Practice PCSE Configuring Access Within a Cloud Solution Environment questions with full explanations on every answer.
Start practicing
Configuring Access Within a Cloud Solution Environment — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A security engineer needs to prevent users from creating service account keys in a Google Cloud project. The solution must be enforceable across all projects in the organization and should not block other IAM operations. Which approach should they use?
2An organization uses Active Directory (AD) on-premises and wants to synchronize user accounts and groups to Google Cloud Identity for SSO with SAML 2.0. The AD contains 50,000 users and 10,000 groups. The solution must support automatic provisioning and deprovisioning of users. Which tool should they use?
3A developer wants to grant a Compute Engine instance access to read objects from a Cloud Storage bucket. The instance runs under a service account. What is the best practice for granting this access?
4A company has multiple Google Cloud projects organized under folders by department. The security team wants to enforce a policy that all Compute Engine instances must use Shielded VM features. They need to prevent non-compliant instances from being created. Which action should be taken to enforce this requirement most effectively?
5What is the purpose of Identity-Aware Proxy (IAP) on Google Cloud?
6A DevOps team uses GitHub Actions to deploy infrastructure to Google Cloud. They want to avoid storing long-lived service account keys. Which approach should they use to authenticate from GitHub Actions to Google Cloud?
7An organization has set up IAP to protect a web application running on Compute Engine. The application needs to know the authenticated user's email address for logging. How can the application securely obtain this information?
8A security engineer wants to ensure that only users from a specific external identity provider (IdP) domain (example.com) can access Google Cloud resources. They have configured SAML SSO with the IdP. However, users from other domains are also able to access resources. What is the most effective way to restrict access to only users from example.com?
9A company wants to use Google Cloud resources but does not have a Google Workspace or Cloud Identity account. They want to manage identities for their users without paying for additional licenses. What is the most cost-effective identity solution?
10A developer needs to create a custom IAM role that allows only a specific set of permissions for managing Cloud SQL instances. The role should be available at the organization level. Which command should they use?
11A company has a GKE cluster with a Kubernetes Service Account (KSA) that needs to access Cloud Storage. They want to bind the KSA to a Google Cloud service account (GCP SA) so that pods running under the KSA inherit the GCP SA's permissions. They have enabled Workload Identity on the cluster. What is the correct step to bind the KSA to the GCP SA?
12A security administrator wants to prevent users from disabling Shielded VM on existing Compute Engine instances. Which IAM permission should they deny?
13A company uses Google Cloud Directory Sync (GCDS) to synchronize users from an on-premises Active Directory to Cloud Identity. The security team wants to ensure that only synchronized users can access Google Cloud resources. Which TWO actions are part of a secure configuration? (Choose two.)
14A financial services company is migrating to Google Cloud and needs to enforce strict security controls. They want to ensure that: 1) No service account keys are created. 2) All Compute Engine instances must be created with Shielded VM enabled. 3) Only users from the corporate domain (example.com) can be granted IAM roles. Which THREE Organization Policy constraints must be used? (Choose three.)
15A cloud architect is designing a multi-project environment in Google Cloud. They want to ensure that a specific folder-level IAM policy cannot be overridden by project-level policies. Which TWO statements about IAM policy inheritance and deny policies are correct? (Choose two.)
16A security engineer wants to ensure that all Compute Engine VMs in an organization use Shielded VM features. The organization uses Cloud Identity as the identity provider. What is the most efficient way to enforce this requirement?
17A development team needs to grant a third-party auditor read-only access to a specific project's resources but must not allow the auditor to view any data stored in Cloud Storage buckets. Which IAM approach should be used?
18An organization uses Google Workspace for email and collaboration. They want to allow employees to sign in to a custom web application using their Google Workspace credentials. The application runs on Compute Engine and uses a PostgreSQL database. Which identity solution should they implement?
19A company runs a batch job on Compute Engine that processes sensitive data. The job uses a service account with a JSON key file stored on the VM. A security audit recommends removing long-lived keys. The job must run unattended. What is the best alternative?
20A company wants to allow an external auditor to view all IAM policies in a project but not modify them. The auditor's Google account is from a different domain. Which IAM role should be assigned?
