Ensuring data protection Questions
Practice questions for Ensuring data protection topic in Google Professional Cloud Security Engineer. 47 questions covering this domain.
A secret uses user-managed replication in several regions. One configured region is unavailable during an update. What happens?
Which service is designed to store and manage secret values such as passwords and API keys, rather than perform cryptographic operations with encrypti...
Which statement correctly describes Cloud External Key Manager?
A company wants Cloud KMS to initiate creation and rotation of coordinated external keys. Which setup is required?
What does a Binary Authorization attestation represent?
What is the consequence of losing access to either side of a Cloud EKM key relationship?
A company uses manually managed external keys with Cloud EKM. Which operational consideration is correct?
Which Google Cloud service provides vulnerability scanning and metadata storage for containers on Google Cloud?
Why would a team use Secret Manager versions and aliases for an application secret?
Which statement correctly distinguishes Binary Authorization enforcement from continuous validation?
A regulated workload requires secret payloads to be stored only in a customer-selected set of regions. Which Secret Manager replication choice fits th...
Which Google Cloud service is built to inspect, classify, and de-identify sensitive data such as PII in text, storage systems, and images?
An organization wants to classify and tag all sensitive data stored in Cloud Storage and BigQuery across the entire organization automatically without...
A company implements Binary Authorization for all GKE deployments. A developer reports that a valid container image is being blocked at deployment eve...
A financial company must ensure that its Cloud KMS keys can never be used without its knowledge, even by Google employees. They also need the ability ...
A data engineering team wants to allow data analysts to query production BigQuery tables containing PII without ever seeing the raw PII values. Which ...
A security team wants to ensure that Cloud Storage objects in a regulated bucket cannot be deleted or overwritten for a minimum retention period of se...
Which Cloud KMS key type allows hardware-based cryptographic operations and lets you perform key generation and destruction using a FIPS 140-2 Level 3...
A Cloud Storage bucket uses a CMEK from Cloud KMS. The security team disables the CMEK key version without destroying it. What happens to access to ob...
What is the purpose of a data residency organization policy constraint in Google Cloud?
Sign in to see all 47 questions
Create a free account to browse all questions — completely free during our launch phase.