DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Premium Professional Cloud Security Engineer Exam Sample and Realistic Exam Simulations, Google Professional Cloud Security Engineer | SPOTO

Prepare comprehensively for the Professional Cloud Security Engineer exam with our premium exam sample and realistic exam simulations. As a Cloud Security Engineer, it's crucial to design and implement secure workloads and infrastructure on Google Cloud. Our exam sample provides valuable insight into the exam format and content, while our realistic exam simulations allow you to practice under exam-like conditions. Covering topics such as security best practices and industry requirements, our resources ensure thorough preparation. Utilize our exam simulator to assess your readiness and build confidence. Trust SPOTO for high-quality practice tests and expert guidance to excel in your Professional Cloud Security Engineer certification journey.
Take other online exams
Question #1
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?
A. Cloud Armor
B. Google Cloud Audit Logs
C. Cloud Security Scanner
D. Forseti Security
View answer
Correct Answer: C
Question #2
How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
A. Send all logs to the SIEM system via an existing protocol such as syslog
B. Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system
C. Configure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow
D. Build a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs
View answer
Correct Answer: C
Question #3
An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its current data backup and disaster recovery solutions to GCP for later analysis. The organization’s production environment will remain on- premises for an indefinite time. The organization wants a scalable and cost-efficient solution. Which GCP solution should the organization use?
A. BigQuery using a data pipeline job with continuous updates
B. Cloud Storage using a scheduled task and gsutil
C. Compute Engine Virtual Machines using Persistent Disk
D. Cloud Datastore using regularly scheduled batch upload jobs
View answer
Correct Answer: C
Question #4
A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to manage and rotate the encryption keys. Which boot disk encryption solution should you use on the cluster to meet this customer’s requirements?
A. Customer-supplied encryption keys (CSEK)
B. Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
C. Encryption by default
D. Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis
View answer
Correct Answer: A
Question #5
A company has redundant mail servers in different Google Cloud Platform regions and wants to route customers to the nearest mail server based on location. How should the company accomplish this?
A. Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995
B. Create a Network Load Balancer to listen on TCP port 995 with a forwarding rule to forward traffic based on location
C. Use Cross-Region Load Balancing with an HTTP(S) load balancer to route traffic to the nearest region
D. Use Cloud CDN to route the mail traffic to the closest origin mail server based on client IP address
View answer
Correct Answer: D
Question #6
When working with agents in a support center via online chat, an organization’s customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis. Which Google Cloud solution should the organization use to help resolve this concern for the customer
A. Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis
B. Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis
C. Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis
D. Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis
View answer
Correct Answer: D
Question #7
A customer’s company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform (GCP) projects based on different business units. Each business unit also requires separate sets of IAM permissions. Which strategy should you use to meet these needs?
A. Create an organization node, and assign folders for each business unit
B. Establish standalone projects for each business unit, using gmail
C. Assign GCP resources in a project, with a label identifying which business unit owns the resource
D. Assign GCP resources in a VPC for each business unit to separate network access
View answer
Correct Answer: A
Question #8
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy. What should the customer do to meet these requirements?
A. Make sure that the ERP system can validate the JWT assertion in the HTTP requests
B. Make sure that the ERP system can validate the identity headers in the HTTP requests
C. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests
D. Make sure that the ERP system can validate the user’s unique identifier headers in the HTTP requests
View answer
Correct Answer: A
Question #9
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?
A. Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance’s IP address and allows the application to read from the bucket without credentials
B. Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance
C. Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata
D. Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key
View answer
Correct Answer: C
Question #10
A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project. Which two approaches can you take to meet the requirements? (Choose two.)
A. Configure the project with Cloud VPN
B. Configure the project with Shared VPC
C. Configure the project with Cloud Interconnect
D. Configure the project with VPC peering
E. Configure all Compute Engine instances with Private Access
View answer
Correct Answer: DE
Question #11
You are creating an internal App Engine application that needs to access a user’s Google Drive on the user’s behalf. Your company does not want to rely on the current user’s credentials. It also wants to follow Google-recommended practices. What should you do?
A. Create a new Service account, and give all application users the role of Service Account User
B. Create a new Service account, and add all application users to a Google Group
C. Use a dedicated G Suite Admin account, and authenticate the application’s operations with these G Suite credentials
D. Create a new service account, and grant it G Suite domain-wide delegation
View answer
Correct Answer: A
Question #12
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
A. Ensure that the app does not run as PID 1
B. Package a single app as a container
C. Remove any unnecessary tools not needed by the app
D. Use public container images as a base image for the app
E. Use many container image layers to hide sensitive information
View answer
Correct Answer: BC
Question #13
A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack. Which solution should this customer use?
A. VPC Flow Logs
B. Cloud Armor
C. DNS Security Extensions
D. Cloud Identity-Aware Proxy
View answer
Correct Answer: C
Question #14
A customer’s data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company- owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite. How should you best advise the Systems Engineer to proc
A. Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain
B. Register a new domain name, and use that for the new Cloud Identity domain
C. Ask Google to provision the data science manager’s account as a Super Administrator in the existing domain
D. Ask customer’s management to discover any other uses of Google managed services, and work with the existing Super Administrator
View answer
Correct Answer: C
Question #15
A company’s application is deployed with a user-managed Service Account key. You want to use Google-recommended practices to rotate the key. What should you do?
A. Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam-account=IAM_ACCOUNT
B. Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam-account=IAM_ACCOUNT --key=NEW_KEY
C. Create a new key, and use the new key in the application
D. Create a new key, and use the new key in the application
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.