Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 291–300 of 486

Q291

You are configuring a Google Kubernetes Engine (GKE) cluster's security. What is the outcome of enabling private nodes?

  • A Nodes lose internet access
  • B Nodes require public IPs
  • C More security in cluster
  • D Nodes have higher latency
Explanation Enabling private nodes restricts direct internet access for security, while others are incorrect outcomes.
Q292

Which service provides SIEM capabilities in GCP?

  • A Cloud Logging
  • B Cloud Security Command Center
  • C Data Loss Prevention
  • D VPC Network Peering
Explanation Cloud Security Command Center offers SIEM capabilities, while others focus on logging, data protection, or networking.
Q293

A company needs to restrict API access based on user attributes. Which GCP feature should they use?

  • A Pub/Sub
  • B IAM Conditions
  • C Firewall Rules
  • D VPC Service Controls
Explanation IAM Conditions allow attribute-based access, while others do not provide this capability.
Q294

You are configuring access for a GCP project. What happens when you set a role at the organization level?

  • A Applies to all organizations.
  • B Overrides project-level permissions.
  • C Only applies to selected users.
  • D No effect on projects.
Explanation An organization-level role overrides all project-level permissions for that role.
Q295

Which service helps in managing user identities and access?

  • A Cloud Identity
  • B Compute Engine
  • C Cloud Functions
  • D BigQuery
Explanation Cloud Identity specializes in user management; others do not.
Q296

A company needs to ensure its data stored in Cloud Storage is encrypted at rest. What should it configure?

  • A Enable default encryption
  • B Disable all access
  • C Use public cloud storage
  • D Archive the data
Explanation Enabling default encryption ensures data at rest is secured; the other options do not address encryption.
Q297

What happens when a firewall rule is set to allow all traffic on a VM's network interface?

  • A Only inbound traffic is allowed
  • B All traffic is allowed
  • C Only outbound traffic is allowed
  • D Traffic is blocked by default
Explanation Allowing all traffic on the interface permits both inbound and outbound traffic; other options are incorrect interpretations of firewall behavior.
Q298

Which service provides automated threat detection in GCP?

  • A Security Command Center
  • B Cloud Functions
  • C BigQuery
  • D Compute Engine
Explanation Security Command Center is designed for threat detection, while the other options serve different purposes.
Q299

A company needs to implement fine-grained access control on its Cloud Storage buckets. What should it use?

  • A IAM permissions only
  • B Access Control Lists (ACLs)
  • C VPC Service Controls
  • D Cloud Audit Logs
Explanation Access Control Lists (ACLs) allow for fine-grained access, while IAM permissions manage broader roles.
Q300

You are configuring Trusted Types for your web applications running in App Engine. What happens when a user submits unsafe JavaScript code through a form?

  • A The code is executed.
  • B The code is only sanitized.
  • C An error is thrown.
  • D The code is blocked.
Explanation Trusted Types prevent the execution of unsafe code, while the other options imply unsafe behavior.