Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 341–350 of 486

Q341

A company needs to ensure its virtual machines are not accessible from the internet but still allows access to specific external services. What configuration should they implement?

  • A Public IP for each VM
  • B Use Private Google Access
  • C Enable firewall rules for SSH access
  • D Set default route to None
Explanation Private Google Access allows VMs without public IPs to access Google services without opening them to the internet, while the other options expose or misconfigure access.
Q342

What happens when you set a GCP GCS bucket's uniform access control to ‘fine-grained’?

  • A It disables object-level permissions
  • B It enables only owner access
  • C It allows both object and bucket permissions
  • D It restricts public access
Explanation Setting to fine-grained keeps both object and bucket permissions separated, while the other options misinterpret access rules.
Q343

Which service allows threat detection for GCP resources?

  • A Google Cloud Security Command Center
  • B Cloud Audit Logs
  • C Cloud Identity-Aware Proxy
  • D Google Cloud Armor
Explanation Google Cloud Security Command Center provides security insights, while others focus on access control or protection against DDoS attacks.
Q344

A company needs to restrict IAM roles to specific time frames. Which feature should they use?

  • A Service Accounts
  • B Custom IAM Roles
  • C IAM Conditions
  • D Federated Identities
Explanation IAM Conditions allow role restrictions based on specific attributes, while other options do not provide time-based access controls.
Q345

You are configuring a VPC with multiple subnets. What happens if you do not specify the subnet range?

  • A Network is created successfully.
  • B Default range is assigned.
  • C Creation fails with error.
  • D It applies IPv4 automatically.
Explanation Failing to specify a range leads to a creation error, as subnets require defined IP ranges.
Q346

Which Google Cloud service is used for managing APIs?

  • A Cloud Endpoints
  • B Cloud Functions
  • C Cloud Run
  • D Cloud Storage
Explanation Cloud Endpoints is specifically designed for API management, whereas the other options serve different purposes.
Q347

A company needs to secure their virtual machines. What should be their first step?

  • A Apply IAM roles
  • B Configure firewall rules
  • C Disable SSH access
  • D Install antivirus software
Explanation Configuring firewall rules is a fundamental step in securing VMs, while the other options are either secondary or specific to lesser security measures.
Q348

What happens when you apply a security policy to a Google Cloud organization?

  • A It applies to all projects
  • B It can be overridden by projects
  • C It restricts all users automatically
  • D It affects only the organization's resources
Explanation Applying a security policy to an organization will enforce it across all projects within that organization, unlike the other options that describe incorrect hierarchical rules.
Q349

Which service provides real-time threat detection for Google Cloud?

  • A Cloud Insight
  • B Cloud Security Command Center
  • C Cloud Monitoring
  • D Cloud Logging
Explanation Cloud Security Command Center helps identify threats, while others focus on different functionalities.
Q350

A company needs to ensure that employees only access the data necessary for their specific role. Which Google Cloud feature should they implement?

  • A IAM Policies
  • B Service Accounts
  • C Firewall Rules
  • D Cloud Functions
Explanation IAM Policies manage access based on roles, unlike the other options which serve different functions.