Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Security Engineer

Free Professional Cloud Security Engineer Exam Braindumps (page: 11)

Page 10 of 60
PDF with 331 Questions

A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.

What should you do to meet these requirements?

  1. Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.
  2. Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.
  3. Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
  4. Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.

Answer(s): A

Explanation:

https://cloud.google.com/iam/docs/understanding-roles#project-roles



A customer's internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK).

How should the team complete this task?

  1. Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same bucket.
  2. Use the gsutil command line tool to upload the object to Cloud Storage, and specify the location of the encryption key.
  3. Generate an encryption key in the Google Cloud Platform Console, and upload an object to Cloud Storage using the specified key.
  4. Encrypt the object, then use the gsutil command line tool or the Google Cloud Platform Console to upload the object to Cloud Storage.

Answer(s): B

Explanation:

https://cloud.google.com/storage/docs/encryption/customer-supplied-keys#gsutil



A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects.

Which two steps should the company take to meet these requirements? (Choose two.)

  1. Create a project with multiple VPC networks for each environment.
  2. Create a folder for each development and production environment.
  3. Create a Google Group for the Engineering team, and assign permissions at the folder level.
  4. Create an Organizational Policy constraint for each folder environment.
  5. Create projects for each environment, and grant IAM rights to each engineering user.

Answer(s): B,C



You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.

Which document should you review to find the information?

  1. Google Cloud Platform: Customer Responsibility Matrix
  2. PCI DSS Requirements and Security Assessment Procedures
  3. PCI SSC Cloud Computing Guidelines
  4. Product documentation for Compute Engine

Answer(s): A

Explanation:

https://cloud.google.com/files/PCI_DSS_Shared_Responsibility_GCP_v32.pdf https://services.google.com/fh/files/misc/gcp_pci_shared_responsibility_matrix_aug_2021.pdf






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Exam Discussions & Posts