Google certification-questions online Professional-cloud-security-engineer Questions Video by Blake q142 vce pdf

Page: 5 / 18

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	249 Q&A's	Shared By:	blake

Question 20

You work for a large organization where each business unit has thousands of users. You need to delegate management of access control permissions to each business unit. You have the following requirements:

Each business unit manages access controls for their own projects.

Each business unit manages access control permissions at scale.

Business units cannot access other business units' projects.

Users lose their access if they move to a different business unit or leave the company.

Users and access control permissions are managed by the on-premises directory service.

What should you do? (Choose two.)

Options:

Use VPC Service Controls to create perimeters around each business unit's project.

Organize projects in folders, and assign permissions to Google groups at the folder level.

Group business units based on Organization Units (OUs) and manage permissions based on OUs.

Create a project naming convention, and use Google's IAM Conditions to manage access based on the prefix of project names.

Use Google Cloud Directory Sync to synchronize users and group memberships in Cloud Identity.

Discussion

Peyton

Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.

Coby Sep 6, 2024

Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.

Faye

Yayyyy. I passed my exam. I think all students give these dumps a try.

Emmeline Sep 12, 2024

Definitely! I have no doubt new students will find them to be just as helpful as I did.

Reeva

Wow what a success I achieved today. Thank you so much Cramkey for amazing Dumps. All students must try it.

Amari Sep 1, 2024

Wow, that's impressive. I'll definitely keep Cramkey in mind for my next exam.

Anaya

I found so many of the same questions on the real exam that I had already seen in the Cramkey Dumps. Thank you so much for making exam so easy for me. I passed it successfully!!!

Nina Oct 14, 2024

It's true! I felt so much more confident going into the exam because I had already seen and understood the questions.

Question 21

Your organization hosts a financial services application running on Compute Engine instances for a third-party company. The third-party company’s servers that will consume the application also run on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances. You have the following requirements:

The network connection must be encrypted.

The communication between servers must be over private IP addresses.

What should you do?

Options:

Configure a Cloud VPN connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

Configure a VPC peering connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

Configure a VPC Service Controls perimeter around your Compute Engine instances, and provide access to the third party via an access level.

Configure an Apigee proxy that exposes your Compute Engine-hosted application as an API, and is encrypted with TLS which allows access only to the third party.

Discussion

Question 22

Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.

Which two tasks should your team perform to handle this request? (Choose two.)

Options:

Remove all users from the Project Creator role at the organizational level.

Create an Organization Policy constraint, and apply it at the organizational level.

Grant the Project Editor role at the organizational level to a designated group of users.

Add a designated group of users to the Project Creator role at the organizational level.

Grant the billing account creator role to the designated DevOps team.