Online Access Free Professional-Cloud-Security-Engineer Practice Test

In a shared security responsibility model for IaaS, which two layers of the stack does the customer share responsibility for? (Choose two.)

• A.Hardware
• B.Storage Encryption
• C.Boot
• D.Access Policies
• E.Network Security

Your company wants to determine what products they can build to help customers improve their credit scores depending on their age range. To achieve this, you need to join user information in the company's banking app with customers' credit score data received from a third party. While using this raw data will allow you to complete this task, it exposes sensitive data, which could be propagated into new systems.
This risk needs to be addressed using de-identification and tokenization with Cloud Data Loss Prevention while maintaining the referential integrity across the database. Which cryptographic token format should you use to meet these requirements?

• A.Secure, key-based hashes
• B.Format-preserving encryption
• C.Cryptographic hashing
• D.Deterministic encryption

You are routing all your internet facing traffic from Google Cloud through your on-premises internet connection. You want to accomplish this goal securely and with the highest bandwidth possible.
What should you do?

• A.Create a routing VM in Compute Engine Configure the default route with the VM as the next hop.
• B.Create an HA VPN connection to Google Cloud Replace the default 0 0 0 0/0 route.
• C.Configure Cloud Interconnect with HA VPN Replace the default 0 0 0 0/0 route to an on-premises destination.
• D.Configure Cloud Interconnect and route traffic through an on-premises firewall.

When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

• A.Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.
• B.Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.
• C.Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.
• D.Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.

Your organization recently deployed a new application on Google Kubernetes Engine. You need to deploy a solution to protect the application. The solution has the following requirements:
Scans must run at least once per week
Must be able to detect cross-site scripting vulnerabilities
Must be able to authenticate using Google accounts
Which solution should you use?

• A.Web Security Scanner
• B.Container Threat Detection
• C.Google Cloud Armor
• D.Security Health Analytics