Online Access Free Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83 Practice Test (Page 7)

Professional-Cloud-Security-Engineer Exam Question 26

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

A.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.

B.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.

C.In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.

D.In Resource Manager, edit the organization permissions. Add the project ID as member with the role:
Compute Image User.

Professional-Cloud-Security-Engineer Exam Question 27

Your team wants to limit users with administrative privileges at the organization level.
Which two roles should your team restrict? (Choose two.)

A.Organization Administrator

B.Super Admin

C.GKE Cluster Admin

D.Compute Admin

E.Organization Role Viewer

Professional-Cloud-Security-Engineer Exam Question 28

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

A.Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.

B.Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.

C.Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

D.Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.

Professional-Cloud-Security-Engineer Exam Question 29

You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You only want to allow thee application frontend to access the data in the application's mysql instance on port
3306.
What should you do?

A.Configure an ingress firewall rule that allows communication from the src IP range of subnet A to the tag "data-tag" that is applied to the mysql Compute Engine VM on port 3306.

B.Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet B. Then configure an egress firewall rule that allows communication from Compute Engine VMs tagged with data-tag to destination Compute Engine VMs tagged fe-tag.

C.Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet B. Then configure an ingress firewall rule that allows communication from Compute Engine VMs tagged with fe-tag to destination Compute Engine VMs tagged with data-tag.

D.Configure an ingress firewall rule that allows communication from the frontend's unique service account to the unique service account of the mysql Compute Engine VM on port 3306.

Professional-Cloud-Security-Engineer Exam Question 30

A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.
Which two strategies should your team use to meet these requirements? (Choose two.)

A.Configure a Cloud NAT gateway.

B.Make sure that the Compute Engine cluster is running on a separate subnet.

C.Avoid assigning public IP addresses to the Compute Engine cluster.

D.Configure Private Google Access on the Compute Engine subnet

E.Turn off IP forwarding on the Compute Engine instances in the cluster.

Other Version: 116Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 760Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142; 894Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86; 1032Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 900Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2125Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 130Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 116Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 124VMware.2V0-13.25.v2025-12-26.q237; 114Microsoft.AI-900-CN.v2025-12-26.q125; 106SAP.C_BCBAI_2502.v2025-12-26.q30; 107SAP.C_OCM_2503.v2025-12-26.q35; 111HP.HPE0-S59.v2025-12-26.q47; 135Splunk.SPLK-4001.v2025-12-25.q27; 144ServiceNow.CIS-HAM.v2025-12-24.q91; 163EMC.NCP-AIO.v2025-12-24.q126; 125Salesforce.Revenue-Cloud-Consultant-Accredited-Professional.v2025-12-24.q39

Professional-Cloud-Security-Engineer Exam Question 26

Professional-Cloud-Security-Engineer Exam Question 27

Professional-Cloud-Security-Engineer Exam Question 28

Professional-Cloud-Security-Engineer Exam Question 29

Professional-Cloud-Security-Engineer Exam Question 30

Download PDF File