Free Access Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116 Practice Test (Page 4)

Question 11

Your Security team believes that a former employee of your company gained unauthorized access to Google Cloud resources some time in the past 2 months by using a service account key. You need to confirm the unauthorized access and determine the user activity. What should you do?

A.Use the Logs Explorer to search for user activity.

B.Use the Cloud Monitoring console to filter audit logs by user.

C.Use the Cloud Data Loss Prevention API to query logs in Cloud Storage.

D.Use Security Health Analytics to determine user activity.

Question 12

When creating a secure container image, which two items should you incorporate into the build if possible?
(Choose two.)

A.Ensure that the app does not run as PID 1.

B.Package a single app as a container.

C.Remove any unnecessary tools not needed by the app.

D.Use public container images as a base image for the app.

E.Use many container image layers to hide sensitive information.

Question 13

You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.
What should you do?

A.Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

B.Migrate the application into an isolated project using a "Lift & Shift" approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.

C.Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project.
Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

D.Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Question 14

Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization.
Which logging export strategy should you use to meet the requirements?

A.1. Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project.2. Process Cloud Storage objects in SIEM.

B.1. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project.2. Subscribe SIEM to the topic.

C.1. Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project.2. Subscribe SIEM to the topic.

D.1. Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project.2. Process Cloud Storage objects in SIEM.

Question 15

Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.
What should you do?

A.Enforce 2-factor authentication in GSuite for all users.

B.Configure Cloud VPN between your private network and GCP.

C.Provision user passwords using GSuite Password Sync.

D.Configure Cloud Identity-Aware Proxy for the App Engine Application.

Other Version: 2991Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111; 3094Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 264PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 379Nokia.4A0-113.v2026-05-01.q69; 410EC-COUNCIL.312-49v11.v2026-04-30.q214; 329Microsoft.MB-820.v2026-04-30.q101; 256Salesforce.MC-202.v2026-04-30.q57; 301BICSI.INSTC_V8.v2026-04-29.q53; 428NMLS.MLO.v2026-04-28.q82; 287NCARB.Project-Management.v2026-04-28.q27; 509EMC.D-AV-DY-23.v2026-04-27.q184; 1341ServiceNow.CSA.v2026-04-27.q483

Question 11

Question 12

Question 13

Question 14

Question 15

Download PDF File