Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsGCDLExam Questions

Google Cloud · Free Practice Questions · Last reviewed May 2026

GCDL Exam Questions and Answers

30real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

60 exam questions
90 min time limit
Pass: 700/1000 / 1000
5 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Why cloud technology is transforming business2. Fundamental cloud concepts3. Google Cloud products, services, and solutions4. Scaling with Google Cloud operations5. Trust and security with Google Cloud
1

Domain 1: Why cloud technology is transforming business

All Why cloud technology is transforming business questions
Q1
easyFull explanation →

A traditional retailer currently maintains its own data centers, purchasing servers every 3–5 years and paying for facilities, power, and staff regardless of demand. When it migrates its workloads to the public cloud, which change in cost model does it experience?

A

From operational expenditure (OpEx) to capital expenditure (CapEx)

B

From capital expenditure (CapEx) to operational expenditure (OpEx)

Cloud eliminates large upfront hardware purchases (CapEx) and replaces them with pay-as-you-go usage fees (OpEx), aligning costs directly with actual business consumption.

C

From variable costs to fixed monthly costs

D

From consumption-based billing to annual depreciation cycles

Why: When a retailer migrates from owning and maintaining its own data centers to using a public cloud, it shifts from a capital expenditure (CapEx) model—where it buys servers and pays for facilities upfront—to an operational expenditure (OpEx) model, where it pays for cloud services as a recurring, usage-based cost. This change eliminates large upfront hardware investments and replaces them with predictable monthly or consumption-based billing, aligning costs directly with actual demand.
Q2
easyFull explanation →

A startup wants to launch a new product globally within 2 weeks. If it relied on traditional on-premises infrastructure, provisioning servers would take 6–8 weeks. By using the public cloud, the startup can launch on time. Which cloud benefit does this scenario illustrate?

A

Economies of scale — the cloud provider has more purchasing power than the startup.

B

Speed and agility — cloud resources are provisioned in minutes, enabling faster time-to-market.

Cloud's on-demand provisioning eliminates the 6–8 week hardware procurement cycle, allowing the startup to go from idea to global deployment in days.

C

Geographic reach — the cloud provider has data centers in more regions.

D

Reliability — cloud providers have better uptime SLAs than on-premises servers.

Why: Option B is correct because the scenario directly highlights how public cloud resources can be provisioned in minutes via APIs and automation, compared to the 6–8 weeks required for on-premises hardware procurement and setup. This speed and agility enable the startup to meet the 2-week launch deadline, demonstrating a core cloud benefit of rapid time-to-market.
Q3
mediumFull explanation →

A traditional bank processes loan applications using manual paper-based workflows that take 2 weeks per application. The bank wants to use cloud technology to reduce this to under 24 hours. Which cloud-enabled capability primarily drives this transformation?

A

Lower storage costs for paper documents by digitizing them in Cloud Storage.

B

Cloud-based AI/ML services and workflow automation that process applications end-to-end without manual steps.

Managed AI services (document extraction, risk scoring) combined with automated cloud workflows remove manual bottlenecks, enabling loan decisions in hours instead of weeks.

C

Moving the bank's email system to a cloud-based provider.

D

Using Cloud SQL instead of on-premises Oracle database.

Why: Option B is correct because cloud-based AI/ML services combined with workflow automation can process loan applications end-to-end without manual intervention, reducing processing time from 2 weeks to under 24 hours. This transformation is driven by the ability to automate document extraction, validation, and decision-making using services like Google Cloud Document AI and Workflows, which eliminate the bottleneck of manual paper-based workflows.
Q4
mediumFull explanation →

An e-commerce company plans its infrastructure for peak shopping events (e.g., Black Friday) which drive 50× normal traffic. On-premises, they must maintain 50× capacity year-round. In the cloud, they provision 50× capacity only during peak periods. Which cloud characteristic enables this cost optimization?

A

Measured service — metering and reporting resource consumption.

B

Elasticity — the ability to rapidly scale resources up during peak demand and release them when no longer needed.

Cloud elasticity lets the company provision 50× capacity for Black Friday (days) then scale back to 1× base capacity, paying only for what's used — eliminating year-round over-provisioning costs.

C

Broad network access — accessing resources from any internet-connected device.

D

Resource pooling — the provider's resources are shared among many customers.

Why: Elasticity is the cloud characteristic that allows resources to be automatically provisioned to handle 50× peak traffic and then de-provisioned when demand subsides, eliminating the need to maintain idle capacity year-round. This contrasts with on-premises infrastructure, where capacity must be statically over-provisioned to handle peak loads, leading to significant cost inefficiency. The ability to scale out and scale in dynamically based on real-time demand is the core enabler of the described cost optimization.
Q5
mediumFull explanation →

A manufacturing company wants to improve product quality by analyzing sensor data from 10,000 factory machines in real-time to detect defects before they occur. Previously, this was impossible due to the massive compute requirements. Which cloud capability makes this feasible?

