Download Valid Professional Cloud Security Engineer Exam Dumps for Success
Exam : Professional Cloud
Security Engineer
Title : Google Cloud Certified -
Professional Cloud Security
Engineer
https://www.passcert.com/Professional-Cloud-Security-Engineer.html
1/7
, Download Valid Professional Cloud Security Engineer Exam Dumps for Success
1.Your team needs to make sure that a Compute Engine instance does not have access to the internet or
to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)
A. Public IP
B. IP Forwarding
C. Private Google Access
D. Static routes
E. IAM Network User Role
Answer: AC
Explanation:
To ensure that a Compute Engine instance does not have access to the internet or to any Google APIs or
services, you need to disable the following settings:
Public IP: Disabling the public IP address ensures that the instance does not have a direct connection to
the internet. Without a public IP address, the instance cannot be accessed from or communicate with the
internet directly.
Private Google Access: Disabling Private Google Access ensures that the instance does not have access
to Google APIs and services through the internal Google network. Private Google Access allows
instances without a public IP to reach Google APIs and services using private IP addresses, but disabling
it will block this path.
Disabling these settings will effectively isolate the instance from both the public internet and
Google's internal API services.
Reference: Google Cloud VPC Documentation - Overview
Configuring Private Google Access
Compute Engine Network Overview
2.Which two implied firewall rules are defined on a VPC network? (Choose two.)
A. A rule that allows all outbound connections
B. A rule that denies all inbound connections
C. A rule that blocks all inbound port 25 connections
D. A rule that blocks all outbound connections
E. A rule that allows all inbound port 80 connections
Answer: AB
Explanation:
Implied IPv4 allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority
is the lowest possible (65535) lets any instance send traffic to any destination
Implied IPv4 deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is
the lowest possible (65535) protects all instances by blocking incoming connections to them.
https://cloud.google.com/vpc/docs/firewalls?hl=en#default_firewall_rules
3.A customer needs an alternative to storing their plain text secrets in their source-code management
(SCM) system.
How should the customer achieve this using Google Cloud Platform?
A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud
2/7
Exam : Professional Cloud
Security Engineer
Title : Google Cloud Certified -
Professional Cloud Security
Engineer
https://www.passcert.com/Professional-Cloud-Security-Engineer.html
1/7
, Download Valid Professional Cloud Security Engineer Exam Dumps for Success
1.Your team needs to make sure that a Compute Engine instance does not have access to the internet or
to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)
A. Public IP
B. IP Forwarding
C. Private Google Access
D. Static routes
E. IAM Network User Role
Answer: AC
Explanation:
To ensure that a Compute Engine instance does not have access to the internet or to any Google APIs or
services, you need to disable the following settings:
Public IP: Disabling the public IP address ensures that the instance does not have a direct connection to
the internet. Without a public IP address, the instance cannot be accessed from or communicate with the
internet directly.
Private Google Access: Disabling Private Google Access ensures that the instance does not have access
to Google APIs and services through the internal Google network. Private Google Access allows
instances without a public IP to reach Google APIs and services using private IP addresses, but disabling
it will block this path.
Disabling these settings will effectively isolate the instance from both the public internet and
Google's internal API services.
Reference: Google Cloud VPC Documentation - Overview
Configuring Private Google Access
Compute Engine Network Overview
2.Which two implied firewall rules are defined on a VPC network? (Choose two.)
A. A rule that allows all outbound connections
B. A rule that denies all inbound connections
C. A rule that blocks all inbound port 25 connections
D. A rule that blocks all outbound connections
E. A rule that allows all inbound port 80 connections
Answer: AB
Explanation:
Implied IPv4 allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority
is the lowest possible (65535) lets any instance send traffic to any destination
Implied IPv4 deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is
the lowest possible (65535) protects all instances by blocking incoming connections to them.
https://cloud.google.com/vpc/docs/firewalls?hl=en#default_firewall_rules
3.A customer needs an alternative to storing their plain text secrets in their source-code management
(SCM) system.
How should the customer achieve this using Google Cloud Platform?
A. Use Cloud Source Repositories, and store secrets in Cloud SQL.
B. Encrypt the secrets with a Customer-Managed Encryption Key (CMEK), and store them in Cloud
2/7
