Google edusum google Cloud Certified Changed Professional-cloud-security-engineer Questions by Hania q89 vce pdf

Page: 17 / 23

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	318 Q&A's	Shared By:	hania

Question 68

Your company is concerned about unauthorized parties gaming access to the Google Cloud environment by using a fake login page. You must implement a solution to protect against person-in-the-middle attacks.

Which security measure should you use?

Options:

Text message or phone call code

Security key

Google Authenticator application

Google prompt

Discussion

Question 69

Your organization processes sensitive health information. You want to ensure that data is encrypted while in use by the virtual machines (VMs). You must create a policy that is enforced across the entire organization.

What should you do?

Options:

Implement an organization policy that ensures that all VM resources created across your organization use customer-managed encryption keys (CMEK) protection.

Implement an organization policy that ensures all VM resources created across your organization are Confidential VM instances.

Implement an organization policy that ensures that all VM resources created across your organization use Cloud External Key Manager (EKM) protection.

No action is necessary because Google encrypts data while it is in use by default.

Discussion

Question 70

You need to follow Google-recommended practices to leverage envelope encryption and encrypt data at the application layer.

What should you do?

Options:

Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the encrypted DEK.

Generate a data encryption key (DEK) locally to encrypt the data, and generate a new key encryption key (KEK) in Cloud KMS to encrypt the DEK. Store both the encrypted data and the KEK.

Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the encrypted DEK.

Generate a new data encryption key (DEK) in Cloud KMS to encrypt the data, and generate a key encryption key (KEK) locally to encrypt the key. Store both the encrypted data and the KEK.

Discussion

Syeda

I passed, Thank you Cramkey for your precious Dumps.

Stella Dec 28, 2025

That's great. I think I'll give Cramkey Dumps a try.

Neve

Will I be able to achieve success after using these dumps?

Rohan Dec 16, 2025

Absolutely. It's a great way to increase your chances of success.

Ayra

How these dumps are necessary for passing the certification exam?

Damian Dec 4, 2025

They give you a competitive edge and help you prepare better.

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric Dec 2, 2025

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Aryan

Absolutely rocked! They are an excellent investment for anyone who wants to pass the exam on the first try. They save you time and effort by providing a comprehensive overview of the exam content, and they give you a competitive edge by giving you access to the latest information. So, I definitely recommend them to new students.

Jessie Dec 18, 2025

did you use PDF or Engine? Which one is most useful?

Question 71

Your organization has an application hosted in Cloud Run. You must control access to the application by using Cloud Identity-Aware Proxy (IAP) with these requirements:

Only users from the AppDev group may have access.

Access must be restricted to internal network IP addresses.

What should you do?

Options:

Configure IAP to enforce multi-factor authentication (MFA) for all users and use network intrusion detection systems (NIDS) to block unauthorized access attempts.

Configure firewall rules to limit access to IAP based on the AppDev group and source IP addresses.

Create an access level that includes conditions for internal IP address ranges and AppDev groups. Apply this access level to the application's IAP policy.

Deploy a VPN gateway and instruct the AppDev group to connect to the company network before accessing the application.