Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

Professional-Cloud-Security-Engineer Exam Dumps - Google Cloud Certified - Professional Cloud Security Engineer

Go to page:
Question # 33

You perform a security assessment on a customer architecture and discover that multiple VMs have public IP addresses. After providing a recommendation to remove the public IP addresses, you are told those VMs need to communicate to external sites as part of the customer's typical operations. What should you recommend to reduce the need for public IP addresses in your customer's VMs?

A.

Google Cloud Armor

B.

Cloud NAT

C.

Cloud Router

D.

Cloud VPN

Full Access
Question # 34

A customer’s data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite.

How should you best advise the Systems Engineer to proceed with the least disruption?

A.

Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain.

B.

Register a new domain name, and use that for the new Cloud Identity domain.

C.

Ask Google to provision the data science manager’s account as a Super Administrator in the existing domain.

D.

Ask customer’s management to discover any other uses of Google managed services, and work with the existing Super Administrator.

Full Access
Question # 35

Your organization is using Vertex AI Workbench Instances. You must ensure that newly deployed instances are automatically kept up-to-date and that users cannot accidentally alter settings in the operating system. What should you do?

A.

Enable the VM Manager and ensure the corresponding Google Compute Engine instances are added.

B.

Enforce the disableRootAccess and requireAutoUpgradeSchedule organization policies for newly deployed instances.

C.

Assign the AI Notebooks Runner and AI Notebooks Viewer roles to the users of the AI Workbench Instances.

D.

Implement a firewall rule that prevents Secure Shell access to the corresponding Google Compute Engine instances by using tags.

Full Access
Question # 36

You manage a mission-critical workload for your organization, which is in a highly regulated industry The workload uses Compute Engine VMs to analyze and process the sensitive data after it is uploaded to Cloud Storage from the endpomt computers. Your compliance team has detected that this workload does not meet the data protection requirements for sensitive data. You need to meet these requirements;

• Manage the data encryption key (DEK) outside the Google Cloud boundary.

• Maintain full control of encryption keys through a third-party provider.

• Encrypt the sensitive data before uploading it to Cloud Storage

• Decrypt the sensitive data during processing in the Compute Engine VMs

• Encrypt the sensitive data in memory while in use in the Compute Engine VMs

What should you do?

Choose 2 answers

A.

Create a VPC Service Controls service perimeter across your existing Compute Engine VMs and Cloud Storage buckets

B.

Migrate the Compute Engine VMs to Confidential VMs to access the sensitive data.

C.

Configure Cloud External Key Manager to encrypt the sensitive data before it is uploaded to Cloud Storage and decrypt the sensitive data after it is downloaded into your VMs

D.

Create Confidential VMs to access the sensitive data.

E.

Configure Customer Managed Encryption Keys to encrypt the sensitive data before it is uploaded to Cloud Storage, and decrypt the sensitive data after it is downloaded into your VMs.

Full Access
Question # 37

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.

Which Cloud Identity password guidelines can the organization use to inform their new requirements?

A.

Set the minimum length for passwords to be 8 characters.

B.

Set the minimum length for passwords to be 10 characters.

C.

Set the minimum length for passwords to be 12 characters.

D.

Set the minimum length for passwords to be 6 characters.

Full Access
Question # 38

Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised.

What should you do?

A.

Enforce 2-factor authentication in GSuite for all users.

B.

Configure Cloud Identity-Aware Proxy for the App Engine Application.

C.

Provision user passwords using GSuite Password Sync.

D.

Configure Cloud VPN between your private network and GCP.

Full Access
Question # 39

You are a security engineer at a finance company. Your organization plans to store data on Google Cloud, but your leadership team is worried about the security of their highly sensitive data Specifically, your

company is concerned about internal Google employees' ability to access your company's data on Google Cloud. What solution should you propose?

A.

Use customer-managed encryption keys.

B.

Use Google's Identity and Access Management (IAM) service to manage access controls on Google Cloud.

C.

Enable Admin activity logs to monitor access to resources.

D.

Enable Access Transparency logs with Access Approval requests for Google employees.

Full Access
Question # 40

A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location.

Which solution will restrict access to the in-progress sites?

A.

Upload an .htaccess file containing the customer and employee user accounts to App Engine.

B.

Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.

C.

Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.

D.

Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company’s GCP Virtual Private Cloud (VPC) network.

Full Access
Go to page: