Google Professional Cloud Security Engineer PROFESSIONAL CLOUD SECURITY ENGINEER Dumps in PDF

Free Google PROFESSIONAL CLOUD SECURITY ENGINEER Real Questions (page: 47)

Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.

What should you do?

  1. Store the data in a single Persistent Disk, and delete the disk at expiration time.
  2. Store the data in a single BigQuery table and set the appropriate table expiration time.
  3. Store the data in a Cloud Storage bucket, and configure the bucket's Object Lifecycle Management feature.
  4. Store the data in a single BigTable table and set an expiration time on the column families.

Answer(s): C

Explanation:

"To support common use cases like setting a Time to Live (TTL) for objects, retaining noncurrent versions of objects, or "downgrading" storage classes of objects to help manage costs, Cloud Storage offers the Object Lifecycle Management feature. This page describes the feature as well as the options available when using it. To learn how to enable Object Lifecycle Management, and for examples of lifecycle policies, see Managing Lifecycles." https://cloud.google.com/storage/docs/lifecycle



A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.

What should they do?

  1. Use Cloud Build to build the container images.
  2. Build small containers using small base images.
  3. Delete non-used versions from Container Registry.
  4. Use a Continuous Delivery tool to deploy the application.

Answer(s): B

Explanation:

Small containers usually have a smaller attack surface as compared to containers that use large base images. https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-how-and-why-to-

build-small-container-images



While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.

What should you do?

  1. Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
  2. Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
  3. Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.
  4. Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.

Answer(s): B

Explanation:

https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring- single-sign-on


Reference:

https://cloud.google.com/blog/products/identity-security/using-your-existing-identity- management- system-with-google-cloud-platform



Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.

What should you do?

  1. Enforce 2-factor authentication in GSuite for all users.
  2. Configure Cloud Identity-Aware Proxy for the App Engine Application.
  3. Provision user passwords using GSuite Password Sync.
  4. Configure Cloud VPN between your private network and GCP.

Answer(s): A

Explanation:

https://docs.google.com/document/d/11o3e14tyhnT7w45Q8- r9ZmTAfj2WUNUpJPZImrxm_F4/edit?usp=sharing https://support.google.com/a/answer/175197?hl=en



A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.

What technique should the institution use?

  1. Use Cloud Storage as a federated Data Source.
  2. Use a Cloud Hardware Security Module (Cloud HSM).
  3. Customer-managed encryption keys (CMEK).
  4. Customer-supplied encryption keys (CSEK).

Answer(s): C

Explanation:

If you want to manage the key encryption keys used for your data at rest, instead of having Google manage the keys, use Cloud Key Management Service to manage your keys. This scenario is known as customer-managed encryption keys (CMEK). https://cloud.google.com/bigquery/docs/encryption- at-rest


Reference:

https://cloud.google.com/bigquery/docs/encryption-at-rest



Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:

C
Chiranthaka
9/20/2023 11:22:00 AM

very useful!

N
Not Miguel
11/26/2023 9:43:00 PM

for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo

A
Andrus
12/17/2023 12:09:00 PM

q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.

R
Raj
5/25/2023 8:43:00 AM

nice questions

M
max
12/22/2023 3:45:00 PM

very useful

M
Muhammad Rawish Siddiqui
12/8/2023 6:12:00 PM

question # 208: failure logs is not an example of operational metadata.

S
Sachin Bedi
1/5/2024 4:47:00 AM

good questions

K
Kenneth
12/8/2023 7:34:00 AM

thank you for the test materials!

H
Harjinder Singh
8/9/2023 4:16:00 AM

its very helpful

S
SD
7/13/2023 12:56:00 AM

good questions

K
kanjoe
7/2/2023 11:40:00 AM

good questons

M
Mahmoud
7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam

W
Wei
8/3/2023 4:18:00 AM

upload the dump please

S
Stephen
10/3/2023 6:24:00 PM

yes, iam looking this

S
Stephen
8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps

H
hp
6/16/2023 12:44:00 AM

wonderful questions

P
Priyo
11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career

J
Jude
8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.

M
Marc blue
9/15/2023 4:11:00 AM

great job. hope this helps out.

A
Anne
9/13/2023 2:33:00 AM

upload please. many thanks!

P
pepe el toro
9/12/2023 7:55:00 PM

this is so interesting

A
Antony
11/28/2023 12:13:00 AM

great material thanks

T
Thembelani
5/30/2023 2:22:00 AM

anyone who wrote this exam recently

P
P
9/16/2023 1:27:00 AM

ok they re good

J
Jorn
7/13/2023 5:05:00 AM

relevant questions

A
AM
6/20/2023 7:54:00 PM

please post

N
Nagendra Pedipina
7/13/2023 2:22:00 AM

q:42 there has to be a image in the question to choose what does it mean from the options

B
BrainDumpee
11/18/2023 1:36:00 PM

looking for cphq dumps, where can i find these for free? please and thank you.

S
sheik
10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email

R
Random user
12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps

L
labuschanka
11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000

M
Marianne
10/22/2023 11:57:00 PM

i cannot see the button to go to the questions

S
sushant
6/28/2023 4:52:00 AM

good questions

A
A\MAM
6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes

AI Tutor 👋 I’m here to help!