Professional-Cloud-Security-Engineer Practice Online

Question 1

You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host from public locations so they can access the internal VPC while off-site. How should you enable this access?

A : Implement Cloud VPN for the region where the bastion host lives.

B : Implement OS Login with 2-step verification for the bastion host.

C : Implement Identity-Aware Proxy TCP forwarding for the bastion host.

D : Implement Google Cloud Armor in front of the bastion host.

Answer: C

Question 2

You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?

A : Create an hourly cron job to run a Cloud Function that finds public buckets and makes them private.

B : Enable the constraints/storage.publicAccessPrevention constraint at the organization level.

C : Enable the constraints/storage.uniformBucketLevelAccess constraint at the organization level.

D : Create a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.

Answer: B

Question 3

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.

How should you prevent and fix this vulnerability?

A : Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.

B : Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.

C : Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.

D : Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Answer: D

Question 4

Your company's users access data in a BigQuery table. You want to ensure they can only access the data during working hours. What should you do?

A :

Assign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours.

B :

Configure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours.

C :

Assign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours

D :

Run a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

Answer: A

Question 5

A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage

IAM permissions between users in the development and production environment projects.

Which two steps should the company take to meet these requirements? (Choose two.)

A : Create a project with multiple VPC networks for each environment.

B : Create a folder for each development and production environment.

C : Create a Google Group for the Engineering team, and assign permissions at the folder level.

D : Create an Organizational Policy constraint for each folder environment.

E : Create projects for each environment, and grant IAM rights to each engineering user.

Answer: B,C

Name:	Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer
Certification:	Google Cloud Certified
Vendor:	Google
Total Questions:	284
Last Updated:	May 08, 2024

Download Demo Professional-Cloud-Security-Engineer Dumps

Create Account

Password Recovery

Professional-Cloud-Security-Engineer Practice Online

Download Demo Professional-Cloud-Security-Engineer Dumps

Member Login

Create Account

Password Recovery

Professional-Cloud-Security-Engineer Practice Online