21Which of the following is a key advantage of using Workload Identity Federation over service account keys for authenticating workloads running on AWS?
22A DevOps engineer needs to create a custom IAM role that allows creating and deleting Compute Engine instances but not stopping or starting them. Which permissions should be included?
23An organization has multiple GCP projects under a folder. They want to prevent all users from creating service account keys in any project under that folder. They also want to allow exceptions for a specific project where key creation is needed. Which approach should they take?
24Which of the following is true about IAM deny policies?
25A company uses Cloud Identity to manage users and groups. They want to synchronize users from their on-premises Active Directory to Cloud Identity. Which tool should they use?
26A GKE cluster runs workloads that need to access Cloud Storage. The security team wants to avoid using service account keys and ensure each pod has a unique identity. What is the best practice?
27An organization wants to allow users to access a web application running on Compute Engine via HTTPS. The application requires users to authenticate with their corporate credentials (SAML 2.0 IdP). Which Google Cloud service should be used?
28A company wants to enforce that only users from a specific domain (example.com) can be granted IAM roles on any resource in their organization. Which two steps are required? (Choose two.)
29A security engineer needs to ensure that all Compute Engine instances in an organization are created with specific CMEK (Customer-Managed Encryption Key) for disk encryption. The engineer wants to enforce this at the organization level. Which three actions are required? (Choose three.)
30A developer wants to allow a CI/CD pipeline running on GitHub Actions to deploy resources to a GCP project without using service account keys. Which two components are needed? (Choose two.)
31A security engineer is configuring access for a new team member who needs to manage Cloud Storage buckets, but should not be able to delete or modify existing objects. Which IAM role should be assigned?
32An organization uses Cloud Identity with a third-party IdP via SAML 2.0. A security engineer needs to enforce that all Google Cloud access requires multi-factor authentication (MFA) from the IdP. What is the recommended approach?
33A company has multiple projects under an organization node. A security engineer needs to deny all principals in the organization from creating service account keys, except for a specific project where it must be allowed. Which approach should be used?
34A developer wants to run a containerized application on GKE that needs to read from a Cloud Storage bucket. The developer needs to securely provide credentials. What is the recommended approach?
35An organization needs to grant a contractor access to a specific project for 30 days, with the ability to start and stop Compute Engine instances but not delete them. Which IAM role should be used?
36A company uses SAML 2.0 federation with an external IdP. Users are synced from Active Directory to Cloud Identity using Google Cloud Directory Sync (GCDS). The security engineer needs to ensure that only users from a specific Active Directory group can access Google Cloud resources. What should be configured?
37A security engineer needs to grant a DevOps team the ability to deploy and manage Cloud Run services, but they should not be able to modify IAM policies or delete the service. Which predefined role should be assigned?
38An application running on Compute Engine needs to authenticate to Google Cloud APIs. The security engineer wants to avoid managing keys. What is the recommended method?
39A company needs to allow developers to create and manage custom IAM roles at the project level, but restrict the permissions that can be added to those roles to a predefined list. What should be used?
40A security engineer needs to configure Identity-Aware Proxy (IAP) for a web application running on Compute Engine. The goal is to ensure that only authenticated users from the corporate domain can access the application. What is the first step in the configuration?
41A security engineer is configuring access for a service account used by a batch job that runs on Compute Engine. The job needs to read from a BigQuery dataset and write results to Cloud Storage. What is the recommended way to grant these permissions?
42An organization wants to enforce that all new projects automatically have a specific set of IAM roles assigned to a security group. What is the best way to achieve this?
43A security engineer is designing access control for a multi-project environment. The engineer needs to ensure that a data science team can read data from a BigQuery dataset in Project A and write results to a Cloud Storage bucket in Project B. The team members are authenticated via an external SAML IdP. Which TWO steps should be taken? (Choose 2 correct answers)
44A company is using GKE with Workload Identity to allow pods to access Google Cloud services. A security engineer needs to restrict a specific pod to only read from a single Cloud Storage bucket. Which THREE steps should be taken? (Choose 3 correct answers)
45A security engineer needs to ensure that no one in the organization can disable or delete Cloud Key Management Service (Cloud KMS) keys, except for a designated security team. Which TWO approaches should be combined? (Choose 2 correct answers)
46A security engineer wants to ensure that no IAM keys are created for service accounts in a Google Cloud organization. Which organization policy constraint should be applied?
