Online Access Free Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71 Practice Test (Page 7)

Professional-Cloud-Security-Engineer Exam Question 26

A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
How should the DevOps team accomplish this?

A.Use Puppet or Chef to push out the patch to the running container.

B.Verify that auto upgrade is enabled; if so, Google will upgrade the nodes in a GKE cluster.

C.Update the application code or apply a patch, build a new image, and redeploy it.

D.Configure containers to automatically upgrade when the base image is available in Container Registry.

Professional-Cloud-Security-Engineer Exam Question 27

You need to implement an encryption at-rest strategy that reduces key management complexity for non-sensitive data and protects sensitive data while providing the flexibility of controlling the key residency and rotation schedule. FIPS 140-2 L1 compliance is required for all data types. What should you do?

A.Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.

B.Encrypt non-sensitive data and sensitive data with Cloud Key Management Service

C.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.

D.Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.

Professional-Cloud-Security-Engineer Exam Question 28

An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier.
Which Cloud Data Loss Prevention API technique should you use to accomplish this?

A.Generalization

B.Redaction

C.CryptoHashConfig

D.CryptoReplaceFfxFpeConfig

Professional-Cloud-Security-Engineer Exam Question 29

Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?

A.Configure Secret Manager to manage service account keys.

B.Enable an organization policy to disable service accounts from being created.

C.Enable an organization policy to prevent service account keys from being created.

D.Remove the iam.serviceAccounts.getAccessToken permission from users.

Professional-Cloud-Security-Engineer Exam Question 30

An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses Which solution should your team implement to meet these requirements?

A.Cloud Armor

B.Network Load Balancing

C.SSL Proxy Load Balancing

D.NAT Gateway

Other Version: 536Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 726Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1201Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142; 1213Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86; 1068Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2489Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 2993Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 149Oracle.1D0-1057-25-D.v2026-06-03.q29; 277NAHQ.CPHQ.v2026-06-03.q396; 257CompTIA.220-1201.v2026-06-03.q196; 159GIAC.GCFE.v2026-06-03.q78; 156HIMSS.CPHIMS.v2026-06-03.q45; 236Google.Professional-Cloud-Architect.v2026-06-03.q165; 163HP.HPE7-A09.v2026-06-02.q48; 172ACDIS.CCDS-O.v2026-06-02.q56; 152Microsoft.AB-730.v2026-06-02.q31; 231ASQ.CSSBB.v2026-06-02.q130

Professional-Cloud-Security-Engineer Exam Question 26

Professional-Cloud-Security-Engineer Exam Question 27

Professional-Cloud-Security-Engineer Exam Question 28

Professional-Cloud-Security-Engineer Exam Question 29

Professional-Cloud-Security-Engineer Exam Question 30

Download PDF File