Online Access Free Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142 Practice Test (Page 12)

Professional-Cloud-Security-Engineer Exam Question 51

You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.
What should you do?

A.Use multi-factor authentication for admin access to the web application.

B.Use only applications certified compliant with PA-DSS.

C.Move the cardholder data environment into a separate GCP project.

D.Use VPN for all connections between your office and cloud environments.

Professional-Cloud-Security-Engineer Exam Question 52

You want to use the gcloud command-line tool to authenticate using a third-party single sign-on (SSO) SAML identity provider. Which options are necessary to ensure that authentication is supported by the third-party identity provider (IdP)? (Choose two.)

A.SSO SAML as a third-party IdP

B.Identity Platform

C.OpenID Connect

D.Identity-Aware Proxy

E.Cloud Identity

Professional-Cloud-Security-Engineer Exam Question 53

Your organization wants full control of the keys used to encrypt data at rest in their Google Cloud environments. Keys must be generated and stored outside of Google and integrate with many Google Services including BigQuery.
What should you do?

A.Create a Cloud Key Management Service (KMS) key with imported key material Wrap the key for protection during import. Import the key generated on a trusted system in Cloud KMS.

B.Create a KMS key that is stored on a Google managed FIPS 140-2 level 3 Hardware Security Module (HSM) Manage the Identity and Access Management (IAM) permissions settings, and set up the key rotation period.

C.Use Cloud External Key Management (EKM) that integrates with an external Hardware Security Module (HSM) system from supported vendors.

D.Use customer-supplied encryption keys (CSEK) with keys generated on trusted external systems Provide the raw CSEK as part of the API call.

Professional-Cloud-Security-Engineer Exam Question 54

Your organization has had a few recent DDoS attacks. You need to authenticate responses to domain name lookups. Which Google Cloud service should you use?

A.Cloud DNS with DNSSEC

B.Cloud NAT

C.HTTP(S) Load Balancing

D.Google Cloud Armor

Professional-Cloud-Security-Engineer Exam Question 55

Which Identity-Aware Proxy role should you grant to an Identity and Access Management (IAM) user to access HTTPS resources?

A.Security Reviewer

B.lAP-Secured Tunnel User

C.lAP-Secured Web App User

D.Service Broker Operator

Other Version: 549Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 759Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1231Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86; 1294Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 1088Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2508Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 3003Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 143CrowdStrike.CCSE-204.v2026-06-12.q25; 162VMware.2V0-17.25.v2026-06-12.q49; 150Appian.ACA-100.v2026-06-11.q23; 208CompTIA.220-1202.v2026-06-11.q114; 164CheckPoint.156-590.v2026-06-11.q47; 224CompTIA.220-1202.v2026-06-10.q109; 205CertiProf.CEHPC.v2026-06-10.q54; 152Hitachi.HQT-4160.v2026-06-10.q25; 403PMI.PMI-ACP-CN.v2026-06-09.q453; 192Splunk.SPLK-5002.v2026-06-08.q52

Professional-Cloud-Security-Engineer Exam Question 51

Professional-Cloud-Security-Engineer Exam Question 52

Professional-Cloud-Security-Engineer Exam Question 53

Professional-Cloud-Security-Engineer Exam Question 54

Professional-Cloud-Security-Engineer Exam Question 55

Download PDF File