47An organization uses Azure Active Directory as its identity provider. They want to allow employees to access Google Cloud resources using their Azure credentials without provisioning Google Cloud user accounts. Which solution should they implement?
48A developer needs to deploy an application on Compute Engine that reads from a Cloud Storage bucket. The engineer wants to avoid managing service account keys. What is the recommended approach to grant the necessary permissions?
49A company has a Google Cloud organization with multiple folders representing departments. The security team wants to enforce that all Compute Engine VMs in the organization must have Shielded VM enabled. Which approach should the team use to enforce this requirement?
50A DevOps engineer wants to allow a CI/CD pipeline running in GitHub Actions to deploy resources to a Google Cloud project without using long-lived service account keys. What should the engineer implement?
51Which IAM role should be assigned to a user who needs to manage, but not create or delete, Cloud Storage buckets and objects in a specific project?
52An organization uses Cloud Identity with Google Workspace. They want to grant a group of external auditors read-only access to a specific folder in Google Cloud. The auditors have accounts in the organization's Cloud Identity domain. What is the most efficient way to grant this access?
53A company has a Kubernetes cluster on GKE that runs a microservice. The microservice needs to read from a Cloud Spanner database. The security team requires that the microservice uses the principle of least privilege and that credentials are never stored as Kubernetes secrets. What is the recommended configuration?
54A company wants to allow users to access an internal web application running on Compute Engine behind a load balancer without requiring a VPN. The solution must authenticate users and enforce access based on user identity and context (e.g., device security). Which Google Cloud service should they use?
55A project manager needs to create custom IAM roles for a project. At which levels in the resource hierarchy can custom roles be defined?
56A company has an organization policy that denies the use of certain GCP services unless the project is in a specific folder. The DevOps team wants to create a new project in that folder. However, the project creation fails. What is the most likely cause?
57A security engineer notices that a service account has been assigned the roles/iam.serviceAccountUser role at the project level. What actions can a user with this role perform?
58A company has multiple Google Cloud projects under an organization. They want to ensure that only service accounts from their own Cloud Identity domain (example.com) can be used in IAM policies. Which TWO steps should they take? (Choose 2)
59An organization has a requirement that all service account keys must be rotated every 90 days. The security engineer wants to automate the detection of keys older than 90 days. Which TWO methods can achieve this? (Choose 2)
60A company wants to implement single sign-on (SSO) for its employees to access the Google Cloud Console using their existing corporate credentials from an on-premises Active Directory. Which THREE components are required? (Choose 3)
61An organization has multiple GCP projects managed through folders in the resource hierarchy. They want to enforce a policy that prohibits the creation of service account keys across all projects. Which approach should be used?
62A security engineer needs to grant a team the ability to impersonate a service account (SA) in project B from a Compute Engine instance in project A. The SA in project B has the required permissions to access Cloud Storage. What IAM configuration is required?
63A company uses Active Directory (AD) on-premises and wants to synchronize user accounts to Google Cloud Identity for SSO with SAML 2.0. They require automatic user provisioning and de-provisioning. Which Google Cloud tool should they use?
64A developer is running a batch job on Compute Engine that needs to read data from Cloud Storage. What is the recommended way to authenticate the VM to Cloud Storage without managing keys?
65An organization wants to allow an external identity provider (IdP) that supports OpenID Connect (OIDC) to access GCP resources. They want to avoid creating and managing service account keys. What should they use?
66A Google Kubernetes Engine (GKE) cluster has applications that need to access Cloud Storage. The security team wants to grant fine-grained access per pod. What is the recommended approach?
67An organization uses Cloud Identity to manage users and groups. They want to enforce that only users from their corporate domain (example.com) can be granted IAM roles on GCP resources. Which organization policy constraint should they use?
68What is the purpose of Identity-Aware Proxy (IAP) in Google Cloud?
69An engineer needs to grant a group of external auditors read-only access to all resources in a specific project. The auditors authenticate via an external SAML 2.0 IdP. What is the most secure and efficient way to set this up?
