Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPCSETopicsSupporting compliance requirements
Free · No Signup RequiredGoogle Cloud · PCSE

PCSE Supporting compliance requirements Practice Questions

20+ practice questions focused on Supporting compliance requirements — one of the most tested topics on the Google Professional Cloud Security Engineer exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Supporting compliance requirements Practice

Exam Domains

Configuring network securityConfiguring access within a cloud solution environmentEnsuring data protectionManaging operations in a cloud solution environmentSupporting compliance requirementsAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Supporting compliance requirements Questions

Practice all 20+ →
1.

A company needs to retain audit logs for 7 years to meet regulatory compliance. They are using Cloud Logging. Which log storage strategy should they use to minimize costs while meeting the requirement?

A.Store logs in the _Required log bucket with a custom retention of 7 years.
B.Disable logging for non-critical resources to reduce log volume and retain only essential logs.
C.Use a log sink to export logs to Cloud Storage with a retention policy of 7 years and nearline storage class.
D.Use a log sink to export logs to BigQuery and set the table expiration to 7 years.

Explanation: Option C is correct because exporting logs to Cloud Storage via a log sink allows you to set a bucket retention policy of 7 years, meeting compliance requirements. Using the nearline storage class minimizes costs for logs that are accessed infrequently, as it offers lower storage costs than standard storage while still providing the necessary durability and retention capabilities.

2.

A healthcare organization must ensure that only authorized personnel can access Protected Health Information (PHI) stored in Cloud Storage. They need to enforce encryption at rest and control access based on data classification. Which combination of Google Cloud services should they use?

A.Use customer-supplied encryption keys (CSEK) and Cloud Audit Logs.
B.Use Cloud HSM for key management and Cloud DLP to inspect data.
C.Enable Access Transparency and use Organization Policies to restrict resource locations.
D.Use customer-managed encryption keys (CMEK) with Cloud KMS and VPC Service Controls.

Explanation: Option D is correct because it combines customer-managed encryption keys (CMEK) with Cloud KMS to enforce encryption at rest using keys controlled by the organization, and VPC Service Controls to restrict data access based on data classification by creating a security perimeter around Cloud Storage. This ensures that only authorized personnel within the defined perimeter can access PHI, meeting both encryption and access control requirements.

3.

A financial services company is deploying a multi-region application on Google Kubernetes Engine (GKE) and needs to comply with PCI DSS. They must ensure that cardholder data is encrypted in transit between pods in different clusters. What is the MOST secure way to achieve this?

A.Configure TLS for each service using a Cloud Load Balancing with SSL policies.
B.Enable Anthos Service Mesh with mutual TLS (mTLS) across clusters.
C.Use HTTPS between services by configuring ingress with a Google-managed SSL certificate.
D.Use VPC Network Peering to connect the clusters and rely on the internal network encryption.

Explanation: Option B is correct because Anthos Service Mesh with mutual TLS (mTLS) provides authenticated and encrypted communication between pods across different GKE clusters, meeting PCI DSS encryption-in-transit requirements. mTLS ensures that each side of the connection presents a certificate, verifying identity and encrypting traffic at the application layer, which is more secure than relying solely on network-level encryption. This approach also integrates with GKE's multi-cluster service mesh capabilities, allowing fine-grained policy enforcement across clusters.

4.

A company must implement data residency requirements that prohibit storing data outside the European Union. They are using Cloud Bigtable and need to ensure that backups are also stored within the EU. Which configuration should they choose?

A.Create the Bigtable instance with multi-region placement in europe-west1 and europe-west4.
B.Create an instance in a dual-region configuration (e.g., europe-west1 and europe-west4) and use backup policies.
C.Use a single-region instance in europe-west1 with customer-managed encryption keys (CMEK) for backups.
D.Create the Bigtable instance in a single EU region (e.g., europe-west1) and enable automatic backups.

Explanation: Option D is correct because a single-region Bigtable instance in an EU region (e.g., europe-west1) ensures that all data, including backups, remains within the EU. Enabling automatic backups stores backup data in the same region, satisfying data residency requirements that prohibit storing data outside the EU.

5.

A company is migrating to Google Cloud and needs to comply with the Health Insurance Portability and Accountability Act (HIPAA). They plan to use Cloud SQL for MySQL and Cloud Storage. Which TWO actions must they take to ensure HIPAA compliance?

A.Sign a Business Associate Agreement (BAA) with Google Cloud.
B.Disable automatic backups to prevent exposure of protected health information (PHI).
C.Enable encryption at rest for Cloud SQL and Cloud Storage.
D.Implement VPC Service Controls to create a perimeter around the projects.

Explanation: Option B and D are correct. HIPAA requires a Business Associate Agreement (BAA) with Google, and encryption at rest must be enabled. Cloud SQL and Cloud Storage both support encryption at rest. Option A is wrong because disabling automatic backups is not a HIPAA requirement. Option C is wrong because VPC Service Controls are for data exfiltration prevention, not specifically required by HIPAA. Option E is wrong because HIPAA does not mandate a specific key management service; CMEK is optional.

+15 more Supporting compliance requirements questions available

Practice all Supporting compliance requirements questions

How to master Supporting compliance requirements for PCSE

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Supporting compliance requirements. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Supporting compliance requirements questions on the PCSE frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many PCSE Supporting compliance requirements questions are on the real exam?

The exact number varies per candidate. Supporting compliance requirements is tested as part of the Google Professional Cloud Security Engineer blueprint. Practicing with targeted Supporting compliance requirements questions ensures you can handle any format or difficulty that appears.

Are these PCSE Supporting compliance requirements practice questions free?

Yes. Courseiva provides free PCSE practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Supporting compliance requirements one of the harder PCSE topics?

Difficulty is subjective, but Supporting compliance requirements is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Supporting compliance requirements practice session with instant scoring and detailed explanations.

Start Supporting compliance requirements Practice →

Topic Info

Topic

Supporting compliance requirements

Exam

PCSE

Questions available

20+