Scribd
Upload
37 views4 pages

Apr 2020 New PassLeader Professional Cloud Security Engineer Exam

Uploaded by

Modou Gueye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
37 views4 pages

Apr 2020 New PassLeader Professional Cloud Security Engineer Exam

Uploaded by

Modou Gueye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

New VCE and PDF Exam Dumps from PassLeader

➢ Vendor: Google

➢ Exam Code: Professional Cloud Security Engineer

➢ Exam Name: Google Cloud: Professional Cloud Security Engineer

➢ Part of New Questions from PassLeader (Updated in Apr/2020)

Visit PassLeader and Download Full Version Professional Cloud Security Engineer Exam Dumps

NEW QUESTION 1
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP)
vulnerabilities. Which service should be used to accomplish this?

A. Cloud Armor
B. Google Cloud Audit Logs
C. Cloud Security Scanner
D. Forseti Security

Answer: C

NEW QUESTION 2
An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct
earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and
must be reversible to identify the outlier. Which Cloud Data Loss Prevention API technique should you use to accomplish
this?

A. Generalization
B. Redaction
C. CryptoHashConfig
D. CryptoReplaceFfxFpeConfig

Answer: B

NEW QUESTION 3
In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized. Which two
cloud offerings meet this requirement without additional compensating controls? (Choose two.)

A. App Engine
B. Cloud Functions
C. Compute Engine
D. Google Kubernetes Engine
E. Cloud Storage

Answer: AC

NEW QUESTION 4
Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over
networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where
Professional Cloud Security Engineer Exam Dumps Professional Cloud Security Engineer Exam Questions
Professional Cloud Security Engineer PDF Dumps Professional Cloud Security Engineer VCE Dumps
https://www.passleader.com/professional-cloud-security-engineer.html
New VCE and PDF Exam Dumps from PassLeader
resources need access back to the GCP resources through a private VPN connection. The networking resources will
need to be controlled by the network security team. Which type of networking design should your team use to meet these
requirements?

A. Shared VPC Network with a host project and service projects.


B. Grant Compute Admin role to the networking team for each engineering project.
C. VPC peering between all engineering projects using a hub and spoke model.
D. Cloud VPN Gateway between all engineering projects using a hub and spoke model.

Answer: A

NEW QUESTION 5
A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across
multiple projects managed by different departments. You want to have a historical record of what was running in Google
Cloud Platform at any point in time. What should you do?

A. Use Resource Manager on the organization level.


B. Use Forseti Security to automate inventory snapshots.
C. Use Stackdriver to create a dashboard across all projects.
D. Use Security Command Center to view all assets across the organization.

Answer: C

NEW QUESTION 6
A retail customer allows users to upload comments and product reviews. The customer needs to make sure the text does
not include sensitive data before the comments or reviews are published. Which Google Cloud Service should be used
to achieve this?

A. Cloud Key Management Service


B. Cloud Data Loss Prevention API
C. BigQuery
D. Cloud Security Scanner

Answer: D

NEW QUESTION 7
A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-
facing, they want to minimize the attack surface of the container. What should they do?

A. Use Cloud Build to build the container images.


B. Build small containers using small base images.
C. Delete non-used versions from Container Registry.
D. Use a Continuous Delivery tool to deploy the application.

Answer: D

NEW QUESTION 8
Applications often require access to "secrets" - small pieces of sensitive data at build or run time. The administrator
managing these secrets on GCP wants to keep a track of "who did what, where, and when?" within their GCP projects.
Which two log streams would provide the information that the administrator is looking for? (Choose two.)

A. Admin Activity logs


B. System Event logs
C. Data Access logs
D. VPC Flow logs
E. Agent logs

Answer: AC

Professional Cloud Security Engineer Exam Dumps Professional Cloud Security Engineer Exam Questions
Professional Cloud Security Engineer PDF Dumps Professional Cloud Security Engineer VCE Dumps
https://www.passleader.com/professional-cloud-security-engineer.html
New VCE and PDF Exam Dumps from PassLeader
NEW QUESTION 9
Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed
to create projects on behalf of the requester. Which two tasks should your team perform to handle this request? (Choose
two.)

A. Remove all users from the Project Creator role at the organizational level.
B. Create an Organization Policy constraint, and apply it at the organizational level.
C. Grant the Project Editor role at the organizational level to a designated group of users.
D. Add a designated group of users to the Project Creator role at the organizational level.
E. Grant the billing account creator role to the designated DevOps team.

Answer: BD

NEW QUESTION 10
Which two security characteristics are related to the use of VPC peering to connect two VPC networks? (Choose two.)

A. Central management of routes, firewalls, and VPNs for peered networks.


B. Non-transitive peered networks; where only directly peered networks can communicate.
C. Ability to peer networks that belong to different Google Cloud Platform organizations.
D. Firewall rules that can be created with a tag from one peered network to another peered network.
E. Ability to share specific subnets across peered networks.

Answer: AD

NEW QUESTION 11
A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the
appropriate log entries. Where should you export the logs?

A. BigQuery datasets
B. Cloud Storage buckets
C. StackDriver logging
D. Cloud Pub/Sub topics

Answer: C

NEW QUESTION 12
An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A well- established
directory service is used to manage user identities and lifecycle management. This directory service must continue for
the organization to use as the "source of truth" directory for identities. Which solution meets the organization's
requirements?

A. Google Cloud Directory Sync (GCDS)


B. Cloud Identity
C. Security Assertion Markup Language (SAML)
D. Pub/Sub

Answer: B

NEW QUESTION 13
In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility
for? (Choose two.)

A. Hardware
B. Network Security
C. Storage Encryption
D. Access Policies
E. Boot

Answer: CD
Professional Cloud Security Engineer Exam Dumps Professional Cloud Security Engineer Exam Questions
Professional Cloud Security Engineer PDF Dumps Professional Cloud Security Engineer VCE Dumps
https://www.passleader.com/professional-cloud-security-engineer.html
New VCE and PDF Exam Dumps from PassLeader

NEW QUESTION 14
Your team wants to limit users with administrative privileges at the organization level. Which two roles should your team
restrict? (Choose two.)

A. Organization Administrator
B. Super Admin
C. GKE Cluster Admin
D. Compute Admin
E. Organization Role Viewer

Answer: AB

NEW QUESTION 15
A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are
accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or
be accessed from, the internet. Which two strategies should your team use to meet these requirements? (Choose two.)

A. Configure Private Google Access on the Compute Engine subnet.


B. Avoid assigning public IP addresses to the Compute Engine cluster.
C. Make sure that the Compute Engine cluster is running on a separate subnet.
D. Turn off IP forwarding on the Compute Engine instances in the cluster.
E. Configure a Cloud NAT gateway.

Answer: BE

NEW QUESTION 16
......

Visit PassLeader and Download Full Version Professional Cloud Security Engineer Exam Dumps

Professional Cloud Security Engineer Exam Dumps Professional Cloud Security Engineer Exam Questions
Professional Cloud Security Engineer PDF Dumps Professional Cloud Security Engineer VCE Dumps
https://www.passleader.com/professional-cloud-security-engineer.html

You might also like