Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
 

Google Professional Cloud Security Engineer Exam Actual Questions

The questions for Professional Cloud Security Engineer were last updated on July 18, 2024.
  • Viewing page 1 out of 49 pages.
  • Viewing questions 1-5 out of 244 questions

Topic 1 - Single Topic

Question #1 Topic 1

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

  • A. Public IP
  • B. IP Forwarding
  • C. Private Google Access
  • D. Static routes
  • E. IAM Network User Role
Reveal Solution Hide Solution   Discussion   53

Correct Answer: AC 🗳️
Reference:
https://cloud.google.com/vpc/docs/configure-private-google-access

Question #2 Topic 1

Which two implied firewall rules are defined on a VPC network? (Choose two.)

  • A. A rule that allows all outbound connections
  • B. A rule that denies all inbound connections
  • C. A rule that blocks all inbound port 25 connections
  • D. A rule that blocks all outbound connections
  • E. A rule that allows all inbound port 80 connections
Reveal Solution Hide Solution   Discussion   19

Correct Answer: AB 🗳️
Reference:
https://cloud.google.com/vpc/docs/firewalls

Question #3 Topic 1

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

  • A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
  • B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
  • C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
  • D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.
Reveal Solution Hide Solution   Discussion   15

Correct Answer: B 🗳️

Question #4 Topic 1

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

  • A. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
  • B. Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
  • C. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
  • D. Use the Admin SDK to create groups and assign IAM permissions from Active Directory.
Reveal Solution Hide Solution   Discussion   32

Correct Answer: B 🗳️
Reference:
https://cloud.google.com/blog/products/identity-security/using-your-existing-identity-management-system-with-google-cloud-platform

Question #5 Topic 1

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

  • A. Ensure that the app does not run as PID 1.
  • B. Package a single app as a container.
  • C. Remove any unnecessary tools not needed by the app.
  • D. Use public container images as a base image for the app.
  • E. Use many container image layers to hide sensitive information.
Reveal Solution Hide Solution   Discussion   23

Correct Answer: BC 🗳️
Reference:
https://cloud.google.com/solutions/best-practices-for-building-containers

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in