Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. PROFESSIONAL-CLOUD-SECURITY-ENGINEER

Free Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions (page: 12)

Page 12 of 74
PDF with 361 Questions

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.

What should you do?

  1. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.
  2. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.
  3. In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.
  4. In Resource Manager, edit the organization permissions. Add the project ID as member with the role:
    Compute Image User.

Answer(s): A


Reference:

https://cloud.google.com/compute/docs/images/restricting-image-access



Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.

Which two tasks should your team perform to handle this request? (Choose two.)

  1. Remove all users from the Project Creator role at the organizational level.
  2. Create an Organization Policy constraint, and apply it at the organizational level.
  3. Grant the Project Editor role at the organizational level to a designated group of users.
  4. Add a designated group of users to the Project Creator role at the organizational level.
  5. Grant the billing account creator role to the designated DevOps team.

Answer(s): A,D



A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing.

How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to date with all the latest OS patches?

  1. Build new base images when patches are available, and use a CI/CD pipeline to rebuild VMs, deploying incrementally.
  2. Federate a Domain Controller into Compute Engine, and roll out weekly patches via Group Policy Object.
  3. Use Deployment Manager to provision updated VMs into new serving Instance Groups (IGs).
  4. Reboot all VMs during the weekly maintenance window and allow the StartUp Script to download the latest patches from the internet.

Answer(s): A



Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.

How should your team design this network?

  1. Create an ingress firewall rule to allow access only from the application to the database using firewall tags.
  2. Create a different subnet for the frontend application and database to ensure network isolation.
  3. Create two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation.
  4. Create two VPC networks, and connect the two networks using VPC peering to ensure network isolation.

Answer(s): A



An organization receives an increasing number of phishing emails.

Which method should be used to protect employee credentials in this situation?

  1. Multifactor Authentication
  2. A strict password policy
  3. Captcha on login pages
  4. Encrypted emails

Answer(s): A



Viewing page 12 of 74
Viewing questions 56 - 60 out of 361 questions



Post your Comments and Discuss Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam prep with other Community members:

PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Discussions & Posts