Practice Professional-Cloud-Security-Engineer Exam Online

Question 1

As a food delivery company, your service is hosted on Compute Engine, and clients can access it on port 587. What form of Load Balancing on Google Cloud should you use to balance traffic between instances of the service while ensuring that the connection is secured by TLS and terminated by the Load Balancer?

A : Load balancing using TCP Proxy.

B : Load balancing for HTTP and HTTPS traffic.

C : Load balancing for network traffic

D : Load balancing with SSL Proxy

Answer: D

Question 2

As a virtual interior design service company, we want to use Google Cloud Platform (GCP) for certain IT workloads. We already use a well-established directory service to manage user identities and lifecycle management, which must remain the `source of truth` directory for identities. What GCP solution can we use to meet our requirements?

A : SAML (Security Assertion Markup Language) is a protocol used for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider.

B : Identity and Access Management (IAM) in Google Cloud is known as Cloud Identity.

C : Pub/Sub is a messaging service provided by Google Cloud.

D : GCDS stands for Google Cloud Directory Sync.

Answer: D

Question 3

A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet. Which two strategies should your team use to meet these requirements? (Choose two.)

A : Configure Private Google Access on the Compute Engine subnet

B : Avoid assigning public IP addresses to the Compute Engine cluster.

C : Make sure that the Compute Engine cluster is running on a separate subnet.

D : Turn off IP forwarding on the Compute Engine instances in the cluster.

E : Configure a Cloud NAT gateway.

Answer: A,B

Question 4

Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way. What should you do?

A : Create a service account key and add it to the GitHub pipeline configuration file

B : Create a service account key and add it to the GitHub repository content

C :

Configure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.

D : Configure workload identity federation to use GitHub as an identity pool provider.

Answer: D

Question 5

In developing a secure environment for an online grocery delivery service company, what are the two essential components to include in building a secure container image using Google Cloud Services?

A : Make sure that the app is not executed as PID 1.

B : For the application, it is recommended to utilize public container images as the base image and incorporate multiple container image layers to conceal confidential data.

C : Eliminate any superfluous tools that are not required by the application.

D : Create a container for a single application.

Answer: C,D

Name:	Professional Cloud Security Engineer
Exam Code:	Professional-Cloud-Security-Engineer
Certification:	Google Cloud Certified
Vendor:	Google
Total Questions:	347
Last Updated:	Apr 01, 2026

Google Professional-Cloud-Security-Engineer Answers