Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

Google Professional Cloud Security Engineer PROFESSIONAL CLOUD SECURITY ENGINEER Exam Questions in PDF

Free Google PROFESSIONAL CLOUD SECURITY ENGINEER Dumps Questions (page: 2)

PROFESSIONAL CLOUD SECURITY ENGINEER PDF — 361 Questions

A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection.

Which product should be used to meet these requirements?

  1. Cloud Armor
  2. VPC Firewall Rules
  3. Cloud Identity and Access Management
  4. Cloud CDN

Answer(s): A


Reference:

https://cloud.google.com/blog/products/identity-security/understanding-google-cloud- armors-new- waf-capabilities



A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.

Which two approaches can you take to meet the requirements? (Choose two.)

  1. Configure the project with Cloud VPN.
  2. Configure the project with Shared VPC.
  3. Configure the project with Cloud Interconnect.
  4. Configure the project with VPC peering.
  5. Configure all Compute Engine instances with Private Access.

Answer(s): A,C

Explanation:

A) IPsec VPN tunels: https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview Interconnect https://cloud.google.com/network-
connectivity/docs/interconnect/concepts/dedicated-overview


Reference:

https://cloud.google.com/solutions/secure-data-workloads-use-cases



A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity- Aware Proxy.

What should the customer do to meet these requirements?

  1. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
  2. Make sure that the ERP system can validate the identity headers in the HTTP requests.
  3. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
  4. Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.

Answer(s): A

Explanation:

Use Cryptographic Verification If there is a risk of IAP being turned off or bypassed, your app can check to make sure the identity information it receives is valid. This uses a third web request header added by IAP, called X-Goog-IAP-JWT-Assertion. The value of the header is a cryptographically signed object that also contains the user identity data. Your application can verify the digital signature and use the data provided in this object to be certain that it was provided by IAP without alteration.



A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.

What should you do?

  1. Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
  2. Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
  3. Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
  4. Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Answer(s): A


Reference:

https://cloud.google.com/logging/docs/logs-based-metrics/



Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization.

Which logging export strategy should you use to meet the requirements?

  1. 1. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project.
    2. Subscribe SIEM to the topic.
  2. 1. Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project.
    2. Process Cloud Storage objects in SIEM.
  3. 1. Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project.
    2. Subscribe SIEM to the topic.
  4. 1. Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project.
    2. Process Cloud Storage objects in SIEM.

Answer(s): C

Explanation:

"Your team needs to obtain a unified log view of all development cloud projects in your SIEM" - This means we are ONLY interested in development projects. "The development projects are under the NONPROD organization folder with the test and pre-production projects" - We will need to filter out development from others i.e test and pre-prod. "The development projects share the ABC-BILLING billing account with the rest of the organization." - This is unnecessary information.



Viewing page 2 of 48

Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:

T
Tink
7/24/2023 9:23:00 AM

great for prep

GERMANY
J
Jaro
12/18/2023 3:12:00 PM

i think in question 7 the first answer should be power bi portal (not power bi)

Anonymous
9
9eagles
4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.

Anonymous
T
Tai
8/28/2023 5:28:00 AM

wonderful material

SOUTH AFRICA
V
VoiceofMidnight
12/29/2023 4:48:00 PM

i passed!! ...but barely! got 728, but needed 720 to pass. the exam hit me with labs right out of the gate! then it went to multiple choice. protip: study the labs!

UNITED STATES
A
A K
8/3/2023 11:56:00 AM

correct answer for question 92 is c -aws shield

Anonymous
N
Nitin Mindhe
11/27/2023 6:12:00 AM

great !! it is really good

IRELAND
B
BailleyOne
11/22/2023 1:45:00 AM

explanations for the answers are to the point.

Anonymous
P
patel
10/25/2023 8:17:00 AM

how can rea next

INDIA
M
MortonG
10/19/2023 6:32:00 PM

question: 128 d is the wrong answer...should be c

EUROPEAN UNION
J
Jayant
11/2/2023 3:15:00 AM

thanks for az 700 dumps

Anonymous
B
Bipul Mishra
12/14/2023 7:12:00 AM

thank you for this tableau dumps . it will helpfull for tableau certification

UNITED STATES
H
hello
10/31/2023 12:07:00 PM

good content

Anonymous
M
Matheus
9/3/2023 2:14:00 PM

just testing if the comments are real

UNITED STATES
Y
yenvti2@gmail.com
8/12/2023 7:56:00 PM

very helpful for exam preparation

Anonymous
M
Miguel
10/5/2023 12:16:00 PM

question 11: https://help.salesforce.com/s/articleview?id=sf.admin_lead_to_patient_setup_overview.htm&type=5

SPAIN
N
Noushin
11/28/2023 4:52:00 PM

i think the answer to question 42 is b not c

CANADA
S
susan sandivore
8/28/2023 1:00:00 AM

thanks for the dump

Anonymous
A
Aderonke
10/31/2023 12:51:00 AM

fantastic assessments

Anonymous
P
Priscila
7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.

GERMANY
S
suresh
12/16/2023 10:54:00 PM

nice document

Anonymous
W
Wali
6/4/2023 10:07:00 PM

thank you for making the questions and answers intractive and selectable.

UNITED STATES
N
Nawaz
7/18/2023 1:10:00 AM

answers are correct?

UNITED STATES
D
das
6/23/2023 7:57:00 AM

can i belive this dump

INDIA
S
Sanjay
10/15/2023 1:34:00 PM

great site to practice for sitecore exam

INDIA
J
jaya
12/17/2023 8:36:00 AM

good for students

UNITED STATES
B
Bsmaind
8/20/2023 9:23:00 AM

nice practice dumps

Anonymous
K
kumar
11/15/2023 11:24:00 AM

nokia 4a0-114 dumps

Anonymous
V
Vetri
10/3/2023 12:59:00 AM

great content and wonderful to have the answers with explanation

UNITED STATES
R
Ranjith
8/21/2023 3:39:00 PM

for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.

Anonymous
E
Eduardo Ramírez
12/11/2023 9:55:00 PM

the correct answer for the question 29 is d.

Anonymous
D
Dass
11/2/2023 7:43:00 AM

question no 22: correct answers: bc, 1 per session 1 per page 1 per component always

UNITED STATES
R
Reddy
12/14/2023 2:42:00 AM

these are pretty useful

Anonymous
D
Daisy Delgado
1/9/2023 1:05:00 PM

awesome

UNITED STATES
AI Tutor 👋 I’m here to help!