Free Preparation Discussions
MENU
Google Professional Cloud Security Engineer Exam Questions
- Topic 1: Design and Implement a secure infrastructure on Google Cloud Platform
- Topic 2: Understanding of security best practices and industry security requirements
- Topic 3: Manages a secure infrastructure leveraging Google security technologies
- Topic 4: All aspects of Cloud Secur
Free Google Professional Cloud Security Engineer Exam Actual Questions
Note: Premium Questions for Professional Cloud Security Engineer were last updated On Apr. 14, 2026 (see below)
location and to deploy different types of models in a consistent way You must ensure that your users can only access the approved models What should you do?
The problem states that the organization is using Model Garden and needs to ensure users can only access approved models This implies a need for a central, enforceable control mechanism
Organization Policies and Constraints: Google Cloud Organization Policy Service allows administrators to centrally control resources across an organization Constraints are specific types of restrictions that can be applied For AI Platform (which includes Vertex AI and Model Garden), there are specific constraints designed to control model usage
vertexaiallowedModels Constraint: This specific organization policy constraint is designed precisely to restrict which models can be used within a given organization, folder, or project It provides a centralized way to define a list of approved models that users are allowed to accessExtract Reference: 'The vertexaiallowedModels constraint allows you to specify a list of model URIs that are allowed to be used within the resource hierarchy' and 'This constraint helps organizations enforce compliance and control which models are consumed by their users' (Google Cloud documentation, typically found under Organization Policy Service constraints for Vertex AI or AI Platform)
Let's evaluate the other options:
A Configure IAM permissions on individual Model Garden to restrict access to specific models: IAM (Identity and Access Management) typically grants permissions at a broader resource level (eg, project, dataset, model resource) While you can control who can manage models, directly restricting access to specific models within Model Garden for consumption via IAM roles on individual models is not the primary mechanism for enforcing a list of approved models across an organization in a preventative way Organization policies are designed for this kind of broad, preventative control
B Regularly audit user activity logs in Vertex AI to identify and revoke access to unapproved models: Auditing logs is a reactive measure While important for monitoring and detecting violations, it does not prevent users from accessing unapproved models in the first place The requirement is to ensure they can only access approved models, implying a proactive control
C Train custom models within your Vertex AI project and restrict user access to these models: This is about managing access to custom-trained models, not about controlling access to the collection of models in Model Garden, which often includes pre-trained or publicly available models that need to be whitelisted It doesn't address the requirement of ensuring users only access approved models from the broader Model Garden collection
A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across multiple projects managed by different departments. You want to have a historical record of what was running in Google Cloud Platform at any point in time.
What should you do?
To maintain a historical record of what was running in Google Cloud Platform at any point in time, you should use Forseti Security to automate inventory snapshots. Forseti Security is an open-source toolkit that helps to automate security and compliance in GCP by taking inventory snapshots of GCP resources.
Step-by-Step:
Install Forseti Security:
Follow the installation guide to deploy Forseti Security on your GCP environment.
Configure Inventory:
Set up the inventory module in Forseti to capture and store snapshots of GCP resources.
Schedule Snapshots:
Use Forseti's configuration to schedule regular inventory snapshots.
Access Historical Data:
Review and access historical records through Forseti's dashboard or by querying the Forseti database.
Compliance and Monitoring: Use Forseti to ensure compliance and monitor changes over time.
Inventory Module
Your company's Chief Information Security Officer (CISO) creates a requirement that business data must be stored in specific locations due to regulatory requirements that affect the company's global expansion plans. After working on the details to implement this requirement, you determine the following:
The services in scope are included in the Google Cloud Data Residency Terms.
The business data remains within specific locations under the same organization.
The folder structure can contain multiple data residency locations.
You plan to use the Resource Location Restriction organization policy constraint. At which level in the resource hierarchy should you set the constraint?
The Resource Location Restriction organization policy constraint ensures that business data is stored in specific geographic locations, which is critical for compliance with regulatory requirements.
Organization Level: Setting the constraint at the organization level ensures that all resources within the organization, including those in different folders or projects, adhere to the location restrictions. This provides a unified policy application across the entire organization, ensuring compliance with regulatory requirements.
Policy Application: The policy will propagate down the resource hierarchy, ensuring that all relevant services within the organization comply with the specified data residency requirements.
This approach provides centralized control and simplifies the management of data residency constraints.
Organization Policy Service Documentation
A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
How should the DevOps team accomplish this?
When a vulnerability patch is released for a running container in Google Kubernetes Engine (GKE), the recommended approach is to update the application code or apply the patch directly to the codebase. Then, a new container image should be built incorporating these changes. After building the new image, it should be deployed to replace the running containers. This method ensures that the containers run the updated, secure code.
Steps:
Update Application Code: Modify the application code or dependencies to incorporate the vulnerability patch.
Build New Image: Use a tool like Docker to build a new container image with the updated code.
Push New Image: Push the new container image to the Container Registry.
Update Deployments: Update the Kubernetes deployment to use the new image. This can be done by modifying the image tag in the deployment YAML file.
Redeploy Containers: Apply the updated deployment configuration using kubectl apply -f <deployment-file>.yaml, which will redeploy the containers with the new image.
Google Cloud: Container security
Kubernetes: Updating an application
You need to enable VPC Service Controls and allow changes to perimeters in existing environments without preventing access to resources. Which VPC Service Controls mode should you use?
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Currently there are no comments in this discussion, be the first to comment!
Gayla
18 days agoBettina
25 days agoLeila
1 month agoOretha
1 month agoCarla
2 months agoCaitlin
2 months agoKimbery
2 months agoShakira
2 months agoPrecious
3 months agoHeidy
3 months agoMoon
3 months agoBillye
4 months agoGeorgeanna
4 months agoGeorgene
4 months agoMari
4 months agoLoren
4 months agoDesmond
5 months agoBettina
5 months agoAntonette
5 months agoLai
5 months agoIvette
6 months agoSantos
6 months agoMarget
6 months agoStephanie
7 months agoGlenna
7 months agoLetha
7 months agoLucina
8 months agoRoxanne
8 months agoLenny
9 months agoMalcom
10 months agoAntonio
12 months agoMargurite
1 year agoAugustine
1 year agoCraig
1 year agoMiles
1 year agoShawnta
1 year agoArlyne
1 year agoAn
1 year agoLaurel
1 year agoChun
1 year agoRenea
1 year agoRessie
1 year agoLashawna
2 years agoJospeh
2 years agoMiriam
2 years agoJavier
2 years agoJoesph
2 years agoBettina
2 years agoCurtis
2 years agoStefany
2 years agoChun
2 years agoKarina
2 years agoRaylene
2 years agoDaniela
2 years agoOcie
2 years agoKatie
2 years ago