Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 461–470 of 486

Q461

A company needs to restrict access to a BigQuery dataset based on user attributes. Which feature should they implement?

  • A DML Statements
  • B Attribute-Based Access Control (ABAC)
  • C Service Accounts
  • D VPC Service Controls
Explanation Attribute-Based Access Control allows access restrictions based on user attributes, unlike the others.
Q462

You are configuring a firewall rule that denies traffic from specific IP addresses. What happens when this rule is applied?

  • A Other rules are ignored
  • B Only outgoing traffic is denied
  • C Incidental traffic is still allowed
  • D Traffic matching allowed rules is accepted
Explanation Firewall rules operate in a deny-all-except pattern; allowed traffic prevails unless blocked by a match.
Q463

Which service provides real-time notification of security incidents?

  • A Cloud Audit Logs
  • B Cloud Pub/Sub
  • C Cloud Monitoring
  • D Cloud Security Command Center
Explanation Cloud Security Command Center provides comprehensive visibility and real-time notifications for security incidents; the others do not focus primarily on real-time security notifications.
Q464

A company needs to enforce DLP policies on sensitive data stored in GCP. Which feature is most appropriate?

  • A IAM Policies
  • B Cloud Data Loss Prevention
  • C VPC Service Controls
  • D Cloud Identity-Aware Proxy
Explanation Cloud Data Loss Prevention (DLP) is specifically designed to discover and protect sensitive data, while others do not directly provide DLP functionalities.
Q465

You are configuring a firewall rule to allow traffic. What happens if the source IP range is set to `0.0.0.0/0`?

  • A Only local traffic is allowed.
  • B Only specific IPs are blocked.
  • C Traffic from anywhere is allowed.
  • D No traffic is allowed.
Explanation `0.0.0.0/0` allows traffic from anywhere, making it a broad permission; the other options falsely restrict or corrupt the definition of the CIDR notation.
Q466

Which service would you use for managing infrastructure as code in Google Cloud?

  • A Cloud Deployment Manager
  • B Cloud Functions
  • C Cloud Monitoring
  • D Cloud Pub/Sub
Explanation Cloud Deployment Manager allows for infrastructure as code, while other options serve different purposes.
Q467

A company needs to securely store and manage its encryption keys. Which Google Cloud service should they utilize?

  • A Cloud Storage
  • B Cloud Key Management Service
  • C Cloud SQL
  • D Cloud Spanner
Explanation Cloud Key Management Service is specifically designed for managing encryption keys safely, whereas the others do not focus on key management.
Q468

You are configuring IAM roles for a new project. What happens if a user is granted the viewer role but later added to a group with the editor role?

  • A User only has viewer access
  • B User has both viewer and editor access
  • C User loses all permissions
  • D User can only edit, not view
Explanation IAM roles are additive, so the user retains both roles; others will not provide appropriate access levels or effects.
Q469

Which service provides identity and access management in Google Cloud?

  • A Google IAM
  • B Google Cloud Functions
  • C Google Cloud Storage
  • D Google Pub/Sub
Explanation Google IAM is specifically designed for identity management, while the others serve different purposes.
Q470

A company needs to ensure minimum downtime during a scheduled maintenance. What approach should they take?

  • A Use Load Balancing
  • B Implement Multi-Region deployment
  • C Shut down all instances during maintenance
  • D Scale to zero before maintenance
Explanation Multi-Region deployment enhances availability, whereas the others increase downtime.