70A company wants to allow an application running on an on-premises server to access Cloud Storage without using long-lived service account keys. The on-premises environment uses Azure Active Directory (Azure AD) as its identity provider. Which GCP feature should they use?
71Which IAM role type is recommended for granting fine-grained permissions to Google Cloud services in production?
72An organization has a folder-level organization policy that enforces 'constraints/compute.requireShieldedVm'. A development team wants to create a test VM that does not use Shielded VM features. What is the correct approach?
73A company uses Active Directory (AD) on-premises and wants to implement SSO for Google Cloud Console access. They want to maintain user lifecycle management (create/disable accounts) from AD. Which TWO components are required?
74A security administrator needs to deploy a solution that allows a group of developers to access a web application running on Compute Engine behind an internal HTTP load balancer. The solution must enforce access based on user identity and device security status, and must not expose the application to the public internet. Which THREE components are required?
75A company wants to enforce that no service account keys are created for service accounts in a specific project. Additionally, they want to allow only users from their corporate domain (example.com) to be granted IAM roles. Which TWO organization policy constraints should they apply at the project level?
76An organization wants to grant a team of data analysts the ability to run BigQuery queries and create datasets, but prevent them from deleting datasets or modifying IAM policies. Which predefined IAM role should be assigned?
77A company has multiple GCP projects managed under a single organization node. They want to enforce that all Compute Engine VMs are created with Shielded VM features enabled. Which approach should they use?
78A security team needs to allow a third-party application running on AWS to access a Cloud Storage bucket without using service account keys. The application already uses AWS IAM roles. Which Google Cloud feature should they use?
79A developer is troubleshooting a Cloud Run service that needs to read from a Cloud Storage bucket. The service runs as the compute engine default service account. The service account has been granted the Storage Object Viewer role at the project level, but the service still gets permission denied errors. What is the most likely cause?
80An organization wants to allow users to authenticate to Google Cloud using their existing Active Directory credentials via SAML 2.0. Which Google Cloud identity service should they configure?
81A company has a security policy that service account keys should not be created. They want to prevent anyone from creating keys for any service account in the organization. Which organization policy constraint should they use?
82A GKE cluster has Workload Identity enabled. A Kubernetes service account is bound to a GCP service account named 'sa-gcs'. A pod using the Kubernetes service account fails to list objects in a Cloud Storage bucket. The GCP service account has the Storage Object Viewer role. What is the most likely cause?
83An administrator needs to grant a network team the ability to create and manage firewall rules, but not delete VPC networks. Which IAM role should be assigned?
84A company wants to grant a group of external auditors read-only access to all resources in a GCP project. The auditors authenticate via a SAML 2.0 identity provider. What is the most secure way to grant access?
85An organization has a deny policy that denies the compute.instances.create permission for all principals on a folder. A user is granted the Compute Admin role (which includes compute.instances.create) at the project level within that folder. Can the user create Compute Engine instances in that project?
86A company wants to allow their employees to access an internal web application running on Compute Engine using Identity-Aware Proxy (IAP). They want to ensure that only users from their corporate domain (example.com) can access the app. What is the recommended approach?
87A developer wants to grant a service account the ability to impersonate another service account in a different project. Which IAM permission is required for the developer to assign?
88A company wants to enforce that all Compute Engine instances are created with a specific set of tags for compliance. They also want to audit any changes to firewall rules. Which two Google Cloud services or features should they use? (Choose TWO.)
89A security administrator needs to grant a team of developers the ability to deploy applications to a GKE cluster, but only to specific namespaces. The developers should not be able to modify cluster-level resources or IAM policies. Which three steps should the administrator take? (Choose THREE.)
90A company wants to implement a zero-trust access model for SSH access to Compute Engine instances. They need to ensure that only authorized users can connect and that all connections are logged. Which two services should they use? (Choose TWO.)
91An organization wants to grant a DevOps team the ability to create and manage service accounts in a specific project, but prevent them from deleting existing service accounts or managing IAM policies. Which IAM role should be assigned to the team?
92A security engineer needs to prevent creation of long-lived service account keys across all projects in an organization. The solution should also block any existing keys older than 90 days. Which approach meets these requirements?
