Google edusum google Cloud Certified Changed Professional-cloud-security-engineer Questions by Hania q89 vce pdf

Page: 17 / 18

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	249 Q&A's	Shared By:	hania

Question 68

Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default Service Account.

What should you do?

Options:

1. Use StackDriver Logging and filter on BigQuery Insert Jobs.

2.Click on the email address in line with the App Engine Default Service Account in the authentication field.

3.Click Hide Matching Entries.

4.Make sure the resulting list is empty.

1. Use StackDriver Logging and filter on BigQuery Insert Jobs.

2.Click on the email address in line with the App Engine Default Service Account in the authentication field.

3.Click Show Matching Entries.

4.Make sure the resulting list is empty.

1. In BigQuery, select the related dataset.

2. Make sure the App Engine Default Service Account is the only account that can write to the dataset.

1. Go to the IAM section on the project.

2. Validate that the App Engine Default Service Account is the only account that has a role that can write to BigQuery.

Discussion

Question 69

You are designing a new governance model for your organization's secrets that are stored in Secret Manager. Currently, secrets for Production and Non-Production applications are stored and accessed using service accounts. Your proposed solution must:

Provide granular access to secrets

Give you control over the rotation schedules for the encryption keys that wrap your secrets

Maintain environment separation

Provide ease of management

Which approach should you take?

Options:

1. Use separate Google Cloud projects to store Production and Non-Production secrets.

2. Enforce access control to secrets using project-level identity and Access Management (IAM) bindings.

3. Use customer-managed encryption keys to encrypt secrets.

1. Use a single Google Cloud project to store both Production and Non-Production secrets.

2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.

3. Use Google-managed encryption keys to encrypt secrets.

1. Use separate Google Cloud projects to store Production and Non-Production secrets.

2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.

3. Use Google-managed encryption keys to encrypt secrets.

1. Use a single Google Cloud project to store both Production and Non-Production secrets.

2. Enforce access control to secrets using project-level Identity and Access Management (IAM) bindings.

3. Use customer-managed encryption keys to encrypt secrets.

Discussion

Question 70

You must ensure that the keys used for at-rest encryption of your data are compliant with your organization's security controls. One security control mandates that keys get rotated every 90 days. You must implement an effective detection strategy to validate if keys are rotated as required. What should you do?

Options:

Analyze the crypto key versions of the keys by using data from Cloud Asset Inventory. If an active key is older than 90 days, send an alert message through your incident notification channel.

Identify keys that have not been rotated by using Security Health Analytics. If a key is not rotated after 90 days, a finding in Security Command Center is raised.

Assess the keys in the Cloud Key Management Service by implementing code in Cloud Run. If a key is not rotated after 90 days, raise a finding in Security Command Center.

Define a metric that checks for timely key updates by using Cloud Logging. If a key is not rotated after 90 days, send an alert message through your incident notification channel.

Discussion

Joey

I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Dexter Aug 7, 2024

Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.

Erik

Hey, I have passed my exam using Cramkey Dumps?

Freyja Oct 17, 2024

Really, what are they? All come in your pool? Please give me more details, I am going to have access their subscription. Please brother, give me more details.

Teddie

yes, I passed my exam with wonderful score, Accurate and valid dumps.

Isla-Rose Aug 18, 2024

Absolutely! The questions in the dumps were almost identical to the ones that appeared in the actual exam. I was able to answer almost all of them correctly.

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric Sep 13, 2024

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel Sep 21, 2024

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Question 71

A customer’s data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite.

How should you best advise the Systems Engineer to proceed with the least disruption?

Options:

Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain.

Ask Google to provision the data science manager’s account as a Super Administrator in the existing domain.

Ask customer’s management to discover any other uses of Google managed services, and work with the existing Super Administrator.