PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions
381 real PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam questions with expert-verified answers and explanations. Page 2 of 8.
- Question #51Managing operations within a cloud solution environment
Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pr...
Cloud LoggingLog Export SinksCloud Pub/SubOrganizational Logging - Question #52Configuring network security
A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack. Which solution should this custom...
DNS SecurityDNSSECDomain HijackingNetwork Security - Question #53Ensuring compliance
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish thi...
web application securityvulnerability scanningOWASPCloud Security Scanner - Question #54Configuring access within a cloud solution environment
A customer's data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user aut...
Cloud IdentityIdentity FederationSAML 2.0G Suite Integration - Question #55Configuring access within a cloud solution environment
A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resou...
IAM RolesOrganization ManagementAccess ControlCloud Identity - Question #56Configuring access within a cloud solution environment
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants...
Service AccountsLeast PrivilegeCloud Storage Access ControlCompute Engine Security - Question #57Configuring network security
An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer te...
Infrastructure as Code (IaC)CI/CD SecurityNetwork Security AutomationShift-Left Security - Question #58Ensuring data protection
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposin...
Cloud Data Loss Prevention (DLP)Format-Preserving Encryption (FPE)Data anonymizationData privacy - Question #59Configuring network security
You want to protect the default VPC network from all inbound and outbound internet traffic. What action should you take?
VPC Firewall RulesNetwork SecurityInternet Access ControlDefault VPC - Question #60Configuring access within a cloud solution environment
An organization recently began using App Engine to build and host its new web application for its customers. The organization wants to use its existing IAM setup to allow its devel...
Cloud IAPApp Engine SecurityIdentity and Access ManagementWeb Application Access Control - Question #61Configuring access within a cloud solution environment
You have defined subnets in a VPC within Google Cloud Platform. You need multiple projects to create Compute Engine instances with IP addresses from these subnets. What should you...
Shared VPCMulti-project networkingGoogle Cloud NetworkingCompute Engine - Question #62Configuring access within a cloud solution environment
An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The org...
Cloud IdentityPassword PolicyUser Security - Question #63Ensuring data protection
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?
Envelope EncryptionCloud KMSApplication Layer EncryptionData Encryption Key - Question #64Ensuring compliance
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
Log ExportSIEM IntegrationCloud Pub/SubCentralized Logging - Question #65Configuring network security
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized. Which two cloud offerings meet this requirement without additional compen...
Network SecurityOutbound Traffic ControlPCI DSS ComplianceFirewall Rules - Question #66Configuring access within a cloud solution environment
A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any...
Identity-Aware ProxyApp Engine SecurityAccess ControlIdentity Management - Question #67Ensuring data protection
When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). Th...
Data Loss Prevention (DLP)PII RedactionImage ProcessingData Protection - Question #68Configuring access within a cloud solution environment
A company's application is deployed with a user-managed Service Account key. You want to use Google-recommended practices to rotate the key. What should you do?
Service AccountsKey RotationIAMSecurity Best Practices - Question #69Configuring network security
Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. Th...
Shared VPCNetwork DesignHybrid ConnectivityCentralized Networking - Question #70Ensuring data protection
An application log's data, including customer identifiers such as email addresses, needs to be redacted. However, these logs also include the email addresses of internal developers...
Data Loss Prevention (DLP)Data RedactionCustom InfoTypesRegular Expressions - Question #71Ensuring data protection
Which encryption algorithm is used with Default Encryption in Cloud Storage?
Cloud Storage encryptionDefault encryptionAES-256Data at rest encryption - Question #72Ensuring data protection
Your company is storing files on Cloud Storage. To comply with local regulations, you want to ensure that uploaded files cannot be deleted within the first 5 years. It should not b...
Cloud Storage RetentionBucket LockData ComplianceImmutability - Question #73Configuring network security
An organization is migrating from their current on-premises productivity software systems to G Suite. Some network security controls were in place that were mandated by a regulator...
Shared Responsibility ModelSaaS SecurityG Suite SecurityNetwork Security Fundamentals - Question #74Configuring access within a cloud solution environment
A customer's company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects...
GCP Resource HierarchyFoldersIAMOrganizational Governance - Question #75Configuring access within a cloud solution environment
A company has redundant mail servers in different Google Cloud Platform regions and wants to route customers to the nearest mail server based on location. How should the company ac...
