Online Access Free Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86 Practice Test (Page 12)

Professional-Cloud-Security-Engineer Exam Question 51

Your company's chief information security officer (CISO) is requiring business data to be stored in specific locations due to regulatory requirements that affect the company's global expansion plans. After working on a plan to implement this requirement, you determine the following:
The services in scope are included in the Google Cloud data residency requirements.
The business data remains within specific locations under the same organization.
The folder structure can contain multiple data residency locations.
The projects are aligned to specific locations.
You plan to use the Resource Location Restriction organization policy constraint with very granular control. At which level in the hierarchy should you set the constraint?

A.Folder

B.Organization

C.Project

D.Resource

Professional-Cloud-Security-Engineer Exam Question 52

Your organization must comply with the regulation to keep instance logging data within Europe. Your workloads will be hosted in the Netherlands in region europe-west4 in a new project. You must configure Cloud Logging to keep your data in the country.
What should you do?

A.Configure the organization policy constraint gcp.resourceLocations to europe-west4.

B.Create a new tog bucket in europe-west4. and redirect the _Def auit bucKet to the new bucket.

C.Configure log sink to export all logs into a Cloud Storage bucket in europe-west4.

D.Set the logging storage region to eurcpe-west4 by using the gcloud CLI logging settings update.

Professional-Cloud-Security-Engineer Exam Question 53

You have numerous private virtual machines on Google Cloud. You occasionally need to manage the servers through Secure Socket Shell (SSH) from a remote location. You want to configure remote access to the servers in a manner that optimizes security and cost efficiency.
What should you do?

A.Create a site-to-site VPN from your corporate network to Google Cloud.

B.Create a firewall rule to allow access from the Identity-Aware Proxy (IAP) IP range Grant the role of an IAP- secured Tunnel User to the administrators.

C.Create a jump host instance with public IP Manage the instances by connecting through the jump host.

D.Configure server instances with public IP addresses Create a firewall rule to only allow traffic from your corporate IPs.

Professional-Cloud-Security-Engineer Exam Question 54

Your company requires the security and network engineering teams to identify all network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and traffic between VMs to Google Cloud services in production. Which method should you use?

A.Define an organization policy constraint.

B.Configure packet mirroring policies.

C.Enable VPC Flow Logs on the subnet.

D.Monitor and analyze Cloud Audit Logs.

Professional-Cloud-Security-Engineer Exam Question 55

You have stored company approved compute images in a single Google Cloud project that is used as an image repository. This project is protected with VPC Service Controls and exists in the perimeter along with other projects in your organization. This lets other projects deploy images from the image repository project. A team requires deploying a third-party disk image that is stored in an external Google Cloud organization. You need to grant read access to the disk image so that it can be deployed into the perimeter.
What should you do?

A.* 1 Update the perimeter
* 2 Configure the ingressFrcm field to set identityType to an-y_identity.
* 3 Configure the ingressTo field to include the external Google Cloud project number as an allowed resource and the serviceName to compute.googleapis -com.

B.* Allow the external project by using the organizational policy
constraints/compute.trustedlmageProjects.

C.* 1 Update the perimeter
* 2 Configure the egressTo field to set identity Type to any_identity.
* 3 Configure the egressFrom field to include the external Google Cloud project number as an allowed resource and the serviceName to compute. googleapis. com.

D.* 1 Update the perimeter
* 2 Configure the egressTo field to include the external Google Cloud project number as an allowed resource and the serviceName to compute. googleapis. com.
* 3 Configure the egressFrom field to set identity Type to any_idestity.

Other Version: 536Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 726Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1201Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142; 1267Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 1068Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2489Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 2993Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 149Oracle.1D0-1057-25-D.v2026-06-03.q29; 277NAHQ.CPHQ.v2026-06-03.q396; 257CompTIA.220-1201.v2026-06-03.q196; 159GIAC.GCFE.v2026-06-03.q78; 157HIMSS.CPHIMS.v2026-06-03.q45; 236Google.Professional-Cloud-Architect.v2026-06-03.q165; 163HP.HPE7-A09.v2026-06-02.q48; 173ACDIS.CCDS-O.v2026-06-02.q56; 152Microsoft.AB-730.v2026-06-02.q31; 231ASQ.CSSBB.v2026-06-02.q130

Professional-Cloud-Security-Engineer Exam Question 51

Professional-Cloud-Security-Engineer Exam Question 52

Professional-Cloud-Security-Engineer Exam Question 53

Professional-Cloud-Security-Engineer Exam Question 54

Professional-Cloud-Security-Engineer Exam Question 55

Download PDF File