Google Professional Cloud Security Engineer Questions and Answers

200 questions organized by topic with detailed explanations

Google
GCP-PCSE
200 questions
5 topics
Updated May 2026

Configuring access

52 questions12 easy25 medium15 hard~25% of exam
View All
Which IAM role type should generally be avoided in production because it is highly permissive and grants broad access ac...A company wants a custom role for a folder-scoped administration task and includes a folder-specific permission. Which s...A team needs an identity for an application running on Compute Engine to call Google Cloud APIs. Which identity type is ...

Securing communications and establishing boundary protection

39 questions10 easy19 medium10 hard~22% of exam
View All
Before enforcing a new VPC Service Controls perimeter, a team wants to observe violations without denying requests. Whic...Which statement correctly describes VPC firewall rule evaluation?A VM has only an internal IP address and must reach Google APIs and services from its subnet. Which VPC feature is requi...

Ensuring data protection

47 questions10 easy25 medium12 hard~23% of exam
View All
A secret uses user-managed replication in several regions. One configured region is unavailable during an update. What h...Which service is designed to store and manage secret values such as passwords and API keys, rather than perform cryptogr...Which statement correctly describes Cloud External Key Manager?

Managing operations

39 questions8 easy20 medium11 hard~19% of exam
View All
For most Google Cloud services, which audit log type is disabled by default because of its potentially large volume?Which service is Google Cloud's centralized vulnerability and threat reporting platform that also provides asset invento...What happens when Binary Authorization blocks a deployment because an image does not satisfy policy?

Supporting compliance requirements

23 questions7 easy9 medium7 hard~11% of exam
View All
What does Access Approval provide?What must be enabled before you can enable Access Approval for a project, folder, or organization?Which capability is provided by Key Access Justifications?

All Questions

#QuestionTopicDifficulty
1For most Google Cloud services, which audit log type is disabled by default because of its potential...Managing operations
medium
2A secret uses user-managed replication in several regions. One configured region is unavailable duri...Ensuring data protection
medium
3Before enforcing a new VPC Service Controls perimeter, a team wants to observe violations without de...Securing communications and establishing boundary protection
medium
4Which IAM role type should generally be avoided in production because it is highly permissive and gr...Configuring access
easy
5Which service is designed to store and manage secret values such as passwords and API keys, rather t...Ensuring data protection
easy

Sign in to see all 200 questions

Create a free account to browse all questions — completely free during our launch phase.

Sign Up FreeSign In

Ready to test your knowledge?

Take a full Google Professional Cloud Security Engineer practice test with timed exam simulation.

Start Practice Test