Google Professional Cloud Security Engineer Exam

Page:    1 / 65   
Total 321 questions

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

  • A. Public IP
  • B. IP Forwarding
  • C. Private Google Access
  • D. Static routes
  • E. IAM Network User Role


Answer : AC

Which two implied firewall rules are defined on a VPC network? (Choose two.)

  • A. A rule that allows all outbound connections
  • B. A rule that denies all inbound connections
  • C. A rule that blocks all inbound port 25 connections
  • D. A rule that blocks all outbound connections
  • E. A rule that allows all inbound port 80 connections


Answer : AB

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

  • A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
  • B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
  • C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
  • D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.


Answer : B

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

  • A. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
  • B. Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
  • C. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
  • D. Use the Admin SDK to create groups and assign IAM permissions from Active Directory.


Answer : A

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

  • A. Ensure that the app does not run as PID 1.
  • B. Package a single app as a container.
  • C. Remove any unnecessary tools not needed by the app.
  • D. Use public container images as a base image for the app.
  • E. Use many container image layers to hide sensitive information.


Answer : BC

Page:    1 / 65   
Total 321 questions