Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Security Engineer

Free Professional Cloud Security Engineer Exam Braindumps (page: 14)

Page 13 of 60
PDF with 331 Questions

You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.

What should you do?

  1. Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
  2. Migrate the application into an isolated project using a "Lift & Shift" approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.
  3. Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
  4. Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project.
    Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Answer(s): A

Explanation:

Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.



Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.

What type of Load Balancing should you use?

  1. Network Load Balancing
  2. HTTP(S) Load Balancing
  3. TCP Proxy Load Balancing
  4. SSL Proxy Load Balancing

Answer(s): D

Explanation:

https://cloud.google.com/load-balancing/docs/ssl - SSL Proxy Load Balancing is a reverse proxy load balancer that distributes SSL traffic coming from the internet to virtual machine (VM) instances in your Google Cloud VPC network.


Reference:

https://cloud.google.com/load-balancing/docs/ssl/



You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.

What should you do?

  1. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.
  2. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.
  3. In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.
  4. In Resource Manager, edit the organization permissions. Add the project ID as member with the role: Compute Image User.

Answer(s): A

Explanation:

https://cloud.google.com/compute/docs/images/restricting-image-access#trusted_images


Reference:

https://cloud.google.com/compute/docs/images/restricting-image-access



Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.

Which two tasks should your team perform to handle this request? (Choose two.)

  1. Remove all users from the Project Creator role at the organizational level.
  2. Create an Organization Policy constraint, and apply it at the organizational level.
  3. Grant the Project Editor role at the organizational level to a designated group of users.
  4. Add a designated group of users to the Project Creator role at the organizational level.
  5. Grant the billing account creator role to the designated DevOps team.

Answer(s): A,D

Explanation:

https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Exam Discussions & Posts