Professional-Cloud-Security-Engineer試験無料問題集「Google Cloud Certified - Professional Cloud Security Engineer 認定」

ページ: 1 / 27
トータル 343 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

出題：1

Your organization is moving virtual machines (VMs) to Google Cloud. You must ensure that operating system images that are used across your projects are trusted and meet your security requirements.
What should you do?

A. Automate a security scanner that verifies that no common vulnerabilities and exposures (CVEs) are present in your trusted image repository.

B. Create a Cloud Function that is automatically triggered when a new virtual machine is created from the trusted image repository. Verify that the image is not deprecated.

C. Implement an organization policy to enforce that boot disks can only be created from images that come from the trusted image project.

D. Implement an organization policy constraint that enables the Shielded VM service on all projects to enforce the trusted image repository usage.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

You are tasked with exporting and auditing security logs for login activity events for Google Cloud console and API calls that modify configurations to Google Cloud resources. Your export must meet the following requirements:
- Export related logs for all projects in the Google Cloud organization.
- Export logs in near real-time to an external SIEM.
What should you do? (Choose two.)

A. Enable Data Access audit logs at the organization level to apply to all projects.

B. Enable Google Workspace audit logs to be shared with Google Cloud in the Admin Console.

C. Ensure that the SIEM processes the AuthenticationInfo field in the audit log entry to gather identity information.

D. Create a Log Sink at the organization level with the includeChildren parameter, and set the destination to a Pub/Sub topic.

E. Create a Log Sink at the organization level with a Pub/Sub destination.

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.
What should you do?

A. Store the data in a single BigQuery table and set the appropriate table expiration time.

B. Store the data in a single Persistent Disk, and delete the disk at expiration time.

C. Store the data in a single BigTable table and set an expiration time on the column families.

D. Store the data in a single Cloud Storage bucket and configure the bucket's Time to Live.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

When working with agents in a support center via online chat, an organization's customers often share pictures of their documents with personally identifiable information (PII). The organization that owns the support center is concerned that the PII is being stored in their databases as part of the regular chat logs they retain for review by internal or external analysts for customer service trend analysis.
Which Google Cloud solution should the organization use to help resolve this concern for the customer while still maintaining data utility?

A. Use the generalization and bucketing actions of the DLP API solution to redact PII from the texts before storing them for analysis.

B. Use the image inspection and redaction actions of the DLP API to redact PII from the images before storing them for analysis.

C. Use Object Lifecycle Management to make sure that all chat records with PII in them are discarded and not saved for analysis.

D. Use Cloud Key Management Service (KMS) to encrypt the PII data shared by customers before storing it for analysis.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed service account keys for projects in their organization. How should you enforce this?

A. Enable an organization policy to disable service accounts from being created.

B. Remove the iam.serviceAccounts.getAccessToken permission from users.

C. Configure Secret Manager to manage service account keys.

D. Enable an organization policy to prevent service account keys from being created.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Your organization hosts a financial services application running on Compute Engine instances for a third-party company. The third-party company's servers that will consume the application also run on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances. You have the following requirements:
- The network connection must be encrypted.
- The communication between servers must be over private IP addresses.
What should you do?

A. Configure a Cloud VPN connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

B. Configure an Apigee proxy that exposes your Compute Engine-hosted application as an API, and is encrypted with TLS which allows access only to the third party.

C. Configure a VPC peering connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

D. Configure a VPC Service Controls perimeter around your Compute Engine instances, and provide access to the third party via an access level.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

A company is deploying their application on Google Cloud Platform. Company policy requires long-term data to be stored using a solution that can automatically replicate data over at least two geographic places.
Which Storage solution are they allowed to use?

A. Cloud BigQuery

B. Compute Engine SSD Disk

C. Compute Engine Persistent Disk

D. Cloud Bigtable

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive data. Your solution has the following requirements:
- Schedule key rotation for sensitive data.
- Control which region the encryption keys for sensitive data are stored in.
- Minimize the latency to access encryption keys for both sensitive and non-sensitive data.
What should you do?

A. Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud Key Management Service.