93A developer needs to deploy a web application on Compute Engine that must access Cloud Storage buckets. The best practice for providing credentials to the VM is to:
94A company uses Google Workspace and wants to allow users to authenticate to a third-party SaaS application using their Google credentials. The SaaS application supports SAML 2.0. What should the administrator configure?
95An organization has a deny policy at the folder level that denies the permission resourcemanager.projects.create. A user has an allow policy at the project level granting roles/owner. What is the effective permission for the user to create projects in that project?
96Which of the following is a benefit of using organization policies over IAM policies for enforcing restrictions on resources?
97A company wants to provide their employees access to a web application running on Compute Engine without exposing the VM to the public internet. The application uses a custom header to verify the user's identity. Which service should they use?
98An administrator needs to restrict which external identities can be used to access Google Cloud resources. The organization uses SAML federation with an external identity provider. Which organization policy constraint should be used?
99An organization wants to grant a CI/CD pipeline (running on GitHub Actions) access to deploy resources in a GCP project without storing long-lived service account keys. Which approach is recommended?
100In the Google Cloud IAM resource hierarchy, which level supports the most granular policy attachment?
101A security team wants to enforce that all Compute Engine instances in the organization use Shielded VM features (Secure Boot, vTPM, Integrity Monitoring). What should they configure?
102A user in a Google Cloud organization wants to create a custom IAM role at the project level. Which permission is required to create custom roles?
103A company wants to allow their on-premises Active Directory users to access Google Cloud resources using their existing credentials. They need to synchronize user accounts and groups to Google Cloud Directory and enable federated authentication. Which TWO services should they use?
104A security engineer needs to ensure that service account keys are not used in production workloads. They want to enforce this across the entire organization. Which TWO controls should they implement?
105A company wants to deploy a containerized application on GKE that needs to access Cloud SQL. They want to avoid storing database credentials in the application. Which THREE components should they use?
106A security engineer needs to ensure that a specific Compute Engine instance can only be accessed via HTTPS from users authenticated through Cloud Identity. The instance is behind an HTTP(S) load balancer. What should the engineer configure on the load balancer to enforce this access control?
107Your organization wants to assign a set of permissions to a group of users that allows them to create and delete Compute Engine instances, but not to modify other resources like Cloud Storage buckets. Which type of IAM role should you create?
108An organization has a Google Cloud organization node with multiple folders for different departments. A deny policy is set at the organization level to block the use of shielded VM constraints. Later, an allow policy at the folder level grants the compute.instances.create permission. A user in that folder tries to create a new VM without shielded VM enabled. What will happen?
109A company wants to allow an application running in an on-premises data center to access Google Cloud Storage buckets without storing long-lived service account keys. The on-premises application authenticates using an external identity provider (IdP) that supports OpenID Connect (OIDC). Which Google Cloud feature should they use?
110You need to grant a security auditor read-only access to all resources in a project, but they must not be able to view data within resources (e.g., table contents). Which predefined IAM role should you grant?
111A DevOps engineer needs to allow a CI/CD pipeline running in Google Kubernetes Engine (GKE) to push images to a specific Artifact Registry repository. The pipeline uses a Kubernetes service account. What is the best practice to grant this access without creating a JSON key for a Google service account?
112Your organization uses Cloud Identity with SAML 2.0 federation from an external identity provider (IdP). You need to ensure that only users from a specific group in the IdP can access a critical application behind an HTTPS load balancer. Which combination of steps is required?
113A company has an organization policy that disables service account key creation (constraints/iam.disableServiceAccountKeyCreation). However, a legacy application requires a service account key to authenticate. What should the engineer do to satisfy this requirement while following best practices?
114Which of the following is the correct order of the Google Cloud resource hierarchy from highest to lowest?
115An organization uses Cloud Directory Sync to synchronize users from on-premises Active Directory to Cloud Identity. After syncing, a user reports they cannot access a Google Cloud project even though they are a member of the correct AD group. The group has been assigned the roles/compute.admin role on the project. What is the most likely cause?
116An engineer is configuring Cloud Armor for an HTTP(S) load balancer and needs to allow traffic only from users who have been authenticated by Identity-Aware Proxy (IAP). The backend service already has IAP enabled. What additional configuration is needed to ensure that only authenticated requests reach the backend?
