Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 381–390 of 486

Q381

You are configuring IAM policies for a Cloud Storage bucket. What happens when you grant a user roles/storage.objectViewer at the project level?

  • A Access to all buckets only
  • B Access to no buckets
  • C Access to specific bucket only
  • D Access to all objects in all buckets
Explanation Project-level permissions grant access to all objects in all buckets under that project, making A, B, and C incorrect.
Q382

Which service is used for real-time monitoring of Google Cloud resources?

  • A Cloud Monitoring
  • B Cloud Logging
  • C Cloud Storage
  • D Cloud Security Command Center
Explanation Cloud Monitoring tracks resource performance, while the others serve different purposes like logging or storage.
Q383

A company needs to ensure data segmentation for compliance using IAM roles. Which approach is most effective?

  • A Use broad roles for all users
  • B Implement resource-specific IAM roles
  • C Assign roles based on project types
  • D Utilize service accounts only
Explanation Resource-specific IAM roles enforce the necessary data segmentation for compliance, unlike the alternatives.
Q384

What happens when enabling the VPC Flow Logs on a Google Cloud VPC?

  • A Logs are stored in Cloud Spanner
  • B Logs capture network traffic statistics
  • C Network traffic is blocked
  • D Only HTTP traffic is logged
Explanation VPC Flow Logs provide insights into network traffic, while the other options incorrectly describe its functionality.
Q385

Which service should you use to analyze security logs in Google Cloud?

  • A Cloud Data Loss Prevention
  • B Cloud Logging
  • C Cloud Monitoring
  • D Cloud Storage
Explanation Cloud Logging allows analysis of security logs; the others do not primarily focus on log analysis.
Q386

A company needs to run a security scan on their VM instances. What should they implement?

  • A Identity-Aware Proxy
  • B System Event Monitoring
  • C Container Analysis
  • D Cloud Security Command Center
Explanation Cloud Security Command Center checks vulnerabilities in VM instances, while others are not specifically for this purpose.
Q387

You are configuring an IAM policy. What happens when you add a deny rule for a user who has been granted multiple roles?

  • A User retains access to all roles
  • B User loses access to only one role
  • C User loses access based on deny rule
  • D User gains access to denied resources
Explanation Deny rules override any allow permissions, causing access loss due to the deny rule.
Q388

Which GCP service provides DDoS protection?

  • A Cloud Armor
  • B Cloud Scheduler
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Armor offers DDoS protection whereas the others do not serve this purpose.
Q389

A company needs to monitor API usage across projects, which service should they use?

  • A Cloud Logging
  • B Cloud Trace
  • C Cloud Monitoring
  • D Cloud Functions
Explanation Cloud Monitoring provides insights on API usage across projects; the others are not focused on cross-project monitoring.
Q390

What happens when you configure a service account with minimal permissions?

  • A It cannot access any resources.
  • B It can access all resources.
  • C It can access only specific resources.
  • D It can access billing information only.
Explanation Minimal permissions allow access to only specific resources based on assigned roles; the other options imply incorrect scopes of access.