GCP Professional cloud security engineer practice test

Welcome to your GCP Professional cloud security engineer practice test

1. 
Q1. Which type of IAM member belongs to an application or virtual machine instead of an individual end user?

2. 
Q2. Which IAM role contains permissions to create, modify, and delete networking resources, except for firewall rules and SSL certificates?

3. 
Q3. You want two VM instances in different VPC networks to communicate over internal IP addresses. Which feature lets you configure this capability?

4. 
Q4.You have been asked by your supervisor to compare resource utilization for VMs used for production, development, and testing. What should you do?

5. 
Q5. A financial institution lending department stores sensitive information, such as your customers’ credit history, address and phone number, in parquet files. You need to upload this personally identifiable information (PII) to Cloud Storage so that it’s secure and compliant with ISO 27018. How should you protect this sensitive information using the financial institution encryption keys and using the least amount of computational resources.

6. 
Q6. You are a cloud security engineer at your organization. You need to share the auditing and compliance standards with your CTO that cover controls over financial reporting and both public and private controls over security, availability, and confidentiality. Which compliance standard covers this?

7. 
Q7. Which feature of Google Cloud will your organization use to prevent unauthorized container images from being deployed into production environments?

8. 
Q8. A Retail company runs a Node.js application on a Compute Engine instance. Your organization needs to share this base image with a ‘development’ Google Group. This base image should support secure boot for the Compute Engine instances deployed from this image. How would you automate the image creation?

9. 
Q9. ENZ Solar company uses Docker containers to interact with APIs for its personal banking application. These APIs are under PCI-DSS compliance. The Kubernetes environment running the containers will not have internet access to download required packages. How would you automate the pipeline that is building these containers?

10. 
Q10. Your organization has suffered a remote botnet attack on Compute Engine instances in an isolated project. The affected project now requires investigation by an external agency. An external agency requests that you provide all admin and system events to analyze in their local forensics tool. You want to use the most cost-effective solution to enable the external analysis. What should you do?

11. 
Q11. ABC Limited experienced a recent security issue. A rogue employee with admin permissions for Compute Engine assigned existing Compute Engine users some arbitrary permissions. You are tasked with finding all these arbitrary permissions. What should you do to find these permissions most efficiently?

12. 
Q12. LLM Cooperation wants to use Cloud Storage and BigQuery to store safe deposit usage data. LLM cooperation needs a cost-effective approach to auditing only Cloud Storage and BigQuery data access activities. How would you use Cloud Audit Logs to enable this analysis?

13. 
Q13. Which tool can a company use to synchronize their identities from their on-premise identity management system to Google Cloud?

14. 
Q14. Which feature of Google Cloud will an organization use to control the source locations and times that authorized identities will be able to access resources?

15. 
Q15. How can you enable resources with only internal IP addresses to make requests to the Internet?

16. 
Q16. Which tool will you use to enforce authentication and authorization for services deployed to Google Cloud?

17. 
Q17. Which Google cloud tool can an organization use to determine who performed a particular administrative action and when?

18. 
Q18. You have recently joined your company as a cloud security engineer. You want to encrypt a connection from a user on the internet to a VM in your development project. This is at the layer 3/4 (network/transport) level and you want to set up user configurable encryption for the in transit network traffic. What architecture choice best suits this use case?

19. 
Q19. A company wants to deploy an n-tier web application. The frontend must be supported by an App Engine deployment, an API with a Compute Engine instance, and Cloud SQL for a MySQL database. This application is only supported during working hours, App Engine is disabled, and Compute Engine is stopped. How would you enable the infrastructure to access the database?

20. 
Q20. Your organization has a Cloud SQL instance that must be shared with an external agency. The agency’s developers will be assigned roles and permissions through a Google Group in Identity and Access Management (IAM). The external agency is on an annual contract and will require a connection string, username, and password to connect to the database. How would you configure the group’s access?

21. 
Q21. Your organization is divided into separate departments. Each department is divided into teams. Each team works on a distinct product that requires Google Cloud resources for development. How would you design a Google Cloud organization hierarchy to best match your organization structure and needs?

22. 
Q22. You recently discovered service account key misuse in one of the teams during a security audit. As a precaution, going forward you do not want any team in your organization to generate new external service account keys. You also want to restrict every new service account’s usage to its associated Project. What should you do?

23. 
Q23. QWERTY Bank has certain default permissions and access for their analyst, finance, and teller teams. These teams are organized into groups that have a set of role-based IAM permissions assigned to them. After a recent acquisition of a small bank, you find that the small bank directly assigns permissions to their employees in IAM. You have been tasked with applying QWERTY Bank’s organizational structure to the small bank. Employees will need access to Google Cloud services. What should you do?

24. 
Q24. You want a simple way to see the latency of requests for a web application you deployed to Cloud Run. What Google Cloud tool should you use?

25. 
Q25. You want to calculate the uptime of a service and receive alerts if the uptime value falls below a certain threshold. Which tool will help you with this requirement?

Leave a Comment