Online Access Free Professional-Cloud-Security-Engineer Exam Questions

In an effort for your company messaging app to comply with FIPS 140-2, a decision was made to use GCP compute and network services. The messaging app architecture includes a Managed Instance Group (MIG) that controls a cluster of Compute Engine instances. The instances use Local SSDs for data caching and UDP for instance-to-instance communications. The app development team is willing to make any changes necessary to comply with the standard Which options should you recommend to meet the requirements?

• A.Set Disk Encryption on the Instance Template used by the MIG to Google-managed Key and use BoringSSL library on all instance-to-instance communications.
• B.Change the app instance-to-instance communications from UDP to TCP and enable BoringSSL on clients' TLS connections.
• C.Set Disk Encryption on the Instance Template used by the MIG to customer-managed key and use BoringSSL for all data transit between instances.
• D.Encrypt all cache storage and VM-to-VM communication using the BoringCrypto module.

You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually. You also do not want the uploader of an object to always have full control of the object. However, you want to use Cloud Audit Logs to manage access to your bucket.
What should you do?

• A.Set up an ACL with READER permission to a scope of allUsers.
• B.Set up a default bucket ACL and manage access for users using IAM.
• C.Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.
• D.Set up an ACL with OWNER permission to a scope of allUsers.

Your organization uses the top-tier folder to separate application environments (prod and dev). The developers need to see all application development audit logs but they are not permitted to review production logs. Your security team can review all logs in production and development environments. You must grant Identity and Access Management (1AM) roles at the right resource level tor the developers and security team while you ensure least privilege.
What should you do?

• A.* 1 Grant logging.admin role to the security team at the organization resource level.* 2 Grant logging.
  viewer rote to the developer team at the folder resource level that contains all the dev projects.
• B.* 1 Grant logging, viewer rote to the security team at the organization resource level.* 2 Grant logging, viewer rote to the developer team at the folder resource level that contains all the dev projects.
• C.* 1 Grant logging. viewer rote to the security team at the organization resource level.* 2 Grant logging.
  admin role to the developer team at the organization resource level.
• D.* 1 Grant logging.admin role to the security team at the organization resource level.* 2 Grant logging.admin role to the developer team at the organization resource level.

Your organization is using Vertex AI Workbench Instances. You must ensure that newly deployed instances are automatically kept up-to-date and that users cannot accidentally alter settings in the operating system.
What should you do?

• A.Enforce the disableRootAccess and requireAutoUpgradeSchedule organization policies for newly deployed instances.
• B.Implement a firewall rule that prevents Secure Shell access to the corresponding Google Compute Engine instances by using tags.
• C.Assign the AI Notebooks Runner and AI Notebooks Viewer roles to the users of the AI Workbench Instances.
• D.Enable the VM Manager and ensure the corresponding Google Compute Engine instances are added.

An organization is moving applications to Google Cloud while maintaining a few mission-critical applications on-premises. The organization must transfer the data at a bandwidth of at least 50 Gbps. What should they use to ensure secure continued connectivity between sites?

• A.Dedicated Interconnect
• B.Partner Interconnect
• C.Cloud VPN
• D.Cloud Router