PrepAway - Latest Free Exam Questions & Answers

Category: Professional Cloud Security Engineer

Exam Professional Cloud Security Engineer

Which option meets the requirement of your team?

An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team? A. Create a Cloud Storage ACL that allows read-only […]

Which type of access should your team grant to meet this requirement?

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects. Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources. Which type of […]

How should you best advise the Systems Engineer to proceed with the least disruption?

A customer’s data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity […]

Which service should be used to accomplish this?

A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this? A. Cloud Armor B. Google Cloud Audit Logs C. Cloud Security Scanner D. Forseti Security Reference: https://cloud.google.com/security-scanner/

Which solution should this customer use?

A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack. Which solution should this customer use? A. VPC Flow Logs B. Cloud Armor C. DNS Security Extensions D. Cloud Identity-Aware Proxy Reference: https://cloud.google.com/blog/products/gcp/dnssec-now-available-in-cloud-dns

Which logging export strategy should you use to meet the requirements?

Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization. Which logging export strategy should you use to meet […]

What should the customer do to meet these requirements?

A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy. What should the customer do to meet these requirements? A. Make sure that the ERP system can validate the JWT […]

Which two approaches can you take to meet the requirements? (Choose two.)

A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project. Which two approaches can you take to meet the requirements? (Choose two.) A. Configure the project with […]

Which product should be used to meet these requirements?

A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. […]


Page 1 of 212