Free Professional-Cloud-Security-Engineer Exam Questions - Easiest Way for Success

Prepare for the Google Professional-Cloud-Security-Engineer exam questions with our authentic preparation materials, including free Professional-Cloud-Security-Engineer practice exam questions and answers. TheExamsLab provides all the support you need to succeed in the Professional Cloud Security Engineer Professional-Cloud-Security-Engineer exam. This dedication to student success is why we have the most satisfied Professional-Cloud-Security-Engineer certification exam candidates worldwide.

Page: 1 / 57

Total 284 Questions | Updated On: Sep 13, 2024

Add To Cart

Question 1

A company has redundant mail servers in different Google Cloud Platform regions and wants to route

customers to the nearest mail server based on location.

How should the company accomplish this?

A : Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995

B : Create a Network Load Balancer to listen on TCP port 995 with a forwarding rule to forward traffic based on location

C : Use Cross-Region Load Balancing with an HTTP(S) load balancer to route traffic to the nearest region.

D : Use Cloud CDN to route the mail traffic to the closest origin mail server based on client IP address.

Answer: A

Question 2

You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?

A : Create an hourly cron job to run a Cloud Function that finds public buckets and makes them private.

B : Enable the constraints/storage.publicAccessPrevention constraint at the organization level.

C : Enable the constraints/storage.uniformBucketLevelAccess constraint at the organization level.

D : Create a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.

Answer: B

Question 3

As an Online education platform company, you need to develop an internal App Engine application that can access a user's Google Drive without relying on current user credentials, while following Google's recommended practices. What steps should you take to accomplish this using Google Cloud Services?

A : To impersonate the user, you should create a new service account and provide it G Suite domain-wide delegation, which the application can use.

B : To ensure secure operations of the application, it is recommended to use a separate G Suite Admin account and authenticate the application's activities using these credentials.

C : Generate a fresh Service account and assign Service Account User role to all the users of the application.

D : To grant access to all application users, a new Service account should be created and a Google Group should be created and all application users should be added to this group. Then, grant the Service Account User role to this group.

Answer: A

Question 4

You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive data. Your solution has the following requirements: • Schedule key rotation for sensitive data. • Control which region the encryption keys for sensitive data are stored in. • Minimize the latency to access encryption keys for both sensitive and non-sensitive data.

What should you do?

A : Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.

B : Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.

C : Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.

D : Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Senrice

Answer: D

Question 5

As a member of the security team for a Smart Home Automation company, what steps should you take to reduce the scope of systems subject to PCI audit standards in your GCP project that includes credit card payment processing systems, web applications, and data processing systems?

A : It is recommended to utilize VPN to establish connections between your office and cloud environments.

B : Separate the GCP project to house the cardholder data environment.

C : It is recommended to implement multi-factor authentication to secure the admin access to the web application.

D : Utilize solely PA-DSS compliant certified applications.

Answer: B

Page: 1 / 57

Total 284 Questions | Updated On: Sep 13, 2024

Add To Cart