Curious about Actual Google Professional Cloud Security Engineer Exam Questions?

Here are sample Google Professional Cloud Security Engineer (Professional-Cloud-Security-Engineer) Exam questions from real exam. You can get more Google Cloud Certified (Professional-Cloud-Security-Engineer) Exam premium practice questions at TestInsights.

Page: 1 /
Total 233 questions

Want more questions? Get Premium Access.

Question 1

Your organization s record data exists in Cloud Storage. You must retain all record data for at least seven years This policy must be permanent.

What should you do?

A* 1 Identify buckets with record data
* 2 Apply a retention policy and set it to retain for seven years
* 3 Monitor the bucket by using log-based alerts to ensure that no modifications to the retention policy occurs

B* 1 Identify buckets with record data
* 2 Apply a retention policy and set it to retain for seven years
* 3 Remove any Identity and Access Management (IAM) roles that contain the storage buckets update permission

C* 1 Identify buckets with record data
* 2 Enable the bucket policy only to ensure that data is retained
* 3 Enable bucket lock

D* 1 Identify buckets with record data
* 2 Apply a retention policy and set it to retain for seven years
* 3 Enable bucket lock

Correct : D

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

C* 1 Identify buckets with record data
* 2 Enable the bucket policy only to ensure that data is retained
* 3 Enable bucket lock

D* 1 Identify buckets with record data
* 2 Apply a retention policy and set it to retain for seven years
* 3 Enable bucket lock

0 / 1500

Question 2

Your organization wants to protect all workloads that run on Compute Engine VM to ensure that the instances weren't compromised by boot-level or kernel-level malware. Also, you need to ensure that data in use on the VM cannot be read by the underlying host system by using a hardware-based solution.

What should you do?

A* 1 Use Google Shielded VM including secure boot Virtual Trusted Platform Module (vTPM) and integrity monitoring
* 2 Create a Cloud Run function to check for the VM settings generate metrics and run the function regularly

B* 1 Activate Virtual Machine Threat Detection in Security Command Center (SCO Premium
* 2 Monitor the findings in SCC

C* 1 Use Google Shielded VM including secure boot Virtual Trusted Platform Module (vTPM) and integrity monitoring
* 2 Activate Confidential Computing
* 3 Enforce these actions by using organization policies

D* 1 Use secure hardened images from the Google Cloud Marketplace
* 2 When deploying the images activate the Confidential Computing option
* 3 Enforce the use of the correct images and Confidential Computing by using organization policies

Correct : C

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

B* 1 Activate Virtual Machine Threat Detection in Security Command Center (SCO Premium
* 2 Monitor the findings in SCC

0 / 1500

Question 3

Your company uses Google Cloud and has publicly exposed network assets. You want to discover the assets and perform a security audit on these assets by using a software tool in the least amount of time.

What should you do?

ARun a platform security scanner on all instances in the organization.

BNotify Google about the pending audit and wait for confirmation before performing the scan.

CContact a Google approved security vendor to perform the audit.

DIdentify all external assets by using Cloud Asset Inventory and then run a network security scanner against them.

Correct : D

Cloud Asset Inventory: Using Cloud Asset Inventory allows you to quickly identify all the external assets and resources in your Google Cloud environment. This includes information about your projects, instances, storage buckets, and more. This step is crucial for understanding the scope of your audit. Network Security Scanner: Once you have identified the external assets, you can run a network security scanner to assess the security of these assets. Network security scanners can help identify vulnerabilities and potential security risks quickly.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ARun a platform security scanner on all instances in the organization.

BNotify Google about the pending audit and wait for confirmation before performing the scan.

CContact a Google approved security vendor to perform the audit.

DIdentify all external assets by using Cloud Asset Inventory and then run a network security scanner against them.

0 / 1500

Question 4

Your organization is using Active Directory and wants to configure Security Assertion Markup Language (SAML). You must set up and enforce single sign-on (SSO) for all users.

What should you do?

A1. Manage SAML profile assignments.
* 2. Enable OpenID Connect (OIDC) in your Active Directory (AD) tenant.
* 3. Verify the domain.

B1. Create a new SAML profile.
* 2. Upload the X.509 certificate.
* 3. Enable the change password URL.
* 4. Configure Entity ID and ACS URL in your IdP.

C1- Create a new SAML profile.
* 2. Populate the sign-in and sign-out page URLs.
* 3. Upload the X.509 certificate.
* 4. Configure Entity ID and ACS URL in your IdP

D1. Configure prerequisites for OpenID Connect (OIDC) in your Active Directory (AD) tenant
* 2. Verify the AD domain.
* 3. Decide which users should use SAML.
* 4. Assign the pre-configured profile to the select organizational units (OUs) and groups.

Correct : C

When configuring SAML-based Single Sign-On (SSO) in an organization that's using Active Directory, the general steps would involve setting up a SAML profile, specifying the necessary URLs for sign-in and sign-out processes, uploading an X.509 certificate for secure communication, and setting up the Entity ID and Assertion Consumer Service (ACS) URL in the Identity Provider (which in this case would be Active Directory).

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

A1. Manage SAML profile assignments.
* 2. Enable OpenID Connect (OIDC) in your Active Directory (AD) tenant.
* 3. Verify the domain.

B1. Create a new SAML profile.
* 2. Upload the X.509 certificate.
* 3. Enable the change password URL.
* 4. Configure Entity ID and ACS URL in your IdP.

C1- Create a new SAML profile.
* 2. Populate the sign-in and sign-out page URLs.
* 3. Upload the X.509 certificate.
* 4. Configure Entity ID and ACS URL in your IdP

0 / 1500

Question 5

Your company's users access data in a BigQuery table. You want to ensure they can only access the data during working hours.

What should you do?

AAssign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours.

BConfigure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours.

CAssign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours

DRun a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AAssign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours.

BConfigure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours.

CAssign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours

DRun a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

0 / 1500

Page: 1 / 47
Total 233 questions

Unlock Full
Professional-Cloud-Security-Engineer Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
Professional-Cloud-Security-Engineer Exam

Professional-Cloud-Security-Engineer Exam Question 1
Professional-Cloud-Security-Engineer Exam Question 2
Professional-Cloud-Security-Engineer Exam Question 3
Professional-Cloud-Security-Engineer Exam Question 4
Professional-Cloud-Security-Engineer Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login