PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions
381 real PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam questions with expert-verified answers and explanations. Page 8 of 8.
- Question #351Ensuring compliance
Your organization uses a microservices architecture based on Google Kubernetes Engine (GKE). Recent security reviews recommend tighter controls around deployed container images to...
Binary AuthorizationGKE SecurityContainer SecurityDeployment Policy - Question #352Ensuring compliance
Your organization has recently migrated sensitive customer data to Cloud Storage buckets. For compliance reasons, you must ensure that all vendor data access and administrative acc...
Access TransparencyAudit LoggingComplianceGoogle Personnel Access - Question #353Configuring access within a cloud solution environment
Your organization is implementing a Zero Trust security model and using Chrome Enterprise Premium. The company is interested in governing access to sensitive data stored in Cloud S...
Zero TrustAccess Context ManagerDevice PolicyCloud Storage Security - Question #354Ensuring data protection
Your organization is using AI to improve products through innovation. The developers want to use Gemini in Vertex AI on a project. You need to provide a secure Google Cloud environ...
VPC Service ControlsData Loss Prevention (DLP)Data Exfiltration PreventionVertex AI Security - Question #355Configuring access within a cloud solution environment
You are responsible for configuring Identity and Access Management in your organization's Google Cloud environment. You need to restrict your organization's users from accessing Cl...
IAM Deny PoliciesOrganization PolicyCloud Storage SecurityCross-Organization Access - Question #356Ensuring data protection
Your organization is storing regulated data in Cloud Storage. Data in Cloud Storage buckets is encrypted by Google-managed encryption keys. To meet compliance requirements, you nee...
Cloud Storage EncryptionCustomer-Managed Encryption KeysCloud KMSData Protection Compliance - Question #357Configuring access within a cloud solution environment
There is a vendor who needs access to your company's Google Cloud environment. The vendor uses a third-party identity provider (IdP). You need to integrate this IdP with your compa...
Workforce Identity FederationSSOExternal IdentitiesIAM - Question #358Ensuring compliance
Your organization is planning to deploy a large number of Google Kubernetes Engine (GKE) clusters to run business applications in different folders and projects. You must ensure th...
GKE node auto-upgradeOrganization PolicyVulnerability managementCloud Governance - Question #359Configuring network security
Your company is migrating a three-tier web application to Google Cloud. The application consists of a web frontend, an application backend, and a database. Due to regulatory requir...
Hybrid CloudNetwork ConnectivityDedicated InterconnectLow Latency - Question #360Ensuring data protection
Your organization is building an application powered by generative AI that uses sensitive internal data lo train the AI model. The application is built using Vertex AI, which is ge...
Vertex AI data privacyGenerative AI data handlingModel training privacyGoogle Cloud data governance - Question #361Configuring network security
Your organization is deploying a new web application on Compute Engine and needs robust perimeter security. You need to protect the application from common web attacks, including S...
Cloud ArmorWAFCloud FirewallNetwork Security - Question #362Configuring network security
Your company is in a regulated industry that requires low overhead encryption using private connectivity from on-premises data centers to Google Cloud. You need to establish connec...
Cloud InterconnectHybrid ConnectivityHigh AvailabilityNetwork Encryption - Question #363Ensuring compliance
You manage the security logs within your cloud environment. You have configured a continuous export of security logs to Cloud Storage buckets for long-term retention. You need to p...
Log analysisBigQuery external tablesCloud StorageCompliance auditing - Question #364Configuring access within a cloud solution environment
Your organization currently uses a third-party identity provider (IdP) that only requires a username and password for authentication. You need to enforce 2-step verification (2SV)...
2-step verificationCloud IdentityIdentity ProviderAuthentication Policies - Question #365Configuring network security
Your organization has a hybrid cloud environment with a data center connected to Google Cloud through a dedicated Cloud Interconnect connection. You need to configure private acces...
Private Google AccessHybrid Cloud NetworkingSecure API AccessCloud Interconnect - Question #366Configuring access within a cloud solution environment
A batch job running on Compute Engine needs temporary write access to a Cloud Storage bucket. You want the batch job to use the minimum permissions necessary to complete the task....
