CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Passed Exam Today Professional-Cloud-Security-Engineer

Page: 14 / 17
Total 233 questions
Get Professional-Cloud-Security-Engineer Full Access Download Professional-Cloud-Security-Engineer PDF

Google Cloud Certified - Professional Cloud Security Engineer Questions and Answers

Question 53

You are a Security Administrator at your organization. You need to restrict service account creation capability within production environments. You want to accomplish this centrally across the organization. What should you do?

Options:

A.

Use Identity and Access Management (IAM) to restrict access of all users and service accounts that have access to the production environment.

B.

Use organization policy constraints/iam.disableServiceAccountKeyCreation boolean to disable the creation of new service accounts.

C.

Use organization policy constraints/iam.disableServiceAccountKeyUpload boolean to disable the creation of new service accounts.

D.

Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.

Question 54

You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B. You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials.

What should you do?

Options:

A.

Enable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.

B.

Enable Domain Restricted Sharing Organization Policy and Bucket Policy Only on the Cloud Storage bucket.

C.

Enable Private Access in Project A and B networks with strict firewall rules to allow communication between the networks.

D.

Enable VPC Peering between Project A and B networks with strict firewall rules to allow communication between the networks.

Question 55

Which type of load balancer should you use to maintain client IP by default while using the standard network tier?

Options:

A.

SSL Proxy

B.

TCP Proxy

C.

Internal TCP/UDP

D.

TCP/UDP Network

Question 56

Your company requires the security and network engineering teams to identify all network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and traffic between VMs to Google Cloud services in production. Which method should you use?

Options:

A.

Define an organization policy constraint.

B.

Configure packet mirroring policies.

C.

Enable VPC Flow Logs on the subnet.

D.

Monitor and analyze Cloud Audit Logs.

Page: 14 / 17
Total 233 questions
Get Professional-Cloud-Security-Engineer Full Access Download Professional-Cloud-Security-Engineer PDF