Google Cloud

Google Cloud Certified – Professional Security Operations Engineer

PR000330

Get certified as a Professional Security Operations Engineer with exam code PR000330 to validate your security operations skills in Google Cloud.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 81–90 of 486

Q81

What happens when two firewall rules conflict with each other for traffic?

  • A Allow rule takes precedence
  • B Deny rule takes precedence
  • C Last created rule wins
  • D Traffic is not affected
Explanation Deny rules always take precedence over allow rules in GCP, ensuring stricter controls.
Q82

Which service enables data classification in Google Cloud?

  • A Data Loss Prevention (DLP)
  • B Cloud Pub/Sub
  • C Cloud Storage
  • D Cloud Functions
Explanation DLP is designed for data classification, while others focus on messaging or storage.
Q83

A company needs to restrict access to its cloud resources based on user roles. Which approach should they use?

  • A Define IAM policies
  • B Use VPC peering
  • C Enable Logging
  • D Set up Cloud Endpoints
Explanation IAM policies allow for role-based access control, whereas others do not manage access directly.
Q84

What happens when you enable 'Cloud Armor' on a Google Cloud application?

  • A Improved load balancing
  • B DDoS event protection
  • C Increased costs
  • D Automatic resource scaling
Explanation Cloud Armor provides DDoS protection; the others do not specify security features.
Q85

Which service allows for real-time threat detection?

  • A Cloud Audit Logging
  • B Cloud Security Command Center
  • C Cloud Armor
  • D Cloud Identity
Explanation Cloud Security Command Center helps identify security issues, while others serve different purposes.
Q86

A company needs to securely store API keys. What is the best practice?

  • A Store in source code
  • B Use Secret Manager
  • C Use environment variables
  • D Store in text files
Explanation Secret Manager encrypts and securely stores sensitive data compared to other methods listed.
Q87

What happens when you enable VPC Service Controls?

  • A Reduces latency for services
  • B Blocks all external API calls
  • C Enhances data security boundaries
  • D Automatically encrypts data
Explanation VPC Service Controls help secure services by enabling defined security perimeters, unlike other options which misrepresent its functionality.
Q88

Which service can be used to monitor threats in Google Cloud?

  • A Cloud Security Command Center
  • B Cloud Pub/Sub
  • C Cloud Functions
  • D Cloud Storage
Explanation Cloud Security Command Center provides threat monitoring, while others serve different functions.
Q89

A company needs to ensure compliance with GDPR regulations. Which service should they use to manage access to sensitive data?

  • A Cloud IAM
  • B Cloud Load Balancing
  • C Cloud Scheduler
  • D Cloud Run
Explanation Cloud IAM manages access permissions, ensuring compliance, while the others are unrelated to access management.
Q90

What happens when you disable a Firewall Rule in Google Cloud?

  • A All traffic is automatically denied
  • B Associated resources become unreachable
  • C Traffic matching the rule is allowed
  • D The rule is permanently deleted
Explanation Disabling the rule allows matching traffic, while the others misinterpret the functionality of firewall rules.