DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Professional Cloud Security Engineer Exam Essentials: Exam Questions & Practice Tests, Google Professional Cloud Security Engineer | SPOTO

Prepare effectively for the Professional Cloud Security Engineer exam with our premium practice tests and real exam simulations. As a Cloud Security Engineer, it's crucial to design and implement secure workloads and infrastructure on Google Cloud. Our practice tests cover essential topics such as security best practices and industry requirements, ensuring thorough preparation. With detailed explanations and answers provided, you'll gain the knowledge needed to succeed in designing, developing, and managing secure solutions using Google security technologies. Utilize our exam simulator to simulate real exam conditions and assess your readiness. Trust SPOTO for high-quality practice tests and expert guidance to excel in your Professional Cloud Security Engineer certification journey.
Take other online exams

Question #1
A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires an authentication layer in front of the application that supports two-factor authentication Which GCP product should the customer implement to meet these requirements?
A. Cloud Identity-Aware Proxy
B. Cloud Armor
C. Cloud Endpoints
D. Cloud VPN
View answer
Correct Answer: B
Question #2
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier. Which Cloud Data Loss Prevention API technique should you use to accomplish this?
A. Generalization
B. Redaction
View answer
Correct Answer: S
Question #3
Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process. What should you do?
A. Use the Cloud Key Management Service to manage a data encryption key (DEK)
B. Use the Cloud Key Management Service to manage a key encryption key (KEK)
C. Use customer-supplied encryption keys to manage the data encryption key (DEK)
D. Use customer-supplied encryption keys to manage the key encryption key (KEK)
View answer
Correct Answer: C
Question #4
An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its current data backup and disaster recovery solutions to GCP for later analysis. The organization’s production environment will remain on- premises for an indefinite time. The organization wants a scalable and cost-efficient solution. Which GCP solution should the organization use?
A. BigQuery using a data pipeline job with continuous updates
B. Cloud Storage using a scheduled task and gsutil
C. Compute Engine Virtual Machines using Persistent Disk
D. Cloud Datastore using regularly scheduled batch upload jobs
View answer
Correct Answer: D
Question #5
A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project. Which two approaches can you take to meet the requirements? (Choose two.)
A. Configure the project with Cloud VPN
B. Configure the project with Shared VPC
View answer
Correct Answer: S
Question #6
An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?
A. Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance’s IP address and allows the application to read from the bucket without credentials
B. Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance
C. Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata
D. Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key
A. Use Forseti with Firewall filters to catch any unwanted configurations in production
B. Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies
C. Route all VPC traffic through customer-managed routers to detect malicious patterns in production
D. All production applications will run on-premises
View answer
Correct Answer: B
Question #7
Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will need to be controlled by the network security team. Which type of networking design should your team use to meet these requirements?
A. Shared VPC Network with a host project and service projects
B. Grant Compute Admin role to the networking team for each engineering project
C. VPC peering between all engineering projects using a hub and spoke model
D. Cloud VPN Gateway between all engineering projects using a hub and spoke model
View answer
Correct Answer: A
Question #8
A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs. What should you do?
A. Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold
B. Create an Alerting Policy in Stackdriver using the CPU usage metric
C. Log every execution of the script to Stackdriver Logging
D. Log every execution of the script to Stackdriver Logging
View answer
Correct Answer: C
Question #9
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that enduser access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP’s native SYN flood protection. Which product should be used to meet these requirements?
A. Cloud Armor
B. VPC Firewall Rules
C. Cloud Identity and Access Management
D. Cloud CDN
View answer
Correct Answer: A
Question #10
Your team wants to limit users with administrative privileges at the organization level Which two roles should your team restrict? (Choose two.)
A. Organization Administrator
B. Super Admin
C. GKE Cluster Admin
D. Compute Admin
E. Organization Role Viewer
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: