- Home
- Google Cloud Certified - Professional Cloud Security Engineer Exam
- Google.Professional-Cloud-Security-Engineer.v2025-05-21.q124
- Question 93
Valid Professional-Cloud-Security-Engineer Dumps shared by ExamDiscuss.com for Helping Passing Professional-Cloud-Security-Engineer Exam! ExamDiscuss.com now offer the newest Professional-Cloud-Security-Engineer exam dumps, the ExamDiscuss.com Professional-Cloud-Security-Engineer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Professional-Cloud-Security-Engineer dumps with Test Engine here:
Access Professional-Cloud-Security-Engineer Dumps Premium Version
(268 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 93/124
You're developing the incident response plan for your company. You need to define the access strategy that your DevOps team will use when reviewing and investigating a deployment issue in your Google Cloud environment. There are two main requirements:
* Least-privilege access must be enforced at all times.
* The DevOps team must be able to access the required resources only during the deployment issue.
How should you grant access while following Google-recommended best practices?
* Least-privilege access must be enforced at all times.
* The DevOps team must be able to access the required resources only during the deployment issue.
How should you grant access while following Google-recommended best practices?
Correct Answer: D
To ensure least-privilege access and provide necessary permissions to the DevOps team only during a deployment issue, follow these steps:
* Create a Service Account:
* In your Google Cloud project, create a new service account specifically for the DevOps team.
* Assign Limited Permissions:
* Grant the service account permissions with only the necessary list/view roles. For instance, you can create a custom IAM role with compute.instances.list and compute.instances.get permissions.
* Grant Service Account User Role:
* Assign the Service Account User role to the DevOps team members for the created service account. This allows them to act as the service account and use its permissions.
* Access Control During Incidents:
* During a deployment issue, the DevOps team can temporarily use the service account to access the resources. This ensures they have the least-privilege access required to investigate and resolve the issue.
* Automation and Monitoring:
* Implement automation to enable and disable the service account access as needed and monitor the usage to ensure compliance with the least-privilege principle.
Benefits:
* Security: Limits access to only what is necessary, reducing the risk of unauthorized changes.
* Flexibility: Provides necessary access during incidents without granting permanent elevated permissions.
References
* Creating and Managing Service Accounts
* Service Account User Role
* Create a Service Account:
* In your Google Cloud project, create a new service account specifically for the DevOps team.
* Assign Limited Permissions:
* Grant the service account permissions with only the necessary list/view roles. For instance, you can create a custom IAM role with compute.instances.list and compute.instances.get permissions.
* Grant Service Account User Role:
* Assign the Service Account User role to the DevOps team members for the created service account. This allows them to act as the service account and use its permissions.
* Access Control During Incidents:
* During a deployment issue, the DevOps team can temporarily use the service account to access the resources. This ensures they have the least-privilege access required to investigate and resolve the issue.
* Automation and Monitoring:
* Implement automation to enable and disable the service account access as needed and monitor the usage to ensure compliance with the least-privilege principle.
Benefits:
* Security: Limits access to only what is necessary, reducing the risk of unauthorized changes.
* Flexibility: Provides necessary access during incidents without granting permanent elevated permissions.
References
* Creating and Managing Service Accounts
* Service Account User Role
- Question List (124q)
- Question 1: An organization is moving applications to Google Cloud while...
- Question 2: An organization is starting to move its infrastructure from ...
- Question 3: Your organization has on-premises hosts that need to access ...
- Question 4: You are deploying a web application hosted on Compute Engine...
- Question 5: Your DevOps team uses Packer to build Compute Engine images ...
- Question 6: You have been tasked with configuring Security Command Cente...
- Question 7: You are troubleshooting access denied errors between Compute...
- Question 8: Your team needs to configure their Google Cloud Platform (GC...
- Question 9: You work for a large organization where each business unit h...
- Question 10: You are working with protected health information (PHI) for ...
- Question 11: A customer needs an alternative to storing their plain text ...
- Question 12: You are implementing a new web application on Google Cloud t...
- Question 13: Your company is storing sensitive data in Cloud Storage. You...
- Question 14: Your organization processes sensitive health information. Yo...
- Question 15: A customer's data science group wants to use Google Cloud Pl...
- Question 16: You want data on Compute Engine disks to be encrypted at res...
- Question 17: You are deploying regulated workloads on Google Cloud. The r...
- Question 18: You are working with a client that is concerned about contro...
- Question 19: A customer terminates an engineer and needs to make sure the...
- Question 20: You have the following resource hierarchy. There is an organ...
- Question 21: Your organization is moving virtual machines (VMs) to Google...
- Question 22: Your company runs a website that will store PII on Google Cl...
- Question 23: You need to enable VPC Service Controls and allow changes to...
- Question 24: An application running on a Compute Engine instance needs to...
- Question 25: A patch for a vulnerability has been released, and a DevOps ...
- Question 26: Your company must follow industry specific regulations. Ther...
- Question 27: You must ensure that the keys used for at-rest encryption of...
- Question 28: A company migrated their entire data/center to Google Cloud ...
- Question 29: For compliance reasons, an organization needs to ensure that...
- Question 30: You are the security admin of your company. You have 3,000 o...
- Question 31: Which two security characteristics are related to the use of...
- Question 32: Your organization s record data exists in Cloud Storage. You...
- Question 33: You are consulting with a client that requires end-to-end en...
- Question 34: Your organization wants to publish yearly reports of your we...
- Question 35: A company is running workloads in a dedicated server room. T...
- Question 36: A company has redundant mail servers in different Google Clo...
- Question 37: Your security team wants to reduce the risk of user-managed ...
- Question 38: You want to limit the images that can be used as the source ...
