20:00

PDF|

Guide for Google-Professional-Cloud-Security-Engineer

Quiz Google-Professional-Cloud-Security-Engineer

10/233 Questions|Updated on 2022/11/04
Free Test
/ 10

Quiz

1/10
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services. Which two settings must remain disabled to meet these requirements? (Choose two.)
Select the answer
2 correct answers
A.
Public IP
B.
IP Forwarding
C.
Private Google Access
D.
Static routes
E.
IAM Network User Role

Quiz

2/10
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Select the answer
2 correct answers
A.
A rule that allows all outbound connections
B.
A rule that denies all inbound connections
C.
A rule that blocks all inbound port 25 connections
D.
A rule that blocks all outbound connections
E.
A rule that allows all inbound port 80 connections

Quiz

3/10
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system. How should the customer achieve this using Google Cloud Platform?
Select the answer
1 correct answer
A.
Use Cloud Source Repositories, and store secrets in Cloud SQL.
B.
Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
C.
Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
D.
Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.

Quiz

4/10
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership. What should your team do to meet these requirements?
Select the answer
1 correct answer
A.
Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
B.
Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
C.
Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
D.
Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

Quiz

5/10
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
Select the answer
2 correct answers
A.
Ensure that the app does not run as PID 1.
B.
Package a single app as a container.
C.
Remove any unnecessary tools not needed by the app.
D.
Use public container images as a base image for the app.
E.
Use many container image layers to hide sensitive information.

Quiz

6/10
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP’s native SYN flood protection. Which product should be used to meet these requirements?
Select the answer
1 correct answer
A.
Cloud Armor
B.
VPC Firewall Rules
C.
Cloud Identity and Access Management
D.
Cloud CDN

Quiz

7/10
A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project. Which two approaches can you take to meet the requirements? (Choose two.)
Select the answer
2 correct answers
A.
Configure the project with Cloud VPN.
B.
Configure the project with Shared VPC.
C.
Configure the project with Cloud Interconnect.
D.
Configure the project with VPC peering.
E.
Configure all Compute Engine instances with Private Access.

Quiz

8/10
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity- Aware Proxy. What should the customer do to meet these requirements?
Select the answer
1 correct answer
A.
Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
B.
Make sure that the ERP system can validate the identity headers in the HTTP requests.
C.
Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
D.
Make sure that the ERP system can validate the user’s unique identifier headers in the HTTP requests.

Quiz

9/10
A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs. What should you do?
Select the answer
1 correct answer
A.
Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.
B.
Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.
C.
Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.
D.
Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Quiz

10/10
Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization. Which logging export strategy should you use to meet the requirements?
Select the answer
1 correct answer
A.
1. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project. 2. Subscribe SIEM to the topic.
B.
1. Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project. 2. Process Cloud Storage objects in SIEM.
C.
1. Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project. 2. Subscribe SIEM to the topic.
D.
1. Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project. 2. Process Cloud Storage objects in SIEM.
Looking for more questions?Buy now

Google-Professional-Cloud-Security-Engineer Practice test unlocks all online simulator questions

Thank you for choosing the free version of the Google-Professional-Cloud-Security-Engineer practice test! Further deepen your knowledge on Google Simulator; by unlocking the full version of our Google-Professional-Cloud-Security-Engineer Simulator you will be able to take tests with over 233 constantly updated questions and easily pass your exam. 98% of people pass the exam in the first attempt after preparing with our 233 questions.

BUY NOW

What to expect from our Google-Professional-Cloud-Security-Engineer practice tests and how to prepare for any exam?

The Google-Professional-Cloud-Security-Engineer Simulator Practice Tests are part of the Google Database and are the best way to prepare for any Google-Professional-Cloud-Security-Engineer exam. The Google-Professional-Cloud-Security-Engineer practice tests consist of 233 questions and are written by experts to help you and prepare you to pass the exam on the first attempt. The Google-Professional-Cloud-Security-Engineer database includes questions from previous and other exams, which means you will be able to practice simulating past and future questions. Preparation with Google-Professional-Cloud-Security-Engineer Simulator will also give you an idea of the time it will take to complete each section of the Google-Professional-Cloud-Security-Engineer practice test . It is important to note that the Google-Professional-Cloud-Security-Engineer Simulator does not replace the classic Google-Professional-Cloud-Security-Engineer study guides; however, the Simulator provides valuable insights into what to expect and how much work needs to be done to prepare for the Google-Professional-Cloud-Security-Engineer exam.

BUY NOW

Google-Professional-Cloud-Security-Engineer Practice test therefore represents an excellent tool to prepare for the actual exam together with our Google practice test . Our Google-Professional-Cloud-Security-Engineer Simulator will help you assess your level of preparation and understand your strengths and weaknesses. Below you can read all the quizzes you will find in our Google-Professional-Cloud-Security-Engineer Simulator and how our unique Google-Professional-Cloud-Security-Engineer Database made up of real questions:

Info quiz:

  • Quiz name:Google-Professional-Cloud-Security-Engineer
  • Total number of questions:233
  • Number of questions for the test:50
  • Pass score:80%

You can prepare for the Google-Professional-Cloud-Security-Engineer exams with our mobile app. It is very easy to use and even works offline in case of network failure, with all the functions you need to study and practice with our Google-Professional-Cloud-Security-Engineer Simulator.

Use our Mobile App, available for both Android and iOS devices, with our Google-Professional-Cloud-Security-Engineer Simulator . You can use it anywhere and always remember that our mobile app is free and available on all stores.

Our Mobile App contains all Google-Professional-Cloud-Security-Engineer practice tests which consist of 233 questions and also provide study material to pass the final Google-Professional-Cloud-Security-Engineer exam with guaranteed success. Our Google-Professional-Cloud-Security-Engineer database contain hundreds of questions and Google Tests related to Google-Professional-Cloud-Security-Engineer Exam. This way you can practice anywhere you want, even offline without the internet.

BUY NOW