PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions
381 real PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam questions with expert-verified answers and explanations. Page 7 of 8.
- Question #301Configuring network security
You just implemented a Secure Web Proxy instance on Google Cloud for your organization. You were able to reach the internet when you tested this configuration on your test instance...
Secure Web ProxyClient configurationNetwork connectivityProxy settings - Question #302Managing operations within a cloud solution environment
You have just created a new log bucket to replace the _Default log bucket. You want to route all log entries that are currently routed to the _Default log bucket to this new log bu...
Google Cloud LoggingLog SinksLog BucketsLog Routing - Question #303Ensuring compliance
Your organization's use of the Google Cloud has grown substantially and there are many different groups using different cloud resources independently. You must identify common misc...
Security Command CenterSecurity Health AnalyticsMisconfiguration managementCompliance monitoring - Question #304Ensuring data protection
You are responsible for a set of Cloud Functions running on your organization's Google Cloud environment. During the last annual security review, secrets were identified in environ...
Sensitive Data ProtectionSecret managementSecurity scanningCloud Functions - Question #305Ensuring compliance
Your organization 1s developing a new SaaS application on Google Cloud. Stringent compliance standards require visibility into privileged account activity, and potentially unauthor...
Security Command CenterEvent Threat DetectionSecurity Health AnalyticsCompliance Monitoring - Question #306Ensuring data protection
Your application development team is releasing a new critical feature. To complete their final testing, they requested 10 thousand real transaction records. The new feature include...
Data Loss PreventionPII De-identificationTest Data ManagementData Masking - Question #307Ensuring data protection
You work for a banking organization. You are migrating sensitive customer data to Google Cloud that is currently encrypted at rest while on-premises. There are strict regulatory re...
Cloud EKMKey Access JustificationsData EncryptionRegulatory Compliance - Question #308Configuring access within a cloud solution environment
Your organization is developing an application that will have both corporate and public end-users. You want to centrally manage those customers' identities and authorizations. Corp...
Customer Identity and Access Management (CIAM)Identity PlatformExternal IdentitiesUser Federation - Question #309Ensuring data protection
You work for an organization that handles sensitive customer data. You must secure a series of Google Cloud Storage buckets housing this data and meet these requirements: - Multipl...
IAM rolesCustomer-Managed Encryption Keys (CMEK)Cloud Audit LogsObject Versioning - Question #310Configuring access within a cloud solution environment
You are implementing communications restrictions for specific services in your Google Cloud organization. Your data analytics team works in a dedicated folder. You need to ensure t...
VPC Service ControlsService PerimetersFolder-level PoliciesAccess Control - Question #311Configuring access within a cloud solution environment
Your organization is using a third-party identity and authentication provider to centrally manage users. You want to use this identity provider to grant access to the Google Cloud...
Workforce Identity FederationIdentity and Access Management (IAM)Federated IdentityExternal IdP Integration - Question #312Configuring network security
You are implementing a new web application on Google Cloud that will be accessed from your on-premises network. To provide protection from threats like malware, you must implement...
Secure Web ProxyTLS InterceptionMalware ProtectionApplication Security - Question #313Configuring access within a cloud solution environment
Your organization has hired a small, temporary partner team for 18 months. The temporary team will work alongside your DevOps team to develop your organization's application that i...
Workforce Identity FederationIAMExternal User AccessIdentity Management - Question #314Ensuring data protection
Your organization has an internet-facing application behind a load balancer. Your regulators require end-to-end encryption of user login credentials. You must implement this requir...
Asymmetric EncryptionCloud KMSEnd-to-end EncryptionCredential Protection - Question #315Ensuring compliance
Your organization heavily utilizes serverless applications while prioritizing security best practices. You are responsible for enforcing image provenance and compliance with securi...
Binary AuthorizationCloud BuildImage ProvenanceCI/CD Security - Question #316Configuring access within a cloud solution environment
Your organization operates in a highly regulated industry and uses multiple Google Cloud services. You need to identify potential risks to regulatory compliance. Which situation in...
