Google Google Cloud Certified Professional-Cloud-Security-Engineer New Questions

Google Cloud Certified - Professional Cloud Security Engineer Questions and Answers

Question 61

You are the security admin of your company. Your development team creates multiple GCP projects under the "implementation" folder for several dev, staging, and production workloads. You want to prevent data exfiltration by malicious insiders or compromised code by setting up a security perimeter. However, you do not want to restrict communication between the projects.

What should you do?

Options:

Use a Shared VPC to enable communication between all projects, and use firewall rules to prevent data exfiltration.

Create access levels in Access Context Manager to prevent data exfiltration, and use a shared VPC for communication between projects.

Use an infrastructure-as-code software tool to set up a single service perimeter and to deploy a Cloud Function that monitors the "implementation" folder via Stackdriver and Cloud Pub/Sub. When the function notices that a new project is added to the folder, it executes Terraform to add the new project to the associated perimeter.

Use an infrastructure-as-code software tool to set up three different service perimeters for dev, staging, and prod and to deploy a Cloud Function that monitors the "implementation" folder via Stackdriver and Cloud Pub/Sub. When the function notices that a new project is added to the folder, it executes Terraform to add the new project to the respective perimeter.

Question 62

A customer has an analytics workload running on Compute Engine that should have limited internet access.

Your team created an egress firewall rule to deny (priority 1000) all traffic to the internet.

The Compute Engine instances now need to reach out to the public repository to get security updates. What should your team do?

Options:

Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority greater than 1000.

Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority less than 1000.

Create an egress firewall rule to allow traffic to the hostname of the repository with a priority greater than 1000.

Create an egress firewall rule to allow traffic to the hostname of the repository with a priority less than 1000.

Question 63

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.

What should you do?

Options:

Query Data Access logs.

Query Admin Activity logs.

Query Access Transparency logs.

Query Stackdriver Monitoring Workspace.

Question 64

You are a consultant for an organization that is considering migrating their data from its private cloud to Google Cloud. The organization’s compliance team is not familiar with Google Cloud and needs guidance on how compliance requirements will be met on Google Cloud. One specific compliance requirement is for customer data at rest to reside within specific geographic boundaries. Which option should you recommend for the organization to meet their data residency requirements on Google Cloud?

Options:

Organization Policy Service constraints

Shielded VM instances

Access control lists

Geolocation access controls

Google Cloud Armor

New Year Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Google Google Cloud Certified Professional-Cloud-Security-Engineer New Questions

Google Cloud Certified - Professional Cloud Security Engineer Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce