Google pass4future google Cloud Certified Professional-cloud-security-engineer New Questions by Arley q142 vce pdf

Page: 15 / 18

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	249 Q&A's	Shared By:	arley

Question 60

Your organization uses Google Workspace Enterprise Edition tor authentication. You are concerned about employees leaving their laptops unattended for extended periods of time after authenticating into Google Cloud. You must prevent malicious people from using an employee's unattended laptop to modify their environment.

What should you do?

Options:

Create a policy that requires employees to not leave their sessions open for long durations.

Review and disable unnecessary Google Cloud APIs.

Require strong passwords and 2SV through a security token or Google authenticate.

Set the session length timeout for Google Cloud services to a shorter duration.

Discussion

Ivan

I tried these dumps for my recent certification exam and I found it pretty helpful.

Elis Sep 17, 2024

Agree!!! The questions in the dumps were quite similar to what came up in the actual exam. It gave me a good idea of the types of questions to expect and helped me revise efficiently.

Erik

Hey, I have passed my exam using Cramkey Dumps?

Freyja Oct 17, 2024

Really, what are they? All come in your pool? Please give me more details, I am going to have access their subscription. Please brother, give me more details.

Esmae

I highly recommend Cramkey Dumps to anyone preparing for the certification exam.

Mollie Aug 15, 2024

Absolutely. They really make it easier to study and retain all the important information. I'm so glad I found Cramkey Dumps.

Amy

I passed my exam and found your dumps 100% relevant to the actual exam.

Lacey Aug 9, 2024

Yeah, definitely. I experienced the same.

Question 61

A customer terminates an engineer and needs to make sure the engineer's Google account is automatically deprovisioned.

What should the customer do?

Options:

Use the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity.

Use the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity.

Configure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.

Configure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity.

Discussion

Question 62

Your organization s customers must scan and upload the contract and their driver license into a web portal in Cloud Storage. You must remove all personally identifiable information (Pll) from files that are older than 12 months. Also you must archive the anonymized files for retention purposes.

What should you do?

Options:

Set a time to live (TTL) of 12 months for the files in the Cloud Storage bucket that removes PH and moves the files to the archive storage class.

Create a Cloud Data Loss Prevention (DLP) inspection job that de-identifies Pll in files created more than 12 months ago and archives them to another Cloud Storage bucket. Delete the original files.

Schedule a Cloud Key Management Service (KMS) rotation period of 12 months for the encryption keys of the Cloud Storage files containing Pll to de-identify them Delete the original keys.

Configure the Autoclass feature of the Cloud Storage bucket to de-identify Pll Archive the files that are older than 12 months Delete the original files.

Discussion

Question 63

You are developing a new application that uses exclusively Compute Engine VMs Once a day. this application will execute five different batch jobs Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle

What should you do?

Options:

1. Create a general service account **g-sa" to execute the batch jobs.

• 2 Grant the permissions required to execute the batch jobs to g-sa.

• 3. Execute the batch jobs with the permissions granted to g-sa

1. Create a general service account "g-sa" to orchestrate the batch jobs.

• 2. Create one service account per batch job Mb-sa-[1-5]," and grant only the permissions required to run the individual batch jobs to the service accounts.

• 3. Grant the Service Account Token Creator role to g-sa Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5].

1. Create a workload identity pool and configure workload identity pool providers for each batch job

• 2 Assign the workload identity user role to each of the identities configured in the providers.

• 3. Create one service account per batch job Mb-sa-[1-5]". and grant only the permissions required to run the individual batch jobs to the service accounts

• 4 Generate credential configuration files for each of the providers

• 1. Create a general service account "g-sa" to orchestrate the batch jobs.

• 2 Create one service account per batch job 'b-sa-[1-5)\ Grant only the permissions required to run the individual batch jobs to the service accounts and generate service account keys for each of these service accounts

• 3. Store the service account keys in Secret Manager. Grant g-sa access to Secret Manager and run the batch jobs with the permis

Discussion

Page: 15 / 18

Title

Questions

Posted

google.selftestengine.new release professional-cloud-security-engineer google cloud certified questions.by ayrton.q106.vce.pdf

106

2025-04-06

google.surepassexam.free professional-cloud-security-engineer questions attempt.by zachariah.q18.vce.pdf

2025-04-01

google.dumpsboss.changed professional-cloud-security-engineer exam questions.by nikolas.q35.vce.pdf