IAMLeast PrivilegeRisk ManagementRegulatory Compliance - Question #317Configuring access within a cloud solution environment
Your multinational organization is undergoing rapid expansion within Google Cloud. New teams and projects are added frequently. You are concerned about the potential for inconsiste...
Organization PolicyResource HierarchyIAM GovernancePolicy Enforcement - Question #318Ensuring compliance
A security audit uncovered several inconsistencies in your project's Identity and Access Management (IAM) configuration. Some service accounts have overly permissive roles, and a f...
Cloud Audit LogsIAM auditingSecurity monitoringSIEM integration - Question #319Configuring network security
You manage multiple internal-only applications that are hosted within different Google Cloud projects. You are deploying a new application that requires external internet access. T...
Project IsolationNetwork SecurityVPC Network PeeringSecurity Architecture - Question #320Configuring network security
You work for an ecommerce company that stores sensitive customer data across multiple Google Cloud regions. The development team has built a new 3-tier application to process order...
Network SecurityVPC DesignNetwork SegmentationLeast Privilege - Question #321Configuring access within a cloud solution environment
Your organization is implementing separation of duties in a Google Cloud project. A group of developers must deploy new code, but cannot have permission to change network firewall...
IAMCustom RolesSeparation of DutiesLeast Privilege - Question #322Configuring access within a cloud solution environment
You manage a Google Cloud organization with many projects located in various regions around the world. The projects are protected by the same Access Context Manager access policy....
VPC Service ControlsAccess Context ManagerService PerimetersGeographic Restrictions - Question #323Configuring network security
There is a threat actor that is targeting organizations like yours. Attacks are always initiated from a known IP address range. You want to deny-list those IPs for your website, wh...
Cloud ArmorWeb Application Firewall (WAF)IP DenylistApplication Load Balancer - Question #324Configuring access within a cloud solution environment
You are managing a Google Cloud environment that is organized into folders that represent different teams. These teams need the flexibility to modify organization policies relevant...
IAMOrganization PoliciesTagsConditional Access - Question #325Configuring access within a cloud solution environment
Your organization is using Vertex AI Workbench Instances. You must ensure that newly deployed Instances are automatically kept up-to-date and that users cannot accidentally alter s...
Organization PolicyVertex AI WorkbenchAccess ControlAutomated Updates - Question #326Ensuring data protection
You must ensure that the keys used for at-rest encryption of your data are compliant with your organization's security controls. One security control mandates that keys get rotated...
KMSKey RotationSecurity Health AnalyticsCompliance Detection - Question #327Ensuring data protection
Your organization is developing a sophisticated machine learning (ML) model to predict customer behavior for targeted marketing campaigns. The BigQuery dataset used for training in...
Data De-identificationCloud Data Loss Prevention (DLP)BigQuery SecurityML Data Privacy - Question #328Ensuring data protection
Your organization wants to publish yearly reports of your website usage analytics. You must ensure that no data with personally identifiable information (PII) is published by using...
Cloud DLPPII ProtectionData De-identificationData Integrity - Question #329Ensuring data protection
Your development team is launching a new application. The new application has a microservices architecture on Compute Engine instances and serverless components, including Cloud Fu...
Confidential VMData in Use ProtectionMemory SecurityCompute Engine - Question #330Ensuring compliance
You work for a financial organization in a highly regulated industry that is subject to active regulatory compliance. To meet compliance requirements, you need to continuously main...
ComplianceAssured WorkloadsData ResidencyRegulatory Requirements - Question #331Ensuring compliance
Your organization is worried about recent news headlines regarding application vulnerabilities in production applications that have led to security breaches. You want to automatica...
Binary AuthorizationContainer SecurityVulnerability ManagementDeployment Policy - Question #332Ensuring data protection
A team at your organization collects logs in an on-premises security information and event management system (SIEM). You must provide a subset of Google Cloud logs for the SIEM, an...
Log ExportSIEM IntegrationPub/SubData Security - Question #333Configuring network security
Your Google Cloud organization is subdivided into three folders: production, development, and networking, Networking resources for the organization are centrally managed in the net...
Organization PolicyShared VPCData Exfiltration PreventionNetwork Controls - Question #334Ensuring data protection
Your organization operates in a highly regulated environment and has a stringent set of compliance requirements for protecting customer data. You must encrypt data while in use to...
