Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Security Engineer

Free Professional Cloud Security Engineer Exam Braindumps (page: 21)

Page 20 of 60
PDF with 331 Questions

Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default Service Account.

What should you do?

  1. 1. Use StackDriver Logging and filter on BigQuery Insert Jobs.
    2. Click on the email address in line with the App Engine Default Service Account in the authentication field.
    3. Click Hide Matching Entries.
    4. Make sure the resulting list is empty.
  2. 1. Use StackDriver Logging and filter on BigQuery Insert Jobs.
    2. Click on the email address in line with the App Engine Default Service Account in the authentication field.
    3. Click Show Matching Entries.
    4. Make sure the resulting list is empty.
  3. 1. In BigQuery, select the related dataset.
    2. Make sure the App Engine Default Service Account is the only account that can write to the dataset.
  4. 1. Go to the IAM section on the project.

    2. Validate that the App Engine Default Service Account is the only account that has a role that can write to BigQuery.

Answer(s): A



Your team wants to limit users with administrative privileges at the organization level.

Which two roles should your team restrict? (Choose two.)

  1. Organization Administrator
  2. Super Admin
  3. GKE Cluster Admin
  4. Compute Admin
  5. Organization Role Viewer

Answer(s): A,B


Reference:

https://cloud.google.com/resource-manager/docs/creating-managing-organization



An organization's security and risk management teams are concerned about where their responsibility lies for certain production workloads they are running in Google Cloud Platform (GCP), and where Google's responsibility lies. They are mostly running workloads using Google Cloud's Platform-as-a-Service (PaaS) offerings, including App Engine primarily.

Which one of these areas in the technology stack would they need to focus on as their primary responsibility when using App Engine?

  1. Configuring and monitoring VPC Flow Logs
  2. Defending against XSS and SQLi attacks
  3. Manage the latest updates and security patches for the Guest OS
  4. Encrypting all stored data

Answer(s): B

Explanation:

in PaaS the customer is responsible for web app security, deployment, usage, access policy, and content. https://cloud.google.com/architecture/framework/security/shared-responsibility-shared- fate



An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.

Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses

Which solution should your team implement to meet these requirements?

  1. Cloud Armor
  2. Network Load Balancing
  3. SSL Proxy Load Balancing
  4. NAT Gateway

Answer(s): A

Explanation:

https://cloud.google.com/armor/docs/security-policy-overview#edge-security


Reference:

https://cloud.google.com/armor/docs/security-policy-concepts






Post your Comments and Discuss Google Professional Cloud Security Engineer exam with other Community members:

Exam Discussions & Posts