Professional Cloud Security Engineer certification exam is available in English only.
Please see “VCEplus’s Professional Cloud Security Engineer Practice Questions (Version 1.0) (Japanese)” for the Japanese translation.
Google Cloud Certified – Professional Cloud Security Engineer Practice Exam (50 Q)
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)
- A. Public IP
- B. IP Forwarding
- C. Private Google Access
- D. Static routes
- E. IAM Network User Role
Correct Answer: C, D
・Configuring Private Google Access
Which two implied firewall rules are defined on a VPC network?
- A. A rule that allows all outbound connections
- B. A rule that denies all inbound connections
- C. A rule that blocks all inbound port 25 connections
- D. A rule that blocks all outbound connections
- E. A rule that allows all inbound port 80 connections
Correct Answer: A, B
・Firewall rules overview
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?
- A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
- B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
- C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
- D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.