Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 311–320 of 486

Q311

A company needs to securely manage service account keys. What Google Cloud feature should it use?

  • A Cloud IAM
  • B Secret Manager
  • C Cloud Audit Logs
  • D VPC Service Controls
Explanation Secret Manager is designed for managing sensitive configuration data like service account keys, while others are not oriented towards key management.
Q312

What happens when you set a firewall rule to allow ingress traffic on port 80?

  • A All incoming traffic is blocked
  • B Only HTTPS is allowed
  • C HTTP traffic is allowed
  • D No impact on existing rules
Explanation Setting the rule specifically allows HTTP traffic on port 80, while the other options are incorrect interpretations of firewall behavior.
Q313

Which service provides DDoS protection in Google Cloud?

  • A Cloud Armor
  • B Cloud CDN
  • C Google Cloud Functions
  • D Cloud Storage
Explanation Cloud Armor specifically helps mitigate DDoS attacks, while the others serve different purposes.
Q314

A company needs to monitor logins and access attempts. Which tool should they utilize?

  • A Cloud Logging
  • B Cloud Monitoring
  • C Cloud Identity
  • D Cloud Audit Logs
Explanation Cloud Audit Logs record logins and access attempts; the others focus on different monitoring aspects.
Q315

You are configuring IAM roles for a project. What happens if a user has both 'Editor' and 'Viewer' roles?

  • A Only 'Editor' permissions apply
  • B No permissions apply
  • C Both roles are considered equally
  • D 'Viewer' privileges are ignored
Explanation IAM roles combine permissions, so 'Editor' overrides 'Viewer' permissions.
Q316

Which GCP service is best for DDoS protection?

  • A Google Cloud Armor
  • B Cloud CDN
  • C Identity-Aware Proxy
  • D BigQuery
Explanation Google Cloud Armor provides DDoS protection; others do not.
Q317

You are configuring IAM roles for a project. A user needs to read Cloud Storage objects. Which role should you assign?

  • A Storage Object Admin
  • B Storage Object Viewer
  • C Project Editor
  • D Viewer
Explanation The Storage Object Viewer role allows read access; others grant more permissions.
Q318

What happens when you delete a GCP service account?

  • A All attached resources are deleted
  • B Service account keys become invalid
  • C Project access remains unchanged
  • D Audit logs are permanently lost
Explanation Deleting a service account invalidates its keys; others are incorrect consequences.
Q319

Which service is ideal for analyzing security log data in real-time?

  • A Google Cloud Pub/Sub
  • B Google Cloud Logging
  • C Google Cloud Dataflow
  • D Google Cloud Armor
Explanation Google Cloud Logging collects and analyzes logs, unlike the others which serve different functions.
Q320

A company needs to manage sensitive data while ensuring compliance with regulations. What Google Cloud feature should they use?

  • A IAM Roles
  • B VPC Peering
  • C Cloud KMS
  • D Cloud Functions
Explanation Cloud KMS enables secure key management necessary for compliant sensitive data handling.