Google certification-questions online Professional-cloud-security-engineer Questions Video by Blake q142 vce pdf

Page: 5 / 17

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	234 Q&A's	Shared By:	blake

Question 20

You need to centralize your team’s logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?

Options:

Enable Cloud Monitoring workspace, and add the production projects to be monitored.

Use Logs Explorer at the organization level and filter for production project logs.

Create an aggregate org sink at the parent folder of the production projects, and set the destination to a Cloud Storage bucket.

Create an aggregate org sink at the parent folder of the production projects, and set the destination to a logs bucket.

Discussion

Fatima

Hey I passed my exam. The world needs to know about it. I have never seen real exam questions on any other exam preparation resource like I saw on Cramkey Dumps.

Niamh (not set)

That's true. Cramkey Dumps are simply the best when it comes to preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Teddie

yes, I passed my exam with wonderful score, Accurate and valid dumps.

Isla-Rose (not set)

Absolutely! The questions in the dumps were almost identical to the ones that appeared in the actual exam. I was able to answer almost all of them correctly.

Carson

Yeah, definitely. I would definitely recommend Cramkey Dumps to anyone who is preparing for an exam.

Rufus (not set)

Me too. They're a lifesaver!

Mylo

Excellent dumps with authentic information… I passed my exam with brilliant score.

Dominik (not set)

That's amazing! I've been looking for good study material that will help me prepare for my upcoming certification exam. Now, I will try it.

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka (not set)

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Question 21

You define central security controls in your Google Cloud environment for one of the folders in your organization you set an organizational policy to deny the assignment of external IP addresses to VMs. Two days later you receive an alert about a new VM with an external IP address under that folder.

What could have caused this alert?

Options:

The VM was created with a static external IP address that was reserved in the project before the organizational policy rule was set.

The organizational policy constraint wasn't properly enforced and is running in "dry run mode.

At project level, the organizational policy control has been overwritten with an 'allow' value.

The policy constraint on the folder level does not have any effect because of an allow" value for that constraint on the organizational level.

Discussion

Question 22

You have been tasked with configuring Security Command Center for your organization’s Google Cloud environment. Your security team needs to receive alerts of potential crypto mining in the organization’s compute environment and alerts for common Google Cloud misconfigurations that impact security. Which Security Command Center features should you use to configure these alerts? (Choose two.)

Options:

Event Threat Detection

Container Threat Detection

Security Health Analytics

Cloud Data Loss Prevention

Google Cloud Armor

Discussion

Question 23

You manage a mission-critical workload for your organization, which is in a highly regulated industry The workload uses Compute Engine VMs to analyze and process the sensitive data after it is uploaded to Cloud Storage from the endpomt computers. Your compliance team has detected that this workload does not meet the data protection requirements for sensitive data. You need to meet these requirements;

• Manage the data encryption key (DEK) outside the Google Cloud boundary.

• Maintain full control of encryption keys through a third-party provider.

• Encrypt the sensitive data before uploading it to Cloud Storage

• Decrypt the sensitive data during processing in the Compute Engine VMs

• Encrypt the sensitive data in memory while in use in the Compute Engine VMs

What should you do?

Choose 2 answers

Options:

Create a VPC Service Controls service perimeter across your existing Compute Engine VMs and Cloud Storage buckets

Migrate the Compute Engine VMs to Confidential VMs to access the sensitive data.

Configure Cloud External Key Manager to encrypt the sensitive data before it is uploaded to Cloud Storage and decrypt the sensitive data after it is downloaded into your VMs

Create Confidential VMs to access the sensitive data.

Configure Customer Managed Encryption Keys to encrypt the sensitive data before it is uploaded to Cloud Storage, and decrypt the sensitive data after it is downloaded into your VMs.