Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Security Engineer

Free Professional Cloud Security Engineer Exam Braindumps (page: 19)

Page 18 of 60
PDF with 331 Questions

An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A well- established directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the "source of truth" directory for identities.

Which solution meets the organization's requirements?

  1. Google Cloud Directory Sync (GCDS)
  2. Cloud Identity
  3. Security Assertion Markup Language (SAML)
  4. Pub/Sub

Answer(s): A

Explanation:

With Google Cloud Directory Sync (GCDS), you can synchronize the data in your Google Account with your Microsoft Active Directory or LDAP server. GCDS doesn't migrate any content (such as email messages, calendar events, or files) to your Google Account. You use GCDS to synchronize your Google users, groups, and shared contacts to match the information in your LDAP server.
https://support.google.com/a/answer/106368?hl=en



Which international compliance standard provides guidelines for information security controls applicable to the provision and use of cloud services?

  1. ISO 27001
  2. ISO 27002
  3. ISO 27017
  4. ISO 27018

Answer(s): C

Explanation:

Create a new Service Account that should be able to list the Compute Engine instances in the project.
You want to follow Google-recommended practices.

https://cloud.google.com/security/compliance/iso-27017



You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices.

What should you do?

  1. Create an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.
  2. Create a custom role with the permission compute.instances.list and grant the Service Account this role.
  3. Give the Service Account the role of Compute Viewer, and use the new Service Account for all instances.
  4. Give the Service Account the role of Project Viewer, and use the new Service Account for all instances.

Answer(s): B

Explanation:

https://cloud.google.com/compute/docs/access/iam



In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)

  1. Hardware
  2. Network Security
  3. Storage Encryption
  4. Access Policies
  5. Boot

Answer(s): B,D

Explanation:

https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the- shared-responsibility-model-in-gke-container-security-shared-responsibility-model-gke






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Exam Discussions & Posts