Online Access Free Google.Professional-Cloud-Security-Engineer.v2024-11-26.q142 Practice Test (Page 6)

Professional-Cloud-Security-Engineer Exam Question 21

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.

B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.

C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.

D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Professional-Cloud-Security-Engineer Exam Question 22

Users are reporting an outage on your public-facing application that is hosted on Compute Engine. You suspect that a recent change to your firewall rules is responsible. You need to test whether your firewall rules are working properly. What should you do?

A.Enable Firewall Rules Logging on the latest rules that were changed. Use Logs Explorer to analyze whether the rules are working correctly.

B.Connect to a bastion host in your VPC. Use a network traffic analyzer to determine at which point your requests are being blocked.

C.In a pre-production environment, disable all firewall rules individually to determine which one is blocking user traffic.

D.Enable VPC Flow Logs in your VPC. Use Logs Explorer to analyze whether the rules are working correctly.

Professional-Cloud-Security-Engineer Exam Question 23

In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)

A.Hardware

B.Network Security

C.Storage Encryption

D.Access Policies

E.Boot

Professional-Cloud-Security-Engineer Exam Question 24

Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.
What should you do?

A.Temporarily disable authentication on the Cloud Storage bucket.

B.Use the undelete command to recover the deleted service account.

C.Create a new service account with the same name as the deleted service account.

D.Update the permissions of another existing service account and supply those credentials to the applications.

Professional-Cloud-Security-Engineer Exam Question 25

As adoption of the Cloud Data Loss Prevention (DLP) API grows within the company, you need to optimize usage to reduce cost. DLP target data is stored in Cloud Storage and BigQuery. The location and region are identified as a suffix in the resource name.
Which cost reduction options should you recommend?

A.Set appropriate rowsLimit value on BigQuery data hosted outside the US and set appropriate bytesLimitPerFile value on multiregional Cloud Storage buckets.

B.Set appropriate rowsLimit value on BigQuery data hosted outside the US, and minimize transformation units on multiregional Cloud Storage buckets.

C.Use rowsLimit and bytesLimitPerFile to sample data and use CloudStorageRegexFileSet to limit scans.

D.Use FindingLimits and TimespanContfig to sample data and minimize transformation units.

Other Version: 534Google.Professional-Cloud-Security-Engineer.v2026-02-09.q123; 726Google.Professional-Cloud-Security-Engineer.v2025-12-26.q111; 1213Google.Professional-Cloud-Security-Engineer.v2023-10-27.q86; 1264Google.Professional-Cloud-Security-Engineer.v2023-03-25.q71; 1068Google.Professional-Cloud-Security-Engineer.v2023-03-10.q59; 103Google.Actualtests4sure.Professional-Cloud-Security-Engineer.v2022-05-23.by.clare.108q.pdf; 2488Google.Professional-Cloud-Security-Engineer.v2022-05-10.q108; 2993Google.Professional-Cloud-Security-Engineer.v2021-10-23.q83; 134Google.Ipassleader.Professional-Cloud-Security-Engineer.v2021-09-16.by.winston.77q.pdf

Latest Upload: 145Oracle.1D0-1057-25-D.v2026-06-03.q29; 275NAHQ.CPHQ.v2026-06-03.q396; 255CompTIA.220-1201.v2026-06-03.q196; 158GIAC.GCFE.v2026-06-03.q78; 154HIMSS.CPHIMS.v2026-06-03.q45; 234Google.Professional-Cloud-Architect.v2026-06-03.q165; 160HP.HPE7-A09.v2026-06-02.q48; 169ACDIS.CCDS-O.v2026-06-02.q56; 152Microsoft.AB-730.v2026-06-02.q31; 215ASQ.CSSBB.v2026-06-02.q130

Professional-Cloud-Security-Engineer Exam Question 21

Professional-Cloud-Security-Engineer Exam Question 22

Professional-Cloud-Security-Engineer Exam Question 23

Professional-Cloud-Security-Engineer Exam Question 24

Professional-Cloud-Security-Engineer Exam Question 25

Download PDF File