DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Premium Professional Cloud Security Engineer Practice Tests & Real Exam Simulations, Google Professional Cloud Security Engineer | SPOTO

Prepare effectively for the Professional Cloud Security Engineer exam with our premium practice tests and real exam simulations. As a Cloud Security Engineer, it's crucial to design and implement secure workloads and infrastructure on Google Cloud. Our practice tests cover essential topics such as security best practices and industry requirements, ensuring thorough preparation. With detailed explanations and answers provided, you'll gain the knowledge needed to succeed in designing, developing, and managing secure solutions using Google security technologies. Utilize our exam simulator to simulate real exam conditions and assess your readiness. Trust SPOTO for high-quality practice tests and expert guidance to excel in your Professional Cloud Security Engineer certification journey.
Take other online exams

Question #1
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery. What technique should the institution use?
A. Use Cloud Storage as a federated Data Source
B. Use a Cloud Hardware Security Module (Cloud HSM)
C. Customer-managed encryption keys (CMEK)
D. Customer-supplied encryption keys (CSEK)
View answer
Correct Answer: D

View The Updated Professional Cloud Security Engineer Exam Questions

SPOTO Provides 100% Real Professional Cloud Security Engineer Exam Questions for You to Pass Your Professional Cloud Security Engineer Exam!

Question #2
Applications often require access to “secrets” - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of “who did what, where, and when?” within their GCP projects. Which two log streams would provide the information that the administrator is looking for? (Choose two.)
A. Admin Activity logs
B. System Event logs
C. Data Access logs
D. VPC Flow logs
E. Agent logs
View answer
Correct Answer: BD
Question #3
Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer. What type of Load Balancing should you use?
A. Network Load Balancing
B. HTTP(S) Load Balancing
C. TCP Proxy Load Balancing
D. SSL Proxy Load Balancing
View answer
Correct Answer: B
Question #4
Your company's users access data in a BigQuery table. You want to ensure they can only access the data during working hours. What should you do?
A. ssign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours
B. onfigure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours
C. ssign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours
D. un a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours
View answer
Correct Answer: A
Question #5
You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk. What should you do?
A. Migrate the application into an isolated project using a “Lift & Shift” approach
B. Migrate the application into an isolated project using a “Lift & Shift” approach in a custom network
C. Refactor the application into a micro-services architecture in a GKE cluster
D. Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project
View answer
Correct Answer: C
Question #6
Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised. What should you do?
A. Enforce 2-factor authentication in GSuite for all users
B. Configure Cloud Identity-Aware Proxy for the App Engine Application
C. Provision user passwords using GSuite Password Sync
D. Configure Cloud VPN between your private network and GCP
View answer
Correct Answer: C
Question #7
You are setting up a new Cloud Storage bucket in your environment that is encrypted with a customer managed encryption key (CMEK). The CMEK is stored in Cloud Key Management Service (KMS). in project "pr j -a", and the Cloud Storage bucket will use project "prj-b". The key is backed by a Cloud Hardware Security Module (HSM) and resides in the region europe-west3. Your storage bucket will be located in the region europe-west1. When you create the bucket, you cannot access the key. and you need to troubleshoo
A. firewall rule prevents the key from being accessible
B. loud HSM does not support Cloud Storage
C. he CMEK is in a different project than the Cloud Storage bucket
D. he CMEK is in a different region than the Cloud Storage bucket
View answer
Correct Answer: D
Question #8
Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud You must implement data residency and operational sovereignty in the EU. What should you do? Choose 2 answers https://cloud.google.com/architecture/framework/security/data-residency-sovereignty#manage_your_operational_sovereignty
A. imit the physical location of a new resource with the Organization Policy Service resource locations
constraint.
B. se Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and mter-VPC communication
C. imit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications
D. se identity federation to limit access to Google Cloud resources from non-EU entities
E. se VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU
View answer
Correct Answer: AC
Question #9
Your company uses Google Cloud and has publicly exposed network assets. You want to discover the assets and perform a security audit on these assets by using a software tool in the least amount of time. What should you do? Cloud Asset Inventory: Using Cloud Asset Inventory allows you to quickly identify all the external assets and resources in your Google Cloud environment. This includes information about your projects, instances, storage buckets, and more. This step is crucial for understanding the scope o
A. un a platform security scanner on all instances in the organization
B. otify Google about the pending audit and wait for confirmation before performing the scan
C. ontact a Google approved security vendor to perform the audit
D. dentify all external assets by using Cloud Asset Inventory and then run a network security scanner against them
View answer
Correct Answer: D
Question #10
You manage a mission-critical workload for your organization, which is in a highly regulated industry The workload uses Compute Engine VMs to analyze and process the sensitive data after it is uploaded to Cloud Storage from the endpomt computers. Your compliance team has detected that this workload does not meet the data protection requirements for sensitive dat a. You need to meet these requirements; * Manage the data encryption key (DEK) outside the Google Cloud boundary. * Maintain full control of encr
A. reate a VPC Service Controls service perimeter across your existing Compute Engine VMs and Cloud Storage buckets
B. igrate the Compute Engine VMs to Confidential VMs to access the sensitive data
C. onfigure Cloud External Key Manager to encrypt the sensitive data before it is uploaded to Cloud Storage and decrypt the sensitive data after it is downloaded into your VMs
D. reate Confidential VMs to access the sensitive data
E. onfigure Customer Managed Encryption Keys to encrypt the sensitive data before it is uploaded to Cloud Storage, and decrypt the sensitive data after it is downloaded into your VMs
View answer
Correct Answer: CD

View The Updated GOOGLE Exam Questions

SPOTO Provides 100% Real GOOGLE Exam Questions for You to Pass Your GOOGLE Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: