[Jul 02, 2022] Updates Up to 365 days On Valid Professional-Cloud-Security-Engineer Braindumps [Q76-Q97]

Rate this post

[Jul 02, 2022] Updates Up to 365 days On Valid Professional-Cloud-Security-Engineer Braindumps

Best QualityProfessional-Cloud-Security-Engineer Exam Questions Google Test To Gain Brilliante Result

You can read the Google Professional Cloud Security Engineer salary

The Average Salary of an Google Professional Cloud Security Engineer salary in

Europe – 80853 EURO
India -172784 15215321 INR
England – 155954 POUND
United State – 203393 USD

Skills Measured

A Google certified cloud security specialist should have a high-level mastery of all the essential components of cloud security, covering identity and access management, organizational policies and structures, the concepts of incident response, knowledge of the regulatory concerns, and providing data protection with Google technologies. In summary, the Google Professional Cloud Security Engineer exam will validate one’s understanding of the following themes that form the current exam syllabus:

Setting up network security
Ensuring the protection of data as well as compliance
The management of operations and configuration of access in a cloud solution infrastructure

Q76. You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.
What should you do?

Use multi-factor authentication for admin access to the web application.

Use only applications certified compliant with PA-DSS.

Move the cardholder data environment into a separate GCP project.

Use VPN for all connections between your office and cloud environments.

Q77. A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires an authentication layer in front of the application that supports two-factor authentication Which GCP product should the customer implement to meet these requirements?

Cloud Identity-Aware Proxy

Cloud Armor

Cloud Endpoints

Cloud VPN

Q78. A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

Configure the project with Cloud VPN.

Configure the project with Shared VPC.

Configure the project with Cloud Interconnect.

Configure the project with VPC peering.

Configure all Compute Engine instances with Private Access.

Q79. An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?

Cloud Armor

Network Load Balancing

SSL Proxy Load Balancing

NAT Gateway

Q80. You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls.
Which document should you review to find the information?

Google Cloud Platform: Customer Responsibility Matrix

PCI DSS Requirements and Security Assessment Procedures

PCI SSC Cloud Computing Guidelines

Product documentation for Compute Engine

Q81. Your team wants to limit users with administrative privileges at the organization level.
Which two roles should your team restrict? (Choose two.)

Organization Administrator

Super Admin

GKE Cluster Admin

Compute Admin

Organization Role Viewer

Q82. An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?

Cloud Armor

Network Load Balancing

SSL Proxy Load Balancing

NAT Gateway

Q83. Which encryption algorithm is used with Default Encryption in Cloud Storage?

AES-256

SHA512

MD5

3DES

Q84. An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?

Cloud Armor

Network Load Balancing

SSL Proxy Load Balancing

NAT Gateway

Q85. Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?

Network Load Balancing

HTTP(S) Load Balancing

TCP Proxy Load Balancing

SSL Proxy Load Balancing

Q86. A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

Configure the project with Cloud VPN.

Configure the project with Shared VPC.

Configure the project with Cloud Interconnect.

Configure the project with VPC peering.

Configure all Compute Engine instances with Private Access.

Q87. A company is deploying their application on Google Cloud Platform. Company policy requires long-term data to be stored using a solution that can automatically replicate data over at least two geographic places.
Which Storage solution are they allowed to use?

Cloud Bigtable

Cloud BigQuery

Compute Engine SSD Disk

Compute Engine Persistent Disk

Q88. Your company has been creating users manually in Cloud Identity to provide access to Google Cloud resources. Due to continued growth of the environment, you want to authorize the Google Cloud Directory Sync (GCDS) instance and integrate it with your on-premises LDAP server to onboard hundreds of users. You are required to:
Replicate user and group lifecycle changes from the on-premises LDAP server in Cloud Identity.
Disable any manually created users in Cloud Identity.
You have already configured the LDAP search attributes to include the users and security groups in scope for Google Cloud. What should you do next to complete this solution?

1. Configure the option to suspend domain users not found in LDAP.
2. Set up a recurring GCDS task.

1. Configure the option to delete domain users not found in LDAP.
2. Run GCDS after user and group lifecycle changes.

1. Configure the LDAP search attributes to exclude manually created Cloud Identity users not found in LDAP.
2. Set up a recurring GCDS task.

1. Configure the LDAP search attributes to exclude manually created Cloud identity users not found in LDAP.
2. Run GCDS after user and group lifecycle changes.

Q89. A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.
What should you do to meet these requirements?

Create a Folder per department under the Organization. For each department’s Folder, assign the Project Viewer role to the Google Group related to that department.

Create a Folder per department under the Organization. For each department’s Folder, assign the Project Browser role to the Google Group related to that department.

Create a Project per department under the Organization. For each department’s Project, assign the Project Viewer role to the Google Group related to that department.

Create a Project per department under the Organization. For each department’s Project, assign the Project Browser role to the Google Group related to that department.

Q90. Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?

Network Load Balancing

HTTP(S) Load Balancing

TCP Proxy Load Balancing

SSL Proxy Load Balancing

Q91. A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

Use Cloud Source Repositories, and store secrets in Cloud SQL.

Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.

Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.

Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.

Q92. You need to connect your organization’s on-premises network with an existing Google Cloud environment that includes one Shared VPC with two subnets named Production and Non-Production. You are required to:
Use a private transport link.
Configure access to Google Cloud APIs through private API endpoints originating from on-premises environments.
Ensure that Google Cloud APIs are only consumed via VPC Service Controls.
What should you do?

1. Set up a Cloud VPN link between the on-premises environment and Google Cloud.
2. Configure private access using the restricted googleapis.com domains in on-premises DNS configurations.

1. Set up a Partner Interconnect link between the on-premises environment and Google Cloud.
2. Configure private access using the private.googleapis.com domains in on-premises DNS configurations.

1. Set up a Direct Peering link between the on-premises environment and Google Cloud.
2. Configure private access for both VPC subnets.

1. Set up a Dedicated Interconnect link between the on-premises environment and Google Cloud.
2. Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.

Q93. A company has redundant mail servers in different Google Cloud Platform regions and wants to route customers to the nearest mail server based on location.
How should the company accomplish this?

Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995.

Create a Network Load Balancer to listen on TCP port 995 with a forwarding rule to forward traffic based on location.

Use Cross-Region Load Balancing with an HTTP(S) load balancer to route traffic to the nearest region.

Use Cloud CDN to route the mail traffic to the closest origin mail server based on client IP address.

Q94. You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.

Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.

In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.

In Resource Manager, edit the organization permissions. Add the project ID as member with the role: Compute Image User.

Q95. When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

Ensure that the app does not run as PID 1.

Package a single app as a container.

Remove any unnecessary tools not needed by the app.

Use public container images as a base image for the app.

Use many container image layers to hide sensitive information.

Q96. Your company’s Chief Information Security Officer (CISO) creates a requirement that business data must be stored in specific locations due to regulatory requirements that affect the company’s global expansion plans. After working on the details to implement this requirement, you determine the following:
The services in scope are included in the Google Cloud Data Residency Terms.
The business data remains within specific locations under the same organization.
The folder structure can contain multiple data residency locations.
You plan to use the Resource Location Restriction organization policy constraint. At which level in the resource hierarchy should you set the constraint?

Folder

Resource

Project

Organization

Q97. A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery. You need to ensure that no credit card numbers are stored in BigQuery What should you do?

Create a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows.

Use the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.

Leverage Security Command Center to scan for the assets of type Credit Card Number in BigQuery.

Enable Cloud Identity-Aware Proxy to filter out credit card numbers before storing the logs in BigQuery.

Google Professional Cloud Security Engineer Exam Cover Topics

Candidates must know the exam topics before they start of preparation. Because it will really help them in hitting the core. Our Google Professional Cloud Security Engineer exam dumps will include the following topics: