Free Access Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116 Practice Test (Page 9)

Question 36

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

A.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.

B.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.

C.In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.

D.In Resource Manager, edit the organization permissions. Add the project ID as member with the role:
Compute Image User.

Question 37

You plan to use a Google Cloud Armor policy to prevent common attacks such as cross-site scripting (XSS) and SQL injection (SQLi) from reaching your web application's backend. What are two requirements for using Google Cloud Armor security policies? (Choose two.)

A.The load balancer must use the Premium Network Service Tier.

B.The backend service's load balancing scheme must be EXTERNAL.

C.The load balancer must be an external SSL proxy load balancer.

D.Google Cloud Armor Policy rules can only match on Layer 7 (L7) attributes.

E.The load balancer must be an external HTTP(S) load balancer.

Question 38

You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards.
What should you do?

A.Use multi-factor authentication for admin access to the web application.

B.Use only applications certified compliant with PA-DSS.

C.Move the cardholder data environment into a separate GCP project.

D.Use VPN for all connections between your office and cloud environments.

Question 39

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

A.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.

B.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.

C.In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.

D.In Resource Manager, edit the organization permissions. Add the project ID as member with the role: Compute Image User.

Question 40

An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses.
Which solution should your team implement to meet these requirements?

A.Cloud Armor

B.Network Load Balancing

C.SSL Proxy Load Balancing

D.NAT Gateway

Other Version: 2968Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111; 3080Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 240PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 331Nokia.4A0-113.v2026-05-01.q69; 335EC-COUNCIL.312-49v11.v2026-04-30.q214; 255Microsoft.MB-820.v2026-04-30.q101; 235Salesforce.MC-202.v2026-04-30.q57; 249BICSI.INSTC_V8.v2026-04-29.q53; 367NMLS.MLO.v2026-04-28.q82; 267NCARB.Project-Management.v2026-04-28.q27; 484EMC.D-AV-DY-23.v2026-04-27.q184; 1233ServiceNow.CSA.v2026-04-27.q483

Question 36

Question 37

Question 38

Question 39

Question 40

Download PDF File