PCA · topic practice

Designing for Security and Compliance practice questions

Practise Google Professional Cloud Architect Designing for Security and Compliance practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Designing for Security and Compliance

What the exam tests

What to know about Designing for Security and Compliance

Designing for Security and Compliance questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Designing for Security and Compliance exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Designing for Security and Compliance questions

20 questions · select your answer, then reveal the explanation

A company wants to control which resources can be accessed by a service account in a specific project. Which IAM policy binding approach should be used?

An organization requires that all container images deployed to GKE be signed and verified before deployment. Which GCP service should be used?

A security team wants to prevent data exfiltration from a GKE cluster to external storage. They need to restrict access to Cloud Storage buckets from the cluster without using private IPs. Which solution should they implement?

A company uses Cloud KMS with CMEK to encrypt data stored in BigQuery. They need to audit who has used the encryption key and when. Which type of audit log should they enable?

An engineer needs to grant a user the ability to create and manage service accounts in a project. Which predefined IAM role provides these permissions?

Question 6mediummultiple choice
Read the full VPN explanation →

A company wants to enforce that all API calls to GCP services from outside their corporate network come through a specific Cloud VPN tunnel. Which GCP service can enforce this policy?

An organization needs to store secrets used by multiple GCP services. They require automatic rotation of secrets every 30 days and integration with Cloud Functions. Which service should they use?

A company wants to use its existing Active Directory credentials to authenticate users to the GCP Console. Which service should they integrate with?

Which GCP service can be used to detect and redact sensitive data such as credit card numbers in text files stored in Cloud Storage?

A company needs to ensure that only approved container images can be deployed to a GKE cluster. They already use Binary Authorization. What additional step is required to enforce this policy?

An organization needs to encrypt data at rest in BigQuery using keys that are rotated every 90 days. They want to manage the keys themselves but cannot store keys on-premises. Which encryption approach should they use?

A developer wants to allow a Compute Engine VM to authenticate to Google Cloud APIs without embedding service account keys in the VM image. What is the recommended approach?

A company wants to restrict network access to Cloud SQL instances such that only applications running in a specific VPC can connect. Which GCP feature should they use?

A company uses Cloud Armor to protect an HTTP(S) Load Balancer. They want to block traffic from a specific IP address range during off-peak hours but allow it during peak hours. How can they achieve this?

A company needs to ensure that only applications running in a specific GKE namespace can access a Cloud Storage bucket. Which approach should they use?

A company wants to enforce that only approved container images can be deployed to GKE. They also want to ensure images are scanned for vulnerabilities before deployment. Which two GCP services should they use? (Choose TWO).

A company needs to store secrets used by multiple GCP services. They require automatic rotation of secrets every 30 days and integration with Cloud Functions. Which two GCP services should they use? (Choose TWO).

Which two GCP audit log types are available by default? (Choose TWO).

A company wants to protect a web application from SQL injection and cross-site scripting (XSS) attacks. They also need to block traffic from specific geographic regions. Which three features of Cloud Armor should they use? (Choose THREE).

A company needs to ensure that data stored in Cloud Storage is encrypted with customer-managed keys that are rotated every 90 days. Which two steps must be taken to achieve this? (Choose TWO).

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Designing for Security and Compliance sessions

Start a Designing for Security and Compliance only practice session

Every question in these sessions is drawn from the Designing for Security and Compliance domain — nothing else.

Related practice questions

Related PCA topic practice pages

Move into related areas when this topic feels solid.

Managing Implementation and Ensuring Solution and Operations Reliability practice questions

Practise PCA questions linked to Managing Implementation and Ensuring Solution and Operations Reliability.

Designing and Planning a Cloud Solution Architecture practice questions

Practise PCA questions linked to Designing and Planning a Cloud Solution Architecture.

Managing and Provisioning a Solution Infrastructure practice questions

Practise PCA questions linked to Managing and Provisioning a Solution Infrastructure.

Designing for Security and Compliance practice questions

Practise PCA questions linked to Designing for Security and Compliance.

Analysing and Optimising Technical and Business Processes practice questions

Practise PCA questions linked to Analysing and Optimising Technical and Business Processes.

Design and plan a cloud solution architecture practice questions

Practise PCA questions linked to Design and plan a cloud solution architecture.

Manage and provision cloud infrastructure practice questions

Practise PCA questions linked to Manage and provision cloud infrastructure.

Design for security and compliance practice questions

Practise PCA questions linked to Design for security and compliance.

Analyze and optimize technical and business processes practice questions

Practise PCA questions linked to Analyze and optimize technical and business processes.

Manage implementation of cloud architecture practice questions

Practise PCA questions linked to Manage implementation of cloud architecture.

Ensure solution and operations reliability practice questions

Practise PCA questions linked to Ensure solution and operations reliability.

PCA fundamentals practice questions

Practise PCA questions linked to PCA fundamentals.

Frequently asked questions

What does the PCA exam test about Designing for Security and Compliance?
Designing for Security and Compliance questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Designing for Security and Compliance questions in a focused session?
Yes — the session launcher on this page draws every question from the Designing for Security and Compliance domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCA topics?
Use the topic links above to move to related areas, or go back to the PCA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCA exam covers. They are not copied from any real exam or dump site.