Skip to main content
Google Cloud ⭐ Premium

Google Professional Data Engineer - 340 Questions

By Webmaster Certland ❤️ 0 likes

Practice exam for the Google Professional Data Engineer certification. Covers designing data processing systems, ingesting and processing data, storing data, preparing data for analysis, and maintaining and automating data workloads.

🔒

Premium Content

This exam is exclusive to Premium users. Upgrade to get unlimited access!

Become Premium

👁️ Free Preview (5 of 340 questions)

1. A company stores sensitive customer data in BigQuery. The security team requires that only specific service accounts can decrypt and read the data. The data must remain encrypted at rest using customer-managed keys. Which approach should a data engineer implement?

A Enable CMEK on the BigQuery dataset using Cloud KMS and grant the Cloud KMS CryptoKey Encrypter/Decrypter role only to the required service accounts.
B Use Google-managed encryption keys (GMEK) and restrict access via BigQuery IAM roles on the dataset.
C Configure Customer-Supplied Encryption Keys (CSEK) on the BigQuery tables and share the raw key only with authorized service accounts.
D Enable VPC Service Controls around the BigQuery API and require all access to go through a specific service perimeter.

2. A data engineer needs to ensure that a BigQuery dataset containing PII is only accessible from within the company's Google Cloud VPC and cannot be accessed from the public internet. Which Google Cloud feature should be used?

A Enable Private Google Access on the VPC subnet used by data engineers.
B Configure VPC Service Controls to create a service perimeter that includes the BigQuery API and restricts access to the company VPC.
C Apply a Cloud Armor security policy to block all requests to BigQuery that do not originate from the company's IP range.
D Set authorized networks on the BigQuery dataset to only allow the company's VPC CIDR range.

3. An organization operates in multiple countries and must comply with data residency regulations that require certain customer data to remain within the European Union. The data will be stored in BigQuery. Which configuration ensures compliance?

A Create the BigQuery dataset in the US multi-region location and apply IAM policies to restrict access to EU-based users only.
B Create the BigQuery dataset with a global location setting and enable data sovereignty mode.
C Create the BigQuery dataset in the EU multi-region location to ensure all data remains within European Union data centers.
D Apply an organization policy constraint to restrict BigQuery resource locations and rely on default dataset settings.

4. A data engineering team needs to detect and de-identify Social Security Numbers (SSNs) and credit card numbers stored in Cloud Storage before loading them into BigQuery for analysis. Which Google Cloud service should they use?

A Use Cloud Data Loss Prevention (Cloud DLP) to inspect the files and apply de-identification transformations before loading into BigQuery.
B Use Cloud Security Command Center to scan Cloud Storage buckets for sensitive data findings and apply remediation.
C Store all sensitive data fields in Secret Manager and reference them by secret ID in BigQuery.
D Apply Cloud KMS encryption on the Cloud Storage files and restrict BigQuery access using column-level security.

5. A company has multiple teams working with BigQuery. The data governance team requires that only the analytics team can see a specific column containing customer email addresses, while other columns remain accessible to all users. Which BigQuery feature should be implemented?

A Create an authorized view that excludes the email column and grant all users access only to the authorized view.
B Implement BigQuery column-level security by assigning a policy tag to the email column and granting the Fine-Grained Reader role only to the analytics team.
C Configure row-level security on the table with a condition that hides the email column for non-analytics users.
D Apply dataset-level IAM roles to restrict all access to the analytics team and create a separate public dataset without the email column.

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium 7-day trial
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Start 7-day free trial

Information

Questions 340
Time 2h
Difficulty Hard
Minimum Score 70.00%
▶ Try 5 questions — no account needed 🔒 Unlock all questions — Premium 🤍 Like

Related Exams

⭐ Premium

Google Professional Machine Learning Engineer - 340 Questions

340 questions · 0 attempts

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.