← Back to exam page

Professional-Cloud-Security-Engineer Professional Cloud Security Engineer

Loading demo links...

Showing 1–3 of 10 questions

Question 1

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

Select all that apply, then click Submit answer.

  • Ensure that the app does not run as PID 1.

  • Package a single app as a container.

  • Remove any unnecessary tools not needed by the app.

  • Use public container images as a base image for the app.

  • Use many container image layers to hide sensitive information.
Question 2

You need to provide a corporate user account in Google Cloud for each of your developers and operational staff who need direct access to GCP resources. Corporate policy requires you to maintain the user identity in a third-party identity management provider and leverage single sign-on. You learn that a significant number of users are using their corporate domain email addresses for personal Google accounts, and you need to follow Google recommended practices to convert existing unmanaged users to managed accounts.

Which two actions should you take? (Choose two.)

Select all that apply, then click Submit answer.

  • Use Google Cloud Directory Sync to synchronize your local identity management system to Cloud Identity.

  • Use the Google Admin console to view which managed users are using a personal account for their recovery email.

  • Add users to your managed Google account and force users to change the email addresses associated with their personal accounts.

  • Use the Transfer Tool for Unmanaged Users (TTUU) to find users with conflicting accounts and ask them to transfer their personal Google accounts.

  • Send an email to all of your employees and ask those users with corporate email addresses for personal Google accounts to delete the personal accounts immediately.
Question 3

Which two security characteristics are related to the use of VPC peering to connect two VPC networks? (Choose two.)

Select all that apply, then click Submit answer.

  • Central management of routes, firewalls, and VPNs for peered networks

  • Non-transitive peered networks; where only directly peered networks can communicate

  • Ability to peer networks that belong to different Google Cloud Platform organizations

  • Firewall rules that can be created with a tag from one peered network to another peered network

  • Ability to share specific subnets across peered networks