Online Access Free Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86 Practice Test (Page 14)

Professional-Cloud-Security-Engineer Exam Question 61

You have a highly sensitive BigQuery workload that contains personally identifiable information (Pll) that you want to ensure is not accessible from the internet. To prevent data exfiltration only requests from authorized IP addresses are allowed to query your BigQuery tables.
What should you do?

A.Use the Restrict Resource service usage organization policy constraint along with Cloud Data Loss Prevention (DLP).

B.Use service perimeter and create an access level based on the authorized source IP address as the condition.

C.Use the Restrict allowed Google Cloud APIs and services organization policy constraint along with Cloud Data Loss Prevention (DLP).

D.Use Google Cloud Armor security policies defining an allowlist of authorized IP addresses at the global HTTPS load balancer.

Professional-Cloud-Security-Engineer Exam Question 62

Your organization is moving virtual machines (VMs) to Google Cloud. You must ensure that operating system images that are used across your projects are trusted and meet your security requirements.
What should you do?

A.Automate a security scanner that verifies that no common vulnerabilities and exposures (CVEs) are present in your trusted image repository.

B.Implement an organization policy to enforce that boot disks can only be created from images that come from the trusted image project.

C.Create a Cloud Function that is automatically triggered when a new virtual machine is created from the trusted image repository Verify that the image is not deprecated.

D.Implement an organization policy constraint that enables the Shielded VM service on all projects to enforce the trusted image repository usage.

Professional-Cloud-Security-Engineer Exam Question 63

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.
How should you advise this organization?

A.Use Forseti with Firewall filters to catch any unwanted configurations in production.

B.Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.

C.Route all VPC traffic through customer-managed routers to detect malicious patterns in production.

D.All production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.

Professional-Cloud-Security-Engineer Exam Question 64

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?

A.Create a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user's temporary credentials.

B.Create a dedicated Cloud Identity user account for the cluster. Enable the constraints/iam.disableServiceAccountCreation organization policy at the project level.

C.Create a custom service account for the cluster Enable the constraints/iam.disableServiceAccountKeyCreation organization policy at the project level.

D.Create a custom service account for the cluster Enable the constraints/iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.

Professional-Cloud-Security-Engineer Exam Question 65

Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of Google Cloud user accounts being compromised. What should you do?

A.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.

B.Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.

C.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.

D.Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.

Other Version: 570Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 778Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1244Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142; 1322Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 1107Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2533Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 3020Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 122Microsoft.AB-731.v2026-06-19.q23; 224IIA.IIA-CIA-Part2.v2026-06-19.q308; 149DAMA.MD-1220.v2026-06-19.q66; 125ISTQB.CT-AI.v2026-06-18.q68; 242IIA.IIA-CIA-Part3.v2026-06-17.q220; 165WGU.Introduction-to-IT.v2026-06-17.q67; 206CompTIA.220-1202.v2026-06-16.q110; 138TheInstitutes.CPCU-500.v2026-06-16.q25; 219ACAMS.CAMS7-CN.v2026-06-16.q170; 272CBIC.CIC.v2026-06-15.q123

Professional-Cloud-Security-Engineer Exam Question 61

Professional-Cloud-Security-Engineer Exam Question 62

Professional-Cloud-Security-Engineer Exam Question 63

Professional-Cloud-Security-Engineer Exam Question 64

Professional-Cloud-Security-Engineer Exam Question 65

Download PDF File