Google dumpscollection vce Professional-cloud-security-engineer Questions Latest by Orhan q106 vce pdf

Page: 19 / 23

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	297 Q&A's	Shared By:	orhan

Question 76

You are designing a new governance model for your organization's secrets that are stored in Secret Manager. Currently, secrets for Production and Non-Production applications are stored and accessed using service accounts. Your proposed solution must:

Provide granular access to secrets

Give you control over the rotation schedules for the encryption keys that wrap your secrets

Maintain environment separation

Provide ease of management

Which approach should you take?

Options:

1. Use separate Google Cloud projects to store Production and Non-Production secrets.2. Enforce access control to secrets using project-level identity and Access Management (IAM) bindings.3. Use customer-managed encryption keys to encrypt secrets.

1. Use a single Google Cloud project to store both Production and Non-Production secrets.2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.3. Use Google-managed encryption keys to encrypt secrets.

1. Use separate Google Cloud projects to store Production and Non-Production secrets.2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.3. Use Google-managed encryption keys to encrypt secrets.

1. Use a single Google Cloud project to store both Production and Non-Production secrets.2. Enforce access control to secrets using project-level Identity and Access Management (IAM) bindings.3. Use customer-managed encryption keys to encrypt secrets.

Discussion

Question 77

Your company is migrating a customer database that contains personally identifiable information (PII) to Google Cloud. To prevent accidental exposure, this data must be protected at rest. You need to ensure that all PII is automatically discovered and redacted, or pseudonymized, before any type of analysis. What should you do?

Options:

Implement Cloud Armor to protect the database from external threats and configure firewall rules to restrict network access to only authorized internal IP addresses.

Configure Sensitive Data Protection to scan the database for PII using both predefined and custom infoTypes and to mask sensitive data.8

Use Cloud KMS to encrypt the database at rest with a customer-managed encryption key (CMEK). Implement VPC Service Controls.

Create Cloud Storage buckets with object versioning enabled, and use IAM policies to restrict access to the data. Use Data Loss Prevention API (DLP API) on the buckets to scan for sensitive data and generate detection alerts.9

Discussion

Yusra

I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.

Alisha Feb 5, 2026

I recently used their dumps for the certification exam I took and I have to say, I was really impressed.

Lennox

Something Special that they provide a comprehensive overview of the exam content. They cover all the important topics and concepts, so you can be confident that you are well-prepared for the test.

Aiza Feb 23, 2026

That makes sense. What makes Cramkey Dumps different from other study materials?

Alessia

Amazing Dumps. Found almost all questions in actual exam whih I prepared from these valuable dumps. Recommended!!!!

Belle Feb 11, 2026

That's impressive. I've been struggling with finding good study material for my certification. Maybe I should give Cramkey Dumps a try.

Hassan

Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.

Kasper Feb 24, 2026

Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.

Inaya

Passed the exam. questions are valid. The customer support is top-notch. They were quick to respond to any questions I had and provided me with all the information I needed.

Cillian Feb 24, 2026

That's a big plus. I've used other dump providers in the past and the customer support was often lacking.

Question 78

Your organization acquired a new workload. The Web and Application (App) servers will be running on Compute Engine in a newly created custom VPC. You are responsible for configuring a secure network communication solution that meets the following requirements:

Only allows communication between the Web and App tiers.

Enforces consistent network security when autoscaling the Web and App tiers.

Prevents Compute Engine Instance Admins from altering network traffic.

What should you do?

Options:

1. Configure all running Web and App servers with respective network tags.2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.

1. Configure all running Web and App servers with respective service accounts.2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.

1. Re-deploy the Web and App servers with instance templates configured with respective network tags.2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.

1. Re-deploy the Web and App servers with instance templates configured with respective service accounts.2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.

Discussion

Question 79

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.

What should you do?

Options:

Query Data Access logs.

Query Admin Activity logs.

Query Access Transparency logs.

Query Stackdriver Monitoring Workspace.