Confidential VMsData in use encryptionTrusted Execution EnvironmentCompliance - Question #335Managing operations within a cloud solution environment
Your organization is building a real-time recommendation engine using ML models that process live user activity data stored in BigQuery and Cloud Storage. Each new model developed...
ML Model SecuritySoftware Supply Chain SecurityContainer Image ScanningCI/CD Security - Question #336Configuring network security
You want to set up a secure, internal network within Google Cloud for database servers. The servers must not have any direct communication with the public internet. What should you...
Network SecurityVPC NetworkingNAT GatewayPrivate IP Addresses - Question #337Configuring network security
You work for a large organization that recently implemented a 100GB Cloud Interconnect connection between your Google Cloud and your on-premises edge router. While routinely checki...
MACsecCloud InterconnectNetwork SecurityTroubleshooting - Question #338Ensuring data protection
Your organization must store highly sensitive data within Google Cloud. You need to design a solution that provides the strongest level of security and control. What should you do?
Client-side encryptionKey managementCloud HSMData protection - Question #339Ensuring compliance
The InfoSec team has mandated that all new Cloud Run jobs and services in production must have Binary Authorization enabled. You need to enforce this requirement. What should you d...
Binary AuthorizationOrganization PolicyCloud Run SecurityPolicy Enforcement - Question #340Configuring access within a cloud solution environment
You are developing an application that runs on a Compute Engine VM. The application needs to access data stored in Cloud Storage buckets in other Google Cloud projects. The require...
IAMService AccountsCloud StorageCross-project access - Question #341Ensuring compliance
Your organization strives to be a market leader in software innovation. You provided a large number of Google Cloud environments so developers can test the integration of Gemini in...
Organization PolicySecurity Command CenterPolicy EnforcementMisconfiguration Detection - Question #342Configuring access within a cloud solution environment
You are responsible for managing identities in your company's Google Cloud organization. Employees are frequently using your organization's corporate domain name to create unmanage...
Identity ManagementCloud IdentityUnmanaged AccountsDomain Ownership - Question #343Configuring access within a cloud solution environment
Your organization leverages folders to represent different teams within your Google Cloud environment. To support Infrastructure as Code (IaC) practices, each team receives a dedic...
IAMService AccountsLeast PrivilegeGoogle Cloud Folders - Question #344Ensuring compliance
Your organization has a workload that is regulated by European laws. You must restrict the creation of resources outside of the EU for this specific workload. You must find an effe...
Organization PolicyResource Location RestrictionComplianceGeographical Restriction - Question #345Configuring network security
Your organization manages a critical web application that serves international customers on Google Cloud. An increase in malicious traffic targeting this application has strained r...
Cloud ArmorFirewall RulesIdentity-Aware ProxyWeb Application Security - Question #346Managing operations within a cloud solution environment
Your organization deploys a large number of containerized applications on Google Kubernetes Engine (GKE). Node updates are currently applied manually. Audit findings show that a cr...
GKE Node ManagementAutomated UpdatesPatch ManagementOperational Reliability - Question #347Configuring access within a cloud solution environment
Your organization is migrating its primary web application from on-premises to Google Kubernetes Engine (GKE). You must advise the development team on how to grant their applicatio...
Workload IdentityGKE securityIdentity and Access Management (IAM)Service Accounts - Question #348Configuring access within a cloud solution environment
Your organization's application is being integrated with a partner application that requires read access to customer data to process customer orders. The customer data is stored in...
Service Account SecuritySecret ManagementKey RotationCredential Management - Question #349Configuring access within a cloud solution environment
Your organization is implementing a new Python application that will be deployed on Cloud Run. The application needs to connect to a MySQL database that runs on Cloud SQL in a diff...
Cloud Run connectivityCloud SQL private IPServerless VPC AccessSecure database connectivity - Question #350Configuring network security
Your organization has Google Cloud applications that require access to external web services. You must monitor, control, and log access to these services. What should you do?
Egress ControlProxy ServersNetwork SecurityLogging and Monitoring