Google Professional Cloud Security Practice Exam PR000115
gcp-examquestions2020-08-25T10:41:47+07:00Notes: Hi all, Google Professional Cloud Security Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take Google Professional Cloud Security Guarantee Part because it includes real questions and highlighted answers are collected in our exam. It will help you pass the exam in an easier way.
For PDF Version: https://gcp-examquestions.com/gcp-pro-security-engineer-practice/
Quiz-summary
0 of 20 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Information
GCP-CLOUD-SECURITY-PART1
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 20 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Answered
- Review
- Question 1 of 20
1. Question
Developers in an organization are prototyping a few applications on Google Cloud Platform (GCP) and are starting to store sensitive information on GCP. The developers are using their personal/consumer Gmail accounts to set up and manage their projects within GCP. A security engineer identifies this practice as a concern to the organization management because of the lack of centralized project management and access to the data being stored in these accounts. Which solution should be used to resolve this concern?
CorrectIncorrect - Question 2 of 20
2. Question
A customer wants to use Cloud Identity as their primary IdP. The customer wants to use other non-GCP SaaS products for CRM, messaging, and customer ticketing management. The customer also wants to improve employee experience with Single Sign-On (SSO) capabilities to securely access GCP and non-GCP applications. Only authorized individuals should be able to access these third-party applications. What action should the customer take to meet these requirements?
CorrectIncorrectHint
Hint Answers: B
https://cloud.google.com/identity/solutions/enable-sso - Question 3 of 20
3. Question
A Cloud Development team needs to use service accounts extensively in their local development. You need to provide the team with the keys for these service accounts. You want to follow Google-recommended practices. What should you do?
CorrectIncorrect - Question 4 of 20
4. Question
A customer needs to rely on their existing user directory with the requirements of native authentication against it when developing for Google Cloud Platform (GCP). They want to leverage their existing tooling and functionality to gather insight on user activity from a familiar interface. Which action should you take to meet the customer’s requirements?
CorrectIncorrect - Question 5 of 20
5. Question
A customer wants to grant access to their application running on Compute Engine to write only to a specific Cloud Storage bucket. How should you grant access?
CorrectIncorrect - Question 6 of 20
6. Question
Your team creates an ingress firewall rule to allow SSH access from their corporate IP range to a specific bastion host on Compute Engine. Your team wants to make sure that this firewall rule cannot be used by unauthorized engineers who may otherwise have access to manage VMs in the development environment. What should your team do to meet this requirement?
CorrectIncorrectHint
Hint Answers: B
https://cloud.google.com/vpc/docs/firewalls#service-accounts-vs-tags - Question 7 of 20
7. Question
You want to protect the default VPC network from all inbound and outbound internet traffic. What action should you take?
CorrectIncorrect - Question 8 of 20
8. Question
An organization recently began using App Engine to build and host its new web application for its customers. The organization wants to use its existing IAM setup to allow its developer employees to have elevated access to the application remotely. This would allow them to push updates and fixes to the application via an HTTPS connection. Non-developer employees should only get access to the production version without development permissions. Which Google Cloud Platform solution should be used to meet these requirements?
CorrectIncorrect - Question 9 of 20
9. Question
You have defined subnets in a VPC within Google Cloud Platform. You need multiple projects to create Compute Engine instances with IP addresses from these subnets. What should you do?
CorrectIncorrect - Question 10 of 20
10. Question
An application log’s data, including customer identifiers such as email addresses, needs to be redacted. However, these logs also include the email addresses of internal developers from company.com, and these should NOT be redacted. Which solution should you use to meet these requirements?
CorrectIncorrect - Question 11 of 20
11. Question
Which encryption algorithm is used with Default Encryption in Cloud Storage?
CorrectIncorrectHint
Hint Answers: A
https://cloud.google.com/storage/docs/encryption/default-keys - Question 12 of 20
12. Question
Your company is storing files on Cloud Storage. To comply with local regulations, you want to ensure that uploaded files cannot be deleted within the first 5 years. It should not be possible to lower the retention period after it has been set. What should you do?
CorrectIncorrectHint
Hint Answers: A
https://cloud.google.com/storage/docs/bucket-lock - Question 13 of 20
13. Question
A security team at an e-commerce company wants to define an automatic incident response process for fraudulent credit card usage attempts. The team targets a 10-minute or faster response time for such incidents. The fraudulent card list is updated every 60 seconds. The e-commerce servers log the transaction details in near-real time. Which option should you recommend to the security team?
CorrectIncorrectHint
Hint Answers: D
https://cloud.google.com/logging/docs/export/configure_export_v2 - Question 14 of 20
14. Question
Your company is deploying their applications on Google Kubernetes Engine. You want to follow Google-recommended practices. What should you do to ensure that the container images used for new deployments contain the latest security patches?
CorrectIncorrectHint
Hint Answers: A
https://cloud.google.com/container-registry/docs/managed-base-images - Question 15 of 20
15. Question
Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all resources in the organization. You use Resource Manager to set yourself up as the org admin. What Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team?
CorrectIncorrect - Question 16 of 20
16. Question
Your company wants to collect and analyze CVE information for packages in container images, and wants to prevent images with known security issues from running in your Google Kubernetes Engine environment. Which two security features does Google recommend including in a container build pipeline?
CorrectIncorrect - Question 17 of 20
17. Question
You need to perform a vulnerability scan for an App Engine app using Cloud Security Scanner. Upon completion of the scan, the report is not producing the expected number of webpage results. The pages in the app with mouseover menus are missing from the report. Which action should you take to make sure the scan completes and captures the menu?
CorrectIncorrectHint
Hint Answers: C
https://cloud.google.com/security-scanner/docs/scanning - Question 18 of 20
18. Question
An organization is working on their GDPR compliance strategy. It wants to ensure that controls are in place to ensure that customer PII is stored in Cloud Storage buckets without third-party exposure. Which Google Cloud solution should the organization use to verify that PII is stored in the correct place without exposing PII internally?
CorrectIncorrect - Question 19 of 20
19. Question
A cloud customer has an on-premises key management system and wants to generate, protect, rotate, and audit encryption keys with it. How can the customer use Cloud Storage with their own encryption keys?
CorrectIncorrect - Question 20 of 20
20. Question
You are responsible for implementing a payment processing environment that will use Kubernetes and need to apply proper security controls. What should you do?
CorrectIncorrectHint
Hint Answers: D
Leave a Reply