Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 441–450 of 486

Q441

You are configuring IAM roles for a virtual machine. What happens when you assign roles at the project level?

  • A Only the VM has those roles
  • B All resources inherit those roles
  • C Roles are ignored by other services
  • D Roles apply only to Compute Engine
Explanation Project-level roles grant permissions to all resources within it, unlike the other options.
Q442

Which Google Cloud service can provide continuous security monitoring?

  • A Cloud Audit Logs
  • B Cloud Security Command Center
  • C Identity-Aware Proxy
  • D Data Loss Prevention API
Explanation Cloud Security Command Center offers real-time visibility for security monitoring, while others focus on specific functions.
Q443

A company needs to secure sensitive information in Cloud Storage. What should they use?

  • A IAM Policies
  • B Bucket Labels
  • C Object Versioning
  • D Customer-Supplied Encryption Keys
Explanation Customer-Supplied Encryption Keys provide a means to control encryption, while the others do not secure data directly.
Q444

You are configuring Cloud Pub/Sub. What happens when a message is acknowledged?

  • A The message is deleted.
  • B The message is re-delivered.
  • C The message is archived.
  • D The message is sent to a backlog.
Explanation Acknowledged messages are effectively deleted, while others describe actions after read.
Q445

Which service is best for centralized logging in GCP?

  • A Cloud Logging
  • B Cloud Pub/Sub
  • C Cloud Storage
  • D Firebase Hosting
Explanation Cloud Logging aggregates logs from various GCP services, while the others do not specialize in centralized logging.
Q446

A company needs to prevent any external access to their Virtual Private Cloud (VPC). What should they implement?

  • A Public IP addresses for all instances
  • B Firewall rules allowing all traffic
  • C Private Google Access
  • D VPC Service Controls
Explanation VPC Service Controls restrict data exfiltration, unlike the other options which are less secure.
Q447

You are configuring IAM roles and need a role that allows users to create and manage Cloud Functions but not access their source code. Which role would you choose?

  • A Cloud Functions Admin
  • B Functions Developer
  • C Viewer
  • D Custom IAM Role
Explanation The Functions Developer role meets the criteria, while the Admin role includes source code access.
Q448

Which service provides real-time threat detection on GCP?

  • A Cloud Security Command Center
  • B Cloud Functions
  • C Cloud Storage
  • D BigQuery
Explanation Cloud Security Command Center detects threats actively, while others do not focus on threat detection.
Q449

A company needs to encrypt data at rest across all storage solutions. Which approach is most effective?

  • A Use tools to encrypt data manually
  • B Enable default encryption in storage settings
  • C Encrypt only sensitive files
  • D Use external encryption services only
Explanation Enabling default encryption ensures all data is always encrypted, while other options require extra steps or don't provide comprehensive coverage.
Q450

You are configuring access rights for a service account. What happens if the account has 'roles/editor' permission?

  • A Can read and write all resources
  • B Can only read resources
  • C Can only delete resources
  • D No permissions granted
Explanation 'roles/editor' permissions allow complete control over resources, unlike the other options, which restrict actions.