You are the project owner for a regulated workload that runs in a project you own and manage as an Identity and Access Management (IAM) admin. For an upcoming audit, you need to provide access reviews evidence. Which tool should you use?
A. Policy Troubleshooter
B. Policy Analyzer
C. IAM Recommender
D. Policy Simulator
You need to create a VPC that enables your security team to control network resources such as firewall rules. How should you configure the network to allow for separation of duties for network resources?
A. Set up multiple VPC networks, and set up multi-NIC virtual appliances to connect the networks.
B. Set up VPC Network Peering, and allow developers to peer their network with a Shared VPC.
C. Set up a VPC in a project. Assign the Compute Network Admin role to the security team, and assign the Compute Admin role to the developers.
D. Set up a Shared VPC where the security team manages the firewall rules, and share the network with developers via service projects.
A customer's data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite.
How should you best advise the Systems Engineer to proceed with the least disruption?
A. Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain.
B. Register a new domain name, and use that for the new Cloud Identity domain.
C. Ask Google to provision the data science manager's account as a Super Administrator in the existing domain.
D. Ask customer's management to discover any other uses of Google managed services, and work with the existing Super Administrator.
A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.
What should you do to meet these requirements?
A. Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.
B. Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.
C. Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
D. Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.
You have been tasked with configuring Security Command Center for your organization's Google Cloud environment. Your security team needs to receive alerts of potential crypto mining in the organization's compute environment and alerts for common Google Cloud misconfigurations that impact security. Which Security Command Center features should you use to configure these alerts? (Choose two.)
A. Event Threat Detection
B. Container Threat Detection
C. Security Health Analytics
D. Cloud Data Loss Prevention
E. Google Cloud Armor
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities.
Which service should be used to accomplish this?
A. Cloud Armor
B. Google Cloud Audit Logs
C. Cloud Security Scanner
D. Forseti Security
You are in charge of creating a new Google Cloud organization for your company. Which two actions should you take when creating the super administrator accounts? (Choose two.)
A. Create an access level in the Google Admin console to prevent super admin from logging in to Google Cloud.
B. Disable any Identity and Access Management (1AM) roles for super admin at the organization level in the Google Cloud Console.
C. Use a physical token to secure the super admin credentials with multi-factor authentication (MFA).
D. Use a private connection to create the super admin accounts to avoid sending your credentials over the Internet.
E. Provide non-privileged identities to the super admin users for their day-to-day activities.
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection.
Which product should be used to meet these requirements?
A. Cloud Armor
B. VPC Firewall Rules
C. Cloud Identity and Access Management
D. Cloud CDN
Your organization uses the top-tier folder to separate application environments (prod and dev). The developers need to see all application development audit logs but they are not permitted to review production logs. Your security team can review all logs in production and development environments. You must grant Identity and Access Management (1AM) roles at the right resource level tor the developers and security team while you ensure least privilege.
What should you do?
A. 1 Grant logging, viewer rote to the security team at the organization resource level. 2 Grant logging, viewer rote to the developer team at the folder resource level that contains all the dev projects.
B. 1 Grant logging. viewer rote to the security team at the organization resource level. 2 Grant logging. admin role to the developer team at the organization resource level.
C. 1 Grant logging.admin role to the security team at the organization resource level. 2 Grant logging. viewer rote to the developer team at the folder resource level that contains all the dev projects.
D. 1 Grant logging.admin role to the security team at the organization resource level. 2 Grant logging.admin role to the developer team at the organization resource level.
Your organization has had a few recent DDoS attacks. You need to authenticate responses to domain name lookups. Which Google Cloud service should you use?
A. Cloud DNS with DNSSEC
B. Cloud NAT
C. HTTP(S) Load Balancing
D. Google Cloud Armor
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.