20+ practice questions focused on Supporting compliance requirements — one of the most tested topics on the Google Professional Cloud Security Engineer exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Supporting compliance requirements PracticeA company needs to retain audit logs for 7 years to meet regulatory compliance. They are using Cloud Logging. Which log storage strategy should they use to minimize costs while meeting the requirement?
Explanation: Option C is correct because exporting logs to Cloud Storage via a log sink allows you to set a bucket retention policy of 7 years, meeting compliance requirements. Using the nearline storage class minimizes costs for logs that are accessed infrequently, as it offers lower storage costs than standard storage while still providing the necessary durability and retention capabilities.
A healthcare organization must ensure that only authorized personnel can access Protected Health Information (PHI) stored in Cloud Storage. They need to enforce encryption at rest and control access based on data classification. Which combination of Google Cloud services should they use?
Explanation: Option D is correct because it combines customer-managed encryption keys (CMEK) with Cloud KMS to enforce encryption at rest using keys controlled by the organization, and VPC Service Controls to restrict data access based on data classification by creating a security perimeter around Cloud Storage. This ensures that only authorized personnel within the defined perimeter can access PHI, meeting both encryption and access control requirements.
A financial services company is deploying a multi-region application on Google Kubernetes Engine (GKE) and needs to comply with PCI DSS. They must ensure that cardholder data is encrypted in transit between pods in different clusters. What is the MOST secure way to achieve this?
Explanation: Option B is correct because Anthos Service Mesh with mutual TLS (mTLS) provides authenticated and encrypted communication between pods across different GKE clusters, meeting PCI DSS encryption-in-transit requirements. mTLS ensures that each side of the connection presents a certificate, verifying identity and encrypting traffic at the application layer, which is more secure than relying solely on network-level encryption. This approach also integrates with GKE's multi-cluster service mesh capabilities, allowing fine-grained policy enforcement across clusters.
A company must implement data residency requirements that prohibit storing data outside the European Union. They are using Cloud Bigtable and need to ensure that backups are also stored within the EU. Which configuration should they choose?
Explanation: Option D is correct because a single-region Bigtable instance in an EU region (e.g., europe-west1) ensures that all data, including backups, remains within the EU. Enabling automatic backups stores backup data in the same region, satisfying data residency requirements that prohibit storing data outside the EU.
A company is migrating to Google Cloud and needs to comply with the Health Insurance Portability and Accountability Act (HIPAA). They plan to use Cloud SQL for MySQL and Cloud Storage. Which TWO actions must they take to ensure HIPAA compliance?
Explanation: Option B and D are correct. HIPAA requires a Business Associate Agreement (BAA) with Google, and encryption at rest must be enabled. Cloud SQL and Cloud Storage both support encryption at rest. Option A is wrong because disabling automatic backups is not a HIPAA requirement. Option C is wrong because VPC Service Controls are for data exfiltration prevention, not specifically required by HIPAA. Option E is wrong because HIPAA does not mandate a specific key management service; CMEK is optional.
+15 more Supporting compliance requirements questions available
Practice all Supporting compliance requirements questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Supporting compliance requirements. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Supporting compliance requirements questions on the PCSE frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Supporting compliance requirements is tested as part of the Google Professional Cloud Security Engineer blueprint. Practicing with targeted Supporting compliance requirements questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free PCSE practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Supporting compliance requirements is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Supporting compliance requirements practice session with instant scoring and detailed explanations.
Start Supporting compliance requirements Practice →