Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 61–70 of 486

Q61

Which service helps in automating security policy enforcement?

  • A Google Security Command Center
  • B Cloud Identity
  • C VPC Network Peering
  • D Google Kubernetes Engine
Explanation Google Security Command Center automates security policies, while others focus on different functionalities.
Q62

A company needs to secure sensitive data in transit. Which option ensures data protection?

  • A Using plain HTTP
  • B Implementing TLS encryption
  • C Disabling firewall rules
  • D Storing in local disk only
Explanation Implementing TLS encryption secures data in transit; other options compromise data security.
Q63

What happens when a known vulnerability is detected in a Cloud VM instance?

  • A VM instance is deleted automatically
  • B Alert is triggered for investigation
  • C No action is taken
  • D VM is rebooted without notification
Explanation An alert is triggered to manage the threat; the other options do not align with best practices.
Q64

Which service provides DDoS protection in Google Cloud?

  • A Google Cloud Armor
  • B Cloud CDN
  • C Identity-Aware Proxy
  • D Cloud Monitoring
Explanation Google Cloud Armor offers DDoS protections, unlike the other services.
Q65

A company needs to automatically rotate its database credentials. Which Google Cloud service should they use?

  • A Secret Manager
  • B Cloud SQL
  • C Cloud Storage
  • D App Engine
Explanation Secret Manager automates credential rotation, while others do not focus on credentials management.
Q66

You are configuring IAM policies and notice a conflict. What happens when one policy denies access and another allows it?

  • A Access is allowed
  • B Access is denied
  • C Depends on resource above policy
  • D Access logs are generated
Explanation Denying policies always take precedence over allowing ones.
Q67

Which service can automate incident responses in GCP?

  • A Cloud Functions
  • B Cloud Run
  • C Cloud Logging
  • D Event Threat Detection
Explanation Event Threat Detection automates responses to incidents, while others do not specialize in automatic incident management.
Q68

A company needs to control access to specific Google Cloud resources based on conditions. Which tool should they use?

  • A IAM Policies
  • B VPC Service Controls
  • C Cloud Identity
  • D Context-aware access
Explanation Context-aware access allows conditional access based on identity and context, unlike the other options.
Q69

What happens when a GCP resource's IAM policy is set to 'Public'?

  • A Only project owners can access.
  • B Everyone has access to it.
  • C Access is limited to services.
  • D Access is denied to all.
Explanation 'Public' means unrestricted access to everyone, incompatible with the other access configurations.
Q70

Which service provides real-time security monitoring in GCP?

  • A Cloud Armor
  • B Cloud Security Command Center
  • C Cloud Identity
  • D Cloud Firestore
Explanation Cloud Security Command Center offers real-time insights, while others focus on different functionalities.