Professional-Cloud-Security-Engineer試験無料問題集「Google Cloud Certified - Professional Cloud Security Engineer 認定」

ページ: 1 / 17
トータル 235 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

出題：1

You have created an OS image that is hardened per your organization's security standards and is being stored in a project managed by the security team. As a Google Cloud administrator, you need to make sure all VMs in your Google Cloud organization can only use that specific OS image while minimizing operational overhead. What should you do? (Choose two.)

A. Remove VM instance creation permission from users of the projects, and only allow you and your team to create VM instances.

B. Set up an image access organization policy constraint, and list the security team managed project in the projects allow list.

C. Store the image in every project that is spun up in your organization.

D. Grant users the compuce.imageUser role in the OS image project.

E. Grant users the compuce.imageUser role in their own projects.

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of Google Cloud user accounts being compromised.
What should you do?

A. Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.

B. Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.

C. Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.

D. Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.

正解：C 解答を投票する

出題：3

Your organization's Google Cloud VMs are deployed via an instance template that configures them with a public IP address in order to host web services for external users. The VMs reside in a service project that is attached to a host (VPC) project containing one custom Shared VPC for the VMs. You have been asked to reduce the exposure of the VMs to the internet while continuing to service external users. You have already recreated the instance template without a public IP address configuration to launch the managed instance group (MIG). What should you do?

A. Deploy a Cloud NAT Gateway in the host (VPC) project for the MIG.

B. Deploy an external HTTP(S) load balancer in the service project with the MIG as a backend.

C. Deploy a Cloud NAT Gateway in the service project for the MIG.

D. Deploy an external HTTP(S) load balancer in the host (VPC) project with the MIG as a backend.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

An organization is starting to move its infrastructure from its on-premises environment to Google Cloud Platform (GCP). The first step the organization wants to take is to migrate its current data backup and disaster recovery solutions to GCP for later analysis. The organization's production environment will remain on- premises for an indefinite time. The organization wants a scalable and cost-efficient solution.
Which GCP solution should the organization use?

A. BigQuery using a data pipeline job with continuous updates

B. Compute Engine Virtual Machines using Persistent Disk

C. Cloud Storage using a scheduled task and gsutil

D. Cloud Datastore using regularly scheduled batch upload jobs

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

You plan to deploy your cloud infrastructure using a CI/CD cluster hosted on Compute Engine. You want to minimize the risk of its credentials being stolen by a third party. What should you do?

A. Create a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user's temporary credentials.

B. Create a custom service account for the cluster Enable the constraints/iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.

C. Create a custom service account for the cluster Enable the
constraints/iam.disableServiceAccountKeyCreation organization policy at the project level.

D. Create a dedicated Cloud Identity user account for the cluster. Enable the constraints/iam.disableServiceAccountCreation organization policy at the project level.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which two security characteristics are related to the use of VPC peering to connect two VPC networks?
(Choose two.)

A. Ability to share specific subnets across peered networks

B. Firewall rules that can be created with a tag from one peered network to another peered network

C. Non-transitive peered networks; where only directly peered networks can communicate

D. Central management of routes, firewalls, and VPNs for peered networks

E. Ability to peer networks that belong to different Google Cloud Platform organizations

正解：C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

In an effort for your company messaging app to comply with FIPS 140-2, a decision was made to use GCP compute and network services. The messaging app architecture includes a Managed Instance Group (MIG) that controls a cluster of Compute Engine instances. The instances use Local SSDs for data caching and UDP for instance-to-instance communications. The app development team is willing to make any changes necessary to comply with the standard Which options should you recommend to meet the requirements?

A. Change the app instance-to-instance communications from UDP to TCP and enable BoringSSL on clients' TLS connections.

B. Encrypt all cache storage and VM-to-VM communication using the BoringCrypto module.

C. Set Disk Encryption on the Instance Template used by the MIG to Google-managed Key and use BoringSSL library on all instance-to-instance communications.

D. Set Disk Encryption on the Instance Template used by the MIG to customer-managed key and use BoringSSL for all data transit between instances.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

A. In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.

B. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.

C. Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.

D. In Resource Manager, edit the organization permissions. Add the project ID as member with the role:Compute Image User.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

An organization receives an increasing number of phishing emails.
Which method should be used to protect employee credentials in this situation?

A. A strict password policy

B. Captcha on login pages

C. Encrypted emails

D. Multifactor Authentication

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

An employer wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exposing the sensitive compensation data for any individual and must be reversible to identify the outlier.
Which Cloud Data Loss Prevention API technique should you use to accomplish this?

A. Generalization

B. CryptoReplaceFfxFpeConfig

C. Redaction

D. CryptoHashConfig

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Users are reporting an outage on your public-facing application that is hosted on Compute Engine. You suspect that a recent change to your firewall rules is responsible. You need to test whether your firewall rules are working properly. What should you do?

A. Enable Firewall Rules Logging on the latest rules that were changed. Use Logs Explorer to analyze whether the rules are working correctly.

B. Connect to a bastion host in your VPC. Use a network traffic analyzer to determine at which point your requests are being blocked.

C. Enable VPC Flow Logs in your VPC. Use Logs Explorer to analyze whether the rules are working correctly.

D. In a pre-production environment, disable all firewall rules individually to determine which one is blocking user traffic.

正解：A 解答を投票する

出題：12

You're developing the incident response plan for your company. You need to define the access strategy that your DevOps team will use when reviewing and investigating a deployment issue in your Google Cloud environment. There are two main requirements:
Least-privilege access must be enforced at all times.
The DevOps team must be able to access the required resources only during the deployment issue.
How should you grant access while following Google-recommended best practices?

A. Assign the Project Viewer Identity and Access Management (1AM) role to the DevOps team.

B. Create a custom 1AM role with limited list/view permissions, and assign it to the DevOps team.

C. Create a service account, and grant it limited list/view permissions. Give the Service Account User Role on this service account to the DevOps team.

D. Create a service account, and grant it the Project Owner 1AM role. Give the Service Account User Role on this service account to the DevOps team.

正解：C 解答を投票する

出題：13

You have numerous private virtual machines on Google Cloud. You occasionally need to manage the servers through Secure Socket Shell (SSH) from a remote location. You want to configure remote access to the servers in a manner that optimizes security and cost efficiency.
What should you do?

A. Configure server instances with public IP addresses Create a firewall rule to only allow traffic from yourcorporate IPs.

B. Create a jump host instance with public IP Manage the instances by connecting through the jump host.

C. Create a site-to-site VPN from your corporate network to Google Cloud.

D. Create a firewall rule to allow access from the Identity-Aware Proxy (IAP) IP range Grant the role of an IAP-secured Tunnel User to the administrators.

正解：D 解答を投票する

出題：14

Your organization hosts a financial services application running on Compute Engine instances for a third-party company. The third-party company's servers that will consume the application also run on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances. You have the following requirements:
The network connection must be encrypted.
The communication between servers must be over private IP addresses.
What should you do?

A. Configure a Cloud VPN connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

B. Configure an Apigee proxy that exposes your Compute Engine-hosted application as an API, and is encrypted with TLS which allows access only to the third party.

C. Configure a VPC peering connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.

D. Configure a VPC Service Controls perimeter around your Compute Engine instances, and provide access to the third party via an access level.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

ページ: 1 / 17
トータル 235 問

Professional-Cloud-Security-Engineer の機能をすべて解除する

キャプチャ不要
365日無料更新サービス
希望する合格率を設定できる
時間の割り当てられる（時間：分）
Professional-Cloud-Security-Engineer に2つの練習用モード
サポートサービス対応

完全版を入手する

弊社のサイトにはあなたの試験合格を助けるために研究された効果的な知能問題集を提供しています。材料はすべてのユーザーによって称賛されています。弊社のサイトは、最短時間で多くの証明書を取得するのに役立つ学習プラットフォームになります。

掲示板

試験Salesforce-AI-Specialist-JPN トピック4 問題13 スレッド
試験MS-102J トピック2 問題430 スレッド
試験MS-102J トピック1 問題463 スレッド
試験Data-Architect トピック1 問題158 スレッド
試験QSDA2024 トピック3 問題37 スレッド
試験Associate-Reactive-Developer-JPN トピック4 問題56 スレッド
試験C-S4CFI-2402 トピック10 問題60 スレッド

弊社を連絡する

我々の働いている時間：( UTC+9 ) 9:00-24:00

月曜日から土曜日まで

サポート：現在連絡

我々は１２時間以内ですべてのお問い合わせを答えます。