Free Access Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116 Practice Test (Page 13)

Question 56

A customer terminates an engineer and needs to make sure the engineer's Google account is automatically deprovisioned.
What should the customer do?

A.Configure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity.

B.Use the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity.

C.Configure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.

D.Use the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity.

Question 57

You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.
What should you do?

A.Use multi-factor authentication for admin access to the web application.

B.Use only applications certified compliant with PA-DSS.

C.Move the cardholder data environment into a separate GCP project.

D.Use VPN for all connections between your office and cloud environments.

Question 58

A company's application is deployed with a user-managed Service Account key. You want to use Google- recommended practices to rotate the key.
What should you do?

A.Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam- account=IAM_ACCOUNT.

B.Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam- account=IAM_ACCOUNT --key=NEW_KEY.

C.Create a new key, and use the new key in the application. Delete the old key from the Service Account.

D.Create a new key, and use the new key in the application. Store the old key on the system as a backup key.

Question 59

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

A.Perform data masking with the DLP API and store that data in BigQuery for later use.

B.Perform data redaction with the DLP API and store that data in BigQuery for later use.

C.Perform data inspection with the DLP API and store that data in BigQuery for later use.

D.Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

Question 60

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

A.Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.

B.Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.

C.Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.

D.Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

Other Version: 2968Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111; 3080Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 240PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 332Nokia.4A0-113.v2026-05-01.q69; 337EC-COUNCIL.312-49v11.v2026-04-30.q214; 270Microsoft.MB-820.v2026-04-30.q101; 235Salesforce.MC-202.v2026-04-30.q57; 249BICSI.INSTC_V8.v2026-04-29.q53; 367NMLS.MLO.v2026-04-28.q82; 267NCARB.Project-Management.v2026-04-28.q27; 484EMC.D-AV-DY-23.v2026-04-27.q184; 1234ServiceNow.CSA.v2026-04-27.q483

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File