Google certification-questions online Professional-cloud-security-engineer Questions Video by Blake q142 vce pdf

Page: 5 / 18

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	249 Q&A's	Shared By:	blake

Question 20

You work for a large organization where each business unit has thousands of users. You need to delegate management of access control permissions to each business unit. You have the following requirements:

Each business unit manages access controls for their own projects.

Each business unit manages access control permissions at scale.

Business units cannot access other business units' projects.

Users lose their access if they move to a different business unit or leave the company.

Users and access control permissions are managed by the on-premises directory service.

What should you do? (Choose two.)

Options:

Use VPC Service Controls to create perimeters around each business unit's project.

Organize projects in folders, and assign permissions to Google groups at the folder level.

Group business units based on Organization Units (OUs) and manage permissions based on OUs.

Create a project naming convention, and use Google's IAM Conditions to manage access based on the prefix of project names.

Use Google Cloud Directory Sync to synchronize users and group memberships in Cloud Identity.

Discussion

Question 21

Your organization hosts a financial services application running on Compute Engine instances for a third-party company. The third-party company’s servers that will consume the application also run on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances. You have the following requirements:

The network connection must be encrypted.

The communication between servers must be over private IP addresses.

What should you do?

Options:

Configure a Cloud VPN connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

Configure a VPC peering connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

Configure a VPC Service Controls perimeter around your Compute Engine instances, and provide access to the third party via an access level.

Configure an Apigee proxy that exposes your Compute Engine-hosted application as an API, and is encrypted with TLS which allows access only to the third party.

Discussion

Question 22

Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.

Which two tasks should your team perform to handle this request? (Choose two.)

Options:

Remove all users from the Project Creator role at the organizational level.

Create an Organization Policy constraint, and apply it at the organizational level.

Grant the Project Editor role at the organizational level to a designated group of users.

Add a designated group of users to the Project Creator role at the organizational level.

Grant the billing account creator role to the designated DevOps team.

Discussion

Alaya

Best Dumps among other dumps providers. I like it so much because of their authenticity.

Kaiden Sep 16, 2024

That's great. I've used other dump providers in the past and they were often outdated or had incorrect information. This time I will try it.

Miley

Hey, I tried Cramkey Dumps for my IT certification exam. They are really awesome and helped me pass my exam with wonderful score.

Megan Aug 30, 2024

That’s great!!! I’ll definitely give it a try. Thanks!!!

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley Aug 26, 2024

That's great to know. So, you think new students should buy these dumps?

Miriam

Highly recommended Dumps. 100% authentic and reliable. Passed my exam with wonderful score.

Milan Sep 24, 2024

I see. Thanks for the information. I'll definitely keep Cramkey in mind for my next exam.

Question 23

The security operations team needs access to the security-related logs for all projects in their organization. They have the following requirements:

Follow the least privilege model by having only view access to logs.

Have access to Admin Activity logs.

Have access to Data Access logs.

Have access to Access Transparency logs.