Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 331–340 of 486

Q331

Which Google Cloud service provides security event logging?

  • A Cloud Audit Logs
  • B Cloud Memorystore
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Audit Logs captures security-related events; others do not focus on logging.
Q332

A company needs to prevent unauthorized access to Cloud Storage. What should they implement?

  • A IAM roles and permissions
  • B Load balancers
  • C Networking routes
  • D Cloud CDN
Explanation IAM roles govern access control, the others don’t restrict access.
Q333

What happens when a VM instance is deleted in GCP with default settings?

  • A Data is permanently lost
  • B Instance remains but stops running
  • C Instance is saved for recovery
  • D Data is backed up automatically
Explanation Default behavior is data loss; the other options imply retaining data.
Q334

Which service provides scalable security monitoring in GCP?

  • A Cloud Security Command Center
  • B Cloud Functions
  • C Cloud Pub/Sub
  • D BigQuery
Explanation Cloud Security Command Center offers comprehensive security insights, while the others serve different purposes.
Q335

A company needs to enforce strict network policies for a sensitive application. Which GCP feature should they use?

  • A IAM Roles
  • B VPC Service Controls
  • C Cloud CDN
  • D Compute Engine
Explanation VPC Service Controls help define perimeters, ensuring sensitive data protection, unlike the other options.
Q336

What happens when a Google Cloud resource has no IAM policy attached?

  • A Inherited permissions apply
  • B Access is denied
  • C Resource becomes publicly available
  • D Limited to billing access only
Explanation Without an associated IAM policy, access to resources is denied, while the other options misrepresent IAM functionality.
Q337

Which service in Google Cloud allows you to automate security policies across resources?

  • A Cloud Armor
  • B Google Cloud Security Command Center
  • C Cloud Identity
  • D Secret Manager
Explanation Google Cloud Security Command Center provides visibility and control over security policies, while others focus on specific aspects.
Q338

A company needs to ensure that its sensitive data stored in Cloud Storage meets compliance requirements. What should they implement?

  • A Bucket Policy Only
  • B Access Control Lists
  • C Customer-Managed Encryption Keys
  • D Object Versioning
Explanation Customer-Managed Encryption Keys provide control over encryption, while others do not directly ensure compliance.
Q339

What happens when a VM tries to access a Google Cloud resource without the necessary IAM role?

  • A Access is allowed with warning
  • B Access is denied
  • C Access is granted temporarily
  • D Access is logged only
Explanation Access is denied when a VM lacks the necessary IAM role, maintaining strict security policies.
Q340

Which service is used for managing GCP identity and access policies?

  • A Cloud IAM
  • B Cloud Functions
  • C Cloud Storage
  • D Cloud Pub/Sub
Explanation Cloud IAM is specifically designed for identity and access management, while the other services do not serve this purpose.