Free Access Google.Professional-Cloud-Security-Engineer.v2022-10-17.q111 Practice Test (Page 6)

Question 21

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.
Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.
Which type of access should your team grant to meet this requirement?

A.Organization Administrator

B.Security Reviewer

C.Organization Role Administrator

D.Organization Policy Administrator

Question 22

You have defined subnets in a VPC within Google Cloud Platform. You need multiple projects to create Compute Engine instances with IP addresses from these subnets. What should you do?

A.Configure Cloud VPN between the projects.

B.Set up VPC peering between all related projects.

C.Change the VPC subnets to enable private Google access.

D.Use Shared VPC to share the subnets with the other projects.

Question 23

A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible by the administrator.
What should you do?

A.On the bucket shared with both the analysts and the administrator, configure Object Lifecycle Management to delete objects that contain any PII.

B.Upload the logs to both the shared bucket and the bucket only accessible by the administrator.
Create a job trigger using the Cloud Data Loss Prevention API. Configure the trigger to delete any files from the shared bucket that contain PII.

C.On the bucket shared with both the analysts and the administrator, configure a Cloud Storage Trigger that is only triggered when PII data is uploaded. Use Cloud Functions to capture the trigger and delete such files.

D.Use Cloud Pub/Sub and Cloud Functions to trigger a Data Loss Prevention scan every time a file is uploaded to the shared bucket. If the scan detects PII, have the function move into a Cloud Storage bucket only accessible by the administrator.

Question 24

When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

A.Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.

B.Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.

C.Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.

D.Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

Question 25

Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?

A.HTTP(S) Load Balancing

B.SSL Proxy Load Balancing

C.TCP Proxy Load Balancing

D.Network Load Balancing

Other Version: 2384Google.Professional-Cloud-Security-Engineer.v2022-08-22.q116; 2432Google.Professional-Cloud-Security-Engineer.v2022-01-23.q100

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 156TheSecOpsGroup.CNSP.v2025-09-08.q20; 207CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 144Salesforce.Data-Architect.v2025-09-05.q216; 137Adobe.AD0-E605.v2025-09-05.q50; 178Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 21

Question 22

Question 23

Question 24

Question 25

Download PDF File