Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Google
  3. Professional Cloud Security Engineer

Google Professional Cloud Security Engineer Exam (page: 5)
Google Professional Cloud Security Engineer
Updated on: 10-Oct-2025

Viewing Page 5 of 48
Professional Cloud Security Engineer PDF 346 Questions

In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized.

Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)

  1. App Engine
  2. Cloud Functions
  3. Compute Engine
  4. Google Kubernetes Engine
  5. Cloud Storage

Answer(s): C,D

Explanation:

App Engine ingress firewall rules are available, but egress rules are not currently available. Per requirements 1.2.1 and 1.3.4, you must ensure that all outbound traffic is authorized. SAQ A-EP and SAQ D­type merchants must provide compensating controls or use a different Google Cloud product. Compute Engine and GKE are the preferred alternatives. https://cloud.google.com/solutions/pci-dss- compliance-in-gcp



A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location.

Which solution will restrict access to the in-progress sites?

  1. Upload an .htaccess file containing the customer and employee user accounts to App Engine.
  2. Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.
  3. Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.
  4. Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company's GCP Virtual Private Cloud (VPC) network.

Answer(s): C

Explanation:

https://cloud.google.com/iap/docs/concepts-overview#when_to_use_iap



When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.

Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

  1. Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.
  2. Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.
  3. Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.
  4. Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

Answer(s): C

Explanation:

https://cloud.google.com/dlp/docs/concepts-image-redaction



A company's application is deployed with a user-managed Service Account key. You want to use Google- recommended practices to rotate the key.

What should you do?

  1. Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam- account=IAM_ACCOUNT.
  2. Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam- account=IAM_ACCOUNT --key=NEW_KEY.
  3. Create a new key, and use the new key in the application. Delete the old key from the Service Account.
  4. Create a new key, and use the new key in the application. Store the old key on the system as a backup key.

Answer(s): C

Explanation:

You can rotate a key by creating a new key, updating applications to use the new key, and deleting the old key. Use the serviceAccount.keys.create() method and serviceAccount.keys.delete() method together to automate the rotation.


Reference:

https://cloud.google.com/iam/docs/understanding-service-accounts



Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on- premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will need to be controlled by the network security team.

Which type of networking design should your team use to meet these requirements?

  1. Shared VPC Network with a host project and service projects
  2. Grant Compute Admin role to the networking team for each engineering project
  3. VPC peering between all engineering projects using a hub and spoke model
  4. Cloud VPN Gateway between all engineering projects using a hub and spoke model

Answer(s): A


Reference:

https://cloud.google.com/docs/enterprise/best-practices-for-enterprise- organizations#centralize_network_control

Use Shared VPC to connect to a common VPC network. Resources in those projects can communicate with each other securely and efficiently across project boundaries using internal IPs. You can manage shared network resources, such as subnets, routes, and firewalls, from a central host project, enabling you to apply and enforce consistent network policies across the projects.



Viewing Page 5 of 48



Share your comments for Google Professional Cloud Security Engineer exam with other users:

Muru 12/29/2023 10:23:00 AM

looks interesting
Anonymous


Tech Lady 10/17/2023 12:36:00 PM

thanks! that’s amazing
Anonymous


Mike 8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
UNITED STATES


Nobody 9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
Anonymous


Muhammad Rawish Siddiqui 12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.
SAUDI ARABIA


Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Mort 10/19/2023 7:09:00 PM

question: 162 should be dlp (b)
EUROPEAN UNION


Eknath 10/4/2023 1:21:00 AM

good exam questions
INDIA


Nizam 6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.
EUROPEAN UNION


poran 11/20/2023 4:43:00 AM

good analytics question
Anonymous


Antony 11/23/2023 11:36:00 AM

this looks accurate
INDIA


Ethan 8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).
Anonymous


nSiva 9/22/2023 5:58:00 AM

its useful.
UNITED STATES


Ranveer 7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
SOUTH AFRICA


Sanjay 8/15/2023 10:22:00 AM

informative for me.
UNITED STATES


Tom 12/12/2023 8:53:00 PM

question 134s answer shoule be "dlp"
JAPAN


Alex 11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.
Anonymous


Finn 5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
IRLAND


AJ 7/13/2023 8:33:00 AM

great to find this website, thanks
UNITED ARAB EMIRATES


Curtis Nakawaki 6/29/2023 9:11:00 PM

examination questions seem to be relevant.
UNITED STATES


Umashankar Sharma 10/22/2023 9:39:00 AM

planning to take psm test
Anonymous


ED SHAW 7/31/2023 10:34:00 AM

please allow to download
UNITED STATES


AD 7/22/2023 11:29:00 AM

please provide dumps
UNITED STATES


Ayyjayy 11/6/2023 7:29:00 AM

is the answer to question 15 correct ? i feel like the answer should be b
BAHRAIN


Blessious Phiri 8/12/2023 11:56:00 AM

its getting more technical
Anonymous


Jeanine J 7/11/2023 3:04:00 PM

i think these questions are what i need.
UNITED STATES


Aderonke 10/23/2023 2:13:00 PM

helpful assessment
UNITED KINGDOM


Tom 1/5/2024 2:32:00 AM

i am confused about the answers to the questions. do you know if the answers are correct?
KOREA REPUBLIC OF


Vinit N. 8/28/2023 2:33:00 AM

hi, please make the dumps available for my upcoming examination.
UNITED STATES


Sanyog Deshpande 9/14/2023 7:05:00 AM

good practice
UNITED STATES


Tyron 9/8/2023 12:12:00 AM

so far it is really informative
Anonymous


beast 7/30/2023 2:22:00 PM

hi i want it please please upload it
Anonymous


Mirex 5/26/2023 3:45:00 AM

am preparing for exam ,just nice questions
Anonymous


exampei 8/7/2023 8:05:00 AM

please upload c_tadm_23 exam
TURKEY