Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 31–40 of 486

Q31

Which service provides data encryption at rest by default?

  • A Cloud Storage
  • B Compute Engine
  • C BigQuery
  • D Cloud Functions
Explanation Cloud Storage automatically encrypts data at rest, while other options may not do so by default.
Q32

A company needs to detect and respond to security incidents in real-time. Which tool is best suited for this job?

  • A Cloud Audit Logs
  • B Google Cloud Armor
  • C Security Command Center
  • D Cloud DLP
Explanation Security Command Center provides real-time security monitoring, unlike the other services listed.
Q33

What happens when you set a VM instance to preemptible?

  • A It always runs at reduced cost.
  • B It can be stopped anytime.
  • C It is never restarted after termination.
  • D It provides high availability guarantees.
Explanation Preemptible VMs can be stopped at any time, while the other options are misleading regarding availability and cost.
Q34

Which service allows you to manage Google Cloud IAM policies programmatically?

  • A Cloud Resource Manager
  • B Identity-Aware Proxy
  • C Cloud Functions
  • D BigQuery
Explanation Cloud Resource Manager enables programmatic management of IAM policies; the other options do not directly manage IAM.
Q35

A company needs to encrypt data at rest in Google Cloud Storage. Which tool should they use?

  • A Cloud KMS
  • B Data Loss Prevention
  • C Cloud Pub/Sub
  • D Cloud SQL
Explanation Cloud KMS provides encryption for data at rest; the other options do not focus on encryption.
Q36

What happens when you apply a firewall rule to allow traffic from a specific IP range?

  • A All traffic is blocked.
  • B Only that IP range is allowed.
  • C Traffic is inadvertently doubled.
  • D Only traffic from another region is allowed.
Explanation Allowing traffic from a specific IP range permits only that traffic, while other options misrepresent firewall function.
Q37

Which tool can help in detecting vulnerabilities in Google Cloud environments?

  • A Cloud Armor
  • B Cloud Security Scanner
  • C Stackdriver Monitoring
  • D VPC Service Controls
Explanation Cloud Security Scanner is designed for vulnerability detection, while others serve different purposes.
Q38

You are configuring a service account for limited access. What role should you assign?

  • A Owner
  • B Viewer
  • C Custom Role
  • D Editor
Explanation A custom role allows precise permission controls, unlike predefined roles.
Q39

What happens when you enable Cloud Armor for a web application?

  • A All traffic is blocked.
  • B Only authorized traffic is allowed.
  • C Traffic is monitored without effects.
  • D Protection against DDoS attacks is added.
Explanation Cloud Armor primarily provides DDoS protection and application security features.
Q40

Which service is best for real-time incident response in Google Cloud?

  • A Security Command Center
  • B Google Cloud Armor
  • C Cloud Functions
  • D BigQuery
Explanation Security Command Center offers real-time security insights, while the others serve different purposes.