Professional Cloud Security Engineer Practice Exam (2020.01)

The practice exam translated into Japanese is in “Professional Cloud Security Engineer 模擬問題集(2020.01)“.


Google Cloud Certified – Professional Cloud Security Engineer Practice Exam (50 Q)


QUESTION 1

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

  • A. Public IP
  • B. IP Forwarding
  • C. Private Google Access
  • D. Static routes
  • E. IAM Network User Role

Correct Answer: C, D

Reference:
Configuring Private Google Access


QUESTION 2

Which two implied firewall rules are defined on a VPC network?
(Choose two.)

  • A. A rule that allows all outbound connections
  • B. A rule that denies all inbound connections
  • C. A rule that blocks all inbound port 25 connections
  • D. A rule that blocks all outbound connections
  • E. A rule that allows all inbound port 80 connections

Correct Answer: A, B

Reference:
Firewall rules overview


QUESTION 3

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

  • A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
  • B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
  • C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
  • D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.
To see the rest of this …