Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 431–440 of 486

Q431

A company needs to ensure that its cloud operations comply with PCI DSS. What should they implement?

  • A DDoS protection only
  • B IAM only
  • C Data encryption only
  • D Comprehensive security controls
Explanation Comprehensive security controls are necessary for full PCI DSS compliance, while the others are insufficient.
Q432

What happens when a Google Cloud Storage bucket is configured as publicly accessible?

  • A Only account owners can access it
  • B Anyone can access its data
  • C Data is encrypted automatically
  • D Download limits are imposed
Explanation Public access allows anyone on the internet to access the data, while the other options are incorrect.
Q433

Which Google Cloud service is used for identity management?

  • A Cloud Identity
  • B Cloud Functions
  • C Compute Engine
  • D Cloud Storage
Explanation Cloud Identity is specifically designed for identity management, while the others serve different purposes.
Q434

A company needs to isolate their VMs for security compliance; which tool should they use?

  • A VPC Service Controls
  • B Cloud Armor
  • C Cloud Data Loss Prevention
  • D Cloud Pub/Sub
Explanation VPC Service Controls helps in isolating resources, while others focus on different aspects of security.
Q435

What happens when a Cloud Function exceeds its execution timeout?

  • A Function continues to run until complete
  • B Function is terminated without a response
  • C Function is re-invoked automatically
  • D Function returns an error response
Explanation Cloud Functions are terminated and no response is delivered if the timeout is exceeded, while the others do not reflect this behavior.
Q436

Which service provides automated security and compliance assessments?

  • A Security Health Analytics
  • B Cloud Armor
  • C Identity-Aware Proxy
  • D Cloud Data Loss Prevention
Explanation Security Health Analytics automatically assesses security configurations, while the others focus on different security aspects.
Q437

A company needs to securely share data with external partners without exposing its internal network. Which service should it use?

  • A VPC Peering
  • B Shared VPC
  • C Cloud VPN
  • D Cloud Services Directory
Explanation Cloud VPN allows secure connections over the internet, unlike other options that do not facilitate external sharing securely.
Q438

What happens when an IAM user is granted the 'Allow' permission without a corresponding 'Deny' rule?

  • A Access is automatically granted.
  • B Access is denied by default.
  • C Access is granted with limitations.
  • D Access can be revoked anytime.
Explanation An 'Allow' permission without 'Deny' means access is granted unless restricted by other policies.
Q439

Which service should you use to analyze log data in real-time?

  • A Cloud Logging
  • B Cloud Pub/Sub
  • C Cloud Dataflow
  • D Cloud Spanner
Explanation Cloud Dataflow processes logs in real-time; others do not process streams actively.
Q440

A company needs to rotate its encryption keys regularly. Which Google Cloud service can automate this process?

  • A Cloud Key Management Service
  • B Cloud Identity
  • C Cloud Storage
  • D Cloud Interconnect
Explanation Cloud KMS allows automated key rotation while others serve different purposes.