Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 21–30 of 486

Q21

What happens when you set a bucket's Uniform bucket-level access in Cloud Storage?

  • A Access is denied to all objects
  • B Permission is set for individual objects
  • C Permissions are based on IAM roles only
  • D Bucket permissions override object permissions
Explanation Uniform bucket-level access requires IAM roles for all permissions, while the other options are incorrect interpretations.
Q22

Which service provides centralized logging and monitoring in GCP?

  • A Cloud Logging
  • B Cloud Storage
  • C Cloud Firewall
  • D Cloud Functions
Explanation Cloud Logging is designed for centralized logging, while others serve different purposes.
Q23

A company needs to ensure that its Cloud Function is invoked only by an authorized service account. What configuration must they implement?

  • A Allow all users access
  • B Set IAM roles for the function
  • C Use public internet endpoints
  • D Enable VPC Service Controls
Explanation Setting IAM roles restricts access to service accounts only, while the other options do not provide this restriction.
Q24

What happens when a GCP project is deleted at the organizational level?

  • A All resources are permanently deleted
  • B Resources are archived for 30 days
  • C Permissions remain active
  • D Billing stops immediately
Explanation When a project is deleted, all resources are lost unless backed up, whereas other options imply incorrect states of resources or permissions.
Q25

Which Google Cloud service provides DDoS protection?

  • A Cloud Armor
  • B Cloud Functions
  • C Cloud Pub/Sub
  • D Cloud Bigtable
Explanation Cloud Armor provides DDoS protection features, while the others do not primarily focus on security against such attacks.
Q26

A company needs to analyze logs in real-time for security incidents. What should they use?

  • A Cloud Storage
  • B BigQuery
  • C Dataflow
  • D Cloud Logging
Explanation Dataflow is optimal for real-time log analysis, while others are not designed specifically for real-time streaming processing.
Q27

You are configuring IAM roles for a project. What happens if a user has both a higher and a lower-level role?

  • A Higher role prevails
  • B Lower role prevails
  • C Conflicts cause access denial
  • D Both roles are additive
Explanation In IAM, a higher role prevails over a lower role; lower roles do not negate permissions granted by higher roles.
Q28

Which service provides detection and investigation of security incidents?

  • A Cloud Security Command Center
  • B Google Cloud Load Balancer
  • C Cloud Resource Manager
  • D BigQuery ML
Explanation Cloud Security Command Center enables security incident detection and investigation, unlike the others.
Q29

A company needs to log access to sensitive data stored in Cloud Storage. What should they enable?

  • A VPC Service Controls
  • B Cloud Audit Logs
  • C Cloud Armor
  • D Genomics API
Explanation Cloud Audit Logs are specifically for logging access events.
Q30

You are configuring IAM policies for diverse teams in your organization. What should be avoided when assigning permissions?

  • A Using least privilege principle
  • B Over-privileging users
  • C Utilizing predefined roles
  • D Regularly reviewing policies
Explanation Over-privileging users contradicts security best practices.