Online Access Free Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142 Practice Test (Page 4)

Professional-Cloud-Security-Engineer Exam Question 11

A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location.
Which solution will restrict access to the in-progress sites?

A.Upload an .htaccess file containing the customer and employee user accounts to App Engine.

B.Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.

C.Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.

D.Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company's GCP Virtual Private Cloud (VPC) network.

Professional-Cloud-Security-Engineer Exam Question 12

Your organization operates Virtual Machines (VMs) with only private IPs in the Virtual Private Cloud (VPC) with internet access through Cloud NAT Everyday, you must patch all VMs with critical OS updates and provide summary reports What should you do?

A.Validate that the egress firewall rules allow any outgoing traffic Log in to each VM and execute OS specific update commands Configure the Cloud Scheduler job to update with critical patches daily for daily updates.

B.Ensure that VM Manager is installed and running on the VMs. In the OS patch management service.
configure the patch jobs to update with critical patches daily.

C.Assign public IPs to VMs. Validate that the egress firewall rules allow any outgoing traffic Log in to each VM. and configure a daily cron job to enable for OS updates at night during low activity periods.

D.Copy the latest patches to the Cloud Storage bucket. Log in to each VM. download the patches from the bucket, and install them.

Professional-Cloud-Security-Engineer Exam Question 13

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

A.Public IP

B.IP Forwarding

C.Private Google Access

D.Static routes

E.IAM Network User Role

Professional-Cloud-Security-Engineer Exam Question 14

Employees at your company use their personal computers to access your organization s Google Cloud console.
You need to ensure that users can only access the Google Cloud console from their corporate-issued devices and verify that they have a valid enterprise certificate What should you do?

A.Implement an Identity and Access Management (1AM) conditional policy to verify the device certificate

B.Implement a VPC firewall policy Activate packet inspection and create an allow rule to validate and verify the device certificate.

C.Implement an organization policy to verify the certificate from the access context.

D.Implement an Access Policy in BeyondCorp Enterprise to verify the device certificate Create an access binding with the access policy just created.

Professional-Cloud-Security-Engineer Exam Question 15

A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible by the administrator.
What should you do?

A.Upload the logs to both the shared bucket and the bucket only accessible by the administrator.
Create a job trigger using the Cloud Data Loss Prevention API. Configure the trigger to delete any files from the shared bucket that contain PII.

B.On the bucket shared with both the analysts and the administrator, configure Object Lifecycle Management to delete objects that contain any PII.

C.Use Cloud Pub/Sub and Cloud Functions to trigger a Data Loss Prevention scan every time a file is uploaded to the shared bucket. If the scan detects PII, have the function move into a Cloud Storage bucket only accessible by the administrator.

D.On the bucket shared with both the analysts and the administrator, configure a Cloud Storage Trigger that is only triggered when PII data is uploaded. Use Cloud Functions to capture the trigger and delete such files.

Other Version: 549Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 759Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1236Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86; 1295Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 1088Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2509Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 3003Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 143CrowdStrike.CCSE-204.v2026-06-12.q25; 163VMware.2V0-17.25.v2026-06-12.q49; 156Appian.ACA-100.v2026-06-11.q23; 210CompTIA.220-1202.v2026-06-11.q114; 165CheckPoint.156-590.v2026-06-11.q47; 226CompTIA.220-1202.v2026-06-10.q109; 211CertiProf.CEHPC.v2026-06-10.q54; 153Hitachi.HQT-4160.v2026-06-10.q25; 405PMI.PMI-ACP-CN.v2026-06-09.q453; 193Splunk.SPLK-5002.v2026-06-08.q52

Professional-Cloud-Security-Engineer Exam Question 11

Professional-Cloud-Security-Engineer Exam Question 12

Professional-Cloud-Security-Engineer Exam Question 13

Professional-Cloud-Security-Engineer Exam Question 14

Professional-Cloud-Security-Engineer Exam Question 15

Download PDF File