Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Oracle
Palo Alto Networks
All Vendors
  1. Home
  2. Google
  3. Professional Cloud Security Engineer

Google Professional Cloud Security Engineer Exam (page: 2)
Google Professional Cloud Security Engineer
Updated on: 28-Nov-2025

Viewing Page 2 of 48
Professional Cloud Security Engineer PDF 346 Questions

A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection.

Which product should be used to meet these requirements?

  1. Cloud Armor
  2. VPC Firewall Rules
  3. Cloud Identity and Access Management
  4. Cloud CDN

Answer(s): A


Reference:

https://cloud.google.com/blog/products/identity-security/understanding-google-cloud- armors-new- waf-capabilities



A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.

Which two approaches can you take to meet the requirements? (Choose two.)

  1. Configure the project with Cloud VPN.
  2. Configure the project with Shared VPC.
  3. Configure the project with Cloud Interconnect.
  4. Configure the project with VPC peering.
  5. Configure all Compute Engine instances with Private Access.

Answer(s): A,C

Explanation:

A) IPsec VPN tunels: https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview Interconnect https://cloud.google.com/network-
connectivity/docs/interconnect/concepts/dedicated-overview


Reference:

https://cloud.google.com/solutions/secure-data-workloads-use-cases



A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity- Aware Proxy.

What should the customer do to meet these requirements?

  1. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
  2. Make sure that the ERP system can validate the identity headers in the HTTP requests.
  3. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
  4. Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.

Answer(s): A

Explanation:

Use Cryptographic Verification If there is a risk of IAP being turned off or bypassed, your app can check to make sure the identity information it receives is valid. This uses a third web request header added by IAP, called X-Goog-IAP-JWT-Assertion. The value of the header is a cryptographically signed object that also contains the user identity data. Your application can verify the digital signature and use the data provided in this object to be certain that it was provided by IAP without alteration.



A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.

What should you do?

  1. Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
  2. Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
  3. Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
  4. Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Answer(s): A


Reference:

https://cloud.google.com/logging/docs/logs-based-metrics/



Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization.

Which logging export strategy should you use to meet the requirements?

  1. 1. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project.
    2. Subscribe SIEM to the topic.
  2. 1. Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project.
    2. Process Cloud Storage objects in SIEM.
  3. 1. Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project.
    2. Subscribe SIEM to the topic.
  4. 1. Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project.
    2. Process Cloud Storage objects in SIEM.

Answer(s): C

Explanation:

"Your team needs to obtain a unified log view of all development cloud projects in your SIEM" - This means we are ONLY interested in development projects. "The development projects are under the NONPROD organization folder with the test and pre-production projects" - We will need to filter out development from others i.e test and pre-prod. "The development projects share the ABC-BILLING billing account with the rest of the organization." - This is unnecessary information.



Viewing Page 2 of 48



Share your comments for Google Professional Cloud Security Engineer exam with other users:

Not Robot 5/14/2023 5:33:00 PM

are these comments real
Anonymous


kriah 9/4/2023 10:44:00 PM

please upload the latest dumps
UNITED STATES


ed 12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs
UNITED STATES


Muru 12/29/2023 10:23:00 AM

looks interesting
Anonymous


Tech Lady 10/17/2023 12:36:00 PM

thanks! that’s amazing
Anonymous


Mike 8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
UNITED STATES


Nobody 9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
Anonymous


Muhammad Rawish Siddiqui 12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.
SAUDI ARABIA


Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Mort 10/19/2023 7:09:00 PM

question: 162 should be dlp (b)
EUROPEAN UNION


Eknath 10/4/2023 1:21:00 AM

good exam questions
INDIA


Nizam 6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.
EUROPEAN UNION


poran 11/20/2023 4:43:00 AM

good analytics question
Anonymous


Antony 11/23/2023 11:36:00 AM

this looks accurate
INDIA


Ethan 8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).
Anonymous


nSiva 9/22/2023 5:58:00 AM

its useful.
UNITED STATES


Ranveer 7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
SOUTH AFRICA


Sanjay 8/15/2023 10:22:00 AM

informative for me.
UNITED STATES


Tom 12/12/2023 8:53:00 PM

question 134s answer shoule be "dlp"
JAPAN


Alex 11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.
Anonymous


Finn 5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
IRLAND


AJ 7/13/2023 8:33:00 AM

great to find this website, thanks
UNITED ARAB EMIRATES


Curtis Nakawaki 6/29/2023 9:11:00 PM

examination questions seem to be relevant.
UNITED STATES


Umashankar Sharma 10/22/2023 9:39:00 AM

planning to take psm test
Anonymous


ED SHAW 7/31/2023 10:34:00 AM

please allow to download
UNITED STATES


AD 7/22/2023 11:29:00 AM

please provide dumps
UNITED STATES


Ayyjayy 11/6/2023 7:29:00 AM

is the answer to question 15 correct ? i feel like the answer should be b
BAHRAIN


Blessious Phiri 8/12/2023 11:56:00 AM

its getting more technical
Anonymous


Jeanine J 7/11/2023 3:04:00 PM

i think these questions are what i need.
UNITED STATES


Aderonke 10/23/2023 2:13:00 PM

helpful assessment
UNITED KINGDOM


Tom 1/5/2024 2:32:00 AM

i am confused about the answers to the questions. do you know if the answers are correct?
KOREA REPUBLIC OF


Vinit N. 8/28/2023 2:33:00 AM

hi, please make the dumps available for my upcoming examination.
UNITED STATES


Sanyog Deshpande 9/14/2023 7:05:00 AM

good practice
UNITED STATES


Tyron 9/8/2023 12:12:00 AM

so far it is really informative
Anonymous