Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 391–400 of 486

Q391

Which service provides DDoS protection for GCP?

  • A Google Cloud Armor
  • B Cloud Functions
  • C Cloud CDN
  • D Cloud Pub/Sub
Explanation Google Cloud Armor offers DDoS protection, while others do not specialize in this area.
Q392

A company needs to detect anomalies in user behavior quickly. Which GCP service should they use?

  • A Cloud Logging
  • B Cloud Security Command Center
  • C BigQuery ML
  • D Cloud Monitoring
Explanation Cloud Security Command Center can analyze security patterns, unlike the other services that focus on different aspects.
Q393

What happens when you assign multiple IAM roles to a single user?

  • A User can exceed permissions
  • B User shares permissions among roles
  • C User gets highest priority role
  • D User combines all permissions
Explanation When multiple IAM roles are assigned, the user combines all granted permissions from the roles.
Q394

Which service provides automated DDoS attack mitigation?

  • A Cloud Armor
  • B Cloud CDN
  • C Cloud Functions
  • D Cloud Pub/Sub
Explanation Cloud Armor is specifically designed to mitigate DDoS attacks, while other services do not focus on DDoS protection.
Q395

A company needs to monitor and respond to security alerts in real time. What should they use?

  • A Cloud Functions
  • B Cloud Monitoring
  • C Chronicle
  • D Cloud Logging
Explanation Chronicle is designed for security event analysis and response, unlike the other options which serve different purposes.
Q396

You are configuring Identity and Access Management for multiple projects. What is a recommended practice?

  • A Use project-level permissions for all users
  • B Implement IAM policies at the organization level
  • C Assign roles primarily at the folder level
  • D Disable IAM for sensitive projects
Explanation Implementing IAM policies at the organization level streamlines access management across projects, whereas other options either limit accessibility or are insecure.
Q397

Which Google Cloud service provides a managed Kubernetes environment?

  • A Google Kubernetes Engine
  • B Google Compute Engine
  • C App Engine
  • D Cloud Functions
Explanation Google Kubernetes Engine (GKE) manages Kubernetes clusters; other options do not target Kubernetes specifically.
Q398

A company needs to ensure that only specific users have access to certain APIs in a project. What should they implement?

  • A IAM roles and permissions
  • B VPC Service Controls
  • C Secret Manager
  • D Cloud IAM Policies
Explanation IAM roles and permissions manage user access; VPC Service Controls are for data privacy, not specific user APIs.
Q399

You are configuring a Google Cloud Function to handle 100 concurrent requests. What happens if a 101st request comes in?

  • A Request fails immediately
  • B The request is queued
  • C New instance launches automatically
  • D Requests time out immediately
Explanation Cloud Functions autoscale to handle additional requests beyond the limit by launching new instances; others describe incorrect behavior.
Q400

Which service helps monitor and enforce security policies in GCP?

  • A Google Cloud Armor
  • B Cloud Security Scanner
  • C Security Command Center
  • D Data Loss Prevention
Explanation Security Command Center provides insights into security posture while the others focus on specific aspects.