Free Access to Google.Professional-Cloud-Security-Engineer.v2024-03-24.q252 with Valid Practice Test (Page 6)

Question 21

Your customer has an on-premises Public Key Infrastructure (PKI) with a certificate authority (CA). You need to issue certificates for many HTTP load balancer frontends. The on-premises PKI should be minimally affected due to many manual processes, and the solution needs to scale.
What should you do?

A.Use Certificate Manager to issue Google managed public certificates and configure it at HTTP the load balancers in your infrastructure as code (laC).
B.Use Certificate Manager to import certificates issued from on-premises PKI and for the frontends.
Leverage the gcloud tool for importing
C.Use a subordinate CA in the Google Certificate Authority Service from the on-premises PKI system to issue certificates for the load balancers.
D.Use the web applications with PKCS12 certificates issued from subordinate CA based on OpenSSL on-premises Use the gcloud tool for importing. Use the External TCP/UDP Network load balancer instead of an external HTTP Load Balancer.

Question 22

You manage one of your organization's Google Cloud projects (Project A). AVPC Service Control (SC) perimeter is blocking API access requests to this project including Pub/Sub. A resource running under a service account in another project (Project B) needs to collect messages from a Pub/Sub topic in your project Project B is not included in a VPC SC perimeter. You need to provide access from Project B to the Pub/Sub topic in Project A using the principle of least Privilege.
What should you do?

A.Remove the Pub/Sub API from the list of restricted services in the perimeter configuration for Project A.
B.Create an access level that allows a developer in Project B to subscribe to the Pub/Sub topic that is located in Project A.
C.Configure an ingress policy for the perimeter in Project A and allow access for the service account in Project B to collect messages.
D.Create a perimeter bridge between Project A and Project B to allow the required communication between both projects.

Question 23

Your company is moving to Google Cloud. You plan to sync your users first by using Google Cloud Directory Sync (GCDS). Some employees have already created Google Cloud accounts by using their company email addresses that were created outside of GCDS. You must create your users on Cloud Identity.
What should you do?

A.Configure GCDS and use GCDS search rules lo sync these users.
B.Use the transfer tool to migrate unmanaged users.
C.Configure GCDS and use GCDS exclusion rules to ensure users are not suspended.
D.Write a custom script to identify existing Google Cloud users and call the Admin SDK Directory API to transfer their account.

Question 24

Your company wants to determine what products they can build to help customers improve their credit scores depending on their age range. To achieve this, you need to join user information in the company's banking app with customers' credit score data received from a third party. While using this raw data will allow you to complete this task, it exposes sensitive data, which could be propagated into new systems.
This risk needs to be addressed using de-identification and tokenization with Cloud Data Loss Prevention while maintaining the referential integrity across the database. Which cryptographic token format should you use to meet these requirements?

A.Deterministic encryption
B.Secure, key-based hashes
C.Format-preserving encryption
D.Cryptographic hashing

Question 25

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.
Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.
Which type of access should your team grant to meet this requirement?

A.Organization Administrator
B.Security Reviewer
C.Organization Role Administrator
D.Organization Policy Administrator

Question 21

Question 22

Question 23

Question 24

Question 25

Download PDF File