Google Professional Cloud Security Engineer PROFESSIONAL CLOUD SECURITY ENGINEER Dumps in PDF

Free Google PROFESSIONAL CLOUD SECURITY ENGINEER Real Questions (page: 27)

Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.

What should you do?

  1. Store the data in a single Persistent Disk, and delete the disk at expiration time.
  2. Store the data in a single BigQuery table and set the appropriate table expiration time.
  3. Store the data in a Cloud Storage bucket, and configure the bucket's Object Lifecycle Management feature.
  4. Store the data in a single BigTable table and set an expiration time on the column families.

Answer(s): C

Explanation:

"To support common use cases like setting a Time to Live (TTL) for objects, retaining noncurrent versions of objects, or "downgrading" storage classes of objects to help manage costs, Cloud Storage offers the Object Lifecycle Management feature. This page describes the feature as well as the options available when using it. To learn how to enable Object Lifecycle Management, and for examples of lifecycle policies, see Managing Lifecycles." https://cloud.google.com/storage/docs/lifecycle



A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.

What should they do?

  1. Use Cloud Build to build the container images.
  2. Build small containers using small base images.
  3. Delete non-used versions from Container Registry.
  4. Use a Continuous Delivery tool to deploy the application.

Answer(s): B

Explanation:

Small containers usually have a smaller attack surface as compared to containers that use large base images. https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-how-and-why-to-

build-small-container-images



While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.

What should you do?

  1. Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
  2. Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
  3. Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.
  4. Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.

Answer(s): B

Explanation:

https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring- single-sign-on


Reference:

https://cloud.google.com/blog/products/identity-security/using-your-existing-identity- management- system-with-google-cloud-platform



Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.

What should you do?

  1. Enforce 2-factor authentication in GSuite for all users.
  2. Configure Cloud Identity-Aware Proxy for the App Engine Application.
  3. Provision user passwords using GSuite Password Sync.
  4. Configure Cloud VPN between your private network and GCP.

Answer(s): A

Explanation:

https://docs.google.com/document/d/11o3e14tyhnT7w45Q8- r9ZmTAfj2WUNUpJPZImrxm_F4/edit?usp=sharing https://support.google.com/a/answer/175197?hl=en



A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.

What technique should the institution use?

  1. Use Cloud Storage as a federated Data Source.
  2. Use a Cloud Hardware Security Module (Cloud HSM).
  3. Customer-managed encryption keys (CMEK).
  4. Customer-supplied encryption keys (CSEK).

Answer(s): C

Explanation:

If you want to manage the key encryption keys used for your data at rest, instead of having Google manage the keys, use Cloud Key Management Service to manage your keys. This scenario is known as customer-managed encryption keys (CMEK). https://cloud.google.com/bigquery/docs/encryption- at-rest


Reference:

https://cloud.google.com/bigquery/docs/encryption-at-rest



Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:

Y
yenvti2@gmail.com
8/12/2023 7:56:00 PM

very helpful for exam preparation

M
Miguel
10/5/2023 12:16:00 PM

question 11: https://help.salesforce.com/s/articleview?id=sf.admin_lead_to_patient_setup_overview.htm&type=5

N
Noushin
11/28/2023 4:52:00 PM

i think the answer to question 42 is b not c

S
susan sandivore
8/28/2023 1:00:00 AM

thanks for the dump

A
Aderonke
10/31/2023 12:51:00 AM

fantastic assessments

P
Priscila
7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.

S
suresh
12/16/2023 10:54:00 PM

nice document

W
Wali
6/4/2023 10:07:00 PM

thank you for making the questions and answers intractive and selectable.

N
Nawaz
7/18/2023 1:10:00 AM

answers are correct?

D
das
6/23/2023 7:57:00 AM

can i belive this dump

S
Sanjay
10/15/2023 1:34:00 PM

great site to practice for sitecore exam

J
jaya
12/17/2023 8:36:00 AM

good for students

B
Bsmaind
8/20/2023 9:23:00 AM

nice practice dumps

K
kumar
11/15/2023 11:24:00 AM

nokia 4a0-114 dumps

V
Vetri
10/3/2023 12:59:00 AM

great content and wonderful to have the answers with explanation

R
Ranjith
8/21/2023 3:39:00 PM

for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.

E
Eduardo Ramírez
12/11/2023 9:55:00 PM

the correct answer for the question 29 is d.

D
Dass
11/2/2023 7:43:00 AM

question no 22: correct answers: bc, 1 per session 1 per page 1 per component always

R
Reddy
12/14/2023 2:42:00 AM

these are pretty useful

D
Daisy Delgado
1/9/2023 1:05:00 PM

awesome

A
Atif
6/13/2023 4:09:00 AM

yes please upload

X
Xunil
6/12/2023 3:04:00 PM

great job whoever put this together, for the greater good! thanks!

L
Lakshmi
10/2/2023 5:26:00 AM

just started to view all questions for the exam

R
rani
1/19/2024 11:52:00 AM

helpful material

G
Greg
11/16/2023 6:59:00 AM

hope for the best

H
hi
10/5/2023 4:00:00 AM

will post exam has finished

V
Vmotu
8/24/2023 11:14:00 AM

really correct and good analyze!

H
hicham
5/30/2023 8:57:00 AM

excellent thanks a lot

S
Suman C
7/7/2023 8:13:00 AM

will post once pass the cka exam

R
Ram
11/3/2023 5:10:00 AM

good content

N
Nagendra Pedipina
7/13/2023 2:12:00 AM

q:32 answer has to be option c

T
Tamer Barakat
12/7/2023 5:17:00 PM

nice questions

D
Daryl
8/1/2022 11:33:00 PM

i really like the support team in this website. they are fast in communication and very helpful.

C
Curtis Nakawaki
6/29/2023 9:13:00 PM

a good contemporary exam review

AI Tutor 👋 I’m here to help!