Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Google Professional Cloud Security Engineer Exam Actual Questions

The questions for Professional Cloud Security Engineer were last updated at Nov. 26, 2022.
  • Viewing page 1 out of 45 pages.
  • Viewing questions 1-4 out of 186 questions

Topic 1 - Single Topic

Question #1 Topic 1

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

  • A. Public IP
  • B. IP Forwarding
  • C. Private Google Access
  • D. Static routes
  • E. IAM Network User Role
Reveal Solution Hide Solution   Discussion   45

Correct Answer: AC 🗳️
Reference:
https://cloud.google.com/vpc/docs/configure-private-google-access

Question #2 Topic 1

Which two implied firewall rules are defined on a VPC network? (Choose two.)

  • A. A rule that allows all outbound connections
  • B. A rule that denies all inbound connections
  • C. A rule that blocks all inbound port 25 connections
  • D. A rule that blocks all outbound connections
  • E. A rule that allows all inbound port 80 connections
Reveal Solution Hide Solution   Discussion   17

Correct Answer: AB 🗳️
Reference:
https://cloud.google.com/vpc/docs/firewalls

Question #3 Topic 1

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

  • A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
  • B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
  • C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
  • D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.
Reveal Solution Hide Solution   Discussion   11

Correct Answer: B 🗳️

Question #4 Topic 1

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

  • A. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
  • B. Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
  • C. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
  • D. Use the Admin SDK to create groups and assign IAM permissions from Active Directory.
Reveal Solution Hide Solution   Discussion   21

Correct Answer: B 🗳️
Reference:
https://cloud.google.com/blog/products/identity-security/using-your-existing-identity-management-system-with-google-cloud-platform

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...