Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 371–380 of 486

Q371

A company needs to ensure that only certain IP addresses can access their Cloud Storage buckets. What should they configure?

  • A IAM Roles
  • B Bucket Policies
  • C VPC Service Controls
  • D Firewall Rules
Explanation Bucket Policies allow IP address restrictions; others do not directly control access to buckets.
Q372

You are configuring a Google Cloud Armor security policy. What happens if you use a default rule with a deny action?

  • A Allow all traffic types
  • B Deny specific IP addresses only
  • C Deny all traffic by default
  • D Allow only authenticated users
Explanation A default deny action blocks all unmatched traffic; others improperly describe its effect.
Q373

Which Google Cloud service helps with identity and access management?

  • A Cloud IAM
  • B Cloud Functions
  • C Cloud Bigtable
  • D Cloud Pub/Sub
Explanation Cloud IAM governs permissions across services; others serve different purposes.
Q374

A company needs to analyze streaming data in real-time. Which service should they use?

  • A Cloud Storage
  • B Cloud Run
  • C Dataflow
  • D Cloud Spanner
Explanation Dataflow is designed for real-time data processing; others do not provide similar capabilities.
Q375

What happens when a GCP resource has multiple IAM policies attached?

  • A All policies are combined
  • B Only the last applied is effective
  • C Most restrictive policy applies
  • D All are ignored
Explanation All policies merge and permissions are cumulative; others reflect incorrect access control behavior.
Q376

Which Google Cloud service provides DDoS protection?

  • A Cloud Armor
  • B Cloud Storage
  • C VPC Network
  • D Stackdriver Monitoring
Explanation Cloud Armor specifically protects against DDoS attacks; other options don't provide this feature.
Q377

A company needs to automate VM security updates. Which Google Cloud service should they use?

  • A Deployment Manager
  • B Compute Engine
  • C OS Config
  • D Cloud Scheduler
Explanation OS Config specifically aims to automate VM updates; the other options do not provide this feature directly.
Q378

What happens when you create a firewall rule with 'deny all' and another 'allow specific'?

  • A Allow specific rules take precedence
  • B Deny rules take precedence always
  • C Both rules are ignored
  • D Traffic is allowed indirectly
Explanation Allow specific rules override deny all unless more specific deny rules exist; deny rules don’t always dominate.
Q379

Which service is designed to detect and respond to threats in GCP?

  • A Cloud Security Command Center
  • B Cloud Run
  • C Cloud Tasks
  • D BigQuery
Explanation Cloud Security Command Center offers threat detection, while others are not security-focused.
Q380

A company needs to ensure its cloud resources can withstand DDoS attacks. Which Google Cloud service primarily offers this protection?

  • A Cloud Armor
  • B Cloud Pub/Sub
  • C Stackdriver Monitoring
  • D Cloud Functions
Explanation Cloud Armor provides DDoS protection, while the others serve different purposes.