Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 401–410 of 486

Q401

A company needs to ensure their VM instances are only accessible from specific IP ranges. What should they implement?

  • A Firewall rules
  • B VPC peering
  • C Load balancers
  • D IAM roles
Explanation Firewall rules specifically control network access based on IPs, while others manage resources or permissions.
Q402

What happens when you enable VPC Flow Logs for a GCP network?

  • A Traffic is blocked
  • B Traffic is not logged
  • C Network traffic is logged
  • D Security policies are enforced
Explanation Enabling VPC Flow Logs logs network traffic information, while the other options inaccurately describe its functionality.
Q403

Which Google Cloud service enables real-time data processing?

  • A Cloud Pub/Sub
  • B Cloud Storage
  • C Cloud SQL
  • D Cloud Functions
Explanation Cloud Pub/Sub is designed for real-time messaging and data streaming; other options lack this functionality.
Q404

A company needs to enforce user-specific permissions on its Google Cloud resources. Which management technique should it use?

  • A Organization Policies
  • B IAM Roles
  • C Service Accounts
  • D Firewall Rules
Explanation IAM Roles allow detailed user-specific access control; other options do not provide granular permission management.
Q405

What happens when you apply a deny rule in Identity-Aware Proxy?

  • A Access is granted for all users
  • B Access is denied for specified users
  • C Users are prompted for MFA
  • D Policies are ignored completely
Explanation Deny rules specifically block access for identified users; other options do not reflect the rule's purpose.
Q406

Which service provides threat detection for GCP resources?

  • A Cloud Security Command Center
  • B Identity Access Management
  • C VPC Service Controls
  • D Cloud Functions
Explanation Cloud Security Command Center proactively identifies vulnerabilities, while others focus on different aspects of security.
Q407

A company needs to enable logging for all interactions with their Cloud Storage buckets. What should they configure?

  • A Audit Logging
  • B Stackdriver Monitoring
  • C Cloud Functions
  • D BigQuery
Explanation Audit Logging specifically records metadata about operations, while others do not focus on logging interactions.
Q408

What happens when you disable a service account in GCP?

  • A All associated IAM roles are revoked
  • B Access tokens are still valid
  • C The account can still be used
  • D No new tokens can be issued
Explanation Disabling prevents new access tokens from being issued, while other options misrepresent the impact on roles or access.
Q409

What is the primary function of Google Cloud Armor?

  • A DDoS protection and web defense
  • B Database management solution
  • C Network load balancing
  • D Identity management service
Explanation Google Cloud Armor is designed for DDoS protection and web application defense, while others serve different functions.
Q410

A company needs to securely store sensitive data while enabling controlled access. Which Google Cloud feature should they utilize?

  • A Google Cloud Storage Encryption
  • B Google Cloud Pub/Sub
  • C Firewall Rules
  • D Cloud Functions
Explanation Google Cloud Storage Encryption provides security for data at rest and access control, while other options do not specifically relate to secure data storage.