ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Security Engineer
Ask QuestionAsk Question

Professional Cloud Security Engineer: Professional Cloud Security Engineer

Professional Cloud Security Engineer
Vendor:

Google

Professional Cloud Security Engineer Exam Questions: 235
Professional Cloud Security Engineer   2.370 Learners
Take Practice Tests
Comming soon
PDF | VPLUS

The Professional Cloud Security Engineer exam is crucial for IT professionals aiming to validate their skills in designing, implementing, and managing secure infrastructure on the Google Cloud Platform. To increase your chances of passing, practicing with real exam questions shared by those who have succeeded can be invaluable. In this guide, we’ll provide you with practice test questions and answers offering insights directly from candidates who have already passed the exam.

Exam Details:

  • Exam Name: Professional Cloud Security Engineer

  • Length of test: 2 hours (120 minutes)

  • Exam Format: Multiple-choice and multiple-select questions

  • Exam Language: English

  • Number of questions in the actual exam: 50-60 questions

  • Passing Score: 70%

Why Use Professional Cloud Security Engineer Practice Test?

  • Real Exam Experience: Our practice tests accurately replicate the format and difficulty of the actual Professional Cloud Security Engineer exam, providing you with a realistic preparation experience.

  • Identify Knowledge Gaps: Practicing with these tests helps you identify areas where you need more study, allowing you to focus your efforts effectively.

  • Boost Confidence: Regular practice with exam-like questions builds your confidence and reduces test anxiety.

  • Track Your Progress: Monitor your performance over time to see your improvement and adjust your study plan accordingly.

Key Features of Professional Cloud Security Engineer Practice Test:

  • Up-to-Date Content: Our community ensures that the questions are regularly updated to reflect the latest exam objectives and technology trends.

  • Detailed Explanations: Each question comes with detailed explanations, helping you understand the correct answers and learn from any mistakes.

  • Comprehensive Coverage: The practice tests cover all key topics of the Professional Cloud Security Engineer exam, including designing secure infrastructure, data protection, and security operations.

  • Customizable Practice: Create your own practice sessions based on specific topics or difficulty levels to tailor your study experience to your needs.

Use the member-shared Professional Cloud Security Engineer Practice Tests to ensure you're fully prepared for your certification exam. Start practicing today and take a significant step towards achieving your certification goals!

Related questions

Question

Report
Export
Collapse

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.

What should you do?

Become a Premium Member for full access
Unlock Premium Member  Unlock Premium Member

Question

Report
Export
Collapse

Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in a Cloud Storage bucket. Your team has the following requirements:

The Cloud Storage bucket in Project A can only be readable from Project B.

The Cloud Storage bucket in Project A cannot be accessed from outside the network.

Data in the Cloud Storage bucket cannot be copied to an external Cloud Storage bucket.

What should the security team do?

Become a Premium Member for full access
Unlock Premium Member  Unlock Premium Member

Question

Report
Export
Collapse

Your organization acquired a new workload. The Web and Application (App) servers will be running on Compute Engine in a newly created custom VPC. You are responsible for configuring a secure network communication solution that meets the following requirements:

Only allows communication between the Web and App tiers.

Enforces consistent network security when autoscaling the Web and App tiers.

Prevents Compute Engine Instance Admins from altering network traffic.

What should you do?

A.
1. Configure all running Web and App servers with respective network tags. 2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.
A.
1. Configure all running Web and App servers with respective network tags. 2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.
Answers
B.
1. Configure all running Web and App servers with respective service accounts. 2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.
B.
1. Configure all running Web and App servers with respective service accounts. 2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.
Answers
C.
1. Re-deploy the Web and App servers with instance templates configured with respective network tags. 2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.
C.
1. Re-deploy the Web and App servers with instance templates configured with respective network tags. 2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.
Answers
D.
1. Re-deploy the Web and App servers with instance templates configured with respective service accounts. 2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.
D.
1. Re-deploy the Web and App servers with instance templates configured with respective service accounts. 2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.
Answers
Suggested answer: D

Explanation:

https://cloud.google.com/vpc/docs/firewalls#service-accounts-vs-tags

https://cloud.google.com/vpc/docs/firewalls#service-accounts-vs-tags

A service account represents an identity associated with an instance. Only one service account can be associated with an instance. You control access to the service account by controlling the grant of the Service Account User role for other IAM principals. For an IAM principal to start an instance by using a service account, that principal must have the Service Account User role to at least use that service account and appropriate permissions to create instances (for example, having the Compute Engine Instance Admin role to the project).

asked 18/09/2024
Nguyen Tan Hung
49 questions

Question

Report
Export
Collapse

You have been tasked with inspecting IP packet data for invalid or malicious content. What should you do?

Become a Premium Member for full access
Unlock Premium Member  Unlock Premium Member

Question

Report
Export
Collapse

You have been tasked with implementing external web application protection against common web application attacks for a public application on Google Cloud. You want to validate these policy changes before they are enforced. What service should you use?

A.
Google Cloud Armor's preconfigured rules in preview mode
A.
Google Cloud Armor's preconfigured rules in preview mode
Answers
B.
Prepopulated VPC firewall rules in monitor mode
B.
Prepopulated VPC firewall rules in monitor mode
Answers
C.
The inherent protections of Google Front End (GFE)
C.
The inherent protections of Google Front End (GFE)
Answers
D.
Cloud Load Balancing firewall rules
D.
Cloud Load Balancing firewall rules
Answers
E.
VPC Service Controls in dry run mode
E.
VPC Service Controls in dry run mode
Answers
Suggested answer: A

Explanation:

You can preview the effects of a rule without enforcing it. In preview mode, actions are noted in Cloud Monitoring. You can choose to preview individual rules in a security policy, or you can preview every rule in the policy. https://cloud.google.com/armor/docs/security-policy-overview#preview_mode

asked 18/09/2024
Raymond Chan
32 questions

Question

Report
Export
Collapse

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.