117A company wants to enforce that all new projects have a specific set of tags to track cost centers. Which Google Cloud feature should they use?
118A security engineer needs to allow a group of external auditors to view all resources in a project but not modify anything. They must also prevent the auditors from viewing sensitive data in BigQuery datasets. Which TWO IAM bindings should the engineer configure? (Choose two.)
119A company runs a batch job on Compute Engine that reads data from Cloud Storage and writes results to BigQuery. The Compute Engine instance uses a service account. The job fails with a permission error. Which THREE steps should the engineer take to resolve this? (Choose three.)
120An organization uses Cloud Identity with SAML 2.0 federation. They want to enable single sign-on (SSO) for users accessing Google Cloud Console and also allow access to a custom application behind an HTTPS load balancer using IAP. Which TWO configurations are required? (Choose two.)
121Your organization has an IAM policy at the folder level that grants a user the Compute Admin role. A deny policy at the project level denies the same user the compute.instances.create permission. What is the effective access for this user on the project?
122A security engineer needs to enforce that all Compute Engine VMs in an organization use Shielded VM features. Which approach should they use?
123A company uses Google Cloud Directory Sync to synchronize users from an on-premises Active Directory to Cloud Identity. They want to allow federated access from their external identity provider (IdP) that supports SAML 2.0. The IdP should be able to authenticate users from a specific AD domain. What configuration steps are required?
124A DevOps team wants to grant a CI/CD pipeline (running on a Compute Engine VM) the ability to restart Compute Engine instances in a specific project. The VM has a service account attached. What is the best practice to grant this permission?
125An organization wants to use a third-party identity provider (IdP) that supports OpenID Connect (OIDC) to manage access to Google Cloud resources. They want users to authenticate with the external IdP and access GCP via the Cloud Console and gcloud CLI. Which feature should they use?
126A company is migrating to Google Cloud and wants to implement least privilege access for their engineers. They have the following requirements: 1) Engineers must be able to create and manage Cloud Storage buckets. 2) Engineers must NOT be able to delete any resources. 3) Engineers should not be granted basic roles. Which two predefined roles should they combine to meet these requirements? (Choose two.)
127A security team wants to restrict service account key creation in their organization to prevent key-based authentication. They have set the organization policy constraint constraints/iam.disableServiceAccountKeyCreation to True. However, they need to allow a specific project to continue creating keys for legacy applications. Which two steps are required? (Choose two.)
128A company wants to implement workload identity federation for a GitHub Actions workflow, allowing it to access Google Cloud resources without using service account keys. Which three steps are required? (Choose three.)
129An organization wants to use Identity-Aware Proxy (IAP) to secure access to a web application running on Compute Engine. They need to ensure that only users with specific email domains can access the application, and also verify that requests are coming from IAP. Which two configurations are required? (Choose two.)
130A developer wants to grant a Kubernetes service account in GKE the ability to read objects from a specific Cloud Storage bucket. Which two resources need to be bound together? (Choose two.)
131A company uses Cloud Identity with SAML 2.0 federation from an external IdP. They want to enforce that users must be members of a specific group in the IdP to access GCP resources. Which two configurations are necessary? (Choose two.)
132A security architect is designing an IAM hierarchy for a large organization. The requirements are: 1) Development projects should inherit a policy that allows Compute Engine access. 2) Production projects should not have Compute Engine access. 3) Audit team must be able to read all resources across all projects. Which three IAM policy placements are correct? (Choose three.)
133A company wants to use Google Cloud Directory Sync (GCDS) to synchronize users and groups from an on-premises Active Directory to Cloud Identity. Which two prerequisites must be met? (Choose two.)
134A company needs to grant developers the ability to deploy applications to App Engine, but they should not be able to modify IAM policies. Which two roles should be assigned to the developers? (Choose two.)
135An organization wants to restrict the creation of service accounts to only certain projects. Which two approaches can achieve this? (Choose two.)
The Configuring Access Within a Cloud Solution Environment domain covers the key concepts tested in this area of the PCSE exam blueprint published by Google Cloud. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCSE domains — no account required.
The Courseiva PCSE question bank contains 135 questions in the Configuring Access Within a Cloud Solution Environment domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Configuring Access Within a Cloud Solution Environment domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included