Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

Sign inSign in with Facebook
Sign inSign in with Google

Challenge Yourself with GCP Compliance Knowledge Test

Evaluate Cloud Controls and Compliance Best Practices

Difficulty: Moderate
Questions: 20
Learning OutcomesStudy Material
Colorful paper art illustrating a quiz on GCP Compliance Knowledge Test

Ready to sharpen your cloud compliance expertise? Our GCP Compliance Knowledge Test quizzes you on governance, risk management, and data security to boost your understanding. Designed for IT professionals and students, this gcp compliance quiz features 15 multiple-choice questions that can be freely modified in our editor. You can compare your progress with the Compliance Knowledge Assessment or dive into the GCP Professional Data Engineer Practice Quiz for deeper insights. Organize and customize your learning in quizzes.

Which GCP service provides audit logs for user activity and API calls?
Cloud Storage
Cloud Audit Logs
Cloud Monitoring
Cloud Pub/Sub
Cloud Audit Logs is the GCP service specifically designed to record user activity and API calls. It captures Admin Activity, Data Access, and System Event logs for compliance and security. No other listed service provides this audit logging functionality.
Which compliance standard is specifically designed for payment card data protection and is supported by GCP?
HIPAA
ISO 27001
PCI DSS
SOC 2
PCI DSS is the industry standard for payment card data protection and is explicitly supported by GCP. It provides requirements for securing and processing cardholder data. Other frameworks address broader or different compliance needs.
Which GCP service helps detect and redact sensitive data in storage and streaming data sources?
Cloud Dataflow
Cloud Composer
Cloud Data Loss Prevention
Cloud Spanner
Cloud Data Loss Prevention (DLP) is designed to discover, classify, and redact sensitive data across storage systems and data streams. It offers pre-built detectors for data like PII and financial information. Other services do not perform data sensitivity scanning.
By default, how does GCP encrypt data at rest?
Customer-managed encryption keys
Google-managed encryption keys
In-transit encryption only
No encryption by default
GCP automatically encrypts all data at rest using Google-managed encryption keys by default. This ensures that data stored in GCP services is protected without additional configuration. Customers can optionally choose more granular key control.
Which GCP service provides a centralized view of security posture across Google Cloud assets?
Cloud IAM
Cloud Key Management Service
Security Command Center
Cloud Armor
Security Command Center offers a unified dashboard for assessing security risks and compliance across GCP resources. It integrates findings from vulnerability scans, misconfigurations, and threat detections. Other services focus on specific security aspects, not a central view.
Which GCP feature allows virtual machines to access Google APIs and services privately without external IP addresses?
Shared VPC
Private Google Access
Cloud NAT
VPC Peering
Private Google Access enables VMs without external IPs to reach Google APIs and services over an internal network path. This reduces exposure to the public internet while allowing access to managed services. Other options do not provide this specific private connectivity.
When auditing a Google Cloud Storage bucket, seeing 'allUsers' granted the Storage Object Viewer role indicates what compliance gap?
The bucket is unencrypted
Data is not being versioned
The bucket is publicly readable
Lifecycle rules are not configured
Granting 'allUsers' the Storage Object Viewer role makes the bucket publicly readable, creating a compliance gap for data confidentiality. Public access should be restricted to authorized identities to meet security standards. Encryption and lifecycle settings are separate controls.
For customers requiring control over encryption keys used by GCP services, which key type should they use?
Google-managed encryption keys
Customer-managed encryption keys (CMEK)
Default service account keys
Transport Layer Security keys
Customer-managed encryption keys (CMEK) allow customers to create and manage their own keys in Cloud Key Management Service, giving them control over key rotation and access. GCP services can then use these keys for encrypting data at rest. Google-managed keys do not offer this level of customer control.
Which Cloud Audit Logs type should be enabled to detect unauthorized changes to IAM policies?
Data Access logs
Admin Activity logs
System Event logs
Policy Denial logs
Admin Activity logs capture operations that modify the configuration or metadata of resources, including IAM policy changes. Enabling them allows organizations to track who changed roles or bindings. Data Access logs focus on data read/write operations, not policy changes.
Which Security Command Center feature continuously scans GCP resources for misconfigurations and compliance violations?
Event Threat Detection
Security Health Analytics
Cloud Security Scanner
Cloud Armor
Security Health Analytics is a module within Security Command Center that inspects resources against Google-recommended best practices and compliance standards. It identifies misconfigurations and compliance violations in real time. Event Threat Detection focuses on threat signals, not configuration scanning.
