Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 281–290 of 486

Q281

A company needs to automate compliance monitoring for their GCP resources. What should they use?

  • A Cloud Security Scanner
  • B Cloud Functions
  • C Policy Intelligence
  • D Cloud Deployment Manager
Explanation Policy Intelligence enables automated monitoring of compliance, while the others serve different functions.
Q282

You are configuring IAM roles for a project. What happens when you assign a role with 'Viewer' permissions to a user?

  • A User can modify resources
  • B User can delete resources
  • C User can view resources only
  • D User cannot access resources
Explanation 'Viewer' permissions only allow viewing of resources, not modification or deletion.
Q283

Which service allows fine-grained access control for Google Cloud resources?

  • A IAM Roles
  • B Cloud DLP
  • C Cloud KMS
  • D Cloud Functions
Explanation IAM Roles provide detailed access control; others serve different purposes.
Q284

A company needs to audit logs for compliance. Which Google Cloud service should they use?

  • A Cloud Logging
  • B Cloud Storage
  • C BigQuery
  • D Cloud Monitoring
Explanation Cloud Logging collects logs for compliance; others do not focus on logging.
Q285

You are configuring a firewall rule in VPC. What happens when you set an Allow rule for a specific IP?

  • A Blocks all traffic from that IP
  • B Allows traffic from that IP only
  • C Forces ingress-only traffic from that IP
  • D Disables other firewall rules
Explanation An Allow rule permits traffic only from the specified IP; the other options misinterpret the rule's function.
Q286

Which service allows for inspecting GCP network traffic?

  • A Cloud Armor
  • B Cloud Logging
  • C VPC Flow Logs
  • D Cloud Data Loss Prevention
Explanation VPC Flow Logs provide network traffic insights; the others do not focus on traffic inspection.
Q287

A company needs to manage access to sensitive data stored in Google Cloud. Which GCP feature is best suited for granting role-based access?

  • A Google Cloud Functions
  • B IAM Roles and Permissions
  • C Cloud Pub/Sub
  • D Cloud CDN
Explanation IAM Roles and Permissions are specifically designed for access management; the others do not manage access roles.
Q288

You are configuring security policies for a GKE cluster. What happens if you do not set up Network Policies?

  • A All pods can communicate freely
  • B Pods will be isolated by default
  • C Only external traffic is restricted
  • D Traffic is encrypted automatically
Explanation Without Network Policies, all pods can communicate freely; the other options imply limitations that do not exist by default.
Q289

Which Google Cloud service provides identity management capabilities?

  • A Cloud Identity
  • B Cloud Run
  • C BigQuery
  • D Cloud Pub/Sub
Explanation Cloud Identity offers robust identity management, while others serve different purposes.
Q290

A company needs to monitor its Google Cloud resources for security compliance. What should they use?

  • A Cloud Security Scanner
  • B Google Cloud Logger
  • C Cloud Audit Logs
  • D Cloud Functions
Explanation Cloud Audit Logs provide relevant monitoring for compliance; others serve other functions.