Professional Cloud Security Engineer Practice Exam (2020.02.24)

The practice exam translated into Japanese is in “Professional Cloud Security Engineer 模擬問題集 (2020.02.24)“.


Google Cloud Certified – Professional Cloud Security Engineer Practice Exam (45 Q)


QUESTION 1

When creating a secure container image, which two items should you incorporate into the build if possible ? (Choose two.)

  • A. Ensure that the app does not run as PID 1.
  • B. Package a single app as a container.
  • C. Remove any unnecessary tools not needed by the app.
  • D. Use public container images as a base image for the app.
  • E. Use many container image layers to hide sensitive information.

Correct Answer: B, C

Reference:
– https://cloud.google.com/solutions/best-practices-for-building-containers


QUESTION 2

A company is running workloads in a dedicated server room.
They must only be accessed from within the private company network.
You need to connect to these workloads from Google Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

  • A. Configure the project with Google Cloud VPN.
  • B. Configure the project with Shared VPC.
  • C. Configure the project with Cloud Interconnect.
  • D. Configure the project with VPC peering.
  • E. Configure all Google Compute Engine instances with Private Access.

Correct Answer: D, E

Reference:
Help secure data workloads: Google Cloud use cases


QUESTION 3

A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Google Compute Engine.
Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy.
What should the customer do to meet these requirements ?

  • A. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
  • B. Make sure that the ERP system can validate the identity headers in the HTTP requests.
  • C. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
  • D. Make sure that the ERP system can validate the user’s unique identifier headers in the HTTP requests.
To see the rest of this …