Tag - Professional Cloud Security Engineer exam

An organization receives an increasing number of phishing emails. Which method should be used to protect employee credentials in this situation?A . Multifactor AuthenticationB . A strict password policyC . Captcha on login pagesD . Encrypted emailsView AnswerAnswer: A Explanation: https://cloud.google.com/blog/products/g-suite/7-ways-admins-can-help-secure-accounts-against-phishing-g-suite https://www.duocircle.com/content/email-security-services/email-security-in- cryptography#:~:text=Customer%20Login- ,Email%20Security%20In%20Cryptography%20Is%20One%20Of%20The%20Most,Measures%20To%20Prevent%20Phishing%20Attempts&text=Cybercriminals%20love%20emails%20the%20most,networks%20all%20over%20the%20world.

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs. What should...

In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)A . HardwareB . Network SecurityC . Storage EncryptionD . Access PoliciesE . BootView AnswerAnswer: BD Explanation: https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke-container-security-shared-responsibility-model-gke

Your company is storing sensitive data in Cloud Storage. You want a key generated on-premises to be used in the encryption process. What should you do?A . Use the Cloud Key Management Service to manage a data encryption key (DEK).B . Use the Cloud Key Management Service to manage a...

A customer is collaborating with another company to build an application on Compute Engine. The customer is building the application tier in their GCP Organization, and the other company is building the storage tier in a different GCP Organization. This is a 3-tier web application. Communication between portions of the...

Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services. Which two settings must remain disabled to meet these requirements? (Choose two.)A . Public IPB . IP ForwardingC . Private Google AccessD . Static routesE...

You are the security admin of your company. Your development team creates multiple GCP projects under the "implementation" folder for several dev, staging, and production workloads. You want to prevent data exfiltration by malicious insiders or compromised code by setting up a security perimeter. However, you do not want to...

Which two security characteristics are related to the use of VPC peering to connect two VPC networks? (Choose two.)A . Central management of routes, firewalls, and VPNs for peered networksB . Non-transitive peered networks; where only directly peered networks can communicateC . Ability to peer networks that belong to different...

A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to ensure payment information is encrypted between the customer’s browser and GCP when the customers checkout online. What should they do?A . Configure an SSL Certificate on an L7 Load Balancer and require encryption.B...

A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible by...