[Nov-2023] Latest Google Professional-Cloud-Security-Engineer Certification Practice Test Questions [Q84-Q99]


0
4.7/5 - (3 votes)

[Nov-2023] Latest Google Professional-Cloud-Security-Engineer Certification Practice Test Questions

Verified Professional-Cloud-Security-Engineer Dumps Q&As – 1 Year Free & Quickly Updates

QUESTION 84
An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A well- established directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities.
Which solution meets the organization’s requirements?

 
 
 
 

QUESTION 85
A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack.
Which solution should this customer use?

 
 
 
 

QUESTION 86
You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.
What should you do?

 
 
 
 

QUESTION 87
Your Security team believes that a former employee of your company gained unauthorized access to Google Cloud resources some time in the past 2 months by using a service account key. You need to confirm the unauthorized access and determine the user activity. What should you do?

 
 
 
 

QUESTION 88
An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?

 
 
 
 

QUESTION 89
You want to make sure that your organization’s Cloud Storage buckets cannot have data publicly available to the internet. You want to enforce this across all Cloud Storage buckets. What should you do?

 
 
 
 

QUESTION 90
You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

 
 
 
 

QUESTION 91
An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A well- established directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities.
Which solution meets the organization’s requirements?

 
 
 
 

QUESTION 92
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.
What technique should the institution use?

 
 
 
 

QUESTION 93
A customer terminates an engineer and needs to make sure the engineer’s Google account is automatically deprovisioned.
What should the customer do?

 
 
 
 

QUESTION 94
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy.
What should the customer do to meet these requirements?

 
 
 
 

QUESTION 95
Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.
How should your team meet these requirements?

 
 
 
 

QUESTION 96
A Cloud Development team needs to use service accounts extensively in their local development.
You need to provide the team with the keys for these service accounts. You want to follow Google-recommended practices. What should you do?

 
 
 
 

QUESTION 97
Which international compliance standard provides guidelines for information security controls applicable to the provision and use of cloud services?

 
 
 
 

QUESTION 98
You discovered that sensitive personally identifiable information (PII) is being ingested to your Google Cloud environment in the daily ETL process from an on-premises environment to your BigQuery datasets. You need to redact this data to obfuscate the PII, but need to re-identify it for data analytics purposes. Which components should you use in your solution? (Choose two.)

 
 
 
 
 

QUESTION 99
Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects.
The development projects share the ABC-BILLING billing account with the rest of the organization.
Which logging export strategy should you use to meet the requirements?

 
 
 
 

Latest 2023 Realistic Verified Professional-Cloud-Security-Engineer Dumps – 100% Free Professional-Cloud-Security-Engineer Exam Dumps: https://www.vceprep.com/Professional-Cloud-Security-Engineer-latest-vce-prep.html

         

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter the text from the image below
 

DMCA Privacy Policy Contact US

© 2022 Latest Exam Prep.