Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 71–80 of 486

Q71

A company needs to restrict which users can act on IAM roles. What feature should they implement?

  • A Resource Policies
  • B VPC Service Controls
  • C IAM Conditions
  • D Service Account Keys
Explanation IAM Conditions allow for role-based access based on specific conditions, others don't control user roles directly.
Q72

What happens when a Google Cloud project is deleted?

  • A All resources are permanently lost
  • B Resources are migrated to another project
  • C Billing continues until manually stopped
  • D The project can be restored anytime
Explanation Deletion results in permanent loss of resources, while others depict incorrect outcomes.
Q73

Which Google Cloud service manages containerized applications?

  • A Google Kubernetes Engine
  • B Cloud Functions
  • C App Engine
  • D Cloud Build
Explanation Google Kubernetes Engine specifically orchestrates containers, while the others serve different purposes.
Q74

A company needs to control access based on the user’s role. Which GCP feature should they implement?

  • A IAM roles
  • B Service Accounts
  • C Firewall Rules
  • D Cloud Audit Logs
Explanation IAM roles provide granularity in access control, unlike the other options.
Q75

What happens when a Google Cloud region goes down?

  • A All resources are automatically replicated
  • B Only data storage is retained
  • C Services in other regions are unaffected
  • D Inaccessible services may require manual failover
Explanation Manual intervention is often needed for failover; other options don't accurately describe the situation.
Q76

Which Google Cloud service provides identity management for applications?

  • A Cloud Identity
  • B Cloud VPN
  • C Cloud Pub/Sub
  • D Cloud Functions
Explanation Cloud Identity is designed for identity management, while the others serve different functions.
Q77

A company needs to transfer sensitive data securely to Google Cloud. What should they implement?

  • A Public IP transfer
  • B Cloud Storage without encryption
  • C VPN or Interconnect
  • D Unsecured HTTP transfer
Explanation VPN or Interconnect provide secure data transfer, while the other options expose data to risks.
Q78

You are configuring a firewall in Google Cloud. What happens when no rules are applied?

  • A All traffic is allowed
  • B All incoming traffic is denied
  • C Outbound traffic is denied
  • D Traffic rules default to system-wide policy
Explanation By default, no rules means denying all incoming traffic; others suggest incorrect behaviors.
Q79

Which service provides real-time threat detection in GCP?

  • A Cloud Security Command Center
  • B Cloud Audit Logs
  • C Identity-Aware Proxy
  • D Data Loss Prevention API
Explanation Cloud Security Command Center helps detect threats, while other options focus on logging and access control.
Q80

A company needs to restrict access based on user roles. Which GCP feature is most appropriate?

  • A IAM Roles
  • B Service Accounts
  • C Firewall Rules
  • D VPC Peering
Explanation IAM Roles provide precise access control based on user roles, unlike the other options which have different purposes.