Free Access Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111 Practice Test (Page 17)

Question 76

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

A.Ensure that the app does not run as PID 1.

B.Package a single app as a container.

C.Remove any unnecessary tools not needed by the app.

D.Use public container images as a base image for the app.

E.Use many container image layers to hide sensitive information.

Question 77

Which two security characteristics are related to the use of VPC peering to connect two VPC networks? (Choose two.)

A.Non-transitive peered networks; where only directly peered networks can communicate

B.Firewall rules that can be created with a tag from one peered network to another peered network

C.Central management of routes, firewalls, and VPNs for peered networks

D.Ability to share specific subnets across peered networks

E.Ability to peer networks that belong to different Google Cloud Platform organizations

Question 78

Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will need to be controlled by the network security team.
Which type of networking design should your team use to meet these requirements?

A.Shared VPC Network with a host project and service projects

B.Grant Compute Admin role to the networking team for each engineering project

C.VPC peering between all engineering projects using a hub and spoke model

D.Cloud VPN Gateway between all engineering projects using a hub and spoke model

Question 79

You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually. You also do not want the uploader of an object to always have full control of the object. However, you want to use Cloud Audit Logs to manage access to your bucket.
What should you do?

A.Set up an ACL with OWNER permission to a scope of allUsers.

B.Set up an ACL with READER permission to a scope of allUsers.

C.Set up a default bucket ACL and manage access for users using IAM.

D.Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.

Question 80

An organization's typical network and security review consists of analyzing application transit routes, request handling, and firewall rules. They want to enable their developer teams to deploy new applications without the overhead of this full review.
How should you advise this organization?

A.Mandate use of infrastructure as code and provide static analysis in the CI/CD pipelines to enforce policies.

B.Use Forseti with Firewall filters to catch any unwanted configurations in production.

C.Route all VPC traffic through customer-managed routers to detect malicious patterns in production.

D.All production applications will run on-premises. Allow developers free rein in GCP as their dev and QA platforms.

Other Version: 2384Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116; 2432Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 220CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 183Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 76

Question 77

Question 78

Question 79

Question 80

Download PDF File