Google nwexams ace Your Professional-cloud-security-engineer Google Cloud Certified Exam by Hasan q18 vce pdf

Page: 13 / 17

Exam Name:	Google Cloud Certified - Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Certified
Questions:	234 Q&A's	Shared By:	hasan

Question 52

Your company plans to move most of its IT infrastructure to Google Cloud. They want to leverage their existing on-premises Active Directory as an identity provider for Google Cloud. Which two steps should you take to integrate the company’s on-premises Active Directory with Google Cloud and configure access management? (Choose two.)

Options:

Use Identity Platform to provision users and groups to Google Cloud.

Use Cloud Identity SAML integration to provision users and groups to Google Cloud.

Install Google Cloud Directory Sync and connect it to Active Directory and Cloud Identity.

Create Identity and Access Management (1AM) roles with permissions corresponding to each Active Directory group.

Create Identity and Access Management (1AM) groups with permissions corresponding to each Active Directory group.

Discussion

Alaia

These Dumps are amazing! I used them to study for my recent exam and I passed with flying colors. The information in the dumps is so valid and up-to-date. Thanks a lot!!!

Zofia Sep 9, 2024

That's great to hear! I've been struggling to find good study material for my exam. I will ty it for sure.

Nadia

Why these dumps are important? Can I pass my exam without these dumps?

Julian Oct 22, 2024

The questions in the Cramkey dumps are explained in detail and there are also study notes and reference materials provided. This made it easier for me to understand the concepts and retain the information better.

Alaya

Best Dumps among other dumps providers. I like it so much because of their authenticity.

Kaiden Sep 16, 2024

That's great. I've used other dump providers in the past and they were often outdated or had incorrect information. This time I will try it.

Sarah

Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.

Aaliyah Aug 27, 2024

Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.

Question 53

Your company’s chief information security officer (CISO) is requiring business data to be stored in specific locations due to regulatory requirements that affect the company’s global expansion plans. After working on a plan to implement this requirement, you determine the following:

The services in scope are included in the Google Cloud data residency requirements.

The business data remains within specific locations under the same organization.

The folder structure can contain multiple data residency locations.

The projects are aligned to specific locations.

You plan to use the Resource Location Restriction organization policy constraint with very granular control. At which level in the hierarchy should you set the constraint?

Options:

Organization

Resource

Project

Folder

Discussion

Question 54

You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually. You also do not want the uploader of an object to always have full control of the object. However, you want to use Cloud Audit Logs to manage access to your bucket.

What should you do?

Options:

Set up an ACL with OWNER permission to a scope of allUsers.

Set up an ACL with READER permission to a scope of allUsers.

Set up a default bucket ACL and manage access for users using IAM.

Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.

Discussion

Question 55

Your organization uses BigQuery to process highly sensitive, structured datasets. Following the "need to know" principle, you need to create the Identity and Access Management (IAM) design to meet the needs of these users:

• Business user must access curated reports.

• Data engineer: must administrate the data lifecycle in the platform.

• Security operator: must review user activity on the data platform.

What should you do?

Options:

Configure data access log for BigQuery services, and grant Project Viewer role to security operators.

Generate a CSV data file based on the business user's needs, and send the data to their email addresses.

Create curated tables in a separate dataset and assign the role roles/bigquery.dataViewer.

Set row-based access control based on the "region" column, and filter the record from the United States for data engineers.