Name: Google Professional Cloud Security Engineer Exam
Brand: Pass4Success
SKU: Professional Cloud Security Engineer
Price: 69.00 USD
Availability: InStock
Rating: 4.9 (175 reviews)

Disscuss Google Professional Cloud Security Engineer Topics, Questions or Ask Anything Related

Submit Cancel

Daniela

18 days ago

Just passed the Google Cloud Security Engineer exam! Key topic: IAM. Expect scenario-based questions on least privilege access. Study resource hierarchy and custom roles. Thanks to Pass4Success for the spot-on practice questions that helped me prepare quickly!

upvoted 0 times

...

Ocie

19 days ago

Alex Thompson

upvoted 0 times

...

Katie

22 days ago

I recently passed the Google Professional Cloud Security Engineer exam with the help of Pass4Success practice questions. The exam covered topics such as designing and implementing a secure infrastructure on Google Cloud Platform and understanding security best practices. One question that stood out to me was related to industry security requirements, specifically around data encryption standards. Despite being unsure of the answer, I was able to pass the exam.

upvoted 0 times

...

Free Google Professional Cloud Security Engineer Exam Actual Questions

Note: Premium Questions for Professional Cloud Security Engineer were last updated On Jul. 17, 2024 (see below)

Question #1

Your company's users access data in a BigQuery table. You want to ensure they can only access the data during working hours.

What should you do?

AAssign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours.

BConfigure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours.

CAssign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours

DRun a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

Reveal Solution Hide Solution

Correct Answer: A

Question #2

Your company conducts clinical trials and needs to analyze the results of a recent study that are stored in BigQuery. The interval when the medicine was taken contains start and stop dates The interval data is critical to the analysis, but specific dates may identify a particular batch and introduce bias You need to obfuscate the start and end dates for each row and preserve the interval data.

What should you do?

AUse bucketing to shift values to a predetermined date based on the initial value.

BExtract the date using TimePartConfig from each date field and append a random month and year

CUse date shifting with the context set to the unique ID of the test subject

DUse the FFX mode of format preserving encryption (FPE) and maintain data consistency

Reveal Solution Hide Solution

Correct Answer: A

'Date shifting techniques randomly shift a set of dates but preserve the sequence and duration of a period of time. Shifting dates is usually done in context to an individual or an entity. That is, each individual's dates are shifted by an amount of time that is unique to that individual.'

Question #3

Your company's users access data in a BigQuery table. You want to ensure they can only access the data during working hours.

What should you do?

AAssign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours.

BConfigure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours.

CAssign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours

DRun a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

Reveal Solution Hide Solution

Correct Answer: A

Question #4

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.

What should you do?

A1. Enable Container Threat Detection in the Security Command Center Premium tier.
* 2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.
* 3. View and share the results from the Security Command Center

B* 1. Use an open source tool in Cloud Build to scan the images.
* 2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil
* 3. Share the scan report link with your security department.

C* 1. Enable vulnerability scanning in the Artifact Registry settings.
* 2. Use Cloud Build to build the images
* 3. Push the images to the Artifact Registry for automatic scanning.
* 4. View the reports in the Artifact Registry.

D* 1. Get a GitHub subscription.
* 2. Build the images in Cloud Build and store them in GitHub for automatic scanning
* 3. Download the report from GitHub and share with the Security Team

Reveal Solution Hide Solution

Correct Answer: C

'The service evaluates all changes and remote access attempts to detect runtime attacks in near-real time.' : https://cloud.google.com/security-command-center/docs/concepts-container-threat-detection-overview This has nothing to do with KNOWN security Vulns in images

Question #5

You are setting up a new Cloud Storage bucket in your environment that is encrypted with a customer managed encryption key (CMEK). The CMEK is stored in Cloud Key Management Service (KMS). in project "pr j -a", and the Cloud Storage bucket will use project "prj-b". The key is backed by a Cloud Hardware Security Module (HSM) and resides in the region europe-west3. Your storage bucket will be located in the region europe-west1. When you create the bucket, you cannot access the key. and you need to troubleshoot why.

What has caused the access issue?

AA firewall rule prevents the key from being accessible.

BCloud HSM does not support Cloud Storage

CThe CMEK is in a different project than the Cloud Storage bucket

DThe CMEK is in a different region than the Cloud Storage bucket.

Reveal Solution Hide Solution

Correct Answer: D

When you use a customer-managed encryption key (CMEK) to secure a Cloud Storage bucket, the key and the bucket must be located in the same region. In this case, the key is in europe-west3 and the bucket is in europe-west1, which is why you're unable to access the key.

Explore Other Google Exams

Unlock Premium Professional Cloud Security Engineer Exam Questions with Advanced Practice Test Features:

Select Question Types you want
Set your Desired Pass Percentage
Allocate Time (Hours : Minutes)
Create Multiple Practice tests with Limited Questions
Customer Support

Get Full Access Now

Google Professional Cloud Security Engineer Exam Questions

Free Google Professional Cloud Security Engineer Exam Actual Questions

Note: Premium Questions for Professional Cloud Security Engineer were last updated On Jul. 17, 2024 (see below)