Google Professional Cloud Security Engineer PROFESSIONAL CLOUD SECURITY ENGINEER Dumps in PDF

Free Google PROFESSIONAL CLOUD SECURITY ENGINEER Real Questions (page: 1)

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.

Which two settings must remain disabled to meet these requirements? (Choose two.)

  1. Public IP
  2. IP Forwarding
  3. Private Google Access
  4. Static routes
  5. IAM Network User Role

Answer(s): A,C


Reference:

https://cloud.google.com/vpc/docs/configure-private-google-access



Which two implied firewall rules are defined on a VPC network? (Choose two.)

  1. A rule that allows all outbound connections
  2. A rule that denies all inbound connections
  3. A rule that blocks all inbound port 25 connections
  4. A rule that blocks all outbound connections
  5. A rule that allows all inbound port 80 connections

Answer(s): A,B

Explanation:

Implied IPv4 allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination

Implied IPv4 deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming connections to them.

https://cloud.google.com/vpc/docs/firewalls?hl=en#default_firewall_rules



A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.

How should the customer achieve this using Google Cloud Platform?

  1. Use Cloud Source Repositories, and store secrets in Cloud SQL.
  2. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
  3. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
  4. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.

Answer(s): B



Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.

What should your team do to meet these requirements?

  1. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
  2. Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
  3. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
  4. Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

Answer(s): A

Explanation:

"In order to be able to keep using the existing identity management system, identities need to be synchronized between AD and GCP IAM. To do so google provides a tool called Cloud Directory Sync. This tool will read all identities in AD and replicate those within GCP. Once the identities have been replicated then it's possible to apply IAM permissions on the groups. After that you will configure SAML so google can act as a service provider and either you ADFS or other third party tools like Ping or Okta will act as the identity provider. This way you effectively delegate the authentication from Google to something that is under your control."



When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

  1. Ensure that the app does not run as PID 1.
  2. Package a single app as a container.
  3. Remove any unnecessary tools not needed by the app.
  4. Use public container images as a base image for the app.
  5. Use many container image layers to hide sensitive information.

Answer(s): B,C


Reference:

https://cloud.google.com/solutions/best-practices-for-building-containers https://cloud.google.com/architecture/best-practices-for-building- containers#solution_1_run_as_pid_1_and_register_signal_handlers



Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:

M
mohamed
9/12/2023 5:26:00 AM

good one thanks

M
Mfc
10/23/2023 3:35:00 PM

only got thru 5 questions, need more to evaluate

W
Whizzle
7/24/2023 6:19:00 AM

q26 should be b

S
sarra
1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.

D
DBS
5/14/2023 12:56:00 PM

need to attend this

D
Da_costa
8/1/2023 5:28:00 PM

these are free brain dumps i understand, how can one get free pdf

V
vikas
10/28/2023 6:57:00 AM

provide access

A
Abdullah
9/29/2023 2:06:00 AM

good morning

R
Raj
6/26/2023 3:12:00 PM

please upload the ncp-mci 6.5 dumps, really need to practice this one. thanks guys

M
Miguel
10/5/2023 12:21:00 PM

question 16: https://help.salesforce.com/s/articleview?id=sf.care_console_overview.htm&type=5

H
Hiren Ladva
7/8/2023 10:34:00 PM

yes i m prepared exam

O
oliverjames
10/24/2023 5:37:00 AM

my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!

B
Bhuddhiman
7/20/2023 11:52:00 AM

great course

A
Anuj
1/14/2024 4:07:00 PM

very good question

S
Saravana Kumar TS
12/8/2023 9:49:00 AM

question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.

L
Lue
3/30/2023 11:43:00 PM

highly recommend just passed my exam.

D
DC
1/7/2024 10:17:00 AM

great practice! thanks

A
Anonymus
11/9/2023 5:41:00 AM

anyone who wrote this exam recently?

K
Khalid Javid
11/17/2023 3:46:00 PM

kindly share the dump

N
Na
8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.

S
shime
10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1

V
Vnu
6/3/2023 2:39:00 AM

very helpful!

S
Steve
8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod

R
RITEISH
12/24/2023 4:33:00 AM

thanks for the exact solution

S
SB
10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam

M
Mike Derfalem
7/16/2023 7:59:00 PM

i need it right now if it was possible please

I
Isak
7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.

M
Maria
6/23/2023 11:40:00 AM

correct answer is d for student.java program

N
Nagendra Pedipina
7/12/2023 9:10:00 AM

q:37 c is correct

J
John
9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???

S
SAM
12/4/2023 12:56:00 AM

explained answers

A
Andy
12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks

S
siva
5/17/2023 12:32:00 AM

very helpfull

M
mouna
9/27/2023 8:53:00 AM

good questions

AI Tutor 👋 I’m here to help!