$0.00
Google Professional-Cloud-Security-Engineer Exam Dumps
Google Cloud Certified - Professional Cloud Security Engineer
Total Questions : 234
Update Date : July 15, 2024
PDF + Test Engine
$65 $95
Test Engine
$55 $85
PDF Only
$45 $75
Last Week Professional-Cloud-Security-Engineer Exam Results
250
Customers Passed Google Professional-Cloud-Security-Engineer Exam
95%
Average Score In Real Professional-Cloud-Security-Engineer Exam
99%
Questions came from our Professional-Cloud-Security-Engineer dumps.
Real Google Professional-Cloud-Security-Engineer Dumps With 100% Passing Guarantee
Congratulations on taking the first step towards achieving the prestigious Professional-Cloud-Security-Engineer certification! At Pass4SureHub, we are committed to helping you excel in your career by providing top-notch dumps for the Professional-Cloud-Security-Engineer exam. With our comprehensive and well-crafted resources, we offer you a 100% passing guarantee, ensuring your success in the certification journey.
Why Choose Pass4SureHub for Professional-Cloud-Security-Engineer Exam Preparation?
Expertly Curated Study Guides: Our study guides are meticulously crafted by experts who possess a deep understanding of the Professional-Cloud-Security-Engineer exam objectives. These Professional-Cloud-Security-Engineer dumps cover all the essential topics.
Google Professional-Cloud-Security-Engineer Online Test Engine
Practice makes perfect, and our online Professional-Cloud-Security-Engineer practice mode are designed to replicate the actual test environment. With timed sessions, you'll experience the pressure of the real exam and become more confident in managing your time during the test and you can assess your knowledge and identify areas for improvement.
Google Professional-Cloud-Security-Engineer Detailed Explanations for Answers
Understanding your mistakes is crucial for improvement. Our practice Professional-Cloud-Security-Engineer questions answers come with detailed explanations for each question, helping you comprehend the correct approach and learn from any errors.
Dedicated Support of Professional-Cloud-Security-Engineer Exam
Our support team is here to assist you every step of the way. If you have any queries or need guidance, regarding Professional-Cloud-Security-Engineer Exam Question Answers then feel free to reach out to us. We are dedicated to your success and are committed to providing prompt and helpful responses.
Join the Community of Successful Professionals of Google Professional-Cloud-Security-Engineer Exam
Pass4SureHub takes pride in the countless success stories of individuals who have achieved their Google Professional-Cloud-Security-Engineer certification with our real exam dumps. You can be a part of this community of accomplished professionals who have unlocked new career opportunities and gained recognition in the IT industry.
Your Success is Guaranteed
With Pass4SureHub's Professional-Cloud-Security-Engineer exam study material and 100% passing guarantee, you can approach the certification exam with confidence and assurance. We are confident that our comprehensive resources, combined with your dedication and hard work, will lead you to success.
Google Professional-Cloud-Security-Engineer Sample Question Answers
Google Professional-Cloud-Security-Engineer Sample Questions
Question # 1Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.What type of Load Balancing should you use?
A. Network Load Balancing
B. HTTP(S) Load Balancing
C. TCP Proxy Load Balancing
D. SSL Proxy Load Balancing
Question # 2
You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.What should you do?
A. Migrate the application into an isolated project using a “Lift & Shift” approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
B. Migrate the application into an isolated project using a “Lift & Shift” approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.
C. Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
D. Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project. Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what
traffic should be allowed for the application to work properly.
Question # 3
A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.Which two strategies should your team use to meet these requirements? (Choose two.)
A. Configure Private Google Access on the Compute Engine subnet
B. Avoid assigning public IP addresses to the Compute Engine cluster.
C. Make sure that the Compute Engine cluster is running on a separate subnet.
D. Turn off IP forwarding on the Compute Engine instances in the cluster.
E. Configure a Cloud NAT gateway.
Question # 4
You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls.Which document should you review to find the information?
A. Google Cloud Platform: Customer Responsibility Matrix
B. PCI DSS Requirements and Security Assessment Procedures
C. PCI SSC Cloud Computing Guidelines
D. Product documentation for Compute Engine
Question # 5
A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.What should you do to meet these requirements?
A. Create a Folder per department under the Organization. For each department’s Folder, assign the Project Viewer role to the Google Group related to that department.
B. Create a Folder per department under the Organization. For each department’s Folder, assign the Project Browser role to the Google Group related to that department.
C. Create a Project per department under the Organization. For each department’s Project, assign the Project Viewer role to the Google Group related to that department.
D. Create a Project per department under the Organization. For each department’s Project, assign the Project Browser role to the Google Group related to that department.
Question # 6
Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud.What should you do?
A. Use the Cloud Key Management Service to manage the data encryption key (DEK).
B. Use the Cloud Key Management Service to manage the key encryption key (KEK).
C. Use customer-supplied encryption keys to manage the data encryption key (DEK).
D. Use customer-supplied encryption keys to manage the key encryption key (KEK).
Question # 7
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized.Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)
A. App Engine
B. Cloud Functions
C. Compute Engine
D. Google Kubernetes Engine
E. Cloud Storage
Question # 8
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.What technique should the institution use?
A. Use Cloud Storage as a federated Data Source.
B. Use a Cloud Hardware Security Module (Cloud HSM).
C. Customer-managed encryption keys (CMEK).
D. Customer-supplied encryption keys (CSEK).
Question # 9
An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A wellestablished directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities.Which solution meets the organization's requirements?
A. Google Cloud Directory Sync (GCDS)
B. Cloud Identity
C. Security Assertion Markup Language (SAML)
D. Pub/Sub
Question # 10
Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.How should your team meet these requirements?
A. Enable Private Access on the VPC network in the production project.
B. Remove the Editor role and grant the Compute Admin IAM role to the engineers.
C. Set up an organization policy to only permit public IPs for the front-end Compute Engine instances.
D. Set up a VPC network with two subnets: one with public IPs and one without public IPs.
Question # 11
A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.What should you do?
A. Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
B. Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
C. Log every execution of the script to Stackdriver Logging. Create a User-defined metric in StackdriverLogging on the logs, and create a Stackdriver Dashboard displaying the metric.
D. Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.
Question # 12
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud IdentityAware Proxy.What should the customer do to meet these requirements?
A. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
B. Make sure that the ERP system can validate the identity headers in the HTTP requests.
C. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
D. Make sure that the ERP system can validate the user’s unique identifier headers in the HTTP requests.
Question # 13
A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack.Which solution should this customer use?
A. VPC Flow Logs
B. Cloud Armor
C. DNS Security Extensions
D. Cloud Identity-Aware Proxy
Question # 14
As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.Which cost reduction options should you recommend?
A. Set appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.
B. Set appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.
C. Use rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.
D. Use FindingLimits and TimespanContfig to sample data and minimize transformation units.
Question # 15
You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You only want to allow thee application frontend to access the data in the application's mysql instance on port 3306.What should you do?
A. Configure an ingress firewall rule that allows communication from the src IP range of subnet A to the tag "data-tag" that is applied to the mysql Compute Engine VM on port 3306.
B. Configure an ingress firewall rule that allows communication from the frontend's unique service account to the unique service account of the mysql Compute Engine VM on port 3306.
C. Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet B. Then configure an egress firewall rule that allows communication from Compute Engine VMs tagged with data-tag to destination Compute Engine VMs tagged fe-tag.
D. Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet B. Then configure an ingress firewall rule that allows communication from Compute Engine VMs tagged with fe-tag to destination Compute Engine VMs tagged with data-tag.
Reviews From Our Customers
Copyright © Pass4sureHub. All rights reserved.