Google Professional-Cloud-Security-Engineer Quiz 1 Topic 1 Questions 1-5

Question: 1

You are tasked with exporting and auditing security logs for login activity events for Google Cloud console and API calls that modify configurations to Google Cloud resources. Your export must meet the following requirements:

Export related logs for all projects in the Google Cloud organization.

Export logs in near real-time to an external SIEM.

What should you do? (Choose two.)

ACreate a Log Sink at the organization level with a Pub/Sub destination.

BCreate a Log Sink at the organization level with the includeChildren parameter, and set the destination to a Pub/Sub topic.

CEnable Data Access audit logs at the organization level to apply to all projects.

DEnable Google Workspace audit logs to be shared with Google Cloud in the Admin Console.

EEnsure that the SIEM processes the AuthenticationInfo field in the audit log entry to gather identity information.

Show Answer

Question: 2

You are working with protected health information (PHI) for an electronic health record system. The privacy officer is concerned that sensitive data is stored in the analytics system. You are tasked with anonymizing the sensitive data in a way that is not reversible. Also, the anonymized data should not preserve the character set and length. Which Google Cloud solution should you use?

ACloud Data Loss Prevention with deterministic encryption using AES-SIV

BCloud Data Loss Prevention with format-preserving encryption

CCloud Data Loss Prevention with cryptographic hashing

DCloud Data Loss Prevention with Cloud Key Management Service wrapped cryptographic keys

Show Answer

Question: 3

You manage your organization's Security Operations Center (SOC). You currently monitor and detect network traffic anomalies in your VPCs based on network logs. However, you want to explore your environment using network payloads and headers. Which Google Cloud product should you use?

ACloud IDS

BVPC Service Controls logs

CVPC Flow Logs

DGoogle Cloud Armor

EPacket Mirroring

Show Answer

Question: 4

A customer terminates an engineer and needs to make sure the engineer's Google account is automatically deprovisioned.

What should the customer do?

AUse the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity.

BUse the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity.

CConfigure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.

DConfigure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity.

Show Answer

Question: 5

You want to evaluate GCP for PCI compliance. You need to identify Google's inherent controls.

Which document should you review to find the information?

AGoogle Cloud Platform: Customer Responsibility Matrix

BPCI DSS Requirements and Security Assessment Procedures

CPCI SSC Cloud Computing Guidelines

DProduct documentation for Compute Engine

Show Answer

Google Professional-Cloud-Security-Engineer Quiz:1 Topic:1 Questions:1-5