Google Professional Cloud Security Engineer — free practice exam
68 original practice questions aligned to official exam domains. Run a timed, domain-weighted quiz in your browser — no login required.
Exam domains
| Domain | Weight |
|---|---|
| Configuring access within a cloud solution environment | 25% |
| Configuring network security | 25% |
| Ensuring data protection | 25% |
| Managing operations in a cloud solution environment | 25% |
Sample practice questions
- An audit found gaps: the organization must rotate encryption keys automatically. Which option addresses this?
- A cloud engineer needs to DDoS protection at edge.
- A cloud engineer needs to investigate threats with Chronicle.
- A cloud engineer needs to restrict resource locations.
- A cloud engineer needs to service perimeter for data exfiltration.
- A cloud engineer needs to store API keys securely.
- For cost-aware operations, you should restrict resource locations.
- For cost-aware operations, you should service perimeter for data exfiltration.
- For cost-aware operations, you should rotate encryption keys automatically.
- For cost-aware operations, you should centralize security findings.
- For cost and security, the team must store API keys securely. What is the recommended approach?
- For cost and security, the team must centralize security findings. What is the recommended approach?
- A data team must DDoS protection at edge.
- A data team must deny public bucket access org-wide.
- A data team must investigate threats with Chronicle.
- A data team must store API keys securely.
- Two designs were proposed. Design A would restrict resource locations. Design B would deny public bucket access…
- Two designs were proposed. Design A would deny public bucket access org-wide. Design B would restrict resource…
- Two designs were proposed. Design A would store API keys securely. Design B would rotate encryption keys…
- Two designs were proposed. Design A would rotate encryption keys automatically. Design B would store API keys…
- Two designs were proposed. Design A would centralize security findings. Design B would investigate threats with…
- Two designs were proposed. Design A would investigate threats with Chronicle. Design B would centralize security…
- The DevOps team is automating releases and must deny public bucket access org-wide. Which design fits best?
- Which Google Cloud service should you use to restrict resource locations?
Browse all 68 indexed questions for this exam.