Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your security team is mapping identities to workloads in a large Google Cloud environment. Which of the following requirements must be implemented with a Google Cloud service account rather than a human user or group identity?

  • A batch job running on a managed instance group writes nightly inventory data from Cloud SQL to BigQuery.
  • Data analysts run BigQuery queries from their laptops each morning using the bq command-line tool.
  • External auditors need temporary read-only access to the Cloud Console for a two-week engagement.
  • On-call engineers occasionally SSH into production Linux VMs via IAP for troubleshooting.

  • On-call engineers accessing production VMs through IAP-based SSH sessions

  • Data analysts using the bq CLI from their personal workstations

  • The batch job on the managed instance group that exports data from Cloud SQL to BigQuery

  • External auditors requesting two weeks of read-only Cloud Console access

GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot