Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. PROFESSIONAL-CLOUD-SECURITY-ENGINEER

Free Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions (page: 5)

Page 5 of 74
PDF with 361 Questions

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.

How should you advise this organization?

  1. Use Forseti with Firewall filters to catch any unwanted configurations in production.
  2. Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.
  3. Route all VPC traffic through customer-managed routers to detect malicious patterns in production.
  4. All production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.

Answer(s): B



An organization wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier.

Which Cloud Data Loss Prevention API technique should you use?

  1. Generalization
  2. Redaction
  3. CryptoHashConfig
  4. CryptoReplaceFfxFpeConfig

Answer(s): D



An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.

Which Cloud Identity password guidelines can the organization use to inform their new requirements?

  1. Set the minimum length for passwords to be 8 characters.
  2. Set the minimum length for passwords to be 10 characters.
  3. Set the minimum length for passwords to be 12 characters.
  4. Set the minimum length for passwords to be 6 characters.

Answer(s): A



You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.

What should you do?

  1. 1. Generate a data encryption key (DEK) locally to encrypt the data.
    2. Generate a new key encryption key (KEK) in Cloud Key Management Service to encrypt the DEK.
    3. Store both the encrypted data and the encrypted DEK.
  2. 1. Generate a data encryption key (DEK) locally to encrypt the data.

    2. Generate a new key encryption key (KEK) in Cloud Key Management Service to encrypt the DEK.
    3. Store both the encrypted data and the KEK.
  3. 1. Generate a new data encryption key (DEK) in Cloud Key Management Service to encrypt the data.
    2. Generate a key encryption key (KEK) locally to encrypt the key.
    3. Store both the encrypted data and the encrypted DEK.
  4. 1. Generate a new data encryption key (DEK) in Cloud Key Management Service to encrypt the data.
    2. Generate a key encryption key (KEK) locally to encrypt the key.
    3. Store both the encrypted data and the KEK.

Answer(s): A


Reference:

https://cloud.google.com/kms/docs/envelope-encryption



How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

  1. Send all logs to the SIEM system via an existing protocol such as syslog.
  2. Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system.
  3. Configure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow.
  4. Build a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs.

Answer(s): C



Viewing page 5 of 74
Viewing questions 21 - 25 out of 361 questions



Post your Comments and Discuss Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam prep with other Community members:

PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Discussions & Posts