Most Recent Google Professional-Cloud-Security-Engineer Exam Questions & Answers

Prepare for the Google Professional Cloud Security Engineer exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Google Professional-Cloud-Security-Engineer exam and achieve success.

The questions for Professional-Cloud-Security-Engineer were last updated on Dec 22, 2024.

Viewing page 1 out of 47 pages.
Viewing questions 1-5 out of 233 questions

Get All 233 Questions & Answers

Question No. 1

A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to ensure payment information is encrypted between the customer's browser and GCP when the customers checkout online.

What should they do?

AConfigure an SSL Certificate on an L7 Load Balancer and require encryption.

BConfigure an SSL Certificate on a Network TCP Load Balancer and require encryption.

CConfigure the firewall to allow inbound traffic on port 443, and block all other inbound traffic.

DConfigure the firewall to allow outbound traffic on port 443, and block all other outbound traffic.

Show Answer

Correct Answer: A

https://cloud.google.com/load-balancing/docs/load-balancing-overview#external_versus_internal_load_balancing

Question No. 2

A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the appropriate log entries.

Where should you export the logs?

ABigQuery datasets

BCloud Storage buckets

CStackDriver logging

DCloud Pub/Sub topics

Show Answer

Correct Answer: B

Question No. 3

You control network traffic for a folder in your Google Cloud environment. Your folder includes multiple projects and Virtual Private Cloud (VPC) networks You want to enforce on the folder level that egress connections are limited only to IP range 10.58.5.0/24 and only from the VPC network dev-vpc." You want to minimize implementation and maintenance effort

What should you do?

A* 1. Attach external IP addresses to the VMs in scope.
* 2. Configure a VPC Firewall rule in 'dev-vpc' that allows egress connectivity to IP range 10.58.5.0/24 for all source addresses in this network.

B* 1. Attach external IP addresses to the VMs in scope.
* 2. Define and apply a hierarchical firewall policy on folder level to deny all egress connections and to allow egress to IP range 10 58.5.0/24 from network dev-vpc.

C* 1. Leave the network configuration of the VMs in scope unchanged.
* 2. Create a new project including a new VPC network 'new-vpc.'
* 3 Deploy a network appliance in 'new-vpc' to filter access requests and only allow egress connections from -dev-vpc' to 10.58.5.0/24.

D* 1 Leave the network configuration of the VMs in scope unchanged
* 2 Enable Cloud NAT for dev-vpc' and restrict the target range in Cloud NAT to 10.58.5 0/24.

Show Answer

Correct Answer: B

This approach allows you to control network traffic at the folder level. By attaching external IP addresses to the VMs in scope, you can ensure that the VMs have a unique, routable IP address for outbound connections. Then, by defining and applying a hierarchical firewall policy at the folder level, you can enforce that egress connections are limited to the specified IP range and only from the specified VPC network.

Question No. 4

As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.

Which cost reduction options should you recommend?

ASet appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.

BSet appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.

CUse rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.

DUse FindingLimits and TimespanContfig to sample data and minimize transformation units.

Show Answer

Correct Answer: C

https://cloud.google.com/dlp/docs/inspecting-storage#sampling https://cloud.google.com/dlp/docs/best-practices-costs#limit_scans_of_files_in_to_only_relevant_files

Question No. 5

An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.

Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses

Which solution should your team implement to meet these requirements?

ACloud Armor

BNetwork Load Balancing

CSSL Proxy Load Balancing

DNAT Gateway

Show Answer

Correct Answer: A

https://cloud.google.com/armor/docs/security-policy-overview#edge-security

Unlock All Questions for Google Professional-Cloud-Security-Engineer Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 233 Questions & Answers