A

Cloud storage allowing all sensor data to be stored cheaply.

B

On-demand access to massive compute resources and AI/ML services for real-time data processing.

Cloud's elastic compute and managed ML services allow the company to process 10,000 machines' sensor streams simultaneously using resources that would be unaffordable to own, enabling real-time predictive quality control.

C

Cloud-based email and collaboration tools for factory staff.

D

Migration of the company's ERP system to the cloud.

Why: Option B is correct because the core challenge is the massive compute requirement for real-time analysis of 10,000 machines' sensor data. Cloud providers offer on-demand access to elastic compute resources (e.g., AWS EC2 Auto Scaling, Azure VM Scale Sets) and AI/ML services (e.g., AWS SageMaker, Azure Machine Learning) that can scale horizontally to process streaming data in near real-time, enabling defect prediction that was previously infeasible with on-premises fixed-capacity infrastructure.
Q6
hardFull explanation →

A CEO asks why the company should invest in a cloud migration when the existing on-premises infrastructure 'still works fine.' Which business case arguments are MOST relevant to present? (Select the best answer.)

A

The cloud uses newer hardware and newer versions of Linux, which are technically superior.

B

Cloud enables faster innovation and time-to-market, reduces total cost of ownership, and provides access to advanced capabilities (AI, analytics) that improve competitive positioning.

These are the business outcomes that matter to a CEO: innovation speed (competitive advantage), TCO reduction (financial), and access to AI/ML (new capabilities). All three directly impact business results.

C

Cloud providers have more IT staff than the company, so IT headcount can be reduced immediately.

D

The current infrastructure will eventually fail, so proactive migration avoids future risk.

Why: Option B is correct because it directly addresses the CEO's strategic concerns by highlighting cloud's ability to accelerate innovation and time-to-market, reduce total cost of ownership (TCO) through pay-as-you-go pricing and elimination of hardware lifecycle costs, and provide access to advanced capabilities like AI and analytics that on-premises infrastructure cannot easily match. These arguments frame cloud migration as a competitive necessity rather than a mere technology upgrade, which is the core of the business case.

Want more Why cloud technology is transforming business practice?

Practice this domain
2

Domain 2: Fundamental cloud concepts

All Fundamental cloud concepts questions
Q1
easyFull explanation →

A company wants to use computing resources over the internet without managing physical servers. The cloud provider manages the underlying hardware and virtualization, while the company manages the operating system, middleware, and applications. Which cloud service model does this describe?

A

Software as a Service (SaaS)

B

Infrastructure as a Service (IaaS)

IaaS provides virtualized compute, storage, and networking. The provider manages physical infrastructure; the customer manages OS, middleware, and applications. Compute Engine is Google's IaaS offering.

C

Platform as a Service (PaaS)

D

Function as a Service (FaaS)

Why: This scenario describes Infrastructure as a Service (IaaS) because the cloud provider manages the physical hardware and virtualization layer, while the customer retains control over the operating system, middleware, and applications. In IaaS, the provider offers virtualized computing resources (e.g., virtual machines, storage, networks) via APIs or dashboards, and the customer is responsible for OS patches, application configuration, and middleware management. This matches the given split of responsibilities exactly.
Q2
easyFull explanation →

A team uses Google Workspace (Gmail, Docs, Sheets) for their daily work. They do not manage any servers or software installation — Google maintains everything. Which cloud service model does Google Workspace represent?

A

Infrastructure as a Service (IaaS)

B

Platform as a Service (PaaS)

C

Software as a Service (SaaS)

Google Workspace delivers fully managed productivity applications over the internet. No infrastructure, OS, or application management by the user — just data and user configuration.

D

Database as a Service (DBaaS)

Why: Google Workspace is a classic example of Software as a Service (SaaS) because users access applications like Gmail, Docs, and Sheets via a web browser without managing the underlying infrastructure, operating systems, or software installations. Google handles all maintenance, security patching, and uptime, which aligns with the SaaS model where the provider delivers fully functional software over the internet. Unlike IaaS or PaaS, the end-user does not control the runtime environment or deploy custom code on the platform.
Q3
mediumFull explanation →

A hospital runs a patient records system that must remain on-premises due to strict regulatory data residency requirements. However, they also want to use cloud-based AI for diagnostic imaging analysis. Which cloud deployment model best describes their architecture?

A

Public cloud — all workloads run in a provider's infrastructure.

B

Private cloud — all workloads run in the hospital's own infrastructure.

C

Hybrid cloud — combining on-premises infrastructure with public cloud services.

Hybrid cloud connects on-premises (patient records, regulatory compliance) with public cloud (AI imaging analysis). This is the textbook hybrid cloud pattern for regulated industries.

