Professional Cloud Security Engineer exam

Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will...

A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location. Which solution will restrict access to the in-progress sites?A . Upload an .htaccess file containing the customer and employee...

A customer’s internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK). How should the team complete this task?A . Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same...

Which type of load balancer should you use to maintain client IP by default while using the standard network tier?A . SSL ProxyB . TCP ProxyC . Internal TCP/UDPD . TCP/UDP NetworkView AnswerAnswer: D Explanation: https://cloud.google.com/load-balancing/docs/load-balancing-overview https://cloud.google.com/load-balancing/docs/load-balancing-overview#choosing_a_load_balancer

Your organization recently deployed a new application on Google Kubernetes Engine. You need to deploy a solution to protect the application. The solution has the following requirements: - Scans must run at least once per week - Must be able to detect cross-site scripting vulnerabilities - Must be able to...

You define central security controls in your Google Cloud environment for one of the folders in your organization you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later you receive an alert about a new VM with an external IP address under...

An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege. Which option meets the requirement of your team?A . Create a Cloud...

When working with agents in a support center via online chat, an organization’s customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs...

In Cloud KMS, grant your Google Cloud project access to use the key.View AnswerAnswer: C Explanation: https://cloud.google.com/kms/docs/ekm#how_it_works - First, you create or use an existing key in a supported external key management partner system. This key has a unique URI or key path. - Next, you grant your Google Cloud...

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a...