B. Encrypt non-sensitive data and sensitive data with Cloud External Key Manager.

C. Encrypt non-sensitive data and sensitive data with Cloud Key Management Service.

D. Encrypt non-sensitive data with Google default encryption, and encrypt sensitive data with Cloud External Key Manager.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A customer wants to use Cloud Identity as their primary IdP. The customer wants to use other non-GCP SaaS products for CRM, messaging, and customer ticketing management. The customer also wants to improve employee experience with Single Sign-On (SSO) capabilities to securely access GCP and non-GCP applications. Only authorized individuals should be able to access these third-party applications. What action should the customer take to meet these requirements?

A. Remove the individuals from the third-party applications, add the license to Cloud Identity, and resync the individuals back to the third-party applications.

B. Remove the employee from Cloud Identity, set the correct license for the individuals, and resync them to Cloud Identity for the changes to take effect.

C. Configure third-party applications to federate authentication and authorization to the GCP IdP.

D. Copy user personas from Cloud Identity to all third-party applications for the domain.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which type of load balancer should you use to maintain client IP by default while using the standard network tier?

A. SSL Proxy

B. TCP/UDP Network

C. Internal TCP/UDP

D. TCP Proxy

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Your organization is migrating a sensitive data processing workflow from on-premises infrastructure to Google Cloud. This workflow involves the collection, storage, and analysis of customer information that includes personally identifiable information (PII). You need to design security measures to mitigate the risk of data exfiltration in this new cloud environment. What should you do?

A. Implement a Cloud DLP solution to scan and identify sensitive information, and apply redaction or masking techniques to the PII. Integrate VPC SC with your network security controls to block potential data exfiltration attempts.

B. Rely on employee expertise to prevent accidental data exfiltration incidents.

C. Encrypt all sensitive data in transit and at rest. Establish secure communication channels by using TLS and HTTPS protocols.

D. Restrict all outbound network traffic from cloud resources. Implement rigorous access controls and logging for all sensitive data and the systems that process the data.

正解：A 解答を投票する

出題：12

You need to provide a corporate user account in Google Cloud for each of your developers and operational staff who need direct access to GCP resources. Corporate policy requires you to maintain the user identity in a third-party identity management provider and leverage single sign- on. You learn that a significant number of users are using their corporate domain email addresses for personal Google accounts, and you need to follow Google recommended practices to convert existing unmanaged users to managed accounts.
Which two actions should you take? (Choose two.)

A. Add users to your managed Google account and force users to change the email addresses associated with their personal accounts.

B. Send an email to all of your employees and ask those users with corporate email addresses for personal Google accounts to delete the personal accounts immediately.

C. Use the Transfer Tool for Unmanaged Users (TTUU) to find users with conflicting accounts and ask them to transfer their personal Google accounts.

D. Use the Google Admin console to view which managed users are using a personal account for their recovery email.

E. Use Google Cloud Directory Sync to synchronize your local identity management system to Cloud Identity.

正解：C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

You manage your organization's Security Operations Center (SOC). You currently monitor and detect network traffic anomalies in your Google Cloud VPCs based on packet header information.
However, you want the capability to explore network flows and their payload to aid investigations.
Which Google Cloud product should you use?

A. Google Cloud Armor Deep Packet Inspection

B. VPC Service Controls logs

C. Marketplace IDS

D. Packet Mirroring

E. VPC Flow Logs

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

ページ: 1 / 27
トータル 343 問

Professional-Cloud-Security-Engineer の機能をすべて解除する

キャプチャ不要
365日無料更新サービス
希望する合格率を設定できる
時間の割り当てられる（時間：分）
Professional-Cloud-Security-Engineer に2つの練習用モード
サポートサービス対応

完全版を入手する

弊社のサイトにはあなたの試験合格を助けるために研究された効果的な知能問題集を提供しています。材料はすべてのユーザーによって称賛されています。弊社のサイトは、最短時間で多くの証明書を取得するのに役立つ学習プラットフォームになります。

掲示板

試験Sharing-and-Visibility-Architect-JPN トピック1 問題7 スレッド
試験GitHub-Foundations トピック5 問題39 スレッド
試験CDCS トピック2 問題54 スレッド
試験Integration-Architect-JPN トピック3 問題9 スレッド
試験CDCS トピック2 問題4 スレッド
試験Heroku-Architect トピック7 問題35 スレッド
試験SY0-701-JPN トピック4 問題482 スレッド

弊社を連絡する

我々の働いている時間：( UTC+9 ) 9:00-24:00

月曜日から土曜日まで

サポート：現在連絡

我々は１２時間以内ですべてのお問い合わせを答えます。