PCSE · topic practice

Supporting Compliance Requirements practice questions

Practise Google Professional Cloud Security Engineer Supporting Compliance Requirements practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Supporting Compliance Requirements

What the exam tests

What to know about Supporting Compliance Requirements

Supporting Compliance Requirements questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Supporting Compliance Requirements exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Supporting Compliance Requirements questions

20 questions · select your answer, then reveal the explanation

A healthcare organization is required to protect Protected Health Information (PHI) stored in Cloud Storage. They want to automatically detect and redact PHI before storing it. Which Google Cloud service should they use?

A company needs to retain audit logs for 7 years to meet compliance requirements. By default, Cloud Audit Logs are retained for 30 days. What should they do to retain the logs for 7 years?

A financial institution is deploying a payment application on GKE that must comply with PCI DSS. They need to isolate the cardholder data environment (CDE) from other workloads and ensure only authorized services can communicate. Which combination of controls should they implement?

An organization handles ITAR-controlled data and must restrict Google personnel access to the underlying infrastructure. Which Google Cloud product should they use to enforce this restriction?

A company must implement a data retention policy that prevents any modification or deletion of stored log files for 5 years. Which Cloud Storage feature should they use?

A company processes personal data of European Union residents on GCP. They need to ensure that data processing is limited to specific purposes and that data subjects can exercise their rights (access, rectification, erasure). Which actions should they take to comply with GDPR?

A security engineer wants to test a web application hosted on Compute Engine for vulnerabilities. According to Google Cloud's Acceptable Use Policy, which of the following is true regarding penetration testing?

A company using BigQuery for analytics needs to comply with the right to be forgotten (erasure) under GDPR. A data subject requests deletion of their personal data. What is the correct approach to delete data from BigQuery audit logs that contain the data subject's information?

Which Google Cloud compliance certification requires the customer to sign a Business Associate Agreement (BAA) with Google?

A government contractor needs to deploy workloads on GCP that meet FedRAMP High baseline requirements. They want to enforce resource location restrictions and access controls for Google personnel. Which product should they use?

Which of the following is a customer responsibility under the Google Cloud shared responsibility model?

A company wants to enforce that all Cloud Storage buckets created in their organization have a retention policy for compliance. If a bucket is created without a retention policy, it should be automatically remediated. Which approach should they use?

A company is migrating a PCI DSS-compliant application to GCP. They need to meet encryption requirements for cardholder data. Which TWO options satisfy PCI DSS encryption requirements? (Choose two.)

An organization must comply with ITAR regulations. They use Assured Workloads with the ITAR regime. Which THREE controls are automatically enforced by this regime? (Choose three.)

A company processes healthcare data and has signed a BAA with Google Cloud. They need to implement controls for HIPAA compliance. Which THREE actions should they take? (Choose three.)

A healthcare organization is migrating to Google Cloud and needs to store Protected Health Information (PHI) while maintaining HIPAA compliance. They have executed a Business Associate Agreement (BAA) with Google. Which additional step is required to ensure that PHI is properly classified and protected?

A financial institution must store audit logs for 7 years to comply with PCI DSS requirements. By default, Cloud Audit Logs are retained for 30 days. What is the most cost-effective way to retain audit logs for 7 years?

A company subject to EU GDPR must implement the right to erasure (right to be forgotten) for personal data stored in BigQuery audit logs. The logs include query text that may contain personally identifiable information (PII). What is the correct approach to anonymize or delete PII from BigQuery audit logs?

A government contractor needs to deploy a workload on Google Cloud that complies with FedRAMP High and ITAR (International Traffic in Arms Regulations). They require that Google personnel cannot access the infrastructure and that data residency is restricted to the United States. Which Google Cloud solution should they use?

Which Google Cloud service provides the ability to enforce data retention policies on Cloud Storage objects to prevent deletion or modification for a specified duration?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Supporting Compliance Requirements sessions

Start a Supporting Compliance Requirements only practice session

Every question in these sessions is drawn from the Supporting Compliance Requirements domain — nothing else.

Related practice questions

Related PCSE topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PCSE exam test about Supporting Compliance Requirements?
Supporting Compliance Requirements questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Supporting Compliance Requirements questions in a focused session?
Yes — the session launcher on this page draws every question from the Supporting Compliance Requirements domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCSE topics?
Use the topic links above to move to related areas, or go back to the PCSE question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCSE exam covers. They are not copied from any real exam or dump site.