Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 41–50 of 486

Q41

A company needs to ensure that only specific users can access its Google Cloud resources based on their role. Which Google Cloud service should they configure?

  • A Google Kubernetes Engine
  • B Cloud Identity and Access Management (IAM)
  • C Cloud Audit Logs
  • D Cloud Storage
Explanation IAM is specifically designed to manage access based on roles.
Q42

What happens when you enable VPC Service Controls on a Google Cloud project?

  • A Increased public accessibility
  • B Vendor lock-in increases
  • C Data exfiltration risk reduces
  • D Billing rates change
Explanation VPC Service Controls help mitigate data exfiltration risks by enforcing security perimeters.
Q43

Which Google Cloud service allows you to analyze big data using SQL-like queries?

  • A BigQuery
  • B Cloud Spanner
  • C Cloud Datastore
  • D Cloud Pub/Sub
Explanation BigQuery is specifically designed for data analysis using SQL-like syntax, while the others serve different purposes.
Q44

A company needs to establish its own custom security policies for resources in Google Cloud. Which service should they use?

  • A Cloud Identity
  • B Organization Policy Service
  • C Cloud Functions
  • D Cloud Resource Manager
Explanation The Organization Policy Service allows custom security policies across resources, unlike the others.
Q45

What happens when you incorrectly configure VPC firewall rules and deny ingress traffic?

  • A All outbound traffic is blocked
  • B Access to external systems is blocked
  • C Internal communication fails only
  • D No impact on network policies
Explanation Denying ingress traffic can block access from outside the VPC, impacting external communications.
Q46

Which service helps analyze logs in Google Cloud?

  • A Cloud Logging
  • B Cloud Storage
  • C Cloud Monitoring
  • D Cloud Functions
Explanation Cloud Logging is specifically designed to analyze and store logs, while others serve different purposes.
Q47

A company needs to deploy a VM that complies with compliance standards; which Google Cloud service should it use?

  • A Compute Engine
  • B App Engine
  • C Cloud Run
  • D Kubernetes Engine
Explanation Kubernetes Engine supports compliance-oriented workloads efficiently, unlike others which have different use-cases.
Q48

What happens when you enable VPC Flow Logs for a network in GCP?

  • A All instances receive more bandwidth
  • B Traffic patterns are logged
  • C Security is automatically enhanced
  • D Costs are halved for egress traffic
Explanation VPC Flow Logs captures and logs information about virtual network traffic, while other options are misleading.
Q49

Which service provides native DDoS protection for Google Cloud users?

  • A Cloud Armor
  • B Cloud CDN
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Armor is designed specifically to protect against DDoS attacks; the others do not offer dedicated DDoS protection.
Q50

A company needs to store logs for compliance purposes. What should they enable?

  • A Audit Logs
  • B VPC Flow Logs
  • C Stackdriver Monitoring
  • D Instance Logs
Explanation Audit Logs are specifically designed to capture compliance-related activities; the others serve different monitoring purposes.