Vendor: Google
Certifications: Google Certifications
Exam Name: Professional Cloud Security Engineer
Exam Code: PROFESSIONAL-CLOUD-SECURITY-ENGINEER
Total Questions: 244 Q&As ( View Details)
Last Updated: Mar 16, 2025
Note: Product instant download. Please sign in and click My account to download your product.
VCE
Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Last Month Results
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Q&A's Detail
Exam Code: | PROFESSIONAL-CLOUD-SECURITY-ENGINEER |
Total Questions: | 244 |
Single & Multiple Choice | 244 |
CertBus Has the Latest PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Dumps in Both PDF and VCE Format
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Online Practice Questions and Answers
Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud.
What should you do?
A. Use the Cloud Key Management Service to manage the data encryption key (DEK).
B. Use the Cloud Key Management Service to manage the key encryption key (KEK).
C. Use customer-supplied encryption keys to manage the data encryption key (DEK).
D. Use customer-supplied encryption keys to manage the key encryption key (KEK).
A customer's internal security team must manage its own encryption keys for encrypting data on Cloud Storage and decides to use customer-supplied encryption keys (CSEK).
How should the team complete this task?
A. Upload the encryption key to a Cloud Storage bucket, and then upload the object to the same bucket.
B. Use the gsutil command line tool to upload the object to Cloud Storage, and specify the location of the encryption key.
C. Generate an encryption key in the Google Cloud Platform Console, and upload an object to Cloud Storage using the specified key.
D. Encrypt the object, then use the gsutil command line tool or the Google Cloud Platform Console to upload the object to Cloud Storage.
Your organization uses the top-tier folder to separate application environments (prod and dev). The developers need to see all application development audit logs but they are not permitted to review production logs. Your security team can review all logs in production and development environments. You must grant Identity and Access Management (1AM) roles at the right resource level tor the developers and security team while you ensure least privilege.
What should you do?
A. 1 Grant logging, viewer rote to the security team at the organization resource level. 2 Grant logging, viewer rote to the developer team at the folder resource level that contains all the dev projects.
B. 1 Grant logging. viewer rote to the security team at the organization resource level. 2 Grant logging. admin role to the developer team at the organization resource level.
C. 1 Grant logging.admin role to the security team at the organization resource level. 2 Grant logging. viewer rote to the developer team at the folder resource level that contains all the dev projects.
D. 1 Grant logging.admin role to the security team at the organization resource level. 2 Grant logging.admin role to the developer team at the organization resource level.
A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across multiple projects managed by different departments. You want to have a historical record of what was running in Google Cloud Platform at any point in time.
What should you do?
A. Use Resource Manager on the organization level.
B. Use Forseti Security to automate inventory snapshots.
C. Use Stackdriver to create a dashboard across all projects.
D. Use Security Command Center to view all assets across the organization.
You are developing a new application that uses exclusively Compute Engine VMs. Once a day, this application will execute five different batch jobs. Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle.
What should you do?
A. 1. Create a general service account "g-sa" to orchestrate the batch jobs.
2.
Create one service account per batch job `b-sa-[1-5]'. Grant only the permissions required to run the individual batch jobs to the service accounts and generate service account keys for each of these service accounts.
3.
Store the service account keys in Secret Manager. Grant g-sa access to Secret Manager and run the batch jobs with the permissions of b-sa-[1-5].
B. 1. Create a general service account "g-sa" to execute the batch jobs.
2.
Grant the permissions required to execute the batch jobs to g-sa.
3.
Execute the batch jobs with the permissions granted to g-sa.
C. 1. Create a workload identity pool and configure workload identity pool providers for each batch job.
2.
Assign the workload identity user role to each of the identities configured in the providers.
3.
Create one service account per batch job "b-sa-[1-5]", and grant only the permissions required to run the individual batch jobs to the service accounts.
4.
Generate credential configuration files for each of the providers. Use these files to execute the batch jobs with the permissions of b-sa-[1-5].
D. 1. Create a general service account "g-sa" to orchestrate the batch jobs.
2.
Create one service account per batch job "b-sa-[1-5]", and grant only the permissions required to run the individual batch jobs to the service accounts.
3.
Grant the Service Account Token Creator role to g-sa. Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5].
Add Comments
Thanks a lot and good luck to everybody.
passed, passed, passed .thanks a lot
Thanks for your help. I passed my exam yesterday with the full points! Great job.
I only used this dumps and my book. I passed the exam with high score surprisingly. Really thanks for this valid dumps.
Three new questions. Just easy questions so you do not need to worry. I joined the training courses for about 2 weeks and then use these dumps to practice the questions. The questions are valid. No incorrect answers like someone said in the forum. You can trust on this. Questions may change in the real exam so you need to read that carefully. Be sure to pay attention to the sequence of the options. May change in the actual exam, too.
today all the question are from this dumps, so i passed the exam without doubt. thanks for it. Recommend.
A very helpful study material, I have passed the exam with the help of this dumps. So i will introduce this dumps to other friend.
Valid study material! Go get it now!!!
This dumps is 100% valid. I passed my exam few days ago. I’m not sure how many new questions are there but I’m sure I answered them correctly. But not sure if I answered all other new questions correctly because I do not got a full score. Anyway, I passed my exam. That’s what I want. Really appreciate your great questions and accurate answers!
Very easy read. Bought the dumps a little over a month ago, read this question by question, attend to an online course and passed the CISSP exam last Thursday. Did not use any other book in my study.
Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam official information: A Cloud Security Engineer allows organizations to design and implement secure workloads and infrastructure on Google Cloud. Through an understanding of security best practices and industry requirements, this individual designs, develops, and manages a secure solution by using Google security technologies.