D

Multi-cloud — using multiple public cloud providers simultaneously.

Why: The hospital must keep patient records on-premises to comply with data residency regulations, but wants to leverage cloud-based AI for diagnostic imaging. A hybrid cloud model combines on-premises infrastructure (for sensitive data) with public cloud services (for AI processing), allowing data to remain resident while compute-intensive tasks are offloaded. This matches the scenario exactly, as hybrid cloud enables workload distribution across private and public environments.
Q4
mediumFull explanation →

According to the NIST definition of cloud computing, which characteristic allows users to unilaterally provision computing resources such as server time and network storage without requiring human interaction with the service provider?

A

Broad network access

B

On-demand self-service

On-demand self-service allows users to provision resources (compute, storage) automatically through a portal or API without human interaction with the provider — core to the cloud experience.

C

Resource pooling

D

Measured service

Why: NIST's five essential characteristics of cloud computing are: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. 'On-demand self-service' specifically describes the ability for users to provision capabilities automatically without provider interaction — using a web console or API to spin up VMs, databases, or storage instantly, without calling a salesperson or waiting for manual provisioning.
Q5
mediumFull explanation →

An organization runs its entire infrastructure on a single public cloud provider (Google Cloud). All applications, data, and services live in Google Cloud's infrastructure. Which deployment model describes this?

A

Private cloud

B

Public cloud

Public cloud means all infrastructure is provided by and located in a third-party provider's (Google's) facilities, shared with other customers but logically isolated. Using only Google Cloud is a public cloud deployment.

C

Hybrid cloud

D

Community cloud

Why: Option B is correct because the organization is using a single public cloud provider, Google Cloud, which delivers computing resources over the public internet on a pay-as-you-go basis. In a public cloud deployment, the infrastructure is owned and operated by the cloud provider and shared across multiple tenants, which matches the scenario where all applications, data, and services reside in Google Cloud's infrastructure.
Q6
easyFull explanation →

What is virtualization in the context of cloud computing, and why is it fundamental to how cloud providers deliver services?

A

Virtualization is the process of converting physical servers into digital images for backup purposes.

B

Virtualization abstracts physical hardware into multiple isolated virtual machines, enabling many customers to share physical infrastructure efficiently and securely.

A hypervisor divides physical hardware into isolated VMs. Cloud providers run thousands of customer VMs on shared physical servers — the foundation of cloud economics and multi-tenancy.

C

Virtualization is a networking technique that routes internet traffic more efficiently.

D

Virtualization is a backup strategy where data is stored in multiple geographic locations.

Why: Virtualization is fundamental to cloud computing because it decouples the operating system and applications from the underlying physical hardware through a hypervisor (e.g., VMware ESXi, KVM, Hyper-V). This abstraction allows a single physical server to host multiple isolated virtual machines (VMs), each with its own guest OS, enabling cloud providers to achieve high resource utilization, multi-tenancy, and rapid provisioning. Without virtualization, providers would be limited to one OS per physical server, drastically reducing efficiency and scalability.

Want more Fundamental cloud concepts practice?

Practice this domain
3

Domain 3: Google Cloud products, services, and solutions

All Google Cloud products, services, and solutions questions
Q1
easyFull explanation →

A data analytics team needs to analyze petabytes of structured data using SQL queries without managing any database infrastructure. Query results must return within seconds for most queries. Which Google Cloud service is designed for this use case?

A

Cloud SQL

B

BigQuery

BigQuery is Google's serverless data warehouse, designed for petabyte-scale SQL analytics. It requires no infrastructure management and delivers fast query performance through massive parallelism.

C

Cloud Bigtable

D

Cloud Spanner

Why: BigQuery is a serverless, highly scalable data warehouse designed for analyzing petabytes of data using SQL without any infrastructure management. Its columnar storage and distributed query engine enable sub-second query performance on large datasets, making it ideal for this use case.
Q2
easyFull explanation →

A developer wants to deploy a containerized web application without managing servers, clusters, or Kubernetes configuration. The application should automatically scale to zero when not in use and handle bursts of traffic. Which Google Cloud service is the best fit?

A

Google Kubernetes Engine (GKE)

B

Cloud Run

Cloud Run is fully managed serverless for containers. No Kubernetes, no cluster management — just deploy the container and Cloud Run handles scaling (including to zero), networking, and infrastructure.

C

Compute Engine

D

App Engine Standard

Why: Cloud Run is the best fit because it is a fully managed serverless container platform that automatically scales to zero when idle and scales up to handle traffic bursts, without requiring any server, cluster, or Kubernetes configuration. The developer simply deploys a container image, and Cloud Run handles all infrastructure management, including scaling and load balancing.
Q3
mediumFull explanation →

A retail company wants to build a recommendation engine that suggests products to customers based on their browsing history. The team has ML expertise but wants to use Google's pre-built ML infrastructure to train and deploy models at scale without managing compute resources. Which Google Cloud service should they use?

