CertsTopics Logo

Big 11.11 Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Google Professional-Cloud-Security-Engineer Online Access

Page: 3 / 22
Total 297 questions
Get Professional-Cloud-Security-Engineer Full Access Download Professional-Cloud-Security-Engineer PDF

Google Cloud Certified - Professional Cloud Security Engineer Questions and Answers

Question 9

You are responsible for managing identities in your company's Google Cloud organization. Employees are frequently using your organization's corporate domain name to create unmanaged Google accounts. You want to implement a practical and efficient solution to prevent employees from completing this action in the future. What should you do?

Options:

A.

Implement an automated process that scans all identities in your organization and disables any unmanaged accounts.

B.

Create a Google Cloud identity for all users in your organization. Ensure that new users are added automatically.

C.

Register a new domain for your Google Cloud resources. Move all existing identities and resources to this domain.

D.

Switch your corporate email system to another domain to avoid using the same domain for Google Cloud identities and corporate emails.

Question 10

You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that are supported by VPC Service Controls to mitigate against exfiltration risk to non-supported APIs. How should you configure the network?

Options:

A.

Enable Private Google Access on the regional subnets and global dynamic routing mode.

B.

Set up a Private Service Connect endpoint IP address with the API bundle of "all-apis", which is advertised as a route over the Cloud interconnect connection.

C.

Use private.googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the connection.

D.

Use restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.

Question 11

An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A well- established directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities.

Which solution meets the organization's requirements?

Options:

A.

Google Cloud Directory Sync (GCDS)

B.

Cloud Identity

C.

Security Assertion Markup Language (SAML)

D.

Pub/Sub

Question 12

Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate,

and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud.

What should you do?

Options:

A.

Use the Cloud Key Management Service to manage the data encryption key (DEK).

B.

Use the Cloud Key Management Service to manage the key encryption key (KEK).

C.

Use customer-supplied encryption keys to manage the data encryption key (DEK).

D.

Use customer-supplied encryption keys to manage the key encryption key (KEK).

Page: 3 / 22
Total 297 questions
Get Professional-Cloud-Security-Engineer Full Access Download Professional-Cloud-Security-Engineer PDF