Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 471–480 of 486

Q471

You are configuring a firewall rule. What happens when you set the priority to 65500?

  • A It is the highest priority rule
  • B It is ignored due to low priority
  • C It affects all traffic rules
  • D It allows all traffic unrestricted
Explanation Priority values range from 0 to 65535; 65500 is ignored.
Q472

Which service is used for managing identities in GCP?

  • A Cloud Identity
  • B Cloud Functions
  • C Cloud Storage
  • D Cloud SQL
Explanation Cloud Identity is specifically designed for managing identities, while the others serve different functions.
Q473

A company needs to automate the response to security incidents. What GCP service would best fit this requirement?

  • A Cloud Monitoring
  • B Cloud Functions
  • C Cloud Armor
  • D Cloud Pub/Sub
Explanation Cloud Functions can automate incident response through event-driven execution, while the others do not primarily serve automation purposes.
Q474

What happens when IAM permissions are set at the organization level?

  • A Overrides all lower levels
  • B Only affects billing permissions
  • C Cannot be changed afterward
  • D Allows inheritance to lower levels
Explanation IAM permissions set at the organization level allow inheritance to lower levels, whereas the other options do not accurately describe IAM behavior.
Q475

A company needs to securely share data across multiple projects in Google Cloud. Which service should they use?

  • A Cloud Storage buckets
  • B BigQuery datasets
  • C Data Catalog
  • D Cloud Pub/Sub
Explanation Cloud Storage buckets support data sharing across projects securely; BigQuery datasets are for analytics, Data Catalog is for metadata, and Cloud Pub/Sub is for messaging.
Q476

You are configuring a firewall rule for an application running on Google Kubernetes Engine. What happens when you apply a rule allowing ingress only from 10.128.0.0/20?

  • A Blocks all internal traffic
  • B Allows traffic from the entire region
  • C Permits traffic only from specified subnet
  • D Excludes specific IPs from access
Explanation The rule permits traffic only from the specified subnet 10.128.0.0/20; the others do not meet the specified criteria.
Q477

What should you do during a security incident response to maintain the chain of custody?

  • A Inform all team members immediately
  • B Document actions and preserve evidence
  • C Delete logs to reduce noise
  • D Change permissions post-incident
Explanation Documenting actions and preserving evidence is crucial for maintaining chain of custody; the other options jeopardize evidence integrity or do not follow best practices.
Q478

Which service can be used for monitoring audit logs in Google Cloud?

  • A Cloud Audit Logs
  • B Stackdriver Monitoring
  • C Cloud Function
  • D Cloud Trace
Explanation Cloud Audit Logs specifically tracks account activity and system events, while other options serve different monitoring functions.
Q479

A company needs to provide temporary elevated access rights to developers for a specific project. What should they use?

  • A Cloud IAM service accounts
  • B Preemptible VM instances
  • C Custom IAM roles
  • D Service account keys
Explanation Custom IAM roles can grant temporary elevated access tailored to project needs, while the other options do not provide the same flexibility.
Q480

What happens when a public bucket is misconfigured in GCS?

  • A Data can become unrecoverable
  • B Bucket becomes private automatically
  • C Data availability increases
  • D Public access can expose data
Explanation Misconfiguration allows public access, potentially exposing sensitive data, while other options incorrectly describe outcomes of misconfiguration.