Google's Professional Cloud Security Engineer Your organization is developing a sophisticated machine learning (ML) model to predict customer behavior for targeted marketing campaigns. The BigQuery dataset used for training includes sensitive personal information. You must design the security controls around the AI/ML pipeline. Data privacy must be maintained throughout the model’s lifecycle and you must ensure that personal data is not used in the training process. Additionally, you must restrict access to the dataset to an authorized subset of people only. What should you do?
#331
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage.Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.Which two strategies should your team use to meet these requirements? (Choose two.) E. Configure a Cloud NAT gateway.
#332
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer For compliance reasons, an organization needs to ensure that in-scope PCI Kubernetes Pods reside on `in-scope` Nodes only. These Nodes can only contain the`in-scope` Pods.How should the organization achieve this objective?
#333
Answer: C✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer You are developing an application that runs on a Compute Engine VM. The application needs to access data stored in Cloud Storage buckets in other Google Cloud projects. The required access to the buckets is variable. You need to provide access to these resources while following Google- recommended practices. What should you do?
#334
Answer: B✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer Your organization strives to be a market leader in software innovation. You provided a large number of Google Cloud environments so developers can test the integration of Gemini in Vertex AI into their existing applications or create new projects. Your organization has 200 developers and a five-person security team. You must prevent and detect proper security policies across the Google Cloud environments. What should you do? (Choose two.) E. Implement the least privileged access Identity and Access Management roles to prevent misconfigurations.
#335
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.Which two settings must remain disabled to meet these requirements? (Choose two.) E. IAM Network User Role
#336
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer Which two implied firewall rules are defined on a VPC network? (Choose two.) E. A rule that allows all inbound port 80 connections
#337
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer A customer needs an alternative to storing their plain text secrets in their source-code management (SCM) system.How should the customer achieve this using Google Cloud Platform?
#338
Answer: B✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.What should your team do to meet these requirements?
#339
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.) E. Use many container image layers to hide sensitive information.
#340
Answer: B✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end- user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection.Which product should be used to meet these requirements?
#341
Answer: B✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.Which two approaches can you take to meet the requirements? (Choose two.) E. Configure all Compute Engine instances with Private Access.
#342
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that theERP systems only accept traffic from Cloud Identity-Aware Proxy.What should the customer do to meet these requirements?
#343
Answer: A✅ Correct❌ Incorrect
Google's Professional Cloud Security Engineer A company has been running their application on Compute Engine. A bug in the application allowed a malicious user to repeatedly execute a script that results in the Compute Engine instance crashing. Although the bug has been fixed, you want to get notified in case this hack re-occurs.What should you do?