Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 411–420 of 486

Q411

What happens when a user is granted the 'roles/storage.objectViewer' role on a Cloud Storage bucket?

  • A Can delete objects in the bucket
  • B Can view objects but not edit
  • C Can upload files to the bucket
  • D Can change bucket settings
Explanation 'roles/storage.objectViewer' allows viewing but not editing or modifying, while others indicate incorrect permissions.
Q412

Which service provides DDoS protection in GCP?

  • A Cloud Armor
  • B Cloud Storage
  • C Stackdriver Monitoring
  • D Cloud Functions
Explanation Cloud Armor protects applications from DDoS attacks, while other options do not provide DDoS protection.
Q413

A company needs to audit IAM permissions. What should they use?

  • A IAM Policy Simulator
  • B GCP Logging
  • C Cloud Shell
  • D Stackdriver Trace
Explanation The IAM Policy Simulator helps audit permissions effectively, while the others serve different purposes.
Q414

What happens when you disable a Google Cloud project?

  • A All resources are deleted immediately
  • B Billing is suspended but data remains
  • C Resources still operate normally
  • D Service accounts are deleted automatically
Explanation Disabling a project suspends billing but retains data; others misinterpret project disabling effects.
Q415

You are configuring IAM policies for a GCP project. What happens if you grant the 'roles/viewer' role to a user?

  • A User can only view resources.
  • B User can modify resources.
  • C User can deploy new services.
  • D User can delete existing resources.
Explanation 'roles/viewer' allows users to view resources, but not modify or delete them; other options grant incorrect permissions.
Q416

A company needs to maintain sensitive data integrity in Google Cloud. Which service is best for data encryption at rest?

  • A Google BigQuery
  • B Cloud Key Management
  • C Cloud Storage
  • D Cloud Pub/Sub
Explanation Cloud Key Management facilitates managing encryption keys for secured data, while others focus on data handling, not encryption.
Q417

What is a consequence of configuring a Google Cloud VPC with Shared VPC using an unauthorized subnet?

  • A Traffic will be automatically routed.
  • B Users will lose all network access.
  • C Resources cannot communicate properly.
  • D Shared VPC will function normally.
Explanation Using an unauthorized subnet leads to incorrect routing, hindering resource communication; options A and D misrepresent functionality, while B overstates impact.
Q418

Which service helps manage secrets in Google Cloud?

  • A Secret Manager
  • B Cloud Storage
  • C Cloud SQL
  • D Data Loss Prevention
Explanation Secret Manager securely stores and manages sensitive information, unlike the other options which serve different purposes.
Q419

A company needs to enforce IAM policies for multiple projects efficiently. What should they use?

  • A Resource Manager
  • B Service Accounts
  • C Org Policies
  • D Cloud Functions
Explanation Org Policies enable consistent IAM policy enforcement across projects, while the others do not fulfill this requirement.
Q420

You are configuring VPC firewall rules. What happens when you assign a rule with a priority number that is lower than an existing rule?

  • A The new rule is ignored
  • B The new rule supersedes the existing
  • C Both rules are effective simultaneously
  • D The new rule will never activate
Explanation Firewall rules are processed in order of priority, so a lower number rule takes precedence over higher number rules.