TCP Proxy Load BalancingGlobal Load BalancingNetwork Load BalancingMail Servers - Question #76Configuring access within a cloud solution environment
Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. The...
Shared VPCIAM RolesCompute EngineLeast Privilege - Question #77Ensuring compliance
A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across multiple projects managed by different departments. You want to ha...
Asset InventoryHistorical RecordsForseti SecuritySecurity Governance - Question #78Configuring access within a cloud solution environment
A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environme...
IAMResource HierarchyGoogle GroupsAccess Control - Question #79Ensuring compliance
You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls. Which document should you review to find the information?
PCI DSSCompliance documentationShared responsibility modelGoogle Cloud controls - Question #80Ensuring data protection
Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and mu...
Data RetentionObject Lifecycle ManagementCompliance AutomationCloud Storage - Question #81Managing operations within a cloud solution environment
A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container....
Container SecurityAttack Surface ReductionImage HardeningGKE Security - Question #82Managing operations within a cloud solution environment
A security team at an e-commerce company wants to define an automatic incident response process for fraudulent credit card usage attempts. The team targets a 10-minute or faster re...
LoggingSecurity AutomationIncident ResponseReal-time Data Processing - Question #83Managing operations within a cloud solution environment
Your company is deploying their applications on Google Kubernetes Engine. You want to follow Google-recommended practices. What should you do to ensure that the container images us...
Container SecurityImage ManagementSecurity PatchesGKE Best Practices - Question #84Configuring access within a cloud solution environment
Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all resources in the organization. You use Resource Ma...
Cloud IAMLeast PrivilegeResource HierarchySecurity Visibility - Question #85Configuring access within a cloud solution environment
While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way...
Identity ManagementActive Directory IntegrationGoogle Cloud Directory SyncUser Provisioning - Question #86Configuring access within a cloud solution environment
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the a...
Two-Factor Authentication (2FA)Identity and Access Management (IAM)App Engine SecurityCompromised Credentials Protection - Question #87Ensuring data protection
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in Big...
EncryptionBigQueryCMEKData at rest - Question #88Ensuring data protection
A company is deploying their application on Google Cloud Platform. Company policy requires long-term data to be stored using a solution that can automatically replicate data over a...
Data StorageData ReplicationCloud BigQueryDurability - Question #89Configuring network security
A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to ensure payment information is encrypted between the customer's browser and GC...
SSL TerminationHTTP(S) Load BalancerData in Transit EncryptionWeb Security - Question #90Ensuring data protection
Applications often require access to "secrets" -small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of "who d...
Secrets ManagementAuditingCloud LoggingData Protection - Question #91Configuring network security
You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application...
Application MigrationLift and ShiftNetwork IsolationSecurity Best Practices - Question #92Configuring network security
Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances runni...
Load BalancingSSL Proxy Load BalancingTLS TerminationGoogle Cloud Networking - Question #93Ensuring compliance
You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project. What should you do?
Organization PolicyImage SecurityResource GovernanceCompute Engine - Question #94Ensuring compliance
Your company wants to collect and analyze CVE information for packages in container images, and wants to prevent images with known security issues from running in your Google Kuber...
Container SecurityKubernetes Engine (GKE)Deployment PoliciesSoftware Supply Chain Security - Question #95Managing operations within a cloud solution environment
You need to perform a vulnerability scan for an App Engine app using Cloud Security Scanner. Upon completion of the scan, the report is not producing the expected number of webpage...
Cloud Security ScannerVulnerability ScanningWeb CrawlingApp Engine Security - Question #96Ensuring data protection
An organization is working on their GDPR compliance strategy. It wants to ensure that controls are in place to ensure that customer PII is stored in Cloud Storage buckets without t...
GDPR CompliancePII ProtectionCloud DLPData Discovery - Question #97Configuring access within a cloud solution environment
Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester. Which two tasks s...
IAM RolesProject ManagementOrganizational Level PermissionsAccess Control - Question #98Managing operations within a cloud solution environment
A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing. How can you work with Infrastructure Operations Engineers to bes...
OS PatchingImmutable InfrastructureCompute EngineCI/CD - Question #99Configuring network security
Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network. How should your team design this ne...
Firewall RulesNetwork SecurityIngress ControlVPC Networking - Question #100Configuring access within a cloud solution environment
An organization receives an increasing number of phishing emails. Which method should be used to protect employee credentials in this situation?
Multifactor AuthenticationPhishing ProtectionCredential SecurityIdentity and Access Management