Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. PROFESSIONAL-CLOUD-SECURITY-ENGINEER

Free Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions (page: 8)

Page 8 of 74
PDF with 361 Questions

An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its current data backup and disaster recovery solutions to GCP for later analysis. The organization's production environment will remain on-premises for an indefinite time. The organization wants a scalable and cost-efficient solution.

Which GCP solution should the organization use?

  1. BigQuery using a data pipeline job with continuous updates
  2. Cloud Storage using a scheduled task and gsutil
  3. Compute Engine Virtual Machines using Persistent Disk
  4. Cloud Datastore using regularly scheduled batch upload jobs

Answer(s): B



You are creating an internal App Engine application that needs to access a user's Google Drive on the user's behalf. Your company does not want to rely on the current user's credentials. It also wants to follow Google- recommended practices.

What should you do?

  1. Create a new Service account, and give all application users the role of Service Account User.
  2. Create a new Service account, and add all application users to a Google Group. Give this group the role of Service Account User.
  3. Use a dedicated G Suite Admin account, and authenticate the application's operations with these G Suite credentials.
  4. Create a new service account, and grant it G Suite domain-wide delegation. Have the application use it to impersonate the user.

Answer(s): D



A customer wants to move their sensitive workloads to a Compute Engine-based cluster using Managed Instance Groups (MIGs). The jobs are bursty and must be completed quickly. They have a requirement to be able to control the key lifecycle.

Which boot disk encryption solution should you use on the cluster to meet this customer's requirements?

  1. Customer-supplied encryption keys (CSEK)
  2. Customer-managed encryption keys (CMEK) using Cloud Key Management Service (KMS)
  3. Encryption by default
  4. Pre-encrypting files before transferring to Google Cloud Platform (GCP) for analysis

Answer(s): B


Reference:

https://cloud.google.com/kubernetes-engine/docs/how-to/dynamic-provisioning-cmek



Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud.

What should you do?

  1. Use the Cloud Key Management Service to manage the data encryption key (DEK).
  2. Use the Cloud Key Management Service to manage the key encryption key (KEK).
  3. Use customer-supplied encryption keys to manage the data encryption key (DEK).
  4. Use customer-supplied encryption keys to manage the key encryption key (KEK).

Answer(s): B



You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.

What should you do?

  1. Use multi-factor authentication for admin access to the web application.
  2. Use only applications certified compliant with PA-DSS.
  3. Move the cardholder data environment into a separate GCP project.
  4. Use VPN for all connections between your office and cloud environments.

Answer(s): C



Viewing page 8 of 74
Viewing questions 36 - 40 out of 361 questions



Post your Comments and Discuss Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam prep with other Community members:

PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Discussions & Posts