Online Access Free Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86 Practice Test (Page 16)

Professional-Cloud-Security-Engineer Exam Question 71

Your application is deployed as a highly available cross-region solution behind a global external HTTP(S) load balancer. You notice significant spikes in traffic from multiple IP addresses but it is unknown whether the IPs are malicious. You are concerned about your application's availability. You want to limit traffic from these clients over a specified time interval.
What should you do?

A.Configure a rate_based_ban action by using Google Cloud Armor and set the ban_duration_sec parameter to the specified time interval.

B.Configure a deny action by using Google Cloud Armor to deny the clients that issued too many requests over the specified time interval.

C.Configure a firewall rule in your VPC to throttle traffic from the identified IP addresses.

D.Configure a throttle action by using Google Cloud Armor to limit the number of requests per client over a specified time interval.

Professional-Cloud-Security-Engineer Exam Question 72

Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?

A.Configure Secret Manager to manage service account keys.

B.Enable an organization policy to disable service accounts from being created.

C.Enable an organization policy to prevent service account keys from being created.

D.Remove the iam.serviceAccounts.getAccessToken permission from users.

Professional-Cloud-Security-Engineer Exam Question 73

You need to connect your organization's on-premises network with an existing Google Cloud environment that includes one Shared VPC with two subnets named Production and Non-Production. You are required to:
Use a private transport link.
Configure access to Google Cloud APIs through private API endpoints originating from on-premises environments.
Ensure that Google Cloud APIs are only consumed via VPC Service Controls.
What should you do?

A.1. Set up a Cloud VPN link between the on-premises environment and Google Cloud.
2. Configure private access using the restricted googleapis.com domains in on-premises DNS configurations.

B.1. Set up a Partner Interconnect link between the on-premises environment and Google Cloud.
2. Configure private access using the private.googleapis.com domains in on-premises DNS configurations.

C.1. Set up a Direct Peering link between the on-premises environment and Google Cloud.
2. Configure private access for both VPC subnets.

D.1. Set up a Dedicated Interconnect link between the on-premises environment and Google Cloud.
2. Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.

Professional-Cloud-Security-Engineer Exam Question 74

You have been tasked with configuring Security Command Center for your organization's Google Cloud environment. Your security team needs to receive alerts of potential crypto mining in the organization's compute environment and alerts for common Google Cloud misconfigurations that impact security. Which Security Command Center features should you use to configure these alerts? (Choose two.)

A.Event Threat Detection

B.Container Threat Detection

C.Security Health Analytics

D.Cloud Data Loss Prevention

E.Google Cloud Armor

Professional-Cloud-Security-Engineer Exam Question 75

You manage one of your organization's Google Cloud projects (Project A). AVPC Service Control (SC) perimeter is blocking API access requests to this project including Pub/Sub. A resource running under a service account in another project (Project B) needs to collect messages from a Pub/Sub topic in your project Project B is not included in a VPC SC perimeter. You need to provide access from Project B to the Pub/Sub topic in Project A using the principle of least Privilege.
What should you do?

A.Create an access level that allows a developer in Project B to subscribe to the Pub/Sub topic that is located in Project A.

B.Remove the Pub/Sub API from the list of restricted services in the perimeter configuration for Project A.

C.Configure an ingress policy for the perimeter in Project A and allow access for the service account in Project B to collect messages.

D.Create a perimeter bridge between Project A and Project B to allow the required communication between both projects.

Other Version: 546Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 758Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1212Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142; 1293Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 1087Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2502Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 3001Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 140CrowdStrike.CCSE-204.v2026-06-12.q25; 160VMware.2V0-17.25.v2026-06-12.q49; 147Appian.ACA-100.v2026-06-11.q23; 202CompTIA.220-1202.v2026-06-11.q114; 162CheckPoint.156-590.v2026-06-11.q47; 221CompTIA.220-1202.v2026-06-10.q109; 194CertiProf.CEHPC.v2026-06-10.q54; 151Hitachi.HQT-4160.v2026-06-10.q25; 387PMI.PMI-ACP-CN.v2026-06-09.q453; 190Splunk.SPLK-5002.v2026-06-08.q52

Professional-Cloud-Security-Engineer Exam Question 71

Professional-Cloud-Security-Engineer Exam Question 72

Professional-Cloud-Security-Engineer Exam Question 73

Professional-Cloud-Security-Engineer Exam Question 74

Professional-Cloud-Security-Engineer Exam Question 75

Download PDF File