Google selftestengine new Release Professional-cloud-security-engineer Google Cloud Certified Questions by Ayrton q106 vce pdf

Page: 2 / 19

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	266 Q&A's	Shared By:	ayrton

Question 8

You are the security admin of your company. Your development team creates multiple GCP projects under the "implementation" folder for several dev, staging, and production workloads. You want to prevent data exfiltration by malicious insiders or compromised code by setting up a security perimeter. However, you do not want to restrict communication between the projects.

What should you do?

Options:

Use a Shared VPC to enable communication between all projects, and use firewall rules to prevent data exfiltration.

Create access levels in Access Context Manager to prevent data exfiltration, and use a shared VPC for communication between projects.

Use an infrastructure-as-code software tool to set up a single service perimeter and to deploy a Cloud Function that monitors the "implementation" folder via Stackdriver and Cloud Pub/Sub. When the function notices that a new project is added to the folder, it executes Terraform to add the new project to the associated perimeter.

Use an infrastructure-as-code software tool to set up three different service perimeters for dev, staging, and prod and to deploy a Cloud Function that monitors the "implementation" folder via Stackdriver and Cloud Pub/Sub. When the function notices that a new project is added to the folder, it executes Terraform to add the new project to the respective perimeter.

Discussion

Lennie

I passed my exam and achieved wonderful score, I highly recommend it.

Emelia Jul 4, 2025

I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Conor

I recently used these dumps for my exam and I must say, I was impressed with their authentic material.

Yunus Jul 26, 2025

Exactly…….The information in the dumps is so authentic and up-to-date. Plus, the questions are very similar to what you'll see on the actual exam. I felt confident going into the exam because I had studied using Cramkey Dumps.

Inaya

Passed the exam. questions are valid. The customer support is top-notch. They were quick to respond to any questions I had and provided me with all the information I needed.

Cillian Jul 15, 2025

That's a big plus. I've used other dump providers in the past and the customer support was often lacking.

Ella-Rose

Amazing website with excellent Dumps. I passed my exam and secured excellent marks!!!

Alisha Jul 8, 2025

Extremely accurate. They constantly update their materials with the latest exam questions and answers, so you can be confident that what you're studying is up-to-date.

Rosalie

I passed. I would like to tell all students that they should definitely give Cramkey Dumps a try.

Maja Jul 30, 2025

That sounds great. I'll definitely check them out. Thanks for the suggestion!

Question 9

You are responsible for managing your company’s identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user’s access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?

Options:

On the Google Admin console, select the appropriate user account, and generate a backup code to allow the user to sign in. Ask the user to update their second factor.

On the Google Admin console, temporarily disable the 2SV requirements for all users. Ask the user to log in and add their new second factor to their account. Re-enable the 2SV requirement for all users.

On the Google Admin console, select the appropriate user account, and temporarily disable 2SV for this account Ask the user to update their second factor, and then re-enable 2SV for this account.

On the Google Admin console, use a super administrator account to reset the user account's credentials. Ask the user to update their credentials after their first login.

Discussion

Question 10

You manage one of your organization's Google Cloud projects (Project A). AVPC Service Control (SC) perimeter is blocking API access requests to this project including Pub/Sub. A resource running under a service account in another project (Project B) needs to collect messages from a Pub/Sub topic in your project Project B is not included in a VPC SC perimeter. You need to provide access from Project B to the Pub/Sub topic in Project A using the principle of least

Privilege.

What should you do?

Options:

Configure an ingress policy for the perimeter in Project A and allow access for the service account in Project B to collect messages.

Create an access level that allows a developer in Project B to subscribe to the Pub/Sub topic that is located in Project A.

Create a perimeter bridge between Project A and Project B to allow the required communication between both projects.

Remove the Pub/Sub API from the list of restricted services in the perimeter configuration for Project A.

Discussion

Question 11

Your organization wants to be compliant with the General Data Protection Regulation (GDPR) on Google Cloud You must implement data residency and operational sovereignty in the EU.

What should you do?

Choose 2 answers

Options:

Limit the physical location of a new resource with the Organization Policy Service resource locations

constraint."

Use Cloud IDS to get east-west and north-south traffic visibility in the EU to monitor intra-VPC and mter-VPC communication.

Limit Google personnel access based on predefined attributes such as their citizenship or geographic location by using Key Access Justifications

Use identity federation to limit access to Google Cloud resources from non-EU entities.

Use VPC Flow Logs to monitor intra-VPC and inter-VPC traffic in the EU.