Browse Exams Pricing

ExamsPROFESSIONAL-CLOUD-SECURITY-ENGINEERQuestions

PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions

381 real PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam questions with expert-verified answers and explanations. Page 1 of 8.

Question #1Ensuring data protection
A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any...
Data Loss PreventionCloud StorageServerless AutomationPII Protection
Question #2Configuring access within a cloud solution environment
A customer terminates an engineer and needs to make sure the engineer's Google account is automatically deprovisioned. What should the customer do?
Identity and Access Management (IAM)User DeprovisioningCloud Directory SyncDirectory Synchronization
Question #3Configuring access within a cloud solution environment
An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A well-established directory service is used to manage user identities and lifecycle...
Identity SynchronizationHybrid IdentityGoogle Cloud Directory SyncIdentity and Access Management
Question #4Ensuring compliance
Which international compliance standard provides guidelines for information security controls applicable to the provision and use of cloud services?
ISO standardsCloud security complianceInformation security controlsISO 27017
Question #5Configuring access within a cloud solution environment
You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices. What should you do?
Service AccountsIAMLeast PrivilegeCustom Roles
Question #6Configuring access within a cloud solution environment
In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)
Shared Responsibility ModelIaaS SecurityNetwork SecurityAccess Control
Question #7Ensuring data protection
An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate...
Cloud StorageData BackupDisaster RecoveryHybrid Connectivity
Question #8Ensuring data protection
What are the steps to encrypt data using envelope encryption?
Envelope EncryptionData Encryption Key (DEK)Key ManagementData Protection
Question #9Configuring access within a cloud solution environment
A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someo...
Identity-Aware Proxy (IAP)AuthenticationTwo-factor AuthenticationSecure Remote Access
Question #10Ensuring data protection
Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process. What should you do?
Cloud StorageEncryptionCustomer-Supplied Encryption Keys (CSEK)Key Management
Question #11Managing operations within a cloud solution environment
Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written t...
Cloud LoggingBigQueryService AccountsAudit Logs
Question #12Configuring access within a cloud solution environment
Your team wants to limit users with administrative privileges at the organization level. Which two roles should your team restrict? (Choose two.)
Google Cloud IAMOrganization Level RolesAdministrative PrivilegesRole-Based Access Control
Question #13Ensuring data protection
An organization's security and risk management teams are concerned about where their responsibility lies for certain production workloads they are running in Google Cloud Platform...
Shared Responsibility ModelPaaSApplication SecurityWeb Application Vulnerabilities
Question #14Configuring network security
An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective...
Network SecurityWeb Application FirewallDDoS ProtectionIP Filtering
Question #15Configuring network security
A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure t...
Network IsolationPrivate Google AccessPrivate IP addressesCompute Engine Networking
Question #16Configuring access within a cloud solution environment
A customer wants to run a batch processing system on VMs and store the output files in a Cloud Storage bucket. The networking and security teams have decided that no VMs may reach...
Private Google AccessVPC NetworkingCloud Storage AccessPrivate Connectivity
Question #17Ensuring data protection
As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery...
Cloud DLPCost OptimizationData SamplingDLP Configuration
Question #18Configuring access within a cloud solution environment
Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentall...
Service AccountsIAM RecoveryAccidental DeletionCloud Storage Access
Question #19Configuring access within a cloud solution environment
You are the Security Admin in your company. You want to synchronize all security groups that have an email address from your LDAP directory in Cloud IAM. What should you do?
GCDSLDAP integrationCloud IAMGroup synchronization
Question #20Managing operations within a cloud solution environment
You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account. What should you do?
Cloud LoggingAdmin Activity logsService account securityResource auditing
Question #21Configuring network security
You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet...
Firewall RulesService AccountsNetwork SecurityLeast Privilege
Question #22Configuring access within a cloud solution environment
Your company operates an application instance group that is currently deployed behind a Google Cloud load balancer in us-central-1 and is configured to use the Standard Tier networ...
Google Cloud Load BalancerNetwork Service TiersGlobal Load BalancingMulti-Region Deployment
Question #23Configuring access within a cloud solution environment
You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually. You also do not want...
Cloud StorageIAMAccess ControlUniform bucket-level access
Question #24Ensuring data protection
You are the security admin of your company. Your development team creates multiple GCP projects under the "implementation" folder for several dev, staging, and production workloads...
VPC Service ControlsData ExfiltrationSecurity PerimetersCross-Project Communication
Question #25Configuring access within a cloud solution environment
You need to provide a corporate user account in Google Cloud for each of your developers and operational staff who need direct access to GCP resources. Corporate policy requires yo...
