Free Online Google Professional-Cloud-Security-Engineer Practice Test

Prepare Your Google Professional-Cloud-Security-Engineer Exam Questions with Free online Professional-Cloud-Security-Engineer Practice Test. Get Brilliant Professional Cloud Security Engineer Exam Results with Valid Professional Cloud Security Engineer Exam Dumps.

Page: 1 / 57

Total 284 Questions | Updated On: Apr 23, 2024

Question 1

An employer wants to track how bonus compensations have changed over time to identify employee outliers

and correct earning disparities. This task must be performed without exposing the sensitive compensation data

for any individual and must be reversible to identify the outlier.

Which Cloud Data Loss Prevention API technique should you use to accomplish this?

A : Generalization

B : Redaction

C : CryptoHashConfig

D : CryptoReplaceFfxFpeConfig

Answer: D

Question 2

A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.

Which two strategies should your team use to meet these requirements? (Choose two.)

A : Configure Private Google Access on the Compute Engine subnet

B : Avoid assigning public IP addresses to the Compute Engine cluster.

C : Make sure that the Compute Engine cluster is running on a separate subnet.

D : Turn off IP forwarding on the Compute Engine instances in the cluster.

E : Configure a Cloud NAT gateway.

Answer: A,B

Question 3

You run applications on Cloud Run. You already enabled container analysis for vulnerability scanning.

However, you are concerned about the lack of control on the applications that are deployed. You must ensure

that only trusted container images are deployed on Cloud Run.

What should you do?

Choose 2 answers

A : Enable Binary Authorization on the existing Kubernetes cluster.

B : Set the organization policy constraint constraints/run. allowedBinaryAuthorizationPolicie to the list of allowed Binary Authorization policy names.

C : Set the organization policy constraint constraints/compute.trustedimageProjects to the list of protects that contain the trusted container images

D : Enable Binary Authorization on the existing Cloud Run service

E : Use Cloud Run breakglass to deploy an image that meets the Binary Authorization policy by default.

Answer: B,D

Question 4

You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host from public locations so they can access the internal VPC while off-site. How should you enable this access?

A : Implement Cloud VPN for the region where the bastion host lives.

B : Implement OS Login with 2-step verification for the bastion host.

C : Implement Identity-Aware Proxy TCP forwarding for the bastion host.

D : Implement Google Cloud Armor in front of the bastion host.

Answer: C

Question 5

You are a consultant for an organization that is considering migrating their data from its private cloud to Google Cloud. The organization's compliance team is not familiar with Google Cloud and needs guidance on how compliance requirements will be met on Google Cloud. One specific compliance requirement is for customer data at rest to reside within specific geographic boundaries. Which option should you recommend for the organization to meet their data residency requirements on Google Cloud?

A : Organization Policy Service constraints

B : Shielded VM instances

C : Access control lists

D : Geolocation access controls

E : Google Cloud Armor

Answer: A

Page: 1 / 57

Total 284 Questions | Updated On: Apr 23, 2024