← Back to exam page

Professional-Cloud-Security-Engineer Professional Cloud Security Engineer

Loading demo links...

Showing 7–9 of 10 questions

Question 7

A large e-retailer is moving to Google Cloud Platform with its ecommerce website. The company wants to ensure payment information is encrypted between the customer’s browser and GCP when the customers checkout online.

What should they do?

Select an option, then click Submit answer.

  • Configure an SSL Certificate on an L7 Load Balancer and require encryption.

  • Configure an SSL Certificate on a Network TCP Load Balancer and require encryption.

  • Configure the firewall to allow inbound traffic on port 443, and block all other inbound traffic.

  • Configure the firewall to allow outbound traffic on port 443, and block all other outbound traffic.
Question 8

A company’s application is deployed with a user-managed Service Account key. You want to use Google-recommended practices to rotate the key.

What should you do?

Select an option, then click Submit answer.

  • Open Cloud Shell and run gcloud iam service-accounts enable-auto-rotate --iam-account=IAM_ACCOUNT.

  • Open Cloud Shell and run gcloud iam service-accounts keys rotate --iam-account=IAM_ACCOUNT --key=NEW_KEY.

  • Create a new key, and use the new key in the application. Delete the old key from the Service Account.

  • Create a new key, and use the new key in the application. Store the old key on the system as a backup key.
Question 9

Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee’s password has been compromised.

What should you do?

Select an option, then click Submit answer.

  • Enforce 2-factor authentication in GSuite for all users.

  • Configure Cloud Identity-Aware Proxy for the App Engine Application.

  • Provision user passwords using GSuite Password Sync.

  • Configure Cloud VPN between your private network and GCP.