PCSE · topic practice

Configuring Network Security practice questions

Practise Google Professional Cloud Security Engineer Configuring Network Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Configuring Network Security

What the exam tests

What to know about Configuring Network Security

Configuring Network Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Configuring Network Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Configuring Network Security questions

20 questions · select your answer, then reveal the explanation

A security engineer needs to restrict access to Cloud Storage buckets so that only resources in a specific VPC can reach the Google APIs. Which Google Cloud service should be used?

An organization wants to enforce a security policy that denies all egress traffic to the internet from all projects in the organization, except for traffic from a specific set of VMs tagged with 'allow-egress'. Which approach should be used?

A company uses VPC Service Controls to protect a BigQuery dataset. They need to allow an external on-premises application to query the dataset without being inside the service perimeter. The external application has a static IP address. Which configuration is required?

A DevOps team wants to automatically provision and renew SSL certificates for a global HTTPS load balancer. Which certificate management option should be used?

An engineer needs to block a specific IP address from accessing an HTTPS load balancer. Which Cloud Armor rule should be used?

A company wants internal VMs to access Google APIs (e.g., Cloud Storage, BigQuery) without traversing the internet. What is the simplest configuration?

An organization uses VPC Service Controls in dry-run mode for a project containing Google Cloud Storage. They notice that BigQuery jobs are being logged as violations. How should they interpret this?

A security engineer wants to apply a baseline set of firewall rules that apply to all new and existing VMs in an organization, and these rules must not be overridden by project-level rules. Which approach should be used?

Which Cloud Armor feature uses machine learning to detect and mitigate DDoS attacks?

A service provider wants to expose an internal service to external consumers in a controlled manner, without giving them direct access to the VPC. Which Google Cloud service should be used?

An organization uses SSL policies for their HTTPS load balancer. They need to allow TLS 1.2 and 1.3 only, and use the most secure cipher profile available. Which SSL policy configuration should they choose?

Which VPC firewall rule target type is recommended for security because it can be dynamically applied to instances based on their service account?

A company wants to detect and block SQL injection attacks targeting their web application hosted on Compute Engine behind a Cloud Load Balancer. Which TWO steps should they take? (Choose TWO.)

A financial services company must ensure that all data in Cloud Storage remains within a specific region and that no data can be accessed from outside the corporate network. They also need to allow a partner organization to access a specific bucket. Which THREE Google Cloud services or features should be combined to meet these requirements? (Choose THREE.)

An organization wants to implement a zero-trust network security model for their Google Cloud environment. Which TWO practices should they adopt? (Choose TWO.)

An organization wants to restrict access to a Cloud Storage bucket so that only resources in a specific VPC network can reach it, without using public IP addresses. Which solution should they implement?

A security engineer needs to allow HTTP (port 80) traffic from all VMs in the production environment to a specific set of VMs running a web server. The web server VMs are identified by a service account 'web-sa@...'. Which firewall rule configuration should the engineer create?

A company wants to enforce that all VPC firewall rules in an organization must be centrally managed and cannot be overridden by lower-level projects. Which approach should they use?

An organization uses VPC Service Controls to protect BigQuery datasets. They need to allow a specific on-premises application, which uses a static IP address, to query a BigQuery dataset inside the service perimeter. Which configuration is required?

Question 20mediummultiple choice
Read the full VPN explanation →

A company wants to provide private connectivity from its VPC to Google APIs (e.g., Cloud Storage, BigQuery) without using public IPs or NAT. The solution must also support on-premises connectivity via Cloud VPN. Which service should they use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Configuring Network Security sessions

Start a Configuring Network Security only practice session

Every question in these sessions is drawn from the Configuring Network Security domain — nothing else.

Related practice questions

Related PCSE topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PCSE exam test about Configuring Network Security?
Configuring Network Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Configuring Network Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Configuring Network Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCSE topics?
Use the topic links above to move to related areas, or go back to the PCSE question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCSE exam covers. They are not copied from any real exam or dump site.