Online Professional-Cloud-Security-Engineer Practice TestMore Google Products >

Free Google Professional-Cloud-Security-Engineer Exam Dumps Questions

Google Professional-Cloud-Security-Engineer: Google Cloud Certified - Professional Cloud Security Engineer

- Get instant access to Professional-Cloud-Security-Engineer practice exam questions

- Get ready to pass the Google Cloud Certified - Professional Cloud Security Engineer exam right now using our Google Professional-Cloud-Security-Engineer exam package, which includes Google Professional-Cloud-Security-Engineer practice test plus an Google Professional-Cloud-Security-Engineer Exam Simulator.

- The best online Professional-Cloud-Security-Engineer exam study material and preparation tool is here.

4.5

(1560 ratings)

Question 1

A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP’s native SYN flood protection.
Which product should be used to meet these requirements?

A. Cloud Armor

B. VPC Firewall Rules

C. Cloud Identity and Access Management

D. Cloud CDN

Correct Answer:A

Question 2

You are creating an internal App Engine application that needs to access a user’s Google Drive on the user’s behalf. Your company does not want to rely on the current user’s credentials. It also wants to follow Google recommended practices. What should you do?

A. Create a new Service account, and give all application users the role of Service Account User.

B. Create a new Service account, and add all application users to a Google Grou

C. Give this group the role of Service Account User.

D. Use a dedicated G Suite Admin account, and authenticate the application’s operations with these G Suite credentials.

E. Create a new service account, and grant it G Suite domain-wide delegatio

F. Have the application use it to impersonate the user.

Correct Answer:A

Question 3

An organization's security and risk management teams are concerned about where their responsibility lies for certain production workloads they are running in Google Cloud Platform (GCP), and where Google's responsibility lies. They are mostly running workloads using Google Cloud's Platform-as-a-Service (PaaS) offerings, including App Engine primarily.
Which one of these areas in the technology stack would they need to focus on as their primary responsibility when using App Engine?

A. Configuring and monitoring VPC Flow Logs

B. Defending against XSS and SQLi attacks

C. Manage the latest updates and security patches for the Guest OS

D. Encrypting all stored data

Correct Answer:D

Question 4

When working with agents in a support center via online chat, an organization’s customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for
review by internal or external analysts for customer service trend analysis.
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

A. Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.

B. Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.

C. Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.

D. Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

Correct Answer:D
Reference; https://cloud.google.com/dlp/docs/deidentify-sensitive-data

Question 5

As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.
Which cost reduction options should you recommend?

A. Set appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.

B. Set appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.

C. Use rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.

D. Use FindingLimits and TimespanContfig to sample data and minimize transformation units.

Correct Answer:C

Question 6

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

A. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization leve

B. List the trusted project as the whitelist in an allow operation.

C. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization leve

D. List the trusted projects as the exceptions in a deny operation.

E. In Resource Manager, edit the project permissions for the trusted projec

F. Add the organization as member with the role: Compute Image User.

G. In Resource Manager, edit the organization permission

H. Add the project ID as member with the role: Compute Image User.

Correct Answer:B

START Professional-Cloud-Security-Engineer EXAM