Service AccountsIAM RolesLeast Privilege PrincipleCloud Storage Permissions - Question #367Managing operations within a cloud solution environment
Your company has recently enabled Security Command Center at the organization level. You need to implement runtime threat detection for applications running in containers within pr...
Security Command CenterContainer Threat DetectionRuntime threat detectionContainer security - Question #368Ensuring compliance
Your organization enforces a custom organization policy that disables the use of Compute Engine VM instances with external IP addresses. However, a regulated business unit requires...
Organization PoliciesPolicy ManagementResource HierarchyLeast Privilege - Question #369Configuring access within a cloud solution environment
Your company wants to deploy 2-step verification (2SV). The organizational unit (OU) structure of your company is divided into four departmental units: Human Resources, Finance. En...
2-Step Verification (2SV)Phased RolloutUser Access ManagementSecurity Configuration - Question #370Ensuring compliance
Your company is deploying a large number of containerized applications to GKE. The existing CI/CD pipeline uses Cloud Build to construct container images, transfers the images to A...
Binary AuthorizationContainer SecurityVulnerability ScanningDeployment Policy - Question #371Configuring access within a cloud solution environment
You are managing a set of Google Cloud projects that are contained in a folder named Data Warehouse. A new data analysis team has been approved to perform data analysis for all Big...
IAMBigQuery access controlFolder inheritanceLeast privilege - Question #372Configuring network security
Your company hosts a critical web application on Google Cloud. The application is experiencing an increasing number of sophisticated layer 7 attacks, including cross-site scripting...
Cloud ArmorWAFLayer 7 SecurityOWASP Top 10 - Question #373Ensuring data protection
Your financial services company needs to process customer personally identifiable information (PII) for analytics while adhering to strict privacy regulations. You must transform t...
Sensitive Data ProtectionData De-identificationFormat-Preserving EncryptionPII Privacy - Question #374Ensuring data protection
Your global defense company is migrating top-secret classified data to BigQuery and Cloud Storage. National security regulations demand that master encryption key material never le...
Cloud EKMData EncryptionKey ManagementData Sovereignty - Question #375Ensuring compliance
You work at a company in a regulated industry and are responsible for ongoing security of the Cloud environment. You need to prevent and detect misconfigurations in a particular fo...
Compliance Policy EnforcementMisconfiguration DetectionSecurity Health AnalyticsSecurity Posture Management - Question #376Ensuring compliance
Your organization is using Google Workspace, Google Cloud, and a third-party SIEM. You need to export events such as user logins, successful logins, and failed logins to the SIEM....
Cloud LoggingPub/SubSIEM IntegrationReal-time Log Export - Question #377Configuring access within a cloud solution environment
Your company is developing a new application for your organization. The application consists of two Cloud Run services, service A and service B. Service A provides a web-based user...
IAMService AccountsCloud RunLeast Privilege - Question #378Configuring access within a cloud solution environment
Your organization has established a highly sensitive project within a VPC Service Controls perimeter. You need to ensure that only users meeting specific contextual requirements su...
Context-Aware AccessAccess Context ManagerPolicy evaluationVPC Service Controls - Question #379Configuring access within a cloud solution environment
Your company's storage team manages all product images within a specific Google Cloud project. To maintain control, you must isolate access to Cloud Storage for this project, allow...
Context-Aware Accessdevice-based accessCloud Storage securityaccess control - Question #380Configuring access within a cloud solution environment
Your organization uses Google Workspace as the primary identity provider for Google Cloud. Users in your organization initially created their passwords. You need to improve passwor...
Password policyIdentity and Access ManagementGoogle WorkspaceAuthentication security - Question #381Configuring network security
Your company has deployed an artificial intelligence model in a central project. This model has a lot of sensitive intellectual property and must be kept strictly isolated from the...
Internal Load BalancersPrivate NetworkingCross-Project AccessAPI Security