Google Cloud Certified – Professional Cloud Security Engineer – Practice Exam (Question 51)
Question 1
Which two implied firewall rules are defined on a VPC network? (Choose two.)
- A. A rule that allows all outbound connections.
- B. A rule that denies all inbound connections.
- C. A rule that blocks all inbound port 25 connections.
- D. A rule that blocks all outbound connections.
- E. A rule that allows all inbound port 80 connections.
Correct Answer: A, B
Reference contents:
– VPC firewall rules overview | Google Cloud
Question 2
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?
- A. Use Google Cloud Source Repositories, and store secrets in Google Cloud SQL.
- B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Google Cloud Storage.
- C. Run the Google Cloud Data Loss Prevention API to scan the secrets, and store them in Google Cloud SQL.
- D. Deploy the SCM to a Google Compute Engine VM with local SSDs, and enable preemptible VMs.
Correct Answer: B
Question 3
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
- A. Ensure that the app does not run as PID 1.
- B. Package a single app as a container.
- C. Remove any unnecessary tools not needed by the app.
- D. Use public container images as a base image for the app.
- E. Use many container image layers to hide sensitive information.
TO SEE THE REST OF THIS
![[GCP] Google Cloud Certified:Professional Cloud Architect](https://www.cloudsmog.net/wp-content/uploads/google-cloud-certified_professional-cloud-architect-300x169.jpg)
![[GCP] Google Cloud Certified - Professional Security Engineer](https://www.cloudsmog.net/wp-content/uploads/google-cloud-certified_professional-cloud-security-engineer-300x169.jpg)