Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Google Professional Cloud Security Engineer Exam Actual Questions

The questions for Professional Cloud Security Engineer were last updated at Nov. 20, 2020.
  • Viewing page 1 out of 25 pages.
  • Viewing questions 1-4 out of 98 questions

Topic 1 - Single Topic

Question #1 Topic 1

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

  • A. Public IP
  • B. IP Forwarding
  • C. Private Google Access
  • D. Static routes
  • E. IAM Network User Role
Reveal Solution Hide Solution   Discussion   14

Correct Answer: CD
Reference:
https://cloud.google.com/vpc/docs/configure-private-google-access

Question #2 Topic 1

Which two implied firewall rules are defined on a VPC network? (Choose two.)

  • A. A rule that allows all outbound connections
  • B. A rule that denies all inbound connections
  • C. A rule that blocks all inbound port 25 connections
  • D. A rule that blocks all outbound connections
  • E. A rule that allows all inbound port 80 connections
Reveal Solution Hide Solution   Discussion   4

Correct Answer: AB
Reference:
https://cloud.google.com/vpc/docs/firewalls

Question #3 Topic 1

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

  • A. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
  • B. Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
  • C. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
  • D. Use the Admin SDK to create groups and assign IAM permissions from Active Directory.
Reveal Solution Hide Solution   Discussion   8

Correct Answer: B
Reference:
https://cloud.google.com/blog/products/identity-security/using-your-existing-identity-management-system-with-google-cloud-platform

Question #4 Topic 1

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

  • A. Ensure that the app does not run as PID 1.
  • B. Package a single app as a container.
  • C. Remove any unnecessary tools not needed by the app.
  • D. Use public container images as a base image for the app.
  • E. Use many container image layers to hide sensitive information.
Reveal Solution Hide Solution   Discussion   5

Correct Answer: BC
Reference:
https://cloud.google.com/solutions/best-practices-for-building-containers


SaveCancel