Free Google Professional-Cloud-Security-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Security-Engineer exam questions and correct answers

Page: 1 / 70

Total 347 Questions | Updated On: Jan 27, 2026

Add To Cart

Question 1

Your organization uses Google Workspace as the primary identity provider for Google Cloud Users in yourorganization initially created their passwords. You need to improve password security due to a recent securityevent. What should you do?

A : Audit user activity for suspicious logins by using the audit and investigation tool.

B : Conduct a security awareness training session, and set the password expiration settings to require more frequent updates.

C : Check the Enforce strong password box, and set the password expiration to occur more frequently.

D : Check the Enforce strong password box, and check Enforce password policy at the next sign-in.

Answer: D

Question 2

As a virtual interior design service company, we want to use Google Cloud Platform (GCP) for certain IT workloads. We already use a well-established directory service to manage user identities and lifecycle management, which must remain the `source of truth` directory for identities. What GCP solution can we use to meet our requirements?

A : SAML (Security Assertion Markup Language) is a protocol used for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider.

B : Identity and Access Management (IAM) in Google Cloud is known as Cloud Identity.

C : Pub/Sub is a messaging service provided by Google Cloud.

D : GCDS stands for Google Cloud Directory Sync.

Answer: D

Question 3

Your organization has established a highly sensitive project within a VPC Service Controls perimeter. Youneed to ensure that only users meeting specific contextual requirements such as having a company-manageddevice, a specific location, and a valid user identity can access resources within this perimeter. You want toevaluate the impact of this change without blocking legitimate access. What should you do?

A : Configure a VPC Service Controls perimeter in dry run mode, and enforce strict network segmentationusing firewall rules. Use multi-factor authentication (MFA) for user verification.

B : Use Cloud Audit Logs to monitor user access to the project resources. Use post-incident analysis toidentify unauthorized access attempts.

C : Establish a Context-Aware Access policy that specifies the required contextual attributes, and associatethe policy with the VPC Service Controls perimeter in dry run mode.

D : Use the VPC Service Control Violation dashboard to identify the impact of details about access denialsby service perimeters.

Answer: C

Question 4

A company has redundant mail servers in different Google Cloud Platform regions and wants to route

customers to the nearest mail server based on location.

How should the company accomplish this?

A : Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995

B : Create a Network Load Balancer to listen on TCP port 995 with a forwarding rule to forward traffic based on location

C : Use Cross-Region Load Balancing with an HTTP(S) load balancer to route traffic to the nearest region.

D : Use Cloud CDN to route the mail traffic to the closest origin mail server based on client IP address.

Answer: A

Question 5

You have just created a new log bucket to replace the _Default log bucket. You want to route all log entries that are currently routed to the _Default log bucket to this new log bucket in the most efficient manner. What should you do?

A : Create a user-defined sink with inclusion filters copied from the _Default sink. Select the new log bucket as the sink destination.

B : Create exclusion filters for the _Default sink to prevent it from receiving new logs. Create a userdefined sink, and select the new log bucket as the sink destination.

C : Disable the _Default sink. Create a user-defined sink and select the new log bucket as the sink destination.

D : Edit the _Default sink, and select the new log bucket as the sink destination.

Answer: D

Page: 1 / 70

Total 347 Questions | Updated On: Jan 27, 2026

Add To Cart