Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 271–280 of 486

Q271

Which service is used for Google Cloud's identity management?

  • A Google Cloud Identity
  • B Google Cloud Storage
  • C Google App Engine
  • D Google BigQuery
Explanation Google Cloud Identity is specifically designed for identity management, while others serve different purposes.
Q272

A company needs to encrypt data at rest in Cloud Storage. What should they use?

  • A Custom Encryption Keys
  • B Service Account Keys
  • C Signed URLs
  • D IAM Roles
Explanation Custom Encryption Keys are specifically for encrypting data at rest while others focus on access controls or user permissions.
Q273

You are configuring VPC Service Controls. What happens if a resource is outside the perimeter?

  • A Access is blocked entirely
  • B Access is granted automatically
  • C Access is limited and monitored
  • D Access is temporarily allowed
Explanation Resources outside the VPC Service Controls perimeter are denied access by default.
Q274

Which service automates the configuration of firewall rules?

  • A Google Cloud Armor
  • B Google Cloud Firewall Manager
  • C Google Compute Engine
  • D Google VPC
Explanation Cloud Firewall Manager automates the management of firewall rules, while others serve different purposes.
Q275

A company needs to monitor user access patterns. What should they implement?

  • A VPC Service Controls
  • B Cloud Identity
  • C Activity Logs
  • D Data Loss Prevention
Explanation Activity Logs provide visibility into user access patterns, unlike the other options which focus on different functionalities.
Q276

You are configuring a service account. What will happen if you miss the appropriate IAM roles?

  • A Account still functions normally
  • B Account is deactivated immediately
  • C Access will be insufficient for tasks
  • D Account cannot be created
Explanation Insufficient IAM roles result in restricted access, while others describe incorrect outcomes for service account behavior.
Q277

Which service provides real-time security monitoring in GCP?

  • A Cloud Security Scanner
  • B Cloud Monitoring
  • C Cloud Armor
  • D Security Command Center
Explanation Security Command Center provides comprehensive real-time security insights, while others focus on different functions.
Q278

A company needs to ensure that its service account only accesses specified resources. Which best practice should they adopt?

  • A Use a wide-scoped role
  • B Assign minimal permissions
  • C Disable all IAM policies
  • D Use public access permissions
Explanation Assigning minimal permissions follows the principle of least privilege, ensuring security by limiting access.
Q279

You are configuring VPC Service Controls for sensitive workloads. What happens when an access level is breached?

  • A Data is automatically encrypted
  • B Access is granted without restriction
  • C Access to the service is blocked
  • D Notification is sent to the user
Explanation Access is blocked to prevent data exposure, ensuring security controls are enforced.
Q280

Which service is best for analyzing logs in real-time?

  • A Cloud Logging
  • B Cloud Armor
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Logging is designed for log analysis, while others serve different purposes.