To ensure data is encrypted before it leaves the client environment, which encryption approach should be used?
Google-managed encryption keys
Customer-managed encryption keys (CMEK)
Customer-supplied encryption keys (CSEK)
Default in-transit encryption
Customer-supplied encryption keys (CSEK) allow clients to encrypt data locally before sending it to GCP, ensuring the data is protected end-to-end. GCP does not store the key, giving clients full control. CMEK and Google-managed keys apply encryption on GCP side, not client side.
Which regulation requires notifying authorities of certain data breaches within 72 hours?
HIPAA
GDPR
PCI DSS
ISO 27001
The General Data Protection Regulation (GDPR) mandates that data controllers report a personal data breach to the appropriate supervisory authority within 72 hours of becoming aware of it. Other frameworks have different timelines or focus areas. GDPR specifically addresses EU data subject rights.
To prevent VM instances from obtaining external IP addresses across all projects, which control should you enforce?
A firewall rule blocking external IPs
VPC Service Controls perimeter
Organization Policy constraint compute.vmExternalIpAccess
Custom IAM role without network access
The Organization Policy constraint compute.vmExternalIpAccess restricts the creation of external IP addresses on VM instances across all projects. This prevents public internet exposure at the organization level. Firewall rules and IAM roles do not centrally block the assignment of IP addresses.
Which GCP tool can you use to query and analyze logs centrally for compliance reporting?
Cloud Monitoring Dashboard
Logs Explorer
Cloud Armor
Cloud Dataflow
Logs Explorer is the interface within Cloud Logging that allows users to search, filter, and analyze logs from multiple resources. It supports advanced queries and can be used in compliance reporting. Cloud Monitoring focuses on metrics, not logs.
Which service offers continuous compliance monitoring and integrated threat detection in Google Cloud?
Cloud Security Scanner
Cloud DLP
Security Command Center
Cloud Armor
Security Command Center provides both continuous posture management and threat detection through multiple built-in modules. It centralizes findings from vulnerability scans, misconfiguration analyses, and threat intelligence. Other services address specific security concerns but not the full integrated view.
Which GCP portal provides automated mapping of Google Cloud services to controls in frameworks like NIST SP 800-53 and ISO 27001?
Cloud Asset Inventory
Security Command Center
Compliance Resource Center
Cloud Console Dashboard
The Compliance Resource Center in the Google Cloud console offers an interactive mapping of services to controls and standards such as NIST SP 800-53 and ISO 27001. It helps customers understand how GCP services meet regulatory requirements. Other tools do not provide this specific mapping feature.
An organization using customer-supplied encryption keys for persistent disks needs to rotate keys without VM downtime. Which method should they use?
Disks.update with new key
instances.setDiskEncryptionKey with new key
Create a new VM with rotated key
Stop VM, rotate key, then start VM
The instances.setDiskEncryptionKey API allows updating the Customer-Supplied Encryption Key on a running VM's disk without downtime. This method seamlessly replaces the key while VM operations continue. Other methods either require interruption or recreate resources.
In VPC Service Controls, what component defines the security boundary around GCP services and resources?
Organization Policy
Service Perimeter
Firewall Rule
IAM Condition
A Service Perimeter in VPC Service Controls establishes a security boundary that prevents data from moving outside defined GCP services and resources. It limits API calls and data exfiltration. Organization Policies and firewall rules serve different governance and network functions.
To build a custom compliance dashboard from audit logs across multiple GCP projects, which workflow is most appropriate?
Export logs to Cloud Storage and analyze with Cloud Functions
Use Cloud Monitoring metrics directly
Export logs to BigQuery and visualize with Data Studio
Create logs-based metrics and view in Logs Explorer
Exporting logs to BigQuery enables centralized querying and analysis across projects, and Data Studio can render custom dashboards from BigQuery tables. This workflow supports scalable, flexible compliance reporting. Logs Explorer and logs-based metrics are less suited for cross-project dashboards.
Which Cloud Storage feature enforces immutable retention policies for compliance purposes?
Bucket Lock
Lifecycle Rules
Object Versioning
Customer-Managed Encryption Keys
Bucket Lock enforces a write-once-read-many (WORM) policy, preventing objects from being deleted or modified within a specified retention period. This immutable retention is essential for regulatory compliance. Other features manage versions, encryption, or lifecycle, but do not enforce immutability.
0
{"name":"Which GCP service provides audit logs for user activity and API calls?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Which GCP service provides audit logs for user activity and API calls?, Which compliance standard is specifically designed for payment card data protection and is supported by GCP?, Which GCP service helps detect and redact sensitive data in storage and streaming data sources?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Learning Outcomes

