Free Access Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100 Practice Test (Page 21)

Question 96

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.

B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.

C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.

D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Question 97

A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.
What should you do?

A.Create an Alerting Policy in Stackdriver using a Process Health condition, checking that the number of executions of the script remains below the desired threshold. Enable notifications.

B.Create an Alerting Policy in Stackdriver using the CPU usage metric. Set the threshold to 80% to be notified when the CPU usage goes above this 80%.

C.Log every execution of the script to Stackdriver Logging. Create a User-defined metric in Stackdriver Logging on the logs, and create a Stackdriver Dashboard displaying the metric.

D.Log every execution of the script to Stackdriver Logging. Configure BigQuery as a log sink, and create a BigQuery scheduled query to count the number of executions in a specific timeframe.

Question 98

Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will need to be controlled by the network security team.
Which type of networking design should your team use to meet these requirements?

A.Shared VPC Network with a host project and service projects

B.Grant Compute Admin role to the networking team for each engineering project

C.VPC peering between all engineering projects using a hub and spoke model

D.Cloud VPN Gateway between all engineering projects using a hub and spoke model

Question 99

Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet.
What should your team grant to Engineering Group A to meet this requirement?

A.Compute Network User Role at the host project level.

B.Compute Network User Role at the subnet level.

C.Compute Shared VPC Admin Role at the host project level.

D.Compute Shared VPC Admin Role at the service project level.

Question 100

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

A.Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.

B.Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.

C.Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

D.Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.

Other Version: 2949Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111; 2937Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116

Latest Upload: 201PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 297Nokia.4A0-113.v2026-05-01.q69; 253EC-COUNCIL.312-49v11.v2026-04-30.q214; 228Microsoft.MB-820.v2026-04-30.q101; 210Salesforce.MC-202.v2026-04-30.q57; 205BICSI.INSTC_V8.v2026-04-29.q53; 334NMLS.MLO.v2026-04-28.q82; 243NCARB.Project-Management.v2026-04-28.q27; 461EMC.D-AV-DY-23.v2026-04-27.q184; 1114ServiceNow.CSA.v2026-04-27.q483

Question 96

Question 97

Question 98

Question 99

Question 100

Download PDF File