- Question 39: After completing a security vulnerability assessment, you le...
- Question 40: You have noticed an increased number of phishing attacks acr...
- Question 41: A customer wants to make it convenient for their mobile work...
- Question 42: You want to use the gcloud command-line tool to authenticate...
- Question 43: An administrative application is running on a virtual machin...
- Question 44: Your organization is building a real-time recommendation eng...
- Question 45: As adoption of the Cloud Data Loss Prevention (DLP) API grow...
- Question 46: Your Google Cloud organization allows for administrative cap...
- Question 47: Your team uses a service account to authenticate data transf...
- Question 48: Your Security team believes that a former employee of your c...
- Question 49: You have numerous private virtual machines on Google Cloud. ...
- Question 50: You are designing a new governance model for your organizati...
- Question 51: Which type of load balancer should you use to maintain clien...
- Question 52: A company is backing up application logs to a Cloud Storage ...
- Question 53: Your company's Chief Information Security Officer (CISO) cre...
- Question 54: You need to centralize your team's logs for production proje...
- Question 55: You are a member of your company's security team. You have b...
- Question 56: You manage a mission-critical workload for your organization...
- Question 57: You are the project owner for a regulated workload that runs...
- Question 58: Your organization is using Vertex AI Workbench Instances. Yo...
- Question 59: You are a consultant for an organization that is considering...
- Question 60: Your organization operates Virtual Machines (VMs) with only ...
- Question 61: Users are reporting an outage on your public-facing applicat...
- Question 62: You are a Security Administrator at your organization. You n...
- Question 63: A large financial institution is moving its Big Data analyti...
- Question 64: You are working with a client who plans to migrate their dat...
- Question 65: You want to evaluate GCP for PCI compliance. You need to ide...
- Question 66: You are a security engineer at a finance company. Your organ...
- Question 67: You perform a security assessment on a customer architecture...
- Question 68: A company allows every employee to use Google Cloud Platform...
- Question 69: You manage a fleet of virtual machines (VMs) in your organiz...
- Question 70: A customer implements Cloud Identity-Aware Proxy for their E...
- Question 71: Your organization uses Google Workspace Enterprise Edition t...
- Question 72: Your application is deployed as a highly available cross-reg...
- Question 73: Your organization wants to be continuously evaluated against...
- Question 74: Your company's new CEO recently sold two of the company's di...
- Question 75: You have been tasked with inspecting IP packet data for inva...
- Question 76: Applications often require access to "secrets" - small piece...
- Question 77: You define central security controls in your Google Cloud en...
- Question 78: Your organization has had a few recent DDoS attacks. You nee...
- Question 79: Your organization's Google Cloud VMs are deployed via an ins...
- Question 80: Your company operates an application instance group that is ...
- Question 81: You need to use Cloud External Key Manager to create an encr...
- Question 82: A customer wants to run a batch processing system on VMs and...
- Question 83: Your team needs to obtain a unified log view of all developm...
- Question 84: Your organization uses a microservices architecture based on...
- Question 85: When creating a secure container image, which two items shou...
- Question 86: Which Identity-Aware Proxy role should you grant to an Ident...
- Question 87: Your organization wants to protect all workloads that run on...
- Question 88: Your company is concerned about unauthorized parties gaming ...
- Question 89: Your team wants to make sure Compute Engine instances runnin...
- Question 90: Your company is moving to Google Cloud. You plan to sync you...
- Question 91: Your organization is transitioning to Google Cloud You want ...
- Question 92: Your company plans to move most of its IT infrastructure to ...
- Question 93: You're developing the incident response plan for your compan...
- Question 94: Your organization leverages folders to represent different t...
- Question 95: A manager wants to start retaining security event logs for 2...
- Question 96: An engineering team is launching a web application that will...
- Question 97: You run applications on Cloud Run. You already enabled conta...
- Question 98: In order to meet PCI DSS requirements, a customer wants to e...
- Question 99: You need to implement an encryption at-rest strategy that re...
- Question 100: Your team wants to centrally manage GCP IAM permissions from...
- Question 101: You are exporting application logs to Cloud Storage. You enc...
- Question 102: A database administrator notices malicious activities within...
- Question 103: You want to make sure that your organization's Cloud Storage...
- Question 104: Your company is using Cloud Dataproc for its Spark and Hadoo...
- Question 105: You plan to deploy your cloud infrastructure using a CI/CD c...
- Question 106: You have been tasked with implementing external web applicat...
- Question 107: Your organization deploys a large number of containerized ap...
- Question 108: You are creating a new infrastructure CI/CD pipeline to depl...
- Question 109: Your company has deployed an application on Compute Engine. ...
- Question 110: You work for an organization in a regulated industry that ha...
- Question 111: Your organization strives to be a market leader in software ...
- Question 112: In a shared security responsibility model for IaaS, which tw...
- Question 113: Your organization is using GitHub Actions as a continuous in...
- Question 114: An organization's typical network and security review consis...
- Question 115: A company is using Google Kubernetes Engine (GKE) with conta...
- Question 116: You are creating an internal App Engine application that nee...
- Question 117: A customer is collaborating with another company to build an...
- Question 118: You want to update your existing VPC Service Controls perime...
- Question 119: Your company is using GSuite and has developed an applicatio...
- Question 120: You are setting up a new Cloud Storage bucket in your enviro...
- Question 121: Your organization is using Vertex AI Workbench Instances. Yo...
- Question 122: You need to enforce a security policy in your Google Cloud o...
- Question 123: A customer is running an analytics workload on Google Cloud ...
- Question 124: A business unit at a multinational corporation signs up for ...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Security-Engineer.v2025-05-21.q124.pdf