You are configuring IAM roles. What happens if a user has both roles that grant and deny permissions?
ADeny permissions take precedence
BPermit permissions take precedence
CPermissions are combined
DUser is locked out entirely
Explanation
In IAM, deny permissions always take precedence over allow permissions; the other options misrepresent IAM behavior.
Q52
Which service would you use for real-time threat detection?
ACloud Security Command Center
BCloud Pub/Sub
CCloud SQL
DCloud Storage
Explanation
Cloud Security Command Center analyzes security risks; others do not focus on threat detection.
Q53
A company needs to control access to its GCP resources using attributes like department and project. What should they use?
ACloud IAM Policies
BService Accounts
CResource Tags
DFirewall Rules
Explanation
Cloud IAM Policies allow attribute-based access control; others cannot provide this functionality.
Q54
You are configuring a data encryption key management solution. What happens if you lose access to the Cloud Key Management Service (KMS) keys?
AData is irretrievable
BData is decrypted automatically
CKeys can be restored easily
DData can still be accessed
Explanation
Losing KMS keys means data is irretrievable; no alternative access exists.
Q55
Which service provides threat detection and alerts for GCP resources?
ACloud Security Command Center
BCloud Monitoring
CIAM Roles Manager
DVPC Service Controls
Explanation
Cloud Security Command Center offers threat detection, while others do not focus on security alerts.
Q56
A company needs to enforce security policies on its GCP projects. What should they use?
AOrganization Policies
BCloud Armor
CVPC Flow Logs
DCloud Functions
Explanation
Organization Policies allow the enforcement of security policies across projects.
Q57
You are configuring a Pub/Sub topic with two subscribers. What happens if one subscriber fails to acknowledge a message?
AThe message is lost permanently.
BThe message is sent to the Dead Letter Queue.
CThe message becomes available for redelivery.
DThe system disconnects that subscriber.
Explanation
Unacknowledged messages are available for redelivery after a configured timeout.
Q58
A company needs to manage Google Cloud IAM roles across multiple projects. Which service should they use?
AOrganization Policy
BCloud Identity
CResource Manager
DCloud Functions
Explanation
Resource Manager allows you to define IAM policies at the organization or project level, making it easier to manage roles across projects. Organization Policy is more focused on resource constraints, and Cloud Identity relates to user management, while Cloud Functions does not pertain to IAM.
Q59
You are configuring VPC Service Controls for a Google Cloud project. What is their primary purpose?
ALimit outgoing traffic from VM instances
BContain sensitive data within a perimeter
CImprove network performance
DEnforce IAM roles for users
Explanation
VPC Service Controls are used to create security perimeters around Google Cloud resources to help contain sensitive data and prevent data exfiltration. The other options focus on different aspects of cloud security or performance.
Q60
What happens when a Cloud Function exceeds its memory limit?
AFunction execution continues normally
BFunction is terminated prematurely
CFunction is redeployed automatically
DFunction scales up memory automatically
Explanation
If a Cloud Function exceeds its memory limit, it is terminated prematurely and fails to complete. The other options incorrectly suggest that execution or scaling occurs despite the limit.