Google Professional-Cloud-Security-Engineer Exam Actual Questions

Name: Professional Cloud Security Engineer
Brand: QA4Exam
SKU: Professional-Cloud-Security-Engineer
Price: 30 USD
Availability: InStock
Rating: 5.0 (370 reviews)

The questions for Professional-Cloud-Security-Engineer were last updated on Oct 4, 2024.

Viewing page 1 out of 47 pages.
Viewing questions 1-5 out of 233 questions

Unlock Access to All 233 Questions & Answers

Question No. 1

You manage a fleet of virtual machines (VMs) in your organization. You have encountered issues with lack of patching in many VMs. You need to automate regular patching in your VMs and view the patch management data across multiple projects.

What should you do?

Choose 2 answers

ADeploy patches with VM Manager by using OS patch management

BView patch management data in VM Manager by using OS patch management.

CDeploy patches with Security Command Center by using Rapid Vulnerability Detection.

DView patch management data in a Security Command Center dashboard.

EView patch management data in Artifact Registry.

Show Answer

Correct Answer: A, B

https://cloud.google.com/compute/docs/os-patch-management

Question No. 2

Employees at your company use their personal computers to access your organization s Google Cloud console. You need to ensure that users can only access the Google Cloud console from their corporate-issued devices and verify that they have a valid enterprise certificate

What should you do?

AImplement an Identity and Access Management (1AM) conditional policy to verify the device certificate

BImplement a VPC firewall policy Activate packet inspection and create an allow rule to validate and verify the device certificate.

CImplement an organization policy to verify the certificate from the access context.

DImplement an Access Policy in BeyondCorp Enterprise to verify the device certificate Create an access binding with the access policy just created.

Show Answer

Correct Answer: D

https://cloud.google.com/beyondcorp?hl=pt-br

Question No. 3

You are developing a new application that uses exclusively Compute Engine VMs Once a day. this application will execute five different batch jobs Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle

What should you do?

A1. Create a general service account **g-sa' to execute the batch jobs.
* 2 Grant the permissions required to execute the batch jobs to g-sa.
* 3. Execute the batch jobs with the permissions granted to g-sa

B1. Create a general service account 'g-sa' to orchestrate the batch jobs.
* 2. Create one service account per batch job Mb-sa-[1-5],' and grant only the permissions required to run the individual batch jobs to the service accounts.
* 3. Grant the Service Account Token Creator role to g-sa Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5].

C1. Create a workload identity pool and configure workload identity pool providers for each batch job
* 2 Assign the workload identity user role to each of the identities configured in the providers.
* 3. Create one service account per batch job Mb-sa-[1-5]'. and grant only the permissions required to run the individual batch jobs to the service accounts
* 4 Generate credential configuration files for each of the providers Use these files to execute the batch jobs with the permissions of b-sa-[1-5].
D.
* 1. Create a general service account 'g-sa' to orchestrate the batch jobs.
* 2 Create one service account per batch job 'b-sa-[1-5)\ Grant only the permissions required to run the individual batch jobs to the service accounts and generate service account keys for each of these service accounts
* 3. Store the service account keys in Secret Manager. Grant g-sa access to Secret Manager and run the batch jobs with the permissions of b-sa-[1-5].

Show Answer

Correct Answer: B

Question No. 4

Your company's users access data in a BigQuery table. You want to ensure they can only access the data during working hours.

What should you do?

AAssign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours.

BConfigure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours.

CAssign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours

DRun a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

Show Answer

Correct Answer: A

Question No. 5

Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud You must implement data residency and operational sovereignty in the EU.

What should you do?

Choose 2 answers

ALimit the physical location of a new resource with the Organization Policy Service resource locations
constraint.'

BUse Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and mter-VPC communication.

CLimit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications

DUse identity federation to limit access to Google Cloud resources from non-EU entities.

EUse VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU.

Show Answer

Correct Answer: A, C

https://cloud.google.com/architecture/framework/security/data-residency-sovereignty#manage_your_operational_sovereignty

Unlock All Questions for Google Professional-Cloud-Security-Engineer Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 233 Questions & Answers