Google Cloud
Google Cloud Certified – Professional Security Operations Engineer
PR000330
Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.
486 questions
0 views
Free
Questions 481–486 of 486
A company needs to ensure secure access to its Cloud Console. Which Google Cloud service would provide identity verification?
-
A
Identity-Aware Proxy
-
B
BigQuery
-
C
Cloud Storage
-
D
Pub/Sub
Explanation
Identity-Aware Proxy controls access securely, while others do not focus on identity verification.
What happens when a service account key is deleted in Google Cloud?
-
A
Service continues to function.
-
B
Access is immediately revoked.
-
C
All data is lost.
-
D
The key is temporarily suspended.
Explanation
Deleting a key revokes access immediately, ensuring enhanced security.
You are configuring firewall rules on Google Cloud. Which rule will block all incoming traffic?
-
A
Allow all ingress
-
B
Deny all ingress
-
C
Allow specified IP only
-
D
Allow HTTP traffic only
Explanation
Deny all ingress will explicitly block incoming traffic, whereas other options permit access in some form.
Which service helps secure Google Cloud VM instances?
-
A
Cloud Armor
-
B
Identity-Aware Proxy
-
C
Cloud Security Scanner
-
D
VPC Service Controls
Explanation
Cloud Security Scanner identifies vulnerabilities.
A company needs to monitor network traffic securely. Which GCP service should they use?
-
A
Cloud Pub/Sub
-
B
VPC Flow Logs
-
C
Cloud Functions
-
D
Google Cloud Storage
Explanation
VPC Flow Logs allow for secure traffic monitoring.
You are configuring IAM roles for a project. What happens when a user has multiple roles assigned?
-
A
Latest role takes precedence.
-
B
Roles combined for permissions.
-
C
Access denied for all roles.
-
D
Only one role effective per action.
Explanation
Permissions are combined for all assigned roles.