Google Professional Cloud Security Engineer Exam Practice Test

Page: 1 / 14
Total 134 questions

Question 1

A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.

Which two strategies should your team use to meet these requirements? (Choose two.)

Answer : B, E

Question 2

An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.

Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses

Which solution should your team implement to meet these requirements?

Answer : A

Question 3

An organization's security and risk management teams are concerned about where their responsibility lies for certain production workloads they are running in Google Cloud Platform (GCP), and where Google's responsibility lies. They are mostly running workloads using Google Cloud's Platform-as-a-Service (PaaS) offerings, including App Engine primarily.

Which one of these areas in the technology stack would they need to focus on as their primary responsibility when using App Engine?

Answer : B

Question 4

Your team wants to limit users with administrative privileges at the organization level.

Which two roles should your team restrict? (Choose two.)

Answer : A, B

Question 5

Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default Service Account.

What should you do?

Answer : C

Question 6

Applications often require access to ''secrets'' - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of ''who did what, where, and when?'' within their GCP projects.

Which two log streams would provide the information that the administrator is looking for? (Choose two.)

Answer : A, C

Question 7

Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.

What should you do?

Answer : B

Page:    1 / 14   
Total 134 questions