Professional Cloud Security Engineer Practice Exam (2020.01)

The practice exam translated into Japanese is in “Professional Cloud Security Engineer 模擬問題集（2020.01）“.

Google Cloud Certified – Professional Cloud Security Engineer Practice Exam (50 Q)

QUESTION 1

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)

• A. Public IP
• B. IP Forwarding
• C. Private Google Access
• D. Static routes
• E. IAM Network User Role

Correct Answer: C, D

Reference:
・Configuring Private Google Access

QUESTION 2

Which two implied firewall rules are defined on a VPC network? (Choose two.)

• A. A rule that allows all outbound connections.
• B. A rule that denies all inbound connections.
• C. A rule that blocks all inbound port 25 connections.
• D. A rule that blocks all outbound connections.
• E. A rule that allows all inbound port 80 connections.

Correct Answer: A, B

Reference:
・Firewall rules overview

QUESTION 3

A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?

• A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
• B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
• C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
• D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.