Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

Google Professional Cloud Security Engineer PROFESSIONAL CLOUD SECURITY ENGINEER Exam Questions in PDF

Free Google PROFESSIONAL CLOUD SECURITY ENGINEER Dumps Questions (page: 5)

PROFESSIONAL CLOUD SECURITY ENGINEER PDF — 361 Questions

In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized.

Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)

  1. App Engine
  2. Cloud Functions
  3. Compute Engine
  4. Google Kubernetes Engine
  5. Cloud Storage

Answer(s): C,D

Explanation:

App Engine ingress firewall rules are available, but egress rules are not currently available. Per requirements 1.2.1 and 1.3.4, you must ensure that all outbound traffic is authorized. SAQ A-EP and SAQ D­type merchants must provide compensating controls or use a different Google Cloud product. Compute Engine and GKE are the preferred alternatives. https://cloud.google.com/solutions/pci-dss- compliance-in-gcp



A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location.

Which solution will restrict access to the in-progress sites?

  1. Upload an .htaccess file containing the customer and employee user accounts to App Engine.
  2. Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.
  3. Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.
  4. Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company's GCP Virtual Private Cloud (VPC) network.

Answer(s): C

Explanation:

https://cloud.google.com/iap/docs/concepts-overview#when_to_use_iap



When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.

Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

  1. Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.
  2. Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.
  3. Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.
  4. Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

Answer(s): C

Explanation:

https://cloud.google.com/dlp/docs/concepts-image-redaction



A company's application is deployed with a user-managed Service Account key. You want to use Google- recommended practices to rotate the key.

What should you do?

  1. Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam- account=IAM_ACCOUNT.
  2. Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam- account=IAM_ACCOUNT --key=NEW_KEY.
  3. Create a new key, and use the new key in the application. Delete the old key from the Service Account.
  4. Create a new key, and use the new key in the application. Store the old key on the system as a backup key.

Answer(s): C

Explanation:

You can rotate a key by creating a new key, updating applications to use the new key, and deleting the old key. Use the serviceAccount.keys.create() method and serviceAccount.keys.delete() method together to automate the rotation.


Reference:

https://cloud.google.com/iam/docs/understanding-service-accounts



Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on- premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will need to be controlled by the network security team.

Which type of networking design should your team use to meet these requirements?

  1. Shared VPC Network with a host project and service projects
  2. Grant Compute Admin role to the networking team for each engineering project
  3. VPC peering between all engineering projects using a hub and spoke model
  4. Cloud VPN Gateway between all engineering projects using a hub and spoke model

Answer(s): A


Reference:

https://cloud.google.com/docs/enterprise/best-practices-for-enterprise- organizations#centralize_network_control

Use Shared VPC to connect to a common VPC network. Resources in those projects can communicate with each other securely and efficiently across project boundaries using internal IPs. You can manage shared network resources, such as subnets, routes, and firewalls, from a central host project, enabling you to apply and enforce consistent network policies across the projects.



Viewing page 5 of 48

Share your comments for Google PROFESSIONAL CLOUD SECURITY ENGINEER exam with other users:

O
oliverjames
10/24/2023 5:37:00 AM

my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!

GERMANY
B
Bhuddhiman
7/20/2023 11:52:00 AM

great course

UNITED STATES
A
Anuj
1/14/2024 4:07:00 PM

very good question

Anonymous
S
Saravana Kumar TS
12/8/2023 9:49:00 AM

question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.

INDIA
L
Lue
3/30/2023 11:43:00 PM

highly recommend just passed my exam.

CANADA
D
DC
1/7/2024 10:17:00 AM

great practice! thanks

UNITED STATES
A
Anonymus
11/9/2023 5:41:00 AM

anyone who wrote this exam recently?

SOUTH AFRICA
K
Khalid Javid
11/17/2023 3:46:00 PM

kindly share the dump

Anonymous
N
Na
8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.

Anonymous
S
shime
10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1

ETHIOPIA
V
Vnu
6/3/2023 2:39:00 AM

very helpful!

Anonymous
S
Steve
8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod

CANADA
R
RITEISH
12/24/2023 4:33:00 AM

thanks for the exact solution

Anonymous
S
SB
10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam

INDIA
M
Mike Derfalem
7/16/2023 7:59:00 PM

i need it right now if it was possible please

Anonymous
I
Isak
7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.

Anonymous
M
Maria
6/23/2023 11:40:00 AM

correct answer is d for student.java program

IRELAND
N
Nagendra Pedipina
7/12/2023 9:10:00 AM

q:37 c is correct

INDIA
J
John
9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???

GERMANY
S
SAM
12/4/2023 12:56:00 AM

explained answers

INDIA
A
Andy
12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks

SINGAPORE
S
siva
5/17/2023 12:32:00 AM

very helpfull

Anonymous
M
mouna
9/27/2023 8:53:00 AM

good questions

Anonymous
B
Bhavya
9/12/2023 7:18:00 AM

help to practice csa exam

Anonymous
M
Malik
9/28/2023 1:09:00 PM

nice tip and well documented

Anonymous
R
rodrigo
6/22/2023 7:55:00 AM

i need the exam

Anonymous
D
Dan
6/29/2023 1:53:00 PM

please upload

Anonymous
A
Ale M
11/22/2023 6:38:00 PM

prepping for fsc exam

AUSTRALIA
A
ahmad hassan
9/6/2023 3:26:00 AM

pd1 with great experience

Anonymous
Ž
Žarko
9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution

UNITED KINGDOM
S
Shiji
10/15/2023 1:08:00 PM

helpful to check your understanding.

INDIA
D
Da Costa
8/27/2023 11:43:00 AM

question 128 the answer should be static not auto

Anonymous
B
bot
7/26/2023 6:45:00 PM

more comments here

UNITED STATES
K
Kaleemullah
12/31/2023 1:35:00 AM

great support to appear for exams

Anonymous
AI Tutor 👋 I’m here to help!