Google GCP-PCSE Sample Questions with Correct Answers

Google GCP-PCSE Sample Questions


01. A cloud customer has an on-premises key management system and wants to generate, protect,
rotate, and audit encryption keys with it.

How can the customer use Cloud Storage with their own encryption keys?

a) Declare usage of default encryption at rest in the audit report on compliance

b) Upload encryption keys to the same Cloud Storage bucket

c) Use Customer Managed Encryption Keys (CMEK)

d) Use Customer-Supplied Encryption Keys (CSEK) - Answer-Answer:



d) Use Customer-Supplied Encryption Keys (CSEK)



02. A customer wants to grant access to their application running on Compute Engine to write only to a
specific Cloud Storage bucket.

How should you grant access?

a) Create a service account for the application, and grant Cloud Storage Object Creator permissions to
the project.

b) Create a service account for the application, and grant Cloud Storage Object Creator permissions at
the bucket level.

c) Create a user account, authenticate with the application, and grant Google Storage Admin
permissions at the bucket level.

d) Create a user account, authenticate with the application, and grant Google Storage Admin
permissions at the project level. - Answer-Answer:



b) Create a service account for the application, and grant Cloud Storage Object Creator permissions at
the bucket level.