability.
Q265

Which service allows for centralized logging in Google Cloud?

  • A Cloud Logging
  • B Cloud Storage
  • C Cloud Function
  • D Cloud Firestore
Explanation Cloud Logging provides a centralized platform for logging events, while the other options serve different functionalities.
Q266

A company needs to isolate environments for development and production. Which Google Cloud feature should they use?

  • A Shared VPC
  • B Service Accounts
  • C Project Structure
  • D IAM Policies
Explanation Using a distinct Project Structure allows for clear separation of resources, while other options don't offer complete isolation.
Q267

You are configuring a firewall rule to allow traffic on port 80. What happens if you do not specify a source IP range?

  • A All traffic is allowed
  • B No traffic will pass
  • C Traffic is blocked by default
  • D Only internal traffic is allowed
Explanation Not specifying a source IP range defaults to allowing all traffic, whereas the other options imply restrictions that wouldn't be the case.
Q268

Which service can help you analyze security logs?

  • A Cloud Armor
  • B Cloud Audit Logs
  • C BigQuery
  • D Data Loss Prevention
Explanation Cloud Audit Logs captures and analyzes security logs, while others serve different functions.
Q269

A company needs to create firewall rules to allow HTTP traffic. Which action should they take?

  • A Block all traffic
  • B Allow tcp:443 only
  • C Allow tcp:80 only
  • D Allow udp:80 only
Explanation Allowing tcp:80 enables HTTP traffic; tcp:443 is for HTTPS.
Q270

What happens when you set a Google Cloud Storage bucket to 'public access'?

  • A Only owner can access files
  • B Files are accessible to anyone
  • C Files are encrypted by default
  • D Bucket cannot be deleted
Explanation Setting public access allows anyone to access the files in the bucket, which is a significant security risk.