Free Google Professional-Cloud-Security-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Security-Engineer exam questions and correct answers

Page: 1 / 70

Total 347 Questions | Updated On: Feb 08, 2026

Add To Cart

Question 1

Your organization must comply with the regulation to keep instance logging data within Europe. Yourworkloads will be hosted in the Netherlands in region europe-west4 in a new project. You must configureCloud Logging to keep your data in the country.What should you do?

A : Configure the organization policy constraint gcp.resourceLocations to europe-west4.

B : Set the logging storage region to eurcpe-west4 by using the gcloud CLI logging settings update.

C : Create a new tog bucket in europe-west4. and redirect the _Def auit bucKet to the new bucket.

D : Configure log sink to export all logs into a Cloud Storage bucket in europe-west4.

Answer: D

Question 2

Your organization has established a highly sensitive project within a VPC Service Controls perimeter. Youneed to ensure that only users meeting specific contextual requirements such as having a company-manageddevice, a specific location, and a valid user identity can access resources within this perimeter. You want toevaluate the impact of this change without blocking legitimate access. What should you do?

A : Configure a VPC Service Controls perimeter in dry run mode, and enforce strict network segmentationusing firewall rules. Use multi-factor authentication (MFA) for user verification.

B : Use Cloud Audit Logs to monitor user access to the project resources. Use post-incident analysis toidentify unauthorized access attempts.

C : Establish a Context-Aware Access policy that specifies the required contextual attributes, and associatethe policy with the VPC Service Controls perimeter in dry run mode.

D : Use the VPC Service Control Violation dashboard to identify the impact of details about access denialsby service perimeters.

Answer: C

Question 3

A company is running their webshop on Google Kubernetes Engine and wants to analyze customer

transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery

What should you do?

A : eate a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows

B : the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.

C : verage Security Command Center to scan for the assets of type Credit Card Number in BigQuery

D : able Cloud Identity-Aware Proxy to filter out credit card numbers before storing the logs in BigQuery.

Answer: D

Question 4

You define central security controls in your Google Cloud environment for one of the folders in your organization you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later you receive an alert about a new VM with an external IP address under that folder. What could have caused this alert?

A : VM was created with a static external IP address that was reserved in the project before the organizational policy rule was set.

B : organizational policy constraint wasn't properly enforced and is running in "dry run mode.

C : project level, the organizational policy control has been overwritten with an 'allow' value.

D : policy constraint on the folder level does not have any effect because of an allow" value for that constraint on the organizational level

Answer: A

Question 5

A company has redundant mail servers in different Google Cloud Platform regions and wants to route

customers to the nearest mail server based on location.

How should the company accomplish this?

A : Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995

B : Create a Network Load Balancer to listen on TCP port 995 with a forwarding rule to forward traffic based on location

C : Use Cross-Region Load Balancing with an HTTP(S) load balancer to route traffic to the nearest region.

D : Use Cloud CDN to route the mail traffic to the closest origin mail server based on client IP address.

Answer: A

Page: 1 / 70

Total 347 Questions | Updated On: Feb 08, 2026

Add To Cart