Free Access Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111 Practice Test (Page 11)

Question 46

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.
What should you do?

A.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.

B.Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.

C.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.

D.Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Question 47

A security team at an e-commerce company wants to define an automatic incident response process for fraudulent credit card usage attempts. The team targets a 10-minute or faster response time for such incidents. The fraudulent card list is updated every 60 seconds. The e- commerce servers log the transaction details in near-real time. Which option should you recommend to the security team?

A.Define a log-based metric for each fraudulent credit card, and set a Stackdriver alert for these metrics.

B.Maintain a log ingestion exclusion filter based on the fraudulent credit card lists.

C.Use AutoML to automatically build models based on the fraudulent credit card lists.

D.Create a new logging export with a filter to match the transaction and a sink pointing to a Cloud Pub/Sub topic.

Question 48

Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet.
What should your team grant to Engineering Group A to meet this requirement?

A.Compute Network User Role at the host project level.

B.Compute Network User Role at the subnet level.

C.Compute Shared VPC Admin Role at the host project level.

D.Compute Shared VPC Admin Role at the service project level.

Question 49

A company is deploying their application on Google Cloud Platform. Company policy requires long-term data to be stored using a solution that can automatically replicate data over at least two geographic places.
Which Storage solution are they allowed to use?

A.Cloud Bigtable

B.Cloud BigQuery

C.Compute Engine SSD Disk

D.Compute Engine Persistent Disk

Question 50

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

A.Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

B.Perform data masking with the DLP API and store that data in BigQuery for later use.

C.Perform data redaction with the DLP API and store that data in BigQuery for later use.

D.Perform data inspection with the DLP API and store that data in BigQuery for later use.

Other Version: 2384Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116; 2432Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 221CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 184Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 46

Question 47

Question 48

Question 49

Question 50

Download PDF File