Online Access Free Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142 Practice Test (Page 29)

Professional-Cloud-Security-Engineer Exam Question 136

Applications often require access to "secrets" - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of "who did what, where, and when?" within their GCP projects.
Which two log streams would provide the information that the administrator is looking for? (Choose two.)

A.Admin Activity logs

B.System Event logs

C.Data Access logs

D.VPC Flow logs

E.Agent logs

Professional-Cloud-Security-Engineer Exam Question 137

You discovered that sensitive personally identifiable information (PII) is being ingested to your Google Cloud environment in the daily ETL process from an on-premises environment to your BigQuery datasets. You need to redact this data to obfuscate the PII, but need to re-identify it for data analytics purposes. Which components should you use in your solution? (Choose two.)

A.Cloud Data Loss Prevention with automatic text redaction

B.Cloud Data Loss Prevention with deterministic encryption using AES-SIV

C.Cloud Key Management Service

D.Cloud Data Loss Prevention with cryptographic hashing

E.Secret Manager

Professional-Cloud-Security-Engineer Exam Question 138

A customer has an analytics workload running on Compute Engine that should have limited internet access.
Your team created an egress firewall rule to deny (priority 1000) all traffic to the internet.
The Compute Engine instances now need to reach out to the public repository to get security updates. What should your team do?

A.Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority less than 1000.

B.Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority greater than 1000.

C.Create an egress firewall rule to allow traffic to the hostname of the repository with a priority less than 1000.

D.Create an egress firewall rule to allow traffic to the hostname of the repository with a priority greater than 1000.

Professional-Cloud-Security-Engineer Exam Question 139

Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?

A.Configure Secret Manager to manage service account keys.

B.Enable an organization policy to disable service accounts from being created.

C.Enable an organization policy to prevent service account keys from being created.

D.Remove the iam.serviceAccounts.getAccessToken permission from users.

Professional-Cloud-Security-Engineer Exam Question 140

You are the Security Admin in your company. You want to synchronize all security groups that have an email address from your LDAP directory in Cloud IAM.
What should you do?

A.Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate one-way sync.

B.Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have "user email address" as the attribute to facilitate bidirectional sync.

C.Use a management tool to sync the subset based on the email address attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.

D.Use a management tool to sync the subset based on group object class attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.

Other Version: 538Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 726Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1214Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86; 1270Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 1068Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2490Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 2993Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 141NREMT.EMT.v2026-06-06.q125; 123Juniper.JN0-232.v2026-06-06.q60; 151Oracle.1D0-1057-25-D.v2026-06-03.q29; 279NAHQ.CPHQ.v2026-06-03.q396; 258CompTIA.220-1201.v2026-06-03.q196; 162GIAC.GCFE.v2026-06-03.q78; 157HIMSS.CPHIMS.v2026-06-03.q45; 237Google.Professional-Cloud-Architect.v2026-06-03.q165; 165HP.HPE7-A09.v2026-06-02.q48; 175ACDIS.CCDS-O.v2026-06-02.q56

Professional-Cloud-Security-Engineer Exam Question 136

Professional-Cloud-Security-Engineer Exam Question 137

Professional-Cloud-Security-Engineer Exam Question 138

Professional-Cloud-Security-Engineer Exam Question 139

Professional-Cloud-Security-Engineer Exam Question 140

Download PDF File