  1. Analyze GCP compliance frameworks and standards.
  2. Evaluate cloud security controls in GCP environments.
  3. Identify compliance gaps in GCP deployments.
  4. Apply best practices for GCP data protection.
  5. Demonstrate understanding of audit and reporting mechanisms.
  6. Master strategies for continuous compliance monitoring.

Cheat Sheet

  1. Shared Responsibility Model - In GCP, Google safeguards the infrastructure while you secure your data and applications. Embracing this partnership ensures you focus on the right security measures at each layer. It's like a tag team - Google takes care of the ring, and you take care of the match. Google Cloud Architecture Framework: Security, privacy, and compliance
  2. Key Compliance Frameworks - Dive into standards like ISO/IEC 27001, NIST SP 800-53, and PCI DSS to guide your cloud security journey. These frameworks act as a treasure map, pointing you to best practices and regulatory requirements. By aligning with them, you build trust and avoid compliance pitfalls. Assess and report compliance with security standards
  3. IAM Best Practices - Assign roles based on the principle of least privilege to restrict access to only what's necessary. This minimises risk by ensuring users and services only have permissions they genuinely need. Think of it as giving out VIP passes - only the right people get backstage access. Google Cloud Architecture Framework: Security, privacy, and compliance
  4. Continuous Monitoring with Security Command Center - Leverage GCP's Security Command Center to scan for vulnerabilities and compliance breaches in real time. Proactive monitoring is like having a security guard that never sleeps, alerting you to issues before they become headlines. Stay ahead of threats with automated insights and rapid response. Assess and report compliance with security standards
  5. Encrypt Data at Rest and in Transit - Protect your sensitive information by using GCP's default encryption for storage and secure transport protocols. Encryption acts like a secret code - only authorized parties can read your data. Whether it's stored on disk or travelling over the network, your data stays shielded from prying eyes. Google Cloud Architecture Framework: Security, privacy, and compliance
  6. Regular Security Audits - Schedule frequent reviews of your GCP environment to spot compliance gaps and vulnerabilities. Audits are the health checkups of your cloud, uncovering weak spots before they become problems. With consistent assessments, you maintain a resilient and compliant infrastructure. Cloud Security Auditing: Ensuring Compliance and Risk Mitigation
  7. Logging and Incident Response - Implement comprehensive logging and alerting to catch security events as they happen. Effective monitoring helps you leap into action when something suspicious arises, like a superhero responding to a distress call. Coupled with a solid response plan, you'll quash threats before they escalate. An Analysis of Cloud Security Frameworks, Problems and Proposed Solutions
  8. Stay Updated on Security Standards - Keep an eye on emerging guidelines such as NIST SP 800-144 and ISO/IEC 27017 to refine your practices. The cloud security landscape evolves fast - think of these updates as your cheat codes for staying compliant. Regularly revisiting standards ensures you're using the latest protections. Top cloud security standards and frameworks to consider
  9. Incident Response Planning - Craft a detailed incident response plan tailored to your GCP setup, outlining roles, processes, and communication steps. A well-drilled plan turns chaos into choreography, helping teams act swiftly and cohesively. Practice your drills so when an incident strikes, you're ready for an encore. Google Cloud Architecture Framework: Security, privacy, and compliance
  10. Continuous Compliance Monitoring - Use GCP's built-in tools to track regulatory requirements and internal policies around the clock. Continuous monitoring is like having a personal coach - providing real-time feedback and tips for improvement. This proactive approach keeps your cloud environment healthy and audit-ready. Assess and report compliance with security standards
Powered by: Quiz Maker