Tag - Professional Cloud Security Engineer exam

You need to provide a corporate user account in Google Cloud for each of your developers and operational staff who need direct access to GCP resources. Corporate policy requires you to maintain the user identity in a third-party identity management provider and leverage single sign-on. You learn that a significant...

You define central security controls in your Google Cloud environment for one of the folders in your organization you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later you receive an alert about a new VM with an external IP address under...

Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised. What should you do?A . Enforce 2-factor authentication in...

Which two implied firewall rules are defined on a VPC network? (Choose two.)A . A rule that allows all outbound connectionsB . A rule that denies all inbound connectionsC . A rule that blocks all inbound port 25 connectionsD . A rule that blocks all outbound connectionsE . A rule...

You are exporting application logs to Cloud Storage. You encounter an error message that the log sinks don't support uniform bucket-level access policies. How should you resolve this error?A . Change the access control model for the bucketB . Update your sink with the correct bucket destination.C . Add the...

You recently joined the networking team supporting your company's Google Cloud implementation. You are tasked with familiarizing yourself with the firewall rules configuration and providing recommendations based on your networking and Google Cloud experience. What product should you recommend to detect firewall rules that are overlapped by attributes from other...

Create an allow VPC firewall rule that specifies the target/source with respective service accounts.View AnswerAnswer: D Explanation: https://cloud.google.com/vpc/docs/firewalls#service-accounts-vs-tags https://cloud.google.com/vpc/docs/firewalls#service-accounts-vs-tags A service account represents an identity associated with an instance. Only one service account can be associated with an instance. You control access to the service account by controlling the grant...

Your organization wants to be continuously evaluated against CIS Google Cloud Computing Foundations Benchmark v1 3 0 (CIS Google Cloud Foundation 1 3). Some of the controls are irrelevant to your organization and must be disregarded in evaluation. You need to create an automated system or process to ensure that...

Your team wants to limit users with administrative privileges at the organization level. Which two roles should your team restrict? (Choose two.)A . Organization Administrator B. Super Admin C. GKE Cluster Admin D. Compute Admin E. Organization Role ViewerView AnswerAnswer: A,B Explanation: Reference: https://cloud.google.com/resource-manager/docs/creating-managing-organization

Your company’s cloud security policy dictates that VM instances should not have an external IP address. You need to identify the Google Cloud service that will allow VM instances without external IP addresses to connect to the internet to update the VMs. Which service should you use?A . Identity Aware-Proxy...