Free Google Professional-Cloud-Security-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Security-Engineer exam questions and correct answers

Page: 1 / 60

Total 299 Questions | Updated On: Sep 11, 2025

Add To Cart

Question 1

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

A : Perform data masking with the DLP API and store that data in BigQuery for later use

B : Perform data redaction with the DLP API and store that data in BigQuery for later use

C : Perform data inspection with the DLP API and store that data in BigQuery for later use.

D : Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

Answer: D

Question 2

Your company plans to move most of its IT infrastructure to Google Cloud. They want to leverage their existing on-premises Active Directory as an identity provider for Google Cloud. Which two steps should you take to integrate the company's on-premises Active Directory with Google Cloud and configure access management? (Choose two.)

A : Use Identity Platform to provision users and groups to Google Cloud.

B : Use Cloud Identity SAML integration to provision users and groups to Google Cloud.

C : Install Google Cloud Directory Sync and connect it to Active Directory and Cloud Identity.

D : Create Identity and Access Management (IAM) roles with permissions corresponding to each Active Directory group.

E : Create Identity and Access Management (IAM) groups with permissions corresponding to each Active Directory group.

Answer: C,E

Question 3

You are in charge of migrating a legacy application from your company datacenters to GCP before the current

maintenance contract expires. You do not know what ports the application is using and no documentation is

available for you to check. You want to complete the migration without putting your environment at risk.

What should you do?

A : grate the application into an isolated project using a “Lift & Shift” approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

B : grate the application into an isolated project using a “Lift & Shift” approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.

C : factor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

D : factor the application into a micro-services architecture hosted in Cloud Functions in an isolated project. Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Answer: A

Question 4

You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host from public locations so they can access the internal VPC while off-site. How should you enable this access?

A : plement Cloud VPN for the region where the bastion host lives.

B : Implement OS Login with 2-step verification for the bastion host.

C : Implement Identity-Aware Proxy TCP forwarding for the bastion host.

D : plement Google Cloud Armor in front of the bastion host.

Answer: C

Question 5

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on

setting up password requirements for their Cloud Identity account. The organization has a password policy

requirement that corporate employee passwords must have a minimum number of characters.

Which Cloud Identity password guidelines can the organization use to inform their new requirements?

A : t the minimum length for passwords to be 8 characters.

B : t the minimum length for passwords to be 10 characters.

C : t the minimum length for passwords to be 12 characters.

D : t the minimum length for passwords to be 6 characters.

Answer: A

Page: 1 / 60

Total 299 Questions | Updated On: Sep 11, 2025

Add To Cart