Free Access Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111 Practice Test (Page 4)

Question 11

Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.
Which two tasks should your team perform to handle this request? (Choose two.)

A.Grant the Project Editor role at the organizational level to a designated group of users.

B.Remove all users from the Project Creator role at the organizational level.

C.Grant the billing account creator role to the designated DevOps team.

D.Add a designated group of users to the Project Creator role at the organizational level.

E.Create an Organization Policy constraint, and apply it at the organizational level.

Question 12

Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.
How should your team meet these requirements?

A.Enable Private Access on the VPC network in the production project.

B.Remove the Editor role and grant the Compute Admin IAM role to the engineers.

C.Set up an organization policy to only permit public IPs for the front-end Compute Engine instances.

D.Set up a VPC network with two subnets: one with public IPs and one without public IPs.

Question 13

You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.
Which document should you review to find the information?

A.Google Cloud Platform: Customer Responsibility Matrix

B.PCI DSS Requirements and Security Assessment Procedures

C.PCI SSC Cloud Computing Guidelines

D.Product documentation for Compute Engine

Question 14

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

A.Perform data masking with the DLP API and store that data in BigQuery for later use.

B.Perform data redaction with the DLP API and store that data in BigQuery for later use.

C.Perform data inspection with the DLP API and store that data in BigQuery for later use.

D.Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

Question 15

You want to prevent users from accidentally deleting a Shared VPC host project. Which organization-level policy constraint should you enable?

A.compute.restrictXpnProjectLienRemoval

B.compute.sharedReservationsOwnerProjects

C.compute.restrictSharedVpcSubnetworks

D.compute.restrictSharedVpcHostProjects

Other Version: 2384Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116; 2432Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 156TheSecOpsGroup.CNSP.v2025-09-08.q20; 207CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 137Adobe.AD0-E605.v2025-09-05.q50; 180Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 11

Question 12

Question 13

Question 14

Question 15

Download PDF File