Free Access Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116 Practice Test (Page 8)

Question 31

A company's application is deployed with a user-managed Service Account key. You want to use Google-recommended practices to rotate the key.
What should you do?

A.Create a new key, and use the new key in the application. Store the old key on the system as a backup key.

B.Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam-account=IAM_ACCOUNT.

C.Create a new key, and use the new key in the application. Delete the old key from the Service Account.

D.Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam-account=IAM_ACCOUNT --key=NEW_KEY.

Question 32

Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.
How should your team meet these requirements?

A.Enable Private Access on the VPC network in the production project.

B.Remove the Editor role and grant the Compute Admin IAM role to the engineers.

C.Set up an organization policy to only permit public IPs for the front-end Compute Engine instances.

D.Set up a VPC network with two subnets: one with public IPs and one without public IPs.

Question 33

Your company wants to collect and analyze CVE information for packages in container images, and wants to prevent images with known security issues from running in your Google Kubernetes Engine environment. Which two security features does Google recommend including in a container build pipeline?

A.Deployment policies

B.Password policies

C.Vulnerability scanning

D.Network isolation

Question 34

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.
Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.
Which type of access should your team grant to meet this requirement?

A.Organization Administrator

B.Security Reviewer

C.Organization Role Administrator

D.Organization Policy Administrator

Question 35

A customer's company has multiple business units. Each business unit operates independently, and each has their own engineering group. Your team wants visibility into all projects created within the company and wants to organize their Google Cloud Platform (GCP) projects based on different business units. Each business unit also requires separate sets of IAM permissions.
Which strategy should you use to meet these needs?

A.Establish standalone projects for each business unit, using gmail.com accounts.

B.Create an organization node, and assign folders for each business unit.

C.Assign GCP resources in a VPC for each business unit to separate network access.

D.Assign GCP resources in a project, with a label identifying which business unit owns the resource.

Other Version: 2968Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111; 3080Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 240PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 331Nokia.4A0-113.v2026-05-01.q69; 335EC-COUNCIL.312-49v11.v2026-04-30.q214; 255Microsoft.MB-820.v2026-04-30.q101; 235Salesforce.MC-202.v2026-04-30.q57; 249BICSI.INSTC_V8.v2026-04-29.q53; 367NMLS.MLO.v2026-04-28.q82; 267NCARB.Project-Management.v2026-04-28.q27; 484EMC.D-AV-DY-23.v2026-04-27.q184; 1233ServiceNow.CSA.v2026-04-27.q483

Question 31

Question 32

Question 33

Question 34

Question 35

Download PDF File