Professional Cloud Security Engineer

Applications often require access to secrets - small pieces of sensitive data at build or run time. The administrator managing these secrets on GCP wants to keep a track of who did what, where, and when? within their GCP projects. Which two log streams would provide the information that the administrator...

When working with agents in a support center via online chat, an organizations customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs...

You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment...

Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security. What should...

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the organization use...

Your company is using Cloud Dataproc for its Spark and Hadoop jobs. You want to be able to create, rotate, and destroy symmetric encryption keys used for the persistent disks used by Cloud Dataproc. Keys can be stored in the cloud. What should you do?A . Use the Cloud Key Management...

A customer wants to deploy a large number of 3-tier web applications on Compute Engine. How should the customer ensure authenticated network separation between the different tiers of the application?A . Run each tier in its own Project, and segregate using Project labels.B . Run each tier with a different Service...

Your team wants to limit users with administrative privileges at the organization level. Which two roles should your team restrict? (Choose two.)A . Organization AdministratorB . Super AdminC . GKE Cluster AdminD . Compute AdminE . Organization Role ViewerView AnswerAnswer: A,B Explanation: Reference: https://cloud.google.com/resource-manager/docs/creating-managing-organization

A company is backing up application logs to a Cloud Storage bucket shared with both analysts and the administrator. Analysts should only have access to logs that do not contain any personally identifiable information (PII). Log files containing PII should be stored in another bucket that is only accessible by...

Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester. Which two tasks should your team perform to handle this request? (Choose two.)A . Remove all users from the Project Creator role at the...