Identity ManagementSingle Sign-OnUser ProvisioningConflicting Accounts
Question #26Managing operations within a cloud solution environment
You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly valida...
Cross-Site Scripting (XSS)Web Security ScannerApplication SecurityVulnerability Management
Question #27Ensuring data protection
You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B. You also want to ensure that data in the Cloud St...
VPC Service ControlsData Exfiltration PreventionCloud Storage SecuritySecurity Perimeters
Question #28Configuring access within a cloud solution environment
Developers in an organization are prototyping a few applications on Google Cloud Platform (GCP) and are starting to store sensitive information on GCP. The developers are using the...
Cloud IdentityIdentity and Access Management (IAM)Centralized identity managementOrganizational best practices
Question #29Configuring access within a cloud solution environment
A customer wants to use Cloud Identity as their primary IdP. The customer wants to use other non-GCP SaaS products for CRM, messaging, and customer ticketing management. The custom...
Cloud IdentitySSOIdentity FederationThird-party Application Integration
Question #30Configuring access within a cloud solution environment
A Cloud Development team needs to use service accounts extensively in their local development. You need to provide the team with the keys for these service accounts. You want to fo...
Service account keysKey managementSecurity best practicesIAM
Question #31Configuring access within a cloud solution environment
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services. Which two settings must remain disabled to meet...
Compute Engine NetworkingNetwork EgressGoogle API AccessSecurity Configuration
Question #32Configuring network security
Which two implied firewall rules are defined on a VPC network? (Choose two.)
VPC NetworkFirewall RulesDefault SecurityNetwork Security
Question #33Ensuring data protection
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system. How should the customer achieve this using Google Cloud Platform?
Secrets ManagementCloud Secret ManagerCustomer-Managed Encryption KeysSecure Storage
Question #34Configuring access within a cloud solution environment
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership. What should y...
Active Directory IntegrationIAMGroup SynchronizationCloud Directory Sync
Question #35Ensuring data protection
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
Container SecurityImage HardeningAttack Surface ReductionSecure Development Practices
Question #36Configuring network security
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end-user access may only b...
Cloud ArmorDDoS ProtectionIP Access ControlNetwork Security
Question #37Configuring network security
A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute E...
Hybrid Cloud NetworkingCloud VPNCloud InterconnectOn-premises Connectivity
Question #38Ensuring data protection
An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate...
Cloud StorageData BackupDisaster RecoveryHybrid Cloud
Question #39Configuring access within a cloud solution environment
You are creating an internal App Engine application that needs to access a user's Google Drive on the user's behalf. Your company does not want to rely on the current user's creden...
Service AccountsDomain-Wide DelegationApp Engine SecurityGoogle Drive Access
Question #40Ensuring data protection
A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They h...
EncryptionCloud KMSCompute EngineKey Management
Question #41Ensuring data protection
Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used...
Cloud KMSCustomer-Managed Encryption Keys (CMEK)Data encryptionKey management
Question #42Ensuring compliance
You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data process...
PCI DSSScope reductionGCP ProjectsSegmentation
Question #43Ensuring data protection
A retail customer allows users to upload comments and product reviews. The customer needs to make sure the text does not include sensitive data before the comments or reviews are p...
Data Loss PreventionSensitive Data ProtectionContent InspectionCloud DLP
Question #44Configuring access within a cloud solution environment
A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new...
IAMResource HierarchyPolicy InheritanceGoogle Groups
Question #45Ensuring data protection
A customer's internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK). How should...
Cloud StorageCustomer-supplied encryption keys (CSEK)Data encryptiongsutil
Question #46Configuring access within a cloud solution environment
A customer needs to rely on their existing user directory with the requirements of native authentication against it when developing for Google Cloud Platform (GCP). They want to le...
Identity FederationSAML 2.0Cloud IdentityHybrid Identity
Question #47Configuring access within a cloud solution environment
A customer wants to grant access to their application running on Compute Engine to write only to a specific Cloud Storage bucket. How should you grant access?
Service AccountsIAM RolesCloud StorageLeast Privilege
Question #48Configuring network security
Your team creates an ingress firewall rule to allow SSH access from their corporate IP range to a specific bastion host on Compute Engine. Your team wants to make sure that this fi...
Firewall RulesService AccountsIAMCompute Engine
Question #49Configuring access within a cloud solution environment
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accep...
Cloud IAPJWT validationApplication securityBackend access control
Question #50Managing operations within a cloud solution environment
A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine...
Cloud MonitoringAlerting PoliciesCompute EngineProcess Health Monitoring

Page 1 of 8Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.