How should you prevent and fix this vulnerability?

A.
Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.
A.
Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.
Answers
B.
Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.
B.
Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.
Answers
C.
Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.
C.
Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.
Answers
D.
Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.
D.
Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.
Answers
Suggested answer: D

Explanation:

There is mention about simulating in Web Security Scanner. 'Web Security Scanner cross-site scripting (XSS) injection testing *simulates* an injection attack by inserting a benign test string into user-editable fields and then performing various user actions.' https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings#xss

asked 18/09/2024
Aaron Ford Jr
46 questions

Question

Report
Export
Collapse

For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on ''in- scope'' Nodes only. These Nodes can only contain the ''in-scope'' Pods.

How should the organization achieve this objective?

A.
Add a nodeSelector field to the pod configuration to only use the Nodes labeled inscope: true.
A.
Add a nodeSelector field to the pod configuration to only use the Nodes labeled inscope: true.
Answers
B.
Create a node pool with the label inscope: true and a Pod Security Policy that only allows the Pods to run on Nodes with that label.
B.
Create a node pool with the label inscope: true and a Pod Security Policy that only allows the Pods to run on Nodes with that label.
Answers
C.
Place a taint on the Nodes with the label inscope: true and effect NoSchedule and a toleration to match in the Pod configuration.
C.
Place a taint on the Nodes with the label inscope: true and effect NoSchedule and a toleration to match in the Pod configuration.
Answers
D.
Run all in-scope Pods in the namespace ''in-scope-pci''.
D.
Run all in-scope Pods in the namespace ''in-scope-pci''.
Answers
Suggested answer: A

Explanation:

nodeSelector is the simplest recommended form of node selection constraint. You can add the nodeSelector field to your Pod specification and specify the node labels you want the target node to have. Kubernetes only schedules the Pod onto nodes that have each of the labels you specify. => https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector Tolerations are applied to pods. Tolerations allow the scheduler to schedule pods with matching taints. Tolerations allow scheduling but don't guarantee scheduling: the scheduler also evaluates other parameters as part of its function. => https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

asked 18/09/2024
OLUSEGUN IJAOLA
28 questions

Question

Report
Export
Collapse

A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.

What should you do to meet these requirements?

A.
Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.
A.
Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.
Answers
B.
Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.
B.
Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.
Answers
C.
Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
C.
Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
Answers
D.
Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.
D.
Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.
Answers
Suggested answer: A

Explanation:

https://cloud.google.com/iam/docs/understanding-roles#project-roles

asked 18/09/2024
Nickolas Abbas
51 questions

Question

Report
Export
Collapse

An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier.

Which Cloud Data Loss Prevention API technique should you use to accomplish this?

A.
Generalization
A.
Generalization
Answers
B.
Redaction
B.
Redaction
Answers
C.
CryptoHashConfig
C.
CryptoHashConfig
Answers
D.
CryptoReplaceFfxFpeConfig
D.
CryptoReplaceFfxFpeConfig
Answers
Suggested answer: D

Explanation:

De-identifying sensitive data Cloud Data Loss Prevention (DLP) can de-identify sensitive data in text content, including text stored in container structures such as tables. De-identification is the process of removing identifying information from data. The API detects sensitive data such as personally identifiable information (PII), and then uses a de-identification transformation to mask, delete, or otherwise obscure the data. For example, de-identification techniques can include any of the following: Masking sensitive data by partially or fully replacing characters with a symbol, such as an asterisk (*) or hash (#). Replacing each instance of sensitive data with a token, or surrogate, string. Encrypting and replacing sensitive data using a randomly generated or pre-determined key. When you de-identify data using the CryptoReplaceFfxFpeConfig or CryptoDeterministicConfig infoType transformations, you can re-identify that data, as long as you have the CryptoKey used to originally de-identify the data. https://cloud.google.com/dlp/docs/deidentify-sensitive-data

asked 18/09/2024
massamba gaye
23 questions

Question

Report
Export
Collapse

You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?

A.
On the Google Admin console, select the appropriate user account, and generate a backup code to allow the user to sign in. Ask the user to update their second factor.
A.
On the Google Admin console, select the appropriate user account, and generate a backup code to allow the user to sign in. Ask the user to update their second factor.
Answers
B.
On the Google Admin console, temporarily disable the 2SV requirements for all users. Ask the user to log in and add their new second factor to their account. Re-enable the 2SV requirement for all users.
B.
On the Google Admin console, temporarily disable the 2SV requirements for all users. Ask the user to log in and add their new second factor to their account. Re-enable the 2SV requirement for all users.
Answers
C.
On the Google Admin console, select the appropriate user account, and temporarily disable 2SV for this account Ask the user to update their second factor, and then re-enable 2SV for this account.
C.
On the Google Admin console, select the appropriate user account, and temporarily disable 2SV for this account Ask the user to update their second factor, and then re-enable 2SV for this account.
Answers
D.
On the Google Admin console, use a super administrator account to reset the user account's credentials. Ask the user to update their credentials after their first login.
D.
On the Google Admin console, use a super administrator account to reset the user account's credentials. Ask the user to update their credentials after their first login.
Answers
Suggested answer: A

Explanation:

https://support.google.com/a/answer/9176734

Use backup codes for account recovery If you need to recover an account, use backup codes. Accounts are still protected by 2-Step Verification, and backup codes are easy to generate.

asked 18/09/2024
Jason Evans
47 questions
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium