Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Security Engineer

Free Professional Cloud Security Engineer Exam Braindumps (page: 13)

Page 12 of 60
PDF with 331 Questions

A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.

What technique should the institution use?

  1. Use Cloud Storage as a federated Data Source.
  2. Use a Cloud Hardware Security Module (Cloud HSM).
  3. Customer-managed encryption keys (CMEK).
  4. Customer-supplied encryption keys (CSEK).

Answer(s): C

Explanation:

If you want to manage the key encryption keys used for your data at rest, instead of having Google manage the keys, use Cloud Key Management Service to manage your keys. This scenario is known as customer-managed encryption keys (CMEK). https://cloud.google.com/bigquery/docs/encryption- at-rest


Reference:

https://cloud.google.com/bigquery/docs/encryption-at-rest



A company is deploying their application on Google Cloud Platform. Company policy requires long- term data to be stored using a solution that can automatically replicate data over at least two geographic places.

Which Storage solution are they allowed to use?

  1. Cloud Bigtable
  2. Cloud BigQuery
  3. Compute Engine SSD Disk
  4. Compute Engine Persistent Disk

Answer(s): B

Explanation:

https://cloud.google.com/bigquery#:~:text=BigQuery%20transparently%20and%20automatically%2 0provides,charge%20and%20no%20additional%20setup.&text=BigQuery%20also%20provides%20O DBC%20and,interact%20with%20its%20powerful%20engine.


Reference:

https://cloud.google.com/bigquery/docs/locations



A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to ensure payment information is encrypted between the customer's browser and GCP when the customers checkout online.

What should they do?

  1. Configure an SSL Certificate on an L7 Load Balancer and require encryption.
  2. Configure an SSL Certificate on a Network TCP Load Balancer and require encryption.
  3. Configure the firewall to allow inbound traffic on port 443, and block all other inbound traffic.
  4. Configure the firewall to allow outbound traffic on port 443, and block all other outbound traffic.

Answer(s): A

Explanation:

https://cloud.google.com/load-balancing/docs/load-balancing- overview#external_versus_internal_load_balancing



Applications often require access to "secrets" - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of "who did what, where, and when?" within their GCP projects.

Which two log streams would provide the information that the administrator is looking for? (Choose two.)

  1. Admin Activity logs
  2. System Event logs
  3. Data Access logs
  4. VPC Flow logs
  5. Agent logs

Answer(s): A,C

Explanation:

https://cloud.google.com/secret-manager/docs/audit-logging


Reference:

https://cloud.google.com/kms/docs/secret-management






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Exam Discussions & Posts