1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-SECURITY-ENGINEER

Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-SECURITY-ENGINEER
  • Exam Name
    :Professional Cloud Security Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :324 Q&As
  • Last Updated
    :May 26, 2026

Google PROFESSIONAL-CLOUD-SECURITY-ENGINEER Online Questions & Answers

  • Question 141:

    Your company uses Google Cloud and has publicly exposed network assets. You want to discover the assets and perform a security audit on these assets by using a software tool in the least amount of time.

    What should you do?

    A. Run a platform security scanner on all instances in the organization.
    B. Notify Google about the pending audit and wait for confirmation before performing the scan.
    C. Contact a Google approved security vendor to perform the audit.
    D. Identify all external assets by using Cloud Asset Inventory and then run a network security scanner against them.

  • Question 142:

    Your organization wants to be continuously evaluated against CIS Google Cloud Computing Foundations Benchmark v1 3 0 (CIS Google Cloud Foundation 1 3). Some of the controls are irrelevant to your organization and must be disregarded in evaluation. You need to create an automated system or process to ensure that only the relevant controls are evaluated.

    What should you do?

    A. Mark all security findings that are irrelevant with a tag and a value that indicates a security exception Select all marked findings and mute them on the console every time they appear Activate Security Command Center (SCC) Premium.
    B. Activate Security Command Center (SCC) Premium Create a rule to mute the security findings in SCC so they are not evaluated.
    C. Download all findings from Security Command Center (SCC) to a CSV file Mark the findings that are part of CIS Google Cloud Foundation 1 3 in the file Ignore the entries that are irrelevant and out of scope for the company.
    D. Ask an external audit company to provide independent reports including needed CIS benchmarks. In the scope of the audit clarify that some of the controls are not needed and must be disregarded.

  • Question 143:

    When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.

    Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

    A. Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.
    B. Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.
    C. Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.
    D. Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

  • Question 144:

    Your privacy team uses crypto-shredding (deleting encryption keys) as a strategy to delete personally identifiable information (PII). You need to implement this practice on Google Cloud while still utilizing the majority of the platform's services and minimizing operational overhead. What should you do?

    A. Use client-side encryption before sending data to Google Cloud, and delete encryption keys on- premises
    B. Use Cloud External Key Manager to delete specific encryption keys.
    C. Use customer-managed encryption keys to delete specific encryption keys.
    D. Use Google default encryption to delete specific encryption keys.

  • Question 145:

    Your organization is transitioning to Google Cloud You want to ensure that only trusted container images are deployed on Google Kubernetes Engine (GKE) clusters in a project. The containers must be deployed from a centrally managed. Container Registry and signed by a trusted authority.

    What should you do? Choose 2 answers

    A. Configure the Binary Authorization policy with respective attestations for the project.
    B. Create a custom organization policy constraint to enforce Binary Authorization for Google Kubernetes Engine (GKE).
    C. Enable Container Threat Detection in the Security Command Center (SCC) for the project.
    D. Configure the trusted image organization policy constraint for the project.
    E. Enable Pod Security standards and set them to Restricted.

  • Question 146:

    A manager wants to start retaining security event logs for 2 years while minimizing costs. You write a filter to select the appropriate log entries. Where should you export the logs?

    A. BigQuery datasets
    B. Cloud Storage buckets
    C. StackDriver logging
    D. Cloud Pub/Sub topics

  • Question 147:

    You need to connect your organization's on-premises network with an existing Google Cloud environment that includes one Shared VPC with two subnets named Production and Non-Production. You are required to:

    1.

    Use a private transport link.

    2.

    Configure access to Google Cloud APIs through private API endpoints originating from on-premises environments.

    3.

    Ensure that Google Cloud APIs are only consumed via VPC Service Controls.

    What should you do?

    A. 1. Set up a Cloud VPN link between the on-premises environment and Google Cloud. 2. Configure private access using the restricted googleapis.com domains in on-premises DNS configurations.
    B. 1. Set up a Partner Interconnect link between the on-premises environment and Google Cloud. 2. Configure private access using the private.googleapis.com domains in on-premises DNS configurations.
    C. 1. Set up a Direct Peering link between the on-premises environment and Google Cloud. 2. Configure private access for both VPC subnets.
    D. 1. Set up a Dedicated Interconnect link between the on-premises environment and Google Cloud. 2. Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.

  • Question 148:

    You are managing data in your organization's Cloud Storage buckets and are required to retain objects. To reduce storage costs, you must automatically downgrade the storage class of objects older than 365 days to Coldline storage. What should you do?

    A. Use Cloud Asset Inventory to generate a report of the configuration of all storage buckets. Examine the Lifecycle management policy settings and ensure that they are set correctly.
    B. Set up a CloudRun Job with Cloud Scheduler to execute a script that searches for and removes flies older than 365 days from your Cloud Storage.
    C. Enable the Autoclass feature to manage all aspects of bucket storage classes.
    D. Define a lifecycle policy JSON with an action on SetStorageClass to COLDLINE with an age condition of 365 and matchStorageClass STANDARD.

  • Question 149:

    An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its ongoing data backup and disaster recovery solutions to GCP. The organization's on-premises production environment is going to be the next phase for migration to GCP. Stable networking connectivity between the on-premises environment and GCP is also being implemented.

    Which GCP solution should the organization use?

    A. BigQuery using a data pipeline job with continuous updates via Cloud VPN
    B. Cloud Storage using a scheduled task and gsutil via Cloud Interconnect
    C. Compute Engines Virtual Machines using Persistent Disk via Cloud Interconnect
    D. Cloud Datastore using regularly scheduled batch upload jobs via Cloud VPN

  • Question 150:

    A database administrator notices malicious activities within their Cloud SQL instance. The database administrator wants to monitor the API calls that read the configuration or metadata of resources. Which logs should the database administrator review?

    A. Admin Activity
    B. System Event
    C. Access Transparency
    D. Data Access

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.