Free Professional Cloud Security Engineer Exam Professional-Cloud-Security-Engineer Exam Practice Test

You need to provide a corporate user account in Google Cloud for each of your developers and operational staff who need direct access to GCP resources. Corporate policy requires you to maintain the user identity in a third-party identity management provider and leverage single sign-on. You learn that a significant number of users are using their corporate domain email addresses for personal Google accounts, and you need to follow Google recommended practices to convert existing unmanaged users to managed accounts.Which two actions should you take? (Choose two.)

• Use Google Cloud Directory Sync to synchronize your local identity management system to Cloud Identity.
• Use the Google Admin console to view which managed users are using a personal account for their recovery email.
• Add users to your managed Google account and force users to change the email addresses associated with their personal accounts.
• Use the Transfer Tool for Unmanaged Users (TTUU) to find users with conflicting accounts and ask them to transfer their personal Google accounts.
• Send an email to all of your employees and ask those users with corporate email addresses for personal Google accounts to delete the personal accounts immediately.

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?

• Create a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user's temporary credentials.
• Create a dedicated Cloud Identity user account for the cluster. Enable the constraints/iam.disableServiceAccountCreation organization policy at the project level.
• Create a custom service account for the cluster Enable the constraints/iam.disableServiceAccountKeyCreation organization policy at the project level.
• Create a custom service account for the cluster Enable the constraints/iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.

You are routing all your internet facing traffic from Google Cloud through your on-premises internet connection. You want to accomplish this goal securely and with the highest bandwidth possible.What should you do?

• Create an HA VPN connection to Google Cloud Replace the default 0 0 0 0/0 route.
• Create a routing VM in Compute Engine Configure the default route with the VM as the next hop.
• Configure Cloud Interconnect with HA VPN Replace the default 0 0 0 0/0 route to an on-premises destination.
• Configure Cloud Interconnect and route traffic through an on-premises firewall.

Which Google Cloud service should you use to enforce access control policies for applications and resources?

• Identity-Aware Proxy
• Cloud NAT
• Google Cloud Armor
• Shielded VMs

A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack.Which solution should this customer use?

• VPC Flow Logs
• Cloud Armor
• DNS Security Extensions
• Cloud Identity-Aware Proxy

You have been tasked with inspecting IP packet data for invalid or malicious content. What should you do?

• Use Packet Mirroring to mirror traffic to and from particular VM instances. Perform inspection using security software that analyzes the mirrored traffic.
• Enable VPC Flow Logs for all subnets in the VPC. Perform inspection on the Flow Logs data using Cloud Logging.
• Configure the Fluentd agent on each VM Instance within the VPC. Perform inspection on the log data using Cloud Logging.
• Configure Google Cloud Armor access logs to perform inspection on the log data.

You are using Security Command Center (SCC) to protect your workloads and receive alerts for suspected security breaches at your company. You need to detect cryptocurrency mining software.Which SCC service should you use?

• Container Threat Detection
• Web Security Scanner
• Rapid Vulnerability Detection
• Virtual Machine Threat Detection

An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier.Which Cloud Data Loss Prevention API technique should you use to accomplish this?

• Generalization
• Redaction
• CryptoHashConfig
• CryptoReplaceFfxFpeConfig

An organization is moving applications to Google Cloud while maintaining a few mission-critical applications on-premises. The organization must transfer the data at a bandwidth of at least 50 Gbps. What should they use to ensure secure continued connectivity between sites?

• Dedicated Interconnect
• Cloud Router
• Cloud VPN
• Partner Interconnect

Your organization uses the top-tier folder to separate application environments (prod and dev). The developers need to see all application development audit logs but they are not permitted to review production logs. Your security team can review all logs in production and development environments. You must grant Identity and Access Management (1AM) roles at the right resource level tor the developers and security team while you ensure least privilege.What should you do?

• * 1 Grant logging, viewer rote to the security team at the organization resource level. * 2 Grant logging, viewer rote to the developer team at the folder resource level that contains all the dev projects.
• * 1 Grant logging. viewer rote to the security team at the organization resource level. * 2 Grant logging. admin role to the developer team at the organization resource level.
• * 1 Grant logging.admin role to the security team at the organization resource level. * 2 Grant logging. viewer rote to the developer team at the folder resource level that contains all the dev projects.
• * 1 Grant logging.admin role to the security team at the organization resource level. * 2 Grant logging.admin role to the developer team at the organization resource level.