- Expert Verified, Online, Free.

MAIL US

info@examtopicspro.com

Google Professional Cloud Security Engineer Exam Questions

Certification Exams

Downloadable PDF versions

100% Confidential

Updated Regularly

Advanced Features

Number Of Questions

234

$ 39

Description

Exam Name: Professional Cloud Security Engineer
Exam Code: Professional Cloud Security Engineer
Related Certification(s): Google Cloud Certified Certification
Certification Provider: Google
Number of Professional Cloud Security Engineer practice questions in our database: 233 (updated: Jan. 07, 2025)
Expected Professional Cloud Security Engineer Exam Topics, as suggested by Google :

  • Module1: Design and Implement a secure infrastructure on Google Cloud Platform
  • Module 2: Understanding of security best practices and industry security requirements
  • Module3: Manages a secure infrastructure leveraging Google security technologies
  • Module 4: All aspects of Cloud Secur

Description

Exam Name: Professional Cloud Security Engineer
Exam Code: Professional Cloud Security Engineer
Related Certification(s): Google Cloud Certified Certification
Certification Provider: Google
Number of Professional Cloud Security Engineer practice questions in our database: 233 (updated: Jan. 07, 2025)
Expected Professional Cloud Security Engineer Exam Topics, as suggested by Google :

  • Module1: Design and Implement a secure infrastructure on Google Cloud Platform
  • Module 2: Understanding of security best practices and industry security requirements
  • Module3: Manages a secure infrastructure leveraging Google security technologies
  • Module 4: All aspects of Cloud Secur

Reviews

There are no reviews yet.

Be the first to review “Google Professional Cloud Security Engineer Exam Questions”

Your email address will not be published. Required fields are marked *

Q1. Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud You must implement data residency and operational sovereignty in the EU. What should you do?

A.Limit the physical location of a new resource with the Organization Policy Service resource locations

B. Use Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and mter-VPC communication.

C. Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications

D. Use identity federation to limit access to Google Cloud resources from non-EU entities.

E. Use VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU.

Correct Answer: A, C

Q2. You manage a mission-critical workload for your organization, which is in a highly regulated industry The workload uses Compute Engine VMs to analyze and process the sensitive data after it is uploaded to Cloud Storage from the endpomt computers. Your compliance team has detected that this workload does not meet the data protection requirements for sensitive dat a. You need to meet these requirements; * Manage the data encryption key (DEK) outside the Google Cloud boundary. * Maintain full control of encryption keys through a third-party provider. * Encrypt the sensitive data before uploading it to Cloud Storage * Decrypt the sensitive data during processing in the Compute Engine VMs * Encrypt the sensitive data in memory while in use in the Compute Engine VMs What should you do?

A.Create a VPC Service Controls service perimeter across your existing Compute Engine VMs and Cloud Storage buckets

B. Migrate the Compute Engine VMs to Confidential VMs to access the sensitive data.

C. Configure Cloud External Key Manager to encrypt the sensitive data before it is uploaded to Cloud Storage and decrypt the sensitive data after it is downloaded into your VMs

D. Create Confidential VMs to access the sensitive data.

E. Configure Customer Managed Encryption Keys to encrypt the sensitive data before it is uploaded to Cloud Storage, and decrypt the sensitive data after it is downloaded into your VMs.

Correct Answer: C, D

Q3. You have stored company approved compute images in a single Google Cloud project that is used as an image repository. This project is protected with VPC Service Controls and exists in the perimeter along with other projects in your organization. This lets other projects deploy images from the image repository project. A team requires deploying a third-party disk image that is stored in an external Google Cloud organization. You need to grant read access to the disk image so that it can be deployed into the perimeter. What should you do?

A.A* 1 Update the perimeter * 2 Configure the egressTo field to set identity Type to any_identity. * 3 Configure the egressFrom field to include the external Google Cloud project number as an allowed resource and the serviceName to compute. googleapis. com.

B. Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.

C. C* 1 Update the perimeter * 2 Configure the egressTo field to include the external Google Cloud project number as an allowed resource and the serviceName to compute. googleapis. com. * 3 Configure the egressFrom field to set identity Type to any_idestity.

D. * 1 Update the perimeter * 2 Configure the ingressFrcm field to set identityType to an-y_identity. * 3 Configure the ingressTo field to include the external Google Cloud project number as an allowed resource and the serviceName to compute.googleapis -com.

Correct Answer: A

Q4. You are setting up a new Cloud Storage bucket in your environment that is encrypted with a customer managed encryption key (CMEK). The CMEK is stored in Cloud Key Management Service (KMS). in project "pr j -a", and the Cloud Storage bucket will use project "prj-b". The key is backed by a Cloud Hardware Security Module (HSM) and resides in the region europe-west3. Your storage bucket will be located in the region europe-west1. When you create the bucket, you cannot access the key. and you need to troubleshoot why. What has caused the access issue?

A.A firewall rule prevents the key from being accessible.

B. Cloud HSM does not support Cloud Storage

C. The CMEK is in a different project than the Cloud Storage bucket

D. The CMEK is in a different region than the Cloud Storage bucket.

Correct Answer: D

Frequently Asked Questions

ExamTopics Pro is a premium service offering a comprehensive collection of exam questions and answers for over 1000 certification exams. It is regularly updated and designed to help users pass their certification exams confidently.
Please contact team@examtopics.com and we will provide you with alternative payment options.
The subscriptions at Examtopics.com are recurring according to the Billing Cycle of your Subscription Plan, i.e. after a certain period of time your credit card is re-billed automatically until/unless you cancel your subscription.
Free updates are available for the duration of your subscription, after the subscription is expired, your access will no longer be available.