1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-SECURITY-ENGINEER

Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-SECURITY-ENGINEER
  • Exam Name
    :Professional Cloud Security Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :324 Q&As
  • Last Updated
    :May 26, 2026

Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Online Questions & Answers

  • Question 131:

    A customer has 300 engineers. The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects.

    Which two steps should the company take to meet these requirements? (Choose two.)

    A. Create a project with multiple VPC networks for each environment.
    B. Create a folder for each development and production environment.
    C. Create a Google Group for the Engineering team, and assign permissions at the folder level.
    D. Create an Organizational Policy constraint for each folder environment.
    E. Create projects for each environment, and grant IAM rights to each engineering user.

  • Question 132:

    You have placed several Compute Engine instances in a private subnet. You want to allow these instances to access Google Cloud services, like Cloud Storage, without traversing the internet. What should you do?

    A. Enable Private Google Access for the private subnet.
    B. Configure Private Service Connect for the private subnet's Virtual Private Cloud (VPC) and allocate an IP range for the Compute Engine instances.
    C. Reserve and assign static external IP addresses for the Compute Engine instances.
    D. Create a Cloud NAT gateway for the region where the private subnet is configured.

  • Question 133:

    Your organization uses Google Workspace Enterprise Edition tor authentication. You are concerned about employees leaving their laptops unattended for extended periods of time after authenticating into Google Cloud. You must prevent malicious people from using an employee's unattended laptop to modify their environment.

    What should you do?

    A. Create a policy that requires employees to not leave their sessions open for long durations.
    B. Review and disable unnecessary Google Cloud APIs.
    C. Require strong passwords and 2SV through a security token or Google authenticate.
    D. Set the session length timeout for Google Cloud services to a shorter duration.

  • Question 134:

    Your organization operates a hybrid cloud environment and has recently deployed a private Artifact Registry repository in Google Cloud. On-premises developers cannot resolve the Artifact Registry hostname and therefore cannot push or pull artifacts. You've verified the following:

    1.

    Connectivity to Google Cloud is established by Cloud VPN or Cloud Interconnect.

    2.

    No custom DNS configurations exist on-premises.

    3.

    There is no route to the internet from the on-premises network.

    You need to identify the cause and enable the developers to push and pull artifacts. What is likely causing the issue and what should you do to fix the issue?

    A. On-premises DNS servers lack the necessary records to resolve private Google API domains. Create DNS records for restricted.googleapis.com or private.googleapis.com pointing to Google's published IP ranges.
    B. Developers must be granted the artifactregistry.writer IAM role. Grant the relevant developer group this role.
    C. Private Google Access is not enabled for the subnet hosting the Artifact Registry. Enable Private Google Access for the appropriate subnet.
    D. Artifact Registry requires external HTTP/HTTPS access. Create a new firewall rule allowing ingress traffic on ports 80 and 443 from the developer's IP ranges.

  • Question 135:

    You just implemented a Secure Web Proxy instance on Google Cloud for your organization. You were able to reach the internet when you tested this configuration on your test instance. However, developers cannot access the allowed URLs on the Secure Web Proxy instance from their Linux instance on Google Cloud. You want to solve this problem with developers. What should you do?

    A. Configure a Cloud NAT gateway to enable internet access from the developer instance subnet.
    B. Ensure that the developers have restarted their instance and HTTP service is enabled.
    C. Ensure that the developers have explicitly configured the proxy address on their instance.
    D. Configure a firewall rule to allow HTTP/S from the developer instance.

  • Question 136:

    You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host

    from public locations so they can access the internal VPC while off-site.

    How should you enable this access?

    A. Implement Cloud VPN for the region where the bastion host lives.
    B. Implement OS Login with 2-step verification for the bastion host.
    C. Implement Identity-Aware Proxy TCP forwarding for the bastion host.
    D. Implement Google Cloud Armor in front of the bastion host.

  • Question 137:

    Your organization recently activated the Security Command Center {SCO standard tier. There are a few Cloud Storage buckets that were accidentally made accessible to the public. You need to investigate the impact of the incident and remediate it.

    What should you do?

    A. 1. Remove the Identity and Access Management (IAM) granting access to all Users from the buckets. 2. Apply the organization policy storage.uniformBucketLevelAccess to prevent regressions. 3. Query the data access logs to report on unauthorized access.
    B. 1. Change permissions to limit access for authorized users. 2. Enforce a VPC Service Controls perimeter around all the production projects to immediately stop any unauthorized access. 3. Review the administrator activity audit logs to report on any unauthorized access.
    C. 1. Change the bucket permissions to limit access. 2. Query the bucket's usage logs to report on unauthorized access to the data. 3. Enforce the organization policy storage.publicAccessPrevention to avoid regressions.
    D. 1. Change bucket permissions to limit access. 2. Query the data access audit logs for any unauthorized access to the buckets. 3. After the misconfiguration is corrected, mute the finding in the Security Command Center.

  • Question 138:

    An organization is moving applications to Google Cloud while maintaining a few mission-critical applications on-premises. The organization must transfer the data at a bandwidth of at least 50 Gbps. What should they use to ensure secure continued connectivity between sites?

    A. Dedicated Interconnect
    B. Cloud Router
    C. Cloud VPN
    D. Partner Interconnect

  • Question 139:

    A retail customer allows users to upload comments and product reviews. The customer needs to make sure the text does not include sensitive data before the comments or reviews are published. Which Google Cloud Service should be used to achieve this?

    A. Cloud Key Management Service
    B. Cloud Data Loss Prevention API
    C. BigQuery
    D. Cloud Security Scanner

  • Question 140:

    A customer's data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite. How should you best advise the Systems Engineer to proceed with the least disruption?

    A. Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain.
    B. Register a new domain name, and use that for the new Cloud Identity domain.
    C. Ask Google to provision the data science manager's account as a Super Administrator in the existing domain.
    D. Ask customer's management to discover any other uses of Google managed services, and work with the existing Super Administrator.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.