info@expertdumps.com

Verified Content • 24/7 Access • Free Updates
logo

Exam overview

Google Professional Cloud Security Engineer Exam Questions

Vendor

Google

Exam Code

 Professional Cloud Security Engineer

Actual Exam Duration
TOTAL QUESTIONS

234

Exam Name

 Professional Cloud Security Engineer

Purchase

$ 40

One-time payment • Instant access

  • Verified answers with explanations
  • Practice-friendly layout
  • Updated content focus
  • Support if you get stuck
Get More Questions
View all vendors

Exam practice

Exam Q&A

Select an option, then click Show Answer.

Q1:

Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud You must implement data residency and operational sovereignty in the EU. What should you do?

A: Limit the physical location of a new resource with the Organization Policy Service resource locations

B: Use Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and mter-VPC communication.

C: Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications

D: Use identity federation to limit access to Google Cloud resources from non-EU entities.

E: Use VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU.

Correct Answer: A, C

Q2:

You manage a mission-critical workload for your organization, which is in a highly regulated industry The workload uses Compute Engine VMs to analyze and process the sensitive data after it is uploaded to Cloud Storage from the endpomt computers. Your compliance team has detected that this workload does not meet the data protection requirements for sensitive dat a. You need to meet these requirements; * Manage the data encryption key (DEK) outside the Google Cloud boundary. * Maintain full control of encryption keys through a third-party provider. * Encrypt the sensitive data before uploading it to Cloud Storage * Decrypt the sensitive data during processing in the Compute Engine VMs * Encrypt the sensitive data in memory while in use in the Compute Engine VMs What should you do?

A: Create a VPC Service Controls service perimeter across your existing Compute Engine VMs and Cloud Storage buckets

B: Migrate the Compute Engine VMs to Confidential VMs to access the sensitive data.

C: Configure Cloud External Key Manager to encrypt the sensitive data before it is uploaded to Cloud Storage and decrypt the sensitive data after it is downloaded into your VMs

D: Create Confidential VMs to access the sensitive data.

E: Configure Customer Managed Encryption Keys to encrypt the sensitive data before it is uploaded to Cloud Storage, and decrypt the sensitive data after it is downloaded into your VMs.

Correct Answer: C, D

Q3:

You have stored company approved compute images in a single Google Cloud project that is used as an image repository. This project is protected with VPC Service Controls and exists in the perimeter along with other projects in your organization. This lets other projects deploy images from the image repository project. A team requires deploying a third-party disk image that is stored in an external Google Cloud organization. You need to grant read access to the disk image so that it can be deployed into the perimeter. What should you do?

A: A* 1 Update the perimeter * 2 Configure the egressTo field to set identity Type to any_identity. * 3 Configure the egressFrom field to include the external Google Cloud project number as an allowed resource and the serviceName to compute. googleapis. com.

B: Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.

C: C* 1 Update the perimeter * 2 Configure the egressTo field to include the external Google Cloud project number as an allowed resource and the serviceName to compute. googleapis. com. * 3 Configure the egressFrom field to set identity Type to any_idestity.

D: * 1 Update the perimeter * 2 Configure the ingressFrcm field to set identityType to an-y_identity. * 3 Configure the ingressTo field to include the external Google Cloud project number as an allowed resource and the serviceName to compute.googleapis -com.

Correct Answer: A

Q4:

You are setting up a new Cloud Storage bucket in your environment that is encrypted with a customer managed encryption key (CMEK). The CMEK is stored in Cloud Key Management Service (KMS). in project “pr j -a”, and the Cloud Storage bucket will use project “prj-b”. The key is backed by a Cloud Hardware Security Module (HSM) and resides in the region europe-west3. Your storage bucket will be located in the region europe-west1. When you create the bucket, you cannot access the key. and you need to troubleshoot why. What has caused the access issue?

A: A firewall rule prevents the key from being accessible.

B: Cloud HSM does not support Cloud Storage

C: The CMEK is in a different project than the Cloud Storage bucket

D: The CMEK is in a different region than the Cloud Storage bucket.

Correct Answer: D

- Testimonials -

Real Results From Real Students

John Doe
John Doe
This site has been a game-changer for my certification journey. The materials are current, reliable, and best of all—free! It's clear they're committed to supporting the IT community.
Emma
Emma
I passed my CompTIA Security+ exam on the first try thanks to this site. Their practice exams and study guides are top-notch. Highly recommend it to anyone serious about IT certifications.
Liam
Liam
I’ve passed three certifications using this site. Their materials are detailed and well-structured, and the fact that it’s free makes it even better.
Isabella
Isabella
If you're studying for any IT certification, this should be your first stop. It’s comprehensive, organized, and constantly updated.
Benjamin
Benjamin
This website helped me prepare for multiple certifications, and today I’m working in cybersecurity. Without their free resources, I wouldn’t be here.

Frequently Asked Question (FAQ's)

Have questions? You’re not alone. We’ve answered the most frequently asked questions to help you feel confident and informed every step of the way.

What is Dumps Masters?

DumpMasters a premium service offering a comprehensive collection of exam questions and answers for over 1400 certification exams. It is regularly updated and designed to help users pass their certification exams confidently.

Please contact info@expertdumps.com and we will provide you with alternative payment options.

You can by Contacting our sales team.

Free updates are available for the duration of your subscription, after the subscription is expired, your access will no longer be available.