Online Access Free Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83 Practice Test (Page 11)

Professional-Cloud-Security-Engineer Exam Question 46

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.

B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.

C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.

D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Professional-Cloud-Security-Engineer Exam Question 47

Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default Service Account.
What should you do?

A.1. Use StackDriver Logging and filter on BigQuery Insert Jobs.
2. Click on the email address in line with the App Engine Default Service Account in the authentication field.
3. Click Hide Matching Entries.
4. Make sure the resulting list is empty.

B.1. Go to the IAM section on the project.
2. Validate that the App Engine Default Service Account is the only account that has a role that can write to BigQuery.
Section: (none)
Explanation

C.1. Use StackDriver Logging and filter on BigQuery Insert Jobs.
2. Click on the email address in line with the App Engine Default Service Account in the authentication field.
3. Click Show Matching Entries.
4. Make sure the resulting list is empty.

D.1. In BigQuery, select the related dataset.
2. Make sure the App Engine Default Service Account is the only account that can write to the dataset.

Professional-Cloud-Security-Engineer Exam Question 48

Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?

A.TCP Proxy Load Balancing

B.HTTP(S) Load Balancing

C.Network Load Balancing

D.SSL Proxy Load Balancing

Professional-Cloud-Security-Engineer Exam Question 49

While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?

A.Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.

B.Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.

C.Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.

D.Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.

Professional-Cloud-Security-Engineer Exam Question 50

You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.
What should you do?

A.Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project.
Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

B.Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

C.Migrate the application into an isolated project using a "Lift & Shift" approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.

D.Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Other Version: 133Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 761Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142; 894Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86; 1039Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 901Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2127Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 130Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 133Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 131VMware.2V0-13.25.v2025-12-26.q237; 122Microsoft.AI-900-CN.v2025-12-26.q125; 107SAP.C_BCBAI_2502.v2025-12-26.q30; 107SAP.C_OCM_2503.v2025-12-26.q35; 118HP.HPE0-S59.v2025-12-26.q47; 135Splunk.SPLK-4001.v2025-12-25.q27; 144ServiceNow.CIS-HAM.v2025-12-24.q91; 166EMC.NCP-AIO.v2025-12-24.q126; 125Salesforce.Revenue-Cloud-Consultant-Accredited-Professional.v2025-12-24.q39

Professional-Cloud-Security-Engineer Exam Question 46

Professional-Cloud-Security-Engineer Exam Question 47

Professional-Cloud-Security-Engineer Exam Question 48

Professional-Cloud-Security-Engineer Exam Question 49

Professional-Cloud-Security-Engineer Exam Question 50

Download PDF File