← Back to exam page

Professional-Cloud-Security-Engineer Professional Cloud Security Engineer

Loading demo links...

Showing 4–6 of 10 questions

Question 4

Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester. Which two tasks should your team perform to handle this request? (Choose two.)

Select all that apply, then click Submit answer.

  • Remove all users from the Project Creator role at the organizational level.

  • Create an Organization Policy constraint, and apply it at the organizational level.

  • Grant the Project Editor role at the organizational level to a designated group of users.

  • Add a designated group of users to the Project Creator role at the organizational level.

  • Grant the billing account creator role to the designated DevOps team.
Question 5

In order to meet PCI DSS requirements, a customer wants to ensure that all outbound traffic is authorized.

Which two cloud offerings meet this requirement without additional compensating controls? (Choose two.)

Select all that apply, then click Submit answer.

  • App Engine

  • Cloud Functions

  • Compute Engine

  • Google Kubernetes Engine

  • Cloud Storage
Question 6

You are a security engineer at a finance company. Your organization plans to store data on Google Cloud, but your leadership team is worried about the security of their highly sensitive data Specifically, your company is concerned about internal Google employees' ability to access your company's data on Google Cloud. What solution should you propose?

Select an option, then click Submit answer.

  • Use customer-managed encryption keys.

  • Use Google's Identity and Access Management (IAM) service to manage access controls on Google Cloud.

  • Enable Admin activity logs to monitor access to resources.

  • Enable Access Transparency logs with Access Approval requests for Google employees.