Online Access Free Professional-Cloud-Security-Engineer Exam Questions

Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of Google Cloud user accounts being compromised.
What should you do?

• A.Create an Active Directory domain password policy with strong password settings, and configure post- SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.
• B.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.
• C.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.
• D.Create an Active Directory domain password policy with strong password settings, and configure post- SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.

You need to centralize your team's logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?

• A.Use Logs Explorer at the organization level and filter for production project logs.
• B.Create an aggregate org sink at the parent folder of the production projects, and set the destination to a Cloud Storage bucket.
• C.Create an aggregate org sink at the parent folder of the production projects, and set the destination to a logs bucket.
• D.Enable Cloud Monitoring workspace, and add the production projects to be monitored.

Your organization is using Model Garden to maintain a collection of models in a single location and to deploy different types of models in a consistent way. You must ensure that your users can only access the approved models. What should you do?

• A.Implement an organization policy that restricts the vertexai.allowedModels constraint.
• B.Regularly audit user activity logs in Vertex AI to identify and revoke access to unapproved models.
• C.Train custom models within your Vertex AI project, and restrict user access to these models.
• D.Configure IAM permissions on individual Model Garden to restrict access to specific models.

You are working with a client that is concerned about control of their encryption keys for sensitive data. The client does not want to store encryption keys at rest in the same cloud service provider (CSP) as the data that the keys are encrypting. Which Google Cloud encryption solutions should you recommend to this client?
(Choose two.)

• A.Customer-managed encryption keys
• B.Google default encryption
• C.Cloud External Key Manager
• D.Customer-supplied encryption keys.
• E.Secret Manager

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

• A.Use Cloud Source Repositories, and store secrets in Cloud SQL.
• B.Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.
• C.Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
• D.Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.