|Exam Name||Google Cloud Certified - Professional Cloud Security Engineer|
|Update Date||September 26,2023|
Prepare Yourself Expertly for Professional-Cloud-Security-Engineer Exam:
Our most skilled and experienced professionals are providing updated and accurate study material in PDF form to our customers. The material accumulators make sure that our students successfully secure at least more than 90% marks in the Google Professional-Cloud-Security-Engineer exam. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is change in the Professional-Cloud-Security-Engineer dumps file. You and your money both are very valuable for us so we never take it lightly and have made the attempt to provide you the best work in your hands. In fact, there is not a 1% chance to ruin it.
You can access our agents anytime for your guidance 24/7. Our agent will provide you information you need, you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your Professional-Cloud-Security-Engineer exam with remarkable marks.
Our experts are working hard to provide our customers with accurate material for their Google Professional-Cloud-Security-Engineer exam. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our provided material is as real as you are studying the real exam questions and answers. Our experts are working hard for our customers. So that they can easily pass their exam in their first attempt without any trouble.
Our team updates the Google Professional-Cloud-Security-Engineer questions answers frequently and if there is a change, we instantly contact our customers and provide them updated study material for the exam preparation.
We offer our students real exam questions with 100% passing guarantee, so that they can easily pass their Google Professional-Cloud-Security-Engineer exam in the first attempt. Our Professional-Cloud-Security-Engineer dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.
Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.What type of Load Balancing should you use?
A. Network Load Balancing
B. HTTP(S) Load Balancing
C. TCP Proxy Load Balancing
D. SSL Proxy Load Balancing
You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.What should you do?
A. Migrate the application into an isolated project using a “Lift & Shift” approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
B. Migrate the application into an isolated project using a “Lift & Shift” approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.
C. Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
D. Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project. Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.Which two strategies should your team use to meet these requirements? (Choose two.)
A. Configure Private Google Access on the Compute Engine subnet
B. Avoid assigning public IP addresses to the Compute Engine cluster.
C. Make sure that the Compute Engine cluster is running on a separate subnet.
D. Turn off IP forwarding on the Compute Engine instances in the cluster.
E. Configure a Cloud NAT gateway.
You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls.Which document should you review to find the information?
A. Google Cloud Platform: Customer Responsibility Matrix
B. PCI DSS Requirements and Security Assessment Procedures
C. PCI SSC Cloud Computing Guidelines
D. Product documentation for Compute Engine
A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.What should you do to meet these requirements?
A. Create a Folder per department under the Organization. For each department’s Folder, assign the Project Viewer role to the Google Group related to that department.
B. Create a Folder per department under the Organization. For each department’s Folder, assign the Project Browser role to the Google Group related to that department.
C. Create a Project per department under the Organization. For each department’s Project, assign the Project Viewer role to the Google Group related to that department.
D. Create a Project per department under the Organization. For each department’s Project, assign the Project Browser role to the Google Group related to that department.
Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud.What should you do?
A. Use the Cloud Key Management Service to manage the data encryption key (DEK).
B. Use the Cloud Key Management Service to manage the key encryption key (KEK).
C. Use customer-supplied encryption keys to manage the data encryption key (DEK).
D. Use customer-supplied encryption keys to manage the key encryption key (KEK).
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized.Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)
A. App Engine
B. Cloud Functions
C. Compute Engine
D. Google Kubernetes Engine
E. Cloud Storage
A large financial institution is moving its Big Data analytics to Google Cloud Platform. They want to have maximum control over the encryption process of data stored at rest in BigQuery.What technique should the institution use?
A. Use Cloud Storage as a federated Data Source.
B. Use a Cloud Hardware Security Module (Cloud HSM).
C. Customer-managed encryption keys (CMEK).
D. Customer-supplied encryption keys (CSEK).
An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A wellestablished directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the “source of truth” directory for identities.Which solution meets the organization's requirements?
A. Google Cloud Directory Sync (GCDS)
B. Cloud Identity
C. Security Assertion Markup Language (SAML)
Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.How should your team meet these requirements?
A. Enable Private Access on the VPC network in the production project.
B. Remove the Editor role and grant the Compute Admin IAM role to the engineers.
C. Set up an organization policy to only permit public IPs for the front-end Compute Engine instances.
D. Set up a VPC network with two subnets: one with public IPs and one without public IPs.