Practice Exam

Professional Cloud Security Engineer Practice Exam (v20200224) (English)

Professional Cloud Security Engineer certification is available in English only.

Please see “Professional Cloud Security Engineer Practice Exam (v20200224) (Japanese translation)“.


Google Cloud Certified – Professional Cloud Security Engineer Practice Exam (45 Q)

(v2020-02-24)


QUESTION 1

When creating a secure container image, which two items should you incorporate into the build if possible ? (Choose two.)

  • A. Ensure that the app does not run as PID 1.
  • B. Package a single app as a container.
  • C. Remove any unnecessary tools not needed by the app.
  • D. Use public container images as a base image for the app.
  • E. Use many container image layers to hide sensitive information.

Correct Answer: B, C

Reference:
– https://cloud.google.com/solutions/best-practices-for-building-containers


QUESTION 2

A company is running workloads in a dedicated server room.
They must only be accessed from within the private company network.
You need to connect to these workloads from Google Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

  • A. Configure the project with Google Cloud VPN.
  • B. Configure the project with Shared VPC.
  • C. Configure the project with Cloud Interconnect.
  • D. Configure the project with VPC peering.
  • E. Configure all Google Compute Engine instances with Private Access.

Correct Answer: D, E

Reference:
Help secure data workloads: Google Cloud use cases


QUESTION 3

A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Google Compute Engine.
Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy.
What should the customer do to meet these requirements ?

  • A. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
  • B. Make sure that the ERP system can validate the identity headers in the HTTP requests.
  • C. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
  • D. Make sure that the ERP system can validate the user’s unique identifier headers in the HTTP requests.
READ MORE ABOUT THIS