Google Cloud Certified Professional-Cloud-Security-Engineer Book

Google Cloud Certified - Professional Cloud Security Engineer Questions and Answers

Question 57

Employees at your company use their personal computers to access your organization s Google Cloud console. You need to ensure that users can only access the Google Cloud console from their corporate-issued devices and verify that they have a valid enterprise certificate

What should you do?

Options:

Implement an Identity and Access Management (1AM) conditional policy to verify the device certificate

Implement a VPC firewall policy Activate packet inspection and create an allow rule to validate and verify the device certificate.

Implement an organization policy to verify the certificate from the access context.

Implement an Access Policy in BeyondCorp Enterprise to verify the device certificate Create an access binding with the access policy just created.

Question 58

You work for a healthcare provider that is expanding into the cloud to store and process sensitive patient data. You must ensure the chosen Google Cloud configuration meets these strict regulatory requirements:

Data must reside within specific geographic regions.

Certain administrative actions on patient data require explicit approval from designated compliance officers.

Access to patient data must be auditable.

What should you do?

Options:

Select multiple standard Google Cloud regions for high availability. Implement Access Control Lists (ACLs) on individual storage objects containing patient data. Enable Cloud Audit Logs.

Deploy an Assured Workloads environment in multiple regions for redundancy. Utilize custom IAM roles with granular permissions. Isolate network-level data by using VPC Service Controls.

Deploy an Assured Workloads environment in an approved region. Configure Access Approval for sensitive operations on patient data. Enable both Cloud Audit Logs and Access Transparency.

Select a standard Google Cloud region. Restrict access to patient data based on user location and job function by using Access Context Manager. Enable both Cloud Audit Logging and Access Transparency.

Question 59

An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its current data backup and disaster recovery solutions to GCP for later analysis. The organization’s production environment will remain on- premises for an indefinite time. The organization wants a scalable and cost-efficient solution.

Which GCP solution should the organization use?

Options:

BigQuery using a data pipeline job with continuous updates

Cloud Storage using a scheduled task and gsutil

Compute Engine Virtual Machines using Persistent Disk

Cloud Datastore using regularly scheduled batch upload jobs

Question 60

A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.

Which two strategies should your team use to meet these requirements? (Choose two.)

Options:

Configure Private Google Access on the Compute Engine subnet

Avoid assigning public IP addresses to the Compute Engine cluster.

Make sure that the Compute Engine cluster is running on a separate subnet.

Turn off IP forwarding on the Compute Engine instances in the cluster.

Configure a Cloud NAT gateway.

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Google Cloud Certified Professional-Cloud-Security-Engineer Book

Google Cloud Certified - Professional Cloud Security Engineer Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce