Free Preparation Discussions
MENU
Google Professional Cloud Security Engineer Exam Questions
- Topic 1: Design and Implement a secure infrastructure on Google Cloud Platform
- Topic 2: Understanding of security best practices and industry security requirements
- Topic 3: Manages a secure infrastructure leveraging Google security technologies
- Topic 4: All aspects of Cloud Secur
Free Google Professional Cloud Security Engineer Exam Actual Questions
Note: Premium Questions for Professional Cloud Security Engineer were last updated On Jun. 29, 2025 (see below)
Your organization is building a real-time recommendation engine using ML models that process live user activity data stored in BigQuery and Cloud Storage. Each new model developed is saved to Artifact Registry. This new system deploys models to Google Kubernetes Engine and uses Pub/Sub for message queues. Recent industry news has been reporting attacks exploiting ML model supply chains. You need to enhance the security in this serverless architecture, specifically against risks to the development and deployment pipeline. What should you do?
To enhance the security of your machine learning (ML) model supply chain within a serverless architecture, it's crucial to implement measures that protect both the development and deployment pipelines.
Option A: While limiting external dependencies and rotating encryption keys are good security practices, they do not directly address the risks associated with the ML model supply chain.
Option B: Implementing container image vulnerability scanning during development and pre-deployment helps identify and mitigate known vulnerabilities in your container images. Enforcing Binary Authorization ensures that only trusted and verified images are deployed in your environment. This combination directly strengthens the security of the ML model supply chain by validating the integrity of container images before deployment.
Option C: Sanitizing training data and applying role-based access controls are important security practices but do not specifically safeguard the deployment pipeline against compromised container images.
Option D: While strict firewall rules and intrusion detection systems enhance network security, they do not specifically address vulnerabilities within the container images or the deployment process.
Therefore, Option B is the most effective approach, as it directly addresses the security of the development and deployment pipeline by ensuring that only vetted and secure container images are used in your environment.
An organization is evaluating the use of Google Cloud Platform (GCP) for certain IT workloads. A well- established directory service is used to manage user identities and lifecycle management. This directory service must continue for the organization to use as the ''source of truth'' directory for identities.
Which solution meets the organization's requirements?
With Google Cloud Directory Sync (GCDS), you can synchronize the data in your Google Account with your Microsoft Active Directory or LDAP server. GCDS doesn't migrate any content (such as email messages, calendar events, or files) to your Google Account. You use GCDS to synchronize your Google users, groups, and shared contacts to match the information in your LDAP server.
https://support.google.com/a/answer/106368?hl=en
You have been tasked with configuring Security Command Center for your organization's Google Cloud environment. Your security team needs to receive alerts of potential crypto mining in the organization's compute environment and alerts for common Google Cloud misconfigurations that impact security. Which Security Command Center features should you use to configure these alerts? (Choose two.)
Security Command Center (SCC) in Google Cloud provides several features to help organizations detect and respond to security threats and misconfigurations.
Event Threat Detection: This feature continuously monitors and analyzes system logs to detect potential threats such as crypto mining. It uses machine learning and threat intelligence to identify suspicious activities and generate alerts.
Security Health Analytics: This feature helps identify common misconfigurations and compliance violations that could impact security. It provides visibility into security posture and helps remediate issues related to misconfigurations in your Google Cloud environment.
By using both Event Threat Detection and Security Health Analytics, you can effectively monitor for crypto mining activities and detect common misconfigurations that could compromise security.
Security Command Center Documentation
Event Threat Detection
Security Health Analytics
You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted dat
a. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?
Your organization is using Vertex AI Workbench Instances. You must ensure that newly deployed instances are automatically kept up-to-date and that users cannot accidentally alter settings in the operating system. What should you do?
To ensure that Vertex AI Workbench Instances are automatically kept up-to-date and that users cannot alter operating system settings, implementing specific organization policies is essential.
Option A: Enabling VM Manager and adding Compute Engine instances assists in managing and monitoring VM instances but does not enforce automatic updates or restrict user modifications to the operating system.
Option B: Enforcing the disableRootAccess organization policy prevents users from gaining root access, thereby restricting unauthorized changes to the operating system. Additionally, the requireAutoUpgradeSchedule policy ensures that instances are automatically updated according to a defined schedule. Together, these policies maintain system integrity and compliance with update requirements.
Option C: Assigning AI Notebooks Runner and AI Notebooks Viewer roles controls user permissions related to running and viewing notebooks but does not directly influence operating system settings or update mechanisms.
Option D: Implementing firewall rules to prevent SSH access limits direct access to instances but does not ensure automatic updates or prevent alterations through other means.
Therefore, Option B is the most appropriate action, as it directly addresses both the enforcement of automatic updates and the prevention of unauthorized operating system modifications.
Organization Policy Constraints
VM Manager Overview
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Malcom
21 days agoAntonio
2 months agoMargurite
3 months agoAugustine
4 months agoCraig
5 months agoMiles
5 months agoShawnta
6 months agoArlyne
7 months agoAn
7 months agoLaurel
7 months agoChun
8 months agoRenea
8 months agoRessie
8 months agoLashawna
9 months agoJospeh
9 months agoMiriam
9 months agoJavier
9 months agoJoesph
9 months agoBettina
10 months agoCurtis
10 months agoStefany
10 months agoChun
11 months agoKarina
12 months agoRaylene
12 months agoDaniela
1 years agoOcie
1 years agoKatie
1 years ago