Professional-Cloud-Security-Engineer試験無料問題集「Google Cloud Certified - Professional Cloud Security Engineer 認定」

ページ: 1 / 16
トータル 235 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

出題：1

You are designing a new governance model for your organization's secrets that are stored in Secret Manager.
Currently, secrets for Production and Non-Production applications are stored and accessed using service accounts. Your proposed solution must:
Provide granular access to secrets
Give you control over the rotation schedules for the encryption keys that wrap your secrets Maintain environment separation Provide ease of management Which approach should you take?

A. 1. Use a single Google Cloud project to store both Production and Non-Production secrets.
2. Enforce access control to secrets using project-level Identity and Access Management (IAM) bindings.
3. Use customer-managed encryption keys to encrypt secrets.

B. 1. Use separate Google Cloud projects to store Production and Non-Production secrets.
2. Enforce access control to secrets using project-level identity and Access Management (IAM) bindings.
3. Use customer-managed encryption keys to encrypt secrets.

C. 1. Use a single Google Cloud project to store both Production and Non-Production secrets.
2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.
3. Use Google-managed encryption keys to encrypt secrets.

D. 1. Use separate Google Cloud projects to store Production and Non-Production secrets.
2. Enforce access control to secrets using secret-level Identity and Access Management (IAM) bindings.
3. Use Google-managed encryption keys to encrypt secrets.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Your organization is moving virtual machines (VMs) to Google Cloud. You must ensure that operating system images that are used across your projects are trusted and meet your security requirements.
What should you do?

A. Automate a security scanner that verifies that no common vulnerabilities and exposures (CVEs) are presentin your trusted image repository.

B. Implement an organization policy constraint that enables the Shielded VM service on all projects to enforcethe trusted image repository usage.

C. Implement an organization policy to enforce that boot disks can only be created from images that come fromthe trusted image project.

D. Create a Cloud Function that is automatically triggered when a new virtual machine is created from thetrusted image repository Verify that the image is not deprecated.

正解：A 解答を投票する

出題：3

You work for an organization in a regulated industry that has strict data protection requirements. The organization backs up their data in the cloud. To comply with data privacy regulations, this data can only be stored for a specific length of time and must be deleted after this specific period.
You want to automate the compliance with this regulation while minimizing storage costs. What should you do?

A. Store the data in a BigQuery table, and set the table's expiration time.

B. Store the data in a Cloud Bigtable table, and set an expiration time on the column families.

C. Store the data in a Cloud Storage bucket, and configure the bucket's Object Lifecycle Management feature.

D. Store the data in a persistent disk, and delete the disk at expiration time.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

You are developing a new application that uses exclusively Compute Engine VMs Once a day. this application will execute five different batch jobs Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle What should you do?

A. 1. Create a workload identity pool and configure workload identity pool providers for each batch job
* 2 Assign the workload identity user role to each of the identities configured in the providers.
* 3. Create one service account per batch job Mb-sa-[1-5]". and grant only the permissions required to run the individual batch jobs to the service accounts
* 4 Generate credential configuration files for each of the providers Use these files to execute the batch jobs with the permissions of b-sa-[1-5].

B. 1. Create a general service account "g-sa" to orchestrate the batch jobs.
* 2. Create one service account per batch job Mb-sa-[1-5]," and grant only the permissions required to run the individual batch jobs to the service accounts.
* 3. Grant the Service Account Token Creator role to g-sa Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5].

C. 1. Create a general service account **g-sa" to execute the batch jobs.
* 2 Grant the permissions required to execute the batch jobs to g-sa.
* 3. Execute the batch jobs with the permissions granted to g-sa

D. * 1. Create a general service account "g-sa" to orchestrate the batch jobs.
* 2 Create one service account per batch job 'b-sa-[1-5)\ Grant only the permissions required to run the individual batch jobs to the service accounts and generate service account keys for each of these service accounts
* 3. Store the service account keys in Secret Manager. Grant g-sa access to Secret Manager and run the batch jobs with the permissions of b-sa-[1-5].

正解：B 解答を投票する

出題：5

You are onboarding new users into Cloud Identity and discover that some users have created consumer user accounts using the corporate domain name. How should you manage these consumer user accounts with Cloud Identity?

A. Configure single sign-on using a customer's third-party provider.

B. Create a new managed user account for each consumer user account.

C. Use Google Cloud Directory Sync to convert the unmanaged user accounts.

D. Use the transfer tool for unmanaged user accounts.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which Google Cloud service should you use to enforce access control policies for applications and resources?

A. Identity-Aware Proxy

B. Cloud NAT

C. Google Cloud Armor

D. Shielded VMs

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Your organization is using Active Directory and wants to configure Security Assertion Markup Language (SAML). You must set up and enforce single sign-on (SSO) for all users.
What should you do?

A. 1. Configure prerequisites for OpenID Connect (OIDC) in your Active Directory (AD) tenant
* 2. Verify the AD domain.
* 3. Decide which users should use SAML.
* 4. Assign the pre-configured profile to the select organizational units (OUs) and groups.

B. 1. Create a new SAML profile.
* 2. Upload the X.509 certificate.
* 3. Enable the change password URL.
* 4. Configure Entity ID and ACS URL in your IdP.

