Student in graduation cap using computer at desk. University, graduation, information concept. Vector illustration can be used for topics like literature, knowledge, education

Professional Cloud Security Engineer Practice Exam (Version 1.0) (English)

Professional Cloud Security Engineer certification exam is available in English only.

Please see “VCEplus’s Professional Cloud Security Engineer Practice Questions (Version 1.0) (Japanese)” for the Japanese translation.


Google Cloud Certified – Professional Cloud Security Engineer Practice Exam (50 Q)

Version 1.0


QUESTION 1

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

  • A. Public IP
  • B. IP Forwarding
  • C. Private Google Access
  • D. Static routes
  • E. IAM Network User Role

Correct Answer: C, D

Reference:
Configuring Private Google Access


QUESTION 2

Which two implied firewall rules are defined on a VPC network?
(Choose two.)

  • A. A rule that allows all outbound connections
  • B. A rule that denies all inbound connections
  • C. A rule that blocks all inbound port 25 connections
  • D. A rule that blocks all outbound connections
  • E. A rule that allows all inbound port 80 connections

Correct Answer: A, B

Reference:
Firewall rules overview


QUESTION 3

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

  • A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
  • B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
  • C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
  • D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.
READ MORE ABOUT THIS