DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Dominate Professional Cloud Security Engineer Mock Tests & Study Materials, Google Professional Cloud Security Engineer | SPOTO

Prepare to dominate the Professional Cloud Security Engineer exam with our comprehensive mock tests and study materials. As a Cloud Security Engineer, it's vital to design and implement secure workloads and infrastructure on Google Cloud. Our mock tests cover essential topics such as security best practices and industry requirements, ensuring thorough preparation. With detailed explanations and answers provided, you'll gain the knowledge needed to design, develop, and manage secure solutions using Google security technologies effectively. Utilize our exam simulator to simulate real exam conditions and assess your readiness. Trust SPOTO for high-quality practice tests and expert guidance to excel in your Professional Cloud Security Engineer certification journey.
Take other online exams

Question #1
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership. What should your team do to meet these requirements?
A. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups
B. Set up SAML 2
C. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory
D. Use the Admin SDK to create groups and assign IAM permissions from Active Directory
View answer
Correct Answer: AB
Question #2
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier. Which Cloud Data Loss Prevention API technique should you use to accomplish this?
A. Generalization
B. Redaction
C. CryptoHashConfig
D. CryptoReplaceFfxFpeConfig
View answer
Correct Answer: C
Question #3
An organization’s typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review. How should you advise this organization?
A. Use Forseti with Firewall filters to catch any unwanted configurations in production
B. Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies
C. Route all VPC traffic through customer-managed routers to detect malicious patterns in production
D. All production applications will run on-premises
View answer
Correct Answer: C
Question #4
You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer. What should you do?
A. Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
B. Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK
C. Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
D. Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key
View answer
Correct Answer: C
Question #5
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP’s native SYN flood protection. Which product should be used to meet these requirements?
A. Cloud Armor
B. VPC Firewall Rules
C. Cloud Identity and Access Management
D. Cloud CDN
View answer
Correct Answer: B
Question #6
An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the organization use to inform their new requirements?
A. Set the minimum length for passwords to be 8 characters
B. Set the minimum length for passwords to be 10 characters
C. Set the minimum length for passwords to be 12 characters
D. Set the minimum length for passwords to be 6 characters
View answer
Correct Answer: C
Question #7
You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls. Which document should you review to find the information?
A. Google Cloud Platform: Customer Responsibility Matrix
B. PCI DSS Requirements and Security Assessment Procedures
C. PCI SSC Cloud Computing Guidelines
D. Product documentation for Compute Engine
View answer
Correct Answer: B
Question #8
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized. Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)
A. App Engine
B. Cloud Functions
C. Compute Engine
D. Google Kubernetes Engine
E. Cloud Storage
View answer
Correct Answer: B
Question #9
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services. Which two settings must remain disabled to meet these requirements? (Choose two.)
A. Public IP
B. IP Forwarding
C. Private Google Access
D. Static routes
E. IAM Network User Role
View answer
Correct Answer: CD
Question #10
A customer’s data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite. How should you best advise the Systems Engineer to proce
A. Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain
B. Register a new domain name, and use that for the new Cloud Identity domain
C. Ask Google to provision the data science manager’s account as a Super Administrator in the existing domain
D. Ask customer’s management to discover any other uses of Google managed services, and work with the existing Super Administrator
View answer
Correct Answer: B
Question #11
A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects. Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources. Which type of access should your team grant to meet this requirement?
A. Organization Administrator
B. Security Reviewer
C. Organization Role Administrator
D. Organization Policy Administrator
View answer
Correct Answer: C
Question #12
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
A. Ensure that the app does not run as PID 1
B. Package a single app as a container
C. Remove any unnecessary tools not needed by the app
D. Use public container images as a base image for the app
E. Use many container image layers to hide sensitive information
View answer
Correct Answer: B
Question #13
Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization. Which logging export strategy should you use to meet the requirements?
A. 1
B. 1
C. 1
D. 1
View answer
Correct Answer: DE

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: