Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 421–430 of 486

Q421

Which service is best for monitoring Google Cloud resources?

  • A Cloud Monitoring
  • B Cloud Storage
  • C Cloud SQL
  • D Cloud Functions
Explanation Cloud Monitoring provides insights on resource performance, while others focus on storage or data processing.
Q422

A company needs to restrict access to its BigQuery datasets based on user attributes. Which Google Cloud service should they use?

  • A IAM
  • B Cloud Functions
  • C DLP
  • D VPC
Explanation IAM policies can enforce fine-grained access control based on attributes, unlike the other options.
Q423

What happens when you set a Cloud Firewall Rule to deny all traffic?

  • A Allow all traffic except specified
  • B Allow no traffic at all
  • C Only block internal traffic
  • D Apply to all service accounts
Explanation Denying all traffic blocks all incoming and outgoing requests, not just specific ones.
Q424

Which Google Cloud service is best for security identity management?

  • A Identity and Access Management (IAM)
  • B Cloud Storage
  • C Compute Engine
  • D BigQuery
Explanation IAM is specifically designed for identity management, while others serve different purposes.
Q425

A company needs to limit network traffic to its instance. What should they implement?

  • A Firewall rules
  • B Load balancers
  • C VPN connections
  • D Cloud CDN
Explanation Firewall rules control inbound and outbound traffic; others do not provide this specific functionality.
Q426

You are configuring audit logs for a GCP project. What happens when you set logs to a lower severity?

  • A Irrelevant logs are omitted
  • B More detailed logs are captured
  • C Less detailed logs are stored
  • D All logs are collected regardless
Explanation Lower severity means capturing lesser details; higher severity would increase detail, not decrease.
Q427

Which service is used for managing encryption keys on Google Cloud?

  • A Cloud Key Management Service
  • B Cloud Storage
  • C Cloud Pub/Sub
  • D Cloud Audit Logs
Explanation Cloud Key Management Service securely manages encryption keys, while others serve different functions.
Q428

A company needs to ensure only specific users can access sensitive Cloud Firestore documents. What should they implement?

  • A IAM Roles
  • B Firestore Security Rules
  • C VPC Service Controls
  • D Private Service Connect
Explanation Firestore Security Rules are designed for document-level access control, unlike IAM, VPC, or Private Service Connect which serve different purposes.
Q429

You are configuring VPC Service Controls for a project. What happens if you create a perimeter but don't include a service in it?

  • A Traffic is fully restricted for that service
  • B Service is limited to audit logging
  • C Service is unrestricted for all projects
  • D Traffic is allowed if it's internal
Explanation Services not in the perimeter remain unrestricted, contrary to the restrictions of perimeter services.
Q430

Which service provides centralized configuration management for Google Cloud resources?

  • A Google Cloud Config
  • B Google Cloud Lifecycle Policy
  • C Google Cloud Asset Inventory
  • D Google Configuration Management
Explanation Google Cloud Asset Inventory allows centralized management of configurations, while the others do not serve this function.