※ 他の問題集は「タグ:Professional Cloud Security Engineer の模擬問題集」から一覧いただけます。
Google Cloud Certified – Professional Cloud Security Engineer – Practice Exam (Question 178)
Question 001
Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)
- A. Public IP
- B. IP Forwarding
- C. Private Google Access
- D. Static routes
- E. IAM Network User Role
Correct Answer: AC
Reference:
– Configure Private Google Access | VPC
Question 002
Which two implied firewall rules are defined on a VPC network? (Choose two.)
- A. A rule that allows all outbound connections.
- B. A rule that denies all inbound connections.
- C. A rule that blocks all inbound port 25 connections.
- D. A rule that blocks all outbound connections.
- E. A rule that allows all inbound port 80 connections.
Correct Answer: A, B
Reference:
– VPC firewall rules | Cloud Firewall | Google Cloud
Question 003
A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.
How should the customer achieve this using Google Cloud Platform?
- A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
- B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud Storage.
- C. Run the Cloud Data Loss Prevention API to scan the secrets, and store them in Cloud SQL.
- D. Deploy the SCM to a Compute Engine VM with local SSDs, and enable preemptible VMs.