Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 361–370 of 486

Q361

Which service provides DDoS protection in Google Cloud?

  • A Cloud Armor
  • B Cloud CDN
  • C Cloud Storage
  • D Cloud Functions
Explanation Cloud Armor offers DDoS protection; others do not focus on DDoS mitigation.
Q362

A company needs to mitigate risks from insider threats. What should they implement?

  • A IAM Policies
  • B VPC Peering
  • C Load Balancers
  • D App Engine
Explanation IAM Policies regulate access, mitigating insider risks; others do not address user permissions directly.
Q363

You are configuring logging in Google Cloud. What happens if quota is exceeded?

  • A Logs are dropped silently
  • B Logging stops completely
  • C Logs are stored indefinitely
  • D Old logs overwrite new ones
Explanation Exceeding quota drops logs silently; other options misrepresent logging behavior.
Q364

Which Google Cloud service provides real-time threat detection?

  • A Cloud Armor
  • B Security Command Center
  • C Firewall Rules
  • D Cloud Functions
Explanation Security Command Center monitors and detects threats, while the others focus on different functionalities.
Q365

A company needs to develop a secure connection between its on-premises network and Google Cloud. Which technology should they use?

  • A VPN
  • B Cloud Pub/Sub
  • C BigQuery
  • D Cloud Functions
Explanation VPN provides secure connectivity; the other options do not establish network connections.
Q366

You are configuring IAM permissions for a group in Google Cloud. What happens when you grant a group access to a project?

  • A They can manage all project resources
  • B They receive permissions of all members
  • C They can only view project logs
  • D They gain specified permissions only
Explanation IAM grants only the specified permissions; hence, not all members' permissions are included.
Q367

Which service provides DDoS protection in Google Cloud?

  • A Cloud Armor
  • B Cloud DNS
  • C Cloud Storage
  • D BigQuery
Explanation Cloud Armor is specifically designed for DDoS mitigation, while the others serve different purposes.
Q368

A company needs to monitor its virtual machines' activity and system vulnerabilities. What should they use?

  • A Google Cloud Logs
  • B Cloud Security Command Center
  • C Cloud Composer
  • D Cloud Pub/Sub
Explanation Cloud Security Command Center provides insights into security posture and vulnerabilities, while the others do not focus on system vulnerabilities directly.
Q369

You are configuring IAM roles for a project. What is the correct principle of least privilege?

  • A Grant full access to all users
  • B Give only necessary permissions
  • C Use predefined roles only
  • D Assign admin roles by default
Explanation The principle of least privilege dictates giving only necessary permissions to enhance security, unlike the other options that provide excessive access.
Q370

Which service should be used for centralized logging in GCP?

  • A Cloud Logging
  • B Cloud Pub/Sub
  • C Cloud Monitoring
  • D Cloud Storage
Explanation Cloud Logging aggregates logs from GCP services; others serve different purposes.