C. 1. Manage SAML profile assignments.
* 2. Enable OpenID Connect (OIDC) in your Active Directory (AD) tenant.
* 3. Verify the domain.

D. 1- Create a new SAML profile.
* 2. Populate the sign-in and sign-out page URLs.
* 3. Upload the X.509 certificate.
* 4. Configure Entity ID and ACS URL in your IdP

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.
How should your team meet these requirements?

A. Set up an organization policy to only permit public IPs for the front-end Compute Engine instances.

B. Remove the Editor role and grant the Compute Admin IAM role to the engineers.

C. Set up a VPC network with two subnets: one with public IPs and one without public IPs.

D. Enable Private Access on the VPC network in the production project.

正解：A 解答を投票する

出題：9

You have been tasked with implementing external web application protection against common web application attacks for a public application on Google Cloud. You want to validate these policy changes before they are enforced. What service should you use?

A. Cloud Load Balancing firewall rules

B. VPC Service Controls in dry run mode

C. Google Cloud Armor's preconfigured rules in preview mode

D. Prepopulated VPC firewall rules in monitor mode

E. The inherent protections of Google Front End (GFE)

正解：C 解答を投票する

出題：10

Your company runs a website that will store PII on Google Cloud Platform. To comply with data privacy regulations, this data can only be stored for a specific amount of time and must be fully deleted after this specific period. Data that has not yet reached the time period should not be deleted. You want to automate the process of complying with this regulation.
What should you do?

A. Store the data in a single BigQuery table and set the appropriate table expiration time.

B. Store the data in a single Persistent Disk, and delete the disk at expiration time.

C. Store the data in a Cloud Storage bucket, and configure the bucket's Object Lifecycle Management feature.

D. Store the data in a single BigTable table and set an expiration time on the column families.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

You want data on Compute Engine disks to be encrypted at rest with keys managed by Cloud Key Management Service (KMS). Cloud Identity and Access Management (IAM) permissions to these keys must be managed in a grouped way because the permissions should be the same for all keys.
What should you do?

A. Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the Key level.

B. Create a single KeyRing for all persistent disks and all Keys in this KeyRing. Manage the IAM permissions at the KeyRing level.

C. Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the Key level.

D. Create a KeyRing per persistent disk, with each KeyRing containing a single Key. Manage the IAM permissions at the KeyRing level.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

You need to use Cloud External Key Manager to create an encryption key to encrypt specific BigQuery data at rest in Google Cloud. Which steps should you do first?

A. 1. Create an external key with a unique uniform resource identifier (URI) in Cloud Key Management Service (Cloud KMS).
2. In Cloud KMS, grant your Google Cloud project access to use the key.

B. 1. Create or use an existing key with a unique uniform resource identifier (URI) in Cloud Key Management Service (Cloud KMS).
2. In Cloud KMS, grant your Google Cloud project access to use the key.

C. 1. Create or use an existing key with a unique uniform resource identifier (URI) in a supported external key management partner system.
2. In the external key management partner system, grant access for this key to use your Google Cloud project.

D. 1. Create or use an existing key with a unique uniform resource identifier (URI) in your Google Cloud project.
2. Grant your Google Cloud project access to a supported external key management partner system.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.
Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.
Which type of access should your team grant to meet this requirement?

A. Organization Policy Administrator

B. Security Reviewer

C. Organization Role Administrator

D. Organization Administrator

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will need to be controlled by the network security team.
Which type of networking design should your team use to meet these requirements?

A. VPC peering between all engineering projects using a hub and spoke model

B. Grant Compute Admin role to the networking team for each engineering project

C. Shared VPC Network with a host project and service projects

D. Cloud VPN Gateway between all engineering projects using a hub and spoke model

正解：C 解答を投票する

出題：15

An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters.
Which Cloud Identity password guidelines can the organization use to inform their new requirements?

A. Set the minimum length for passwords to be 6 characters.

B. Set the minimum length for passwords to be 8 characters.

C. Set the minimum length for passwords to be 12 characters.

D. Set the minimum length for passwords to be 10 characters.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

ページ: 1 / 16
トータル 235 問

Professional-Cloud-Security-Engineer の機能をすべて解除する

キャプチャ不要
365日無料更新サービス
希望する合格率を設定できる
時間の割り当てられる（時間：分）
Professional-Cloud-Security-Engineer に2つの練習用モード
サポートサービス対応

完全版を入手する

弊社のサイトにはあなたの試験合格を助けるために研究された効果的な知能問題集を提供しています。材料はすべてのユーザーによって称賛されています。弊社のサイトは、最短時間で多くの証明書を取得するのに役立つ学習プラットフォームになります。

掲示板

試験IIA-CIA-Part3 トピック6 問題91 スレッド
試験OmniStudio-Consultant-JPN トピック3 問題17 スレッド
試験MS-102J トピック3 問題154 スレッド
試験IIA-CIA-Part3 トピック4 問題25 スレッド
試験MS-102J トピック1 問題12 スレッド
試験IIA-CIA-Part3 トピック7 問題186 スレッド
試験Salesforce-AI-Specialist-JPN トピック3 問題57 スレッド

弊社を連絡する

我々の働いている時間：( UTC+9 ) 9:00-24:00

月曜日から土曜日まで

サポート：現在連絡

我々は１２時間以内ですべてのお問い合わせを答えます。