Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

Google Professional Cloud Security Engineer PROFESSIONAL CLOUD SECURITY ENGINEER Exam Questions in PDF

Free Google PROFESSIONAL CLOUD SECURITY ENGINEER Dumps Questions (page: 3)

PROFESSIONAL CLOUD SECURITY ENGINEER PDF — 361 Questions

A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack.

Which solution should this customer use?

  1. VPC Flow Logs
  2. Cloud Armor
  3. DNS Security Extensions
  4. Cloud Identity-Aware Proxy

Answer(s): C


Reference:

https://cloud.google.com/blog/products/gcp/dnssec-now-available-in-cloud-dns

DNSSEC -- use a DNS registrar that supports DNSSEC, and enable it. DNSSEC digitally signs DNS communication, making it more difficult (but not impossible) for hackers to intercept and spoof. Domain Name System Security Extensions (DNSSEC) adds security to the Domain Name System (DNS) protocol by enabling DNS responses to be validated. Having a trustworthy Domain Name System (DNS) that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today's web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in- the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites. https://cloud.google.com/blog/products/gcp/dnssec-now-available- in-cloud-dns



A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities.

Which service should be used to accomplish this?

  1. Cloud Armor
  2. Google Cloud Audit Logs
  3. Cloud Security Scanner
  4. Forseti Security

Answer(s): C


Reference:

https://cloud.google.com/security-scanner/

Web Security Scanner supports categories in the OWASP Top Ten, a document that ranks and provides remediation guidance for the top 10 most critical web application security risks, as determined by the Open Web Application Security Project (OWASP). https://cloud.google.com/security-command-center/docs/concepts-web-security-scanner- overview#detectors_and_compliance



A customer's data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite.

How should you best advise the Systems Engineer to proceed with the least disruption?

  1. Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain.
  2. Register a new domain name, and use that for the new Cloud Identity domain.
  3. Ask Google to provision the data science manager's account as a Super Administrator in the existing domain.
  4. Ask customer's management to discover any other uses of Google managed services, and work with the existing Super Administrator.

Answer(s): D

Explanation:

https://support.google.com/cloudidentity/answer/7389973



A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.

Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.

Which type of access should your team grant to meet this requirement?

  1. Organization Administrator
  2. Security Reviewer
  3. Organization Role Administrator
  4. Organization Policy Administrator

Answer(s): C

Explanation:

Here are the permissions available to organizationRoleAdmin iam.roles.create iam.roles.delete iam.roles.undelete iam.roles.get iam.roles.list iam.roles.update resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list resourcemanager.organizations.get resourcemanager.organizations.getIamPolicy

There are sufficient as per least privilege policy. You can do user management as well as auditing. https://cloud.google.com/iam/docs/understanding-custom-roles



An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege.

Which option meets the requirement of your team?

  1. Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance's IP address and allows the application to read from the bucket without credentials.
  2. Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance.
  3. Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata.
  4. Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key.

Answer(s): C

Explanation:

If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set, ADC uses the service account key or configuration file that the variable points to. If the environment variable GOOGLE_APPLICATION_CREDENTIALS isn't set, ADC uses the service account that is attached to the resource that is running your code.

https://cloud.google.com/docs/authentication/production#passing_the_path_to_the_service_accou nt_key_in_code



Viewing page 3 of 48

Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:

A
ash
7/11/2023 3:00:00 AM

please upload dump, i have exam in 2 days

INDIA
S
Sneha
8/17/2023 6:29:00 PM

this is useful

CANADA
S
sachin
12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected

Anonymous
T
tomAws
7/18/2023 5:05:00 AM

nice questions

BRAZIL
R
Rahul
6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?

INDIA
T
TeamOraTech
12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.

Anonymous
C
Curtis
7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.

UNITED STATES
S
sam
7/17/2023 6:22:00 PM

cannot evaluate yet

Anonymous
N
nutz
7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid

UNITED STATES
R
rajesh soni
1/17/2024 6:53:00 AM

good examplae to learn basic

INDIA
T
Tanya
10/25/2023 7:07:00 AM

this is useful information

Anonymous
N
Nasir Mahmood
12/11/2023 7:32:00 AM

looks usefull

Anonymous
J
Jason
9/30/2023 1:07:00 PM

question 81 should be c.

CANADA
T
TestPD1
8/10/2023 12:22:00 PM

question 18 : response isnt a ?

EUROPEAN UNION
A
ally
8/19/2023 5:31:00 PM

plaese add questions

TURKEY
D
DIA
10/7/2023 5:59:00 AM

is dumps still valid ?

FRANCE
A
Annie
7/7/2023 8:33:00 AM

thanks for this

EUROPEAN UNION
A
arnie
9/17/2023 6:38:00 AM

please upload questions

Anonymous
T
Tanuj Rana
7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning

Anonymous
F
Future practitioner
8/10/2023 1:26:00 PM

question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!

Anonymous
A
Ace
8/3/2023 10:37:00 AM

number 52 answer is d

UNITED STATES
N
Nathan
12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help

Anonymous
C
Corey
12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.

Anonymous
R
Rajender
10/18/2023 3:54:00 AM

i would like to take psm1 exam.

Anonymous
B
Blessious Phiri
8/14/2023 9:53:00 AM

cbd and pdb are key to the database

SOUTH AFRICA
A
Alkaed
10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.

NETHERLANDS
D
Dave Gregen
9/4/2023 3:17:00 PM

please upload p_sapea_2023

SWEDEN
S
Sarah
6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried

CANADA
S
Shuv
10/3/2023 8:19:00 AM

good questions

UNITED STATES
R
Reb974
8/5/2023 1:44:00 AM

hello are these questions valid for ms-102

CANADA
M
Mchal
7/20/2023 3:38:00 AM

some questions are wrongly answered but its good nonetheless

POLAND
S
Sonbir
8/8/2023 1:04:00 PM

how to get system serial number using intune

Anonymous
M
Manju
10/19/2023 1:19:00 PM

is it really helpful to pass the exam

Anonymous
L
LeAnne Hair
8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review

UNITED STATES
AI Tutor 👋 I’m here to help!