Google Professional Cloud Security Engineer Exam Questions
Exam number/code:
Professional Cloud Security Engineer
Release/Update Date:
04 May, 2026
Available Number of Questions: Maximum of
266 Questions
Exam Name: Professional Cloud Security Engineer
Exam Duration: 120 Minutes
Related Certification(s):
Google Cloud Certified Certification
Google Professional Cloud Security Engineer Exam Topics - You’ll Be Tested in Actual Exam
The Google Professional-Cloud-Security-Engineer exam is a comprehensive assessment designed to evaluate your expertise in cloud security engineering. This exam covers a wide range of topics, including identity and access management, data security, infrastructure security, application development security, and security operations. When it comes to identity and access management, you'll delve into concepts like user authentication, authorization, and single sign-on. Understanding how to manage user identities and control access to resources is crucial for maintaining a secure cloud environment. Data security is another critical aspect, focusing on data encryption, key management, and data loss prevention. You'll learn to implement robust measures to protect sensitive data stored in the cloud. Infrastructure security involves securing the underlying cloud infrastructure, such as networks, virtual machines, and containers. This includes implementing security controls, monitoring for threats, and responding to security incidents. Application development security is about building secure applications in the cloud. You'll explore best practices for secure coding, input validation, and data protection. Additionally, you'll learn about secure deployment practices and how to integrate security into the development lifecycle. Finally, security operations encompass the processes and tools used to monitor, detect, and respond to security events. This includes implementing security information and event management (SIEM) systems, log analysis, and incident response plans. By mastering these topics, you'll be well-equipped to design and implement secure cloud solutions, ensuring the confidentiality, integrity, and availability of data and systems.
Google Professional Cloud Security Engineer Exam Short Quiz
Attempt this Google Professional Cloud Security Engineer exam quiz to self-assess your preparation for the actual Google Professional Cloud Security Engineer exam. CertBoosters also provides premium Google Professional Cloud Security Engineer exam questions to pass the Google Professional Cloud Security Engineer exam in the shortest possible time. Be sure to try our free practice exam software for the Google Professional Cloud Security Engineer exam.
1of 0 questions |
Google Professional Cloud Security Engineer Exam Quiz
✓ 0 answered
🔖 0 bookmarked
GoogleProfessional Cloud Security Engineer
Q1:
Your company conducts clinical trials and needs to analyze the results of a recent study that are stored in BigQuery. The interval when the medicine was taken contains start and stop dates The interval data is critical to the analysis, but specific dates may identify a particular batch and introduce bias You need to obfuscate the start and end dates for each row and preserve the interval data.
What should you do?
○
AUse bucketing to shift values to a predetermined date based on the initial value.
○
BExtract the date using TimePartConfig from each date field and append a random month and year
○
CUse date shifting with the context set to the unique ID of the test subject
○
DUse the FFX mode of format preserving encryption (FPE) and maintain data consistency
GoogleProfessional Cloud Security Engineer
Q2:
Your organization previously stored files in Cloud Storage by using Google Managed Encryption Keys (GMEK). but has recently updated the internal policy to require Customer Managed Encryption Keys (CMEK). You need to re-encrypt the files quickly and efficiently with minimal cost.
What should you do?
○
AEncrypt the files locally, and then use gsutil to upload the files to a new bucket.
○
BCopy the files to a new bucket with CMEK enabled in a secondary region
○
CReupload the files to the same Cloud Storage bucket specifying a key file by using gsutil.
○
DChange the encryption type on the bucket to CMEK, and rewrite the objects
GoogleProfessional Cloud Security Engineer
Q3:
Your company is concerned about unauthorized parties gaming access to the Google Cloud environment by using a fake login page. You must implement a solution to protect against person-in-the-middle attacks.
Which security measure should you use?
○
AText message or phone call code
○
BSecurity key
○
CGoogle Authenticator application
○
DGoogle prompt
GoogleProfessional Cloud Security Engineer
Q4:
An administrative application is running on a virtual machine (VM) in a managed group at port 5601 inside a Virtual Private Cloud (VPC) instance without access to the internet currently. You want to expose the web interface at port 5601 to users and enforce authentication and authorization Google credentials
What should you do?
○
AModify the VPC routing with the default route point to the default internet gateway Modify the VPC Firewall rule to allow access from the internet 0.0.0.0/0 to port 5601 on the application instance.
○
BConfigure the bastion host with OS Login enabled and allow connection to port 5601 at VPC firewall Log in to the bastion host from the Google Cloud console by using SSH-in-browser and then to the web application
○
CConfigure an HTTP Load Balancing instance that points to the managed group with Identity-Aware Proxy (IAP) protection with Google credentials Modify the VPC firewall to allow access from IAP network range
○
DConfigure Secure Shell Access (SSH) bastion host in a public network, and allow only the bastion host to connect to the application on port 5601. Use a bastion host as a jump host to connect to the application
GoogleProfessional Cloud Security Engineer
Q5:
A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.
What should you do?
○
A1. Enable Container Threat Detection in the Security Command Center Premium tier.
* 2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.
* 3. View and share the results from the Security Command Center
○
B* 1. Use an open source tool in Cloud Build to scan the images.
* 2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil
* 3. Share the scan report link with your security department.
○
C* 1. Enable vulnerability scanning in the Artifact Registry settings.
* 2. Use Cloud Build to build the images
* 3. Push the images to the Artifact Registry for automatic scanning.
* 4. View the reports in the Artifact Registry.
○
D* 1. Get a GitHub subscription.
* 2. Build the images in Cloud Build and store them in GitHub for automatic scanning
* 3. Download the report from GitHub and share with the Security Team
🎉 Google Professional Cloud Security Engineer Quiz Complete!
