Google testinside download Latest Professional-cloud-security-engineer Questions by Aliyah q18 vce pdf

Page: 12 / 18

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	249 Q&A's	Shared By:	aliyah

Question 48

Your Security team believes that a former employee of your company gained unauthorized access to Google Cloud resources some time in the past 2 months by using a service account key. You need to confirm the unauthorized access and determine the user activity. What should you do?

Options:

Use Security Health Analytics to determine user activity.

Use the Cloud Monitoring console to filter audit logs by user.

Use the Cloud Data Loss Prevention API to query logs in Cloud Storage.

Use the Logs Explorer to search for user activity.

Discussion

Question 49

An application running on a Compute Engine instance needs to read data from a Cloud Storage bucket. Your team does not allow Cloud Storage buckets to be globally readable and wants to ensure the principle of least privilege.

Which option meets the requirement of your team?

Options:

Create a Cloud Storage ACL that allows read-only access from the Compute Engine instance’s IP address and allows the application to read from the bucket without credentials.

Use a service account with read-only access to the Cloud Storage bucket, and store the credentials to the service account in the config of the application on the Compute Engine instance.

Use a service account with read-only access to the Cloud Storage bucket to retrieve the credentials from the instance metadata.

Encrypt the data in the Cloud Storage bucket using Cloud KMS, and allow the application to decrypt the data with the KMS key.

Discussion

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd Oct 22, 2024

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

Erik

Hey, I have passed my exam using Cramkey Dumps?

Freyja Oct 17, 2024

Really, what are they? All come in your pool? Please give me more details, I am going to have access their subscription. Please brother, give me more details.

Conor

I recently used these dumps for my exam and I must say, I was impressed with their authentic material.

Yunus Sep 13, 2024

Exactly…….The information in the dumps is so authentic and up-to-date. Plus, the questions are very similar to what you'll see on the actual exam. I felt confident going into the exam because I had studied using Cramkey Dumps.

Ava-Rose

Yes! Cramkey Dumps are amazing I passed my exam…Same these questions were in exam asked.

Ismail Sep 18, 2024

Wow, that sounds really helpful. Thanks, I would definitely consider these dumps for my certification exam.

Aliza

I used these dumps for my recent certification exam and I can say with certainty that they're absolutely valid dumps. The questions were very similar to what came up in the actual exam.

Jakub Sep 22, 2024

That's great to hear. I am going to try them soon.

Question 50

Your DevOps team uses Packer to build Compute Engine images by using this process:

1 Create an ephemeral Compute Engine VM.

2 Copy a binary from a Cloud Storage bucket to the VM's file system.

3 Update the VM's package manager.

4 Install external packages from the internet onto the VM.

Your security team just enabled the organizational policy. consrraints/compure.vnExtemallpAccess. to restrict the usage of public IP Addresses on VMs. In response your DevOps team updated their scripts to remove public IP addresses on the Compute Engine VMs however the build pipeline is failing due to connectivity issues.

What should you do?

Choose 2 answers

Options:

Provision a Cloud NAT instance in the same VPC and region as the Compute Engine VM

Provision an HTTP load balancer with the VM in an unmanaged instance group to allow inbound connections from the internet to your VM.

Update the VPC routes to allow traffic to and from the internet.

Provision a Cloud VPN tunnel in the same VPC and region as the Compute Engine VM.

Enable Private Google Access on the subnet that the Compute Engine VM is deployed within.

Discussion

Question 51

An organization is moving applications to Google Cloud while maintaining a few mission-critical applications on-premises. The organization must transfer the data at a bandwidth of at least 50 Gbps. What should they use to ensure secure continued connectivity between sites?

Options:

Dedicated Interconnect

Cloud Router

Cloud VPN

Partner Interconnect