Special Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

Good News !!! Professional-Cloud-Security-Engineer Google Cloud Certified - Professional Cloud Security Engineer is now Stable and With Pass Result

Professional-Cloud-Security-Engineer Practice Exam Questions and Answers

Google Cloud Certified - Professional Cloud Security Engineer

Last Update 4 weeks ago
Total Questions : 249

Google Cloud Certified - Professional Cloud Security Engineer is stable now with all latest exam questions are added 4 weeks ago. Incorporating Professional-Cloud-Security-Engineer practice exam questions into your study plan is more than just a preparation strategy.

Professional-Cloud-Security-Engineer exam questions often include scenarios and problem-solving exercises that mirror real-world challenges. Working through Professional-Cloud-Security-Engineer dumps allows you to practice pacing yourself, ensuring that you can complete all Google Cloud Certified - Professional Cloud Security Engineer practice test within the allotted time frame.

Professional-Cloud-Security-Engineer PDF

Professional-Cloud-Security-Engineer PDF (Printable)
$43.75
$124.99

Professional-Cloud-Security-Engineer Testing Engine

Professional-Cloud-Security-Engineer PDF (Printable)
$50.75
$144.99

Professional-Cloud-Security-Engineer PDF + Testing Engine

Professional-Cloud-Security-Engineer PDF (Printable)
$63.7
$181.99
Question # 1

Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.

What should you do?

Options:

A.  

Store the data in a single Persistent Disk, and delete the disk at expiration time.

B.  

Store the data in a single BigQuery table and set the appropriate table expiration time.

C.  

Store the data in a Cloud Storage bucket, and configure the bucket's Object Lifecycle Management feature.

D.  

Store the data in a single BigTable table and set an expiration time on the column families.

Discussion 0
Question # 2

Your Google Cloud environment has one organization node, one folder named Apps." and several projects within that folder The organizational node enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the terramearth.com organization The "Apps" folder enforces the constraints/iam.allowedPolicyMemberDomains organization policy, which allows members from the flowlogistic.com organization. It also has the inheritFromParent: false property.

You attempt to grant access to a project in the Apps folder to the user testuser@terramearth.com.

What is the result of your action and why?

Options:

A.  

The action fails because a constraints/iam.allowedPolicyMemberDomains organization policy must

be defined on the current project to deactivate the constraint temporarily.

B.  

The action fails because a constraints/iam.allowedPolicyMemberDomains organization policy is in place and only members from the flowlogistic.com organization are allowed.

C.  

The action succeeds because members from both organizations, terramearth. com or flowlogistic.com, are allowed on projects in the "Apps" folder

D.  

The action succeeds and the new member is successfully added to the project's Identity and Access Management (1AM) policy because all policies are inherited by underlying folders and projects.

Discussion 0
Question # 3

Your company's Chief Information Security Officer (CISO) creates a requirement that business data must be stored in specific locations due to regulatory requirements that affect the company's global expansion plans. After working on the details to implement this requirement, you determine the following:

The services in scope are included in the Google Cloud Data Residency Terms.

The business data remains within specific locations under the same organization.

The folder structure can contain multiple data residency locations.

You plan to use the Resource Location Restriction organization policy constraint. At which level in the resource hierarchy should you set the constraint?

Options:

A.  

Folder

B.  

Resource

C.  

Project

D.  

Organization

Discussion 0
Question # 4

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

Options:

A.  

Perform data masking with the DLP API and store that data in BigQuery for later use.

B.  

Perform data redaction with the DLP API and store that data in BigQuery for later use.

C.  

Perform data inspection with the DLP API and store that data in BigQuery for later use.

D.  

Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

Discussion 0
Question # 5

In an effort for your company messaging app to comply with FIPS 140-2, a decision was made to use GCP compute and network services. The messaging app architecture includes a Managed Instance Group (MIG) that controls a cluster of Compute Engine instances. The instances use Local SSDs for data caching and UDP for instance-to-instance communications. The app development team is willing to make any changes necessary to comply with the standard

Which options should you recommend to meet the requirements?

Options:

A.  

Encrypt all cache storage and VM-to-VM communication using the BoringCrypto module.

B.  

Set Disk Encryption on the Instance Template used by the MIG to customer-managed key and use BoringSSL for all data transit between instances.

C.  

Change the app instance-to-instance communications from UDP to TCP and enable BoringSSL on clients' TLS connections.

D.  

Set Disk Encryption on the Instance Template used by the MIG to Google-managed Key and use BoringSSL library on all instance-to-instance communications.

Discussion 0
Question # 6

You want to make sure that your organization’s Cloud Storage buckets cannot have data publicly available to the internet. You want to enforce this across all Cloud Storage buckets. What should you do?

Options:

A.  

Remove Owner roles from end users, and configure Cloud Data Loss Prevention.

B.  

Remove Owner roles from end users, and enforce domain restricted sharing in an organization policy.

C.  

Configure uniform bucket-level access, and enforce domain restricted sharing in an organization policy.

D.  

Remove *.setIamPolicy permissions from all roles, and enforce domain restricted sharing in an organization policy.

Discussion 0
Question # 7

A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery

What should you do?

Options:

A.  

Create a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows.

B.  

Use the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.

C.  

Leverage Security Command Center to scan for the assets of type Credit Card Number in BigQuery.

D.  

Enable Cloud Identity-Aware Proxy to filter out credit card numbers before storing the logs in BigQuery.

Discussion 0
Question # 8

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.

How should the customer achieve this using Google Cloud Platform?

Options:

A.  

Use Cloud Source Repositories, and store secrets in Cloud SQL.

B.  

Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.

C.  

Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.

D.  

Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.

Discussion 0
Question # 9

You are using Security Command Center (SCC) to protect your workloads and receive alerts for suspected security breaches at your company. You need to detect cryptocurrency mining software.

Which SCC service should you use?

Options:

A.  

Container Threat Detection

B.  

Web Security Scanner

C.  

Rapid Vulnerability Detection

D.  

Virtual Machine Threat Detection

Discussion 0
Question # 10

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.

Which Cloud Identity password guidelines can the organization use to inform their new requirements?

Options:

A.  

Set the minimum length for passwords to be 8 characters.

B.  

Set the minimum length for passwords to be 10 characters.

C.  

Set the minimum length for passwords to be 12 characters.

D.  

Set the minimum length for passwords to be 6 characters.

Discussion 0
Get Professional-Cloud-Security-Engineer dumps and pass your exam in 24 hours!

Free Exams Sample Questions