Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Security Engineer

Free Professional Cloud Security Engineer Exam Braindumps (page: 15)

Page 14 of 60
PDF with 331 Questions

A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing.

How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?

  1. Build new base images when patches are available, and use a CI/CD pipeline to rebuild VMs, deploying incrementally.
  2. Federate a Domain Controller into Compute Engine, and roll out weekly patches via Group Policy Object.
  3. Use Deployment Manager to provision updated VMs into new serving Instance Groups (IGs).
  4. Reboot all VMs during the weekly maintenance window and allow the StartUp Script to download the latest patches from the internet.

Answer(s): A

Explanation:

Compute Engine doesn't automatically update the OS or the software on your deployed instances. You will need to patch or update your deployed Compute Engine instances when necessary. However, in the cloud it is not recommended that you patch or update individual running instances. Instead it is best to patch the image that was used to launch the instance and then replace each affected instance with a new copy.



Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.

How should your team design this network?

  1. Create an ingress firewall rule to allow access only from the application to the database using firewall tags.
  2. Create a different subnet for the frontend application and database to ensure network isolation.
  3. Create two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation.
  4. Create two VPC networks, and connect the two networks using VPC peering to ensure network isolation.

Answer(s): A

Explanation:

"However, even though it is possible to uses tags for target filtering in this manner, we recommend that you use service accounts where possible. Target tags are not access-controlled and can be changed by someone with the instanceAdmin role while VMs are in service. Service accounts are access-controlled, meaning that a specific user must be explicitly authorized to use a service account. There can only be one service account per instance, whereas there can be multiple tags. Also, service accounts assigned to a VM can only be changed when the VM is stopped"



An organization receives an increasing number of phishing emails.

Which method should be used to protect employee credentials in this situation?

  1. Multifactor Authentication
  2. A strict password policy
  3. Captcha on login pages
  4. Encrypted emails

Answer(s): A

Explanation:

https://cloud.google.com/blog/products/g-suite/7-ways-admins-can-help-secure-accounts-against- phishing-g-suite https://www.duocircle.com/content/email-security-services/email-security-in- cryptography#:~:text=Customer%20Login-
,Email%20Security%20In%20Cryptography%20Is%20One%20Of%20The%20Most,Measures%20To%2 0Prevent%20Phishing%20Attempts&text=Cybercriminals%20love%20emails%20the%20most,networ ks%20all%20over%20the%20world.



A customer is collaborating with another company to build an application on Compute Engine. The customer is building the application tier in their GCP Organization, and the other company is building the storage tier in a different GCP Organization. This is a 3-tier web application. Communication between portions of the application must not traverse the public internet by any means.

Which connectivity option should be implemented?

  1. VPC peering
  2. Cloud VPN
  3. Cloud Interconnect
  4. Shared VPC

Answer(s): A

Explanation:

Peering two VPCs does permit traffic to flow between the two shared networks, but it's only bi- directional. Peered VPC networks remain administratively separate.






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Exam Discussions & Posts