Chapter PSE professional tier

Professional Cloud Security Engineer

Editor's note — A study companion for the Professional Cloud Security Engineer exam — every domain rebuilt from scratch, with worked practice questions and an exam-grade timed simulation.

50 questions 120 minutes threshold 700/1000 5 domains official guide

begin — Practice Twenty questions, untimed, with full explanations after every answer. begin — Mock Examination 50 questions in 120:00, timed, scored.

5 domains · 32 topics

I. Configuring Access 25% weight

Cloud Identity and SSO Federation Resource Hierarchy and IAM Roles Service Account Management and Hardening IAM Conditions and Policy Intelligence Workload Identity: GKE and External Organization Policy Service Identity-Aware Proxy (IAP) Access Context Manager

II. Securing Communications 22% weight

VPC Firewall Rules and Policies Cloud Armor: WAF and DDoS Protection Cloud IDS and Network Threat Detection VPC Service Controls (VPC SC): Perimeters VPC SC: Bridges and Ingress/Egress Rules Private Service Connect (PSC) and Private Google Access Hybrid Connectivity Security

III. Ensuring Data Protection 23% weight

Cloud KMS Key Hierarchy and Lifecycle CMEK and CSEK External Key Manager (EKM) and HSM DLP: Inspection and Templates DLP: De-identification and Masking Storage and Secret Manager Security Binary Authorization and Artifact Security

IV. Managing Operations 19% weight

Cloud Audit Logs and Log Sinks SCC Premium: Findings and Assets SCC Premium: Threat Detection Generative AI Security: Model Armor Incident Response and Forensics Security Monitoring and Alerting

V. Supporting Compliance 11% weight

Regulatory Compliance and Artifact Org Policy Service for Compliance Data Sovereignty and Residency Compliance Monitoring in SCC