Free Access Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100 Practice Test (Page 19)

Question 86

Which two implied firewall rules are defined on a VPC network? (Choose two.)

A.A rule that allows all outbound connections

B.A rule that denies all inbound connections

C.A rule that blocks all inbound port 25 connections

D.A rule that blocks all outbound connections

E.A rule that allows all inbound port 80 connections

Question 87

A customer wants to run a batch processing system on VMs and store the output files in a Cloud Storage bucket. The networking and security teams have decided that no VMs may reach the public internet.
How should this be accomplished?

A.Enable Private Google Access on the VPC.

B.Provision a NAT Gateway to access the Cloud Storage API endpoint.

C.Mount a Cloud Storage bucket as a local filesystem on every VM.

D.Create a firewall rule to block internet traffic from the VM.

Question 88

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

A.Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.

B.Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

C.Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.

D.Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.

Question 89

You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.
What should you do?

A.Create a KeyRing per persistent disk, with each Keying containing a single Key. Manage the IAM permissions at the Key level.

B.Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.

C.Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.

D.Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the KeyRing level.

Question 90

When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

A.Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.

B.Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.

C.Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.

D.Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

Other Version: 2951Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111; 2938Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116

Latest Upload: 202PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 301Nokia.4A0-113.v2026-05-01.q69; 258EC-COUNCIL.312-49v11.v2026-04-30.q214; 230Microsoft.MB-820.v2026-04-30.q101; 212Salesforce.MC-202.v2026-04-30.q57; 206BICSI.INSTC_V8.v2026-04-29.q53; 336NMLS.MLO.v2026-04-28.q82; 244NCARB.Project-Management.v2026-04-28.q27; 465EMC.D-AV-DY-23.v2026-04-27.q184; 1121ServiceNow.CSA.v2026-04-27.q483

Question 86

Question 87

Question 88

Question 89

Question 90

Download PDF File