Free Google Professional-Cloud-Security-Engineer Practice Exam Questions and Answers 2026

Start Learning with the Newest and 100% Free Professional-Cloud-Security-Engineer Exam Dumps Questions

Page: 1 / 70

Total 347 Questions | Updated On: Apr 01, 2026

Add To Cart

Question 1

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted data. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment. How should you prevent and fix this vulnerability?

A : Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.

B : Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.

C : Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.

D : Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Answer: D

Question 2

Your company's users access data in a BigQuery table. You want to ensure they can only access the data during working hours. What should you do?

A : Assign a BigQuery Data Viewer role along with an 1AM condition that limits the access to specified working hours.

B : Configure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraints for BigQuery during the specified working hours.

C : Assign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours

D : Run a gsuttl script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.

Answer: A

Question 3

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The

business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.

Your team becomes aware of this and wants to take over managing permissions and auditing the domain

resources.

Which type of access should your team grant to meet this requirement?

A : Organization Administrator

B : Security Reviewer

C : Organization Role Administrator

D : Organization Policy Administrator

Answer: C

Question 4

You are responsible for protecting highly sensitive data in BigQuery. Your operations teams need access to this data, but given privacy regulations, you want to ensure that they cannot read the sensitive fields such as email addresses and first names. These specific sensitive fields should only be available on a need-to-know basis to the HR team. What should you do?

A : Perform data masking with the DLP API and store that data in BigQuery for later use

B : Perform data redaction with the DLP API and store that data in BigQuery for later use

C : Perform data inspection with the DLP API and store that data in BigQuery for later use.

D : Perform tokenization for Pseudonymization with the DLP API and store that data in BigQuery for later use.

Answer: D

Question 5

What Google Cloud Platform product should a travel booking company use to ensure that end-user access to their 3-tier internal web application is only allowed from a specific known good CIDR, while also utilizing GCP's native SYN flood protection?

A : Cloud Armor is a security service provided by Google Cloud.

B : CDN on Google Cloud Platform.

C : The management of user access and permissions to Google Cloud resources is known as Cloud Identity and Access Management.

D : Rules for VPC Firewall.

Answer: A

Page: 1 / 70

Total 347 Questions | Updated On: Apr 01, 2026

Add To Cart