GCP Professional Cloud Architect Practice Question
Your security team is scheduling an internal penetration test for a production workload that runs entirely in one Google Cloud project you own. Planned test steps include: (1) launching an automated tool that will saturate the public HTTP(S) load-balancer with 100 000 requests per second for 30 minutes to measure autoscaling limits, (2) performing a password-spray attack against your own Cloud SQL users, (3) running a full TCP port scan between two Compute Engine instances in the same VPC network, and (4) reviewing IAM policy bindings for excessive permissions. According to Google Cloud's Acceptable Use Policy and penetration-testing guidelines, which single activity is explicitly prohibited and must be removed from the test plan?
Reviewing Identity and Access Management (IAM) policy bindings to identify overly broad role assignments.
Conducting a password-spray attack against user accounts on your own Cloud SQL instance.
Saturating the public HTTP(S) load-balancer with 100 000 requests per second for 30 minutes to test autoscaling behavior.
Executing a comprehensive TCP port scan between two Compute Engine virtual machines within the same VPC.
Google Cloud customers may security-test resources they own without prior approval, but the Acceptable Use Policy bans any activity that attempts to degrade service for Google or other customers. High-volume traffic meant to overwhelm an endpoint is considered a denial-of-service (DoS) or stress test and is therefore disallowed. Password-spray attempts on your own Cloud SQL instance, internal port scans within your project, and IAM reviews are permissible because they target assets you control and do not impact other tenants. Consequently, only the large-scale request flood against the public load balancer violates Google Cloud's explicit prohibition on DoS or resource-consumption attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Google Cloud's Acceptable Use Policy?
Open an interactive chat with Bash
Why is testing a public load balancer with high-volume traffic prohibited?
Open an interactive chat with Bash
What penetration testing activities are allowed in Google Cloud?
Open an interactive chat with Bash
What is a denial-of-service (DoS) attack?
Open an interactive chat with Bash
Why are IAM policy reviews considered permissible under GCP penetration-testing guidelines?
Open an interactive chat with Bash
What is the difference between port scanning and stress testing in GCP?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Analyzing and optimizing technical and business processes
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .