Free Access Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116 Practice Test (Page 24)

Question 111

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted dat a. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?

A.Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.

B.Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.

C.Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.

D.Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Question 112

Which two security characteristics are related to the use of VPC peering to connect two VPC networks? (Choose two.)

A.Ability to peer networks that belong to different Google Cloud Platform organizations

B.Non-transitive peered networks; where only directly peered networks can communicate

C.Firewall rules that can be created with a tag from one peered network to another peered network

D.Ability to share specific subnets across peered networks

E.Central management of routes, firewalls, and VPNs for peered networks

Question 113

A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department members as group members. If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. Members of any other department should not have access to the project. You need to configure this behavior.
What should you do to meet these requirements?

A.Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.

B.Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.

C.Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.

D.Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.

Question 114

You are troubleshooting access denied errors between Compute Engine instances connected to a Shared VPC and BigQuery datasets. The datasets reside in a project protected by a VPC Service Controls perimeter. What should you do?

A.Create a service perimeter between the service project where the Compute Engine instances reside and the host project that contains the Shared VPC.

B.Create a perimeter bridge between the service project where the Compute Engine instances reside and the perimeter that contains the protected BigQuery datasets.

C.Add the host project containing the Shared VPC to the service perimeter.

D.Add the service project where the Compute Engine instances reside to the service perimeter.

Question 115

A cloud customer has an on-premises key management system and wants to generate, protect, rotate, and audit encryption keys with it. How can the customer use Cloud Storage with their own encryption keys?

A.Declare usage of default encryption at rest in the audit report on compliance

B.Upload encryption keys to the same Cloud Storage bucket

C.Use Customer Managed Encryption Keys (CMEK)

D.Use Customer-Supplied Encryption Keys (CSEK)

Other Version: 2987Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111; 3088Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 257PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 366Nokia.4A0-113.v2026-05-01.q69; 402EC-COUNCIL.312-49v11.v2026-04-30.q214; 319Microsoft.MB-820.v2026-04-30.q101; 251Salesforce.MC-202.v2026-04-30.q57; 294BICSI.INSTC_V8.v2026-04-29.q53; 421NMLS.MLO.v2026-04-28.q82; 281NCARB.Project-Management.v2026-04-28.q27; 500EMC.D-AV-DY-23.v2026-04-27.q184; 1320ServiceNow.CSA.v2026-04-27.q483

Question 111

Question 112

Question 113

Question 114

Question 115

Download PDF File