A

BigQuery ML

B

Vertex AI

Vertex AI is Google's unified ML platform with managed training (GPU/TPU clusters), AutoML, model registry, feature store, and serving endpoints. Teams bring ML expertise; Vertex AI handles infrastructure.

C

Cloud AI Platform Notebooks (now Vertex AI Workbench)

D

Cloud Dataflow

Why: Vertex AI is the correct choice because it provides a fully managed, unified ML platform that handles the entire ML workflow—from data preparation and training to deployment and monitoring—without requiring the team to manage underlying compute infrastructure. It integrates with Google Cloud's pre-built ML infrastructure, including distributed training, AutoML, and custom model serving, making it ideal for building and scaling a recommendation engine.
Q4
easyFull explanation →

A company needs to store large volumes of unstructured data (images, videos, backups, documents) with high durability and global accessibility. Which Google Cloud service is designed for object storage at any scale?

A

Persistent Disk

B

Cloud Storage

Cloud Storage is Google's globally distributed object storage for unstructured data. It stores any type of file (images, videos, backups, datasets) at any scale with 11 nines durability.

C

Cloud Filestore

D

Cloud Spanner

Why: Cloud Storage is Google Cloud's fully managed, scalable object storage service designed for unstructured data such as images, videos, backups, and documents. It offers high durability (99.999999999% annual durability) and global accessibility via a unified namespace, making it the correct choice for storing large volumes of unstructured data at any scale.
Q5
mediumFull explanation →

A business intelligence team wants to create interactive dashboards and reports from their BigQuery data without writing code. They need to share reports with stakeholders who don't have GCP accounts. Which Google Cloud tool is most appropriate?

A

Vertex AI Workbench

B

Looker Studio (formerly Data Studio)

Looker Studio is Google's free BI dashboarding tool with native BigQuery integration. Reports can be shared via link with stakeholders who have no GCP accounts.

C

Cloud Dataprep by Trifacta

D

BigQuery Studio

Why: Looker Studio (formerly Data Studio) is the correct choice because it is a no-code, drag-and-drop business intelligence tool that connects directly to BigQuery, enabling the creation of interactive dashboards and reports. It also supports sharing reports via public links or embedded views, allowing stakeholders without GCP accounts to access them without needing IAM permissions.
Q6
mediumFull explanation →

A company wants to build an application that can understand and respond to natural language queries from customers (e.g., a customer support chatbot). Which Google Cloud capability should they use?

A

Cloud Vision API

B

Dialogflow CX or Vertex AI Conversation

Dialogflow CX is Google's advanced conversational AI platform for building NLU-powered chatbots and virtual agents. It understands customer intent and manages multi-turn conversations across channels.

C

BigQuery ML

D

Cloud Translation API

Why: Dialogflow CX and Vertex AI Conversation are Google Cloud's purpose-built services for building conversational interfaces, including chatbots that understand natural language. They leverage natural language understanding (NLU) models to parse user intents and entities, enabling the application to respond appropriately to customer queries. This makes them the correct choice for a customer support chatbot.

Want more Google Cloud products, services, and solutions practice?

Practice this domain
4

Domain 4: Scaling with Google Cloud operations

All Scaling with Google Cloud operations questions
Q1
easyFull explanation →

A company's web service has a Service Level Objective (SLO) of 99.9% monthly availability. In a 30-day month, how many minutes of downtime are allowed before the SLO is violated?

A

~4.3 minutes

B

~43.2 minutes

99.9% availability = 0.1% downtime. In a 30-day month (43,200 minutes), 0.1% = 43.2 minutes of allowed downtime — the classic 'three nines' error budget.

C

~7.2 hours

D

~8.6 hours

Why: The SLO of 99.9% monthly availability means the service can be unavailable for 0.1% of the total monthly time. In a 30-day month, total minutes are 30 × 24 × 60 = 43,200 minutes. 0.1% of 43,200 minutes is 43.2 minutes, so option B is correct.
Q2
mediumFull explanation →

A SRE team wants to alert when their service is consuming error budget faster than expected, rather than alerting only when the SLO threshold is crossed. Which Cloud Monitoring alerting strategy supports this approach?

A

Threshold alerting — alert when error rate exceeds 0.1%.

B

SLO burn rate alerting — alert when error budget is being consumed faster than the measurement window allows.

Burn rate alerting detects when errors are occurring at a rate that will exhaust the error budget before period end. This enables proactive response before the SLO is violated.

C

Uptime check alerting — alert when health checks fail.

D

Log-based alerting — alert when specific error messages appear in logs.

Why: B is correct because SLO burn rate alerting is specifically designed to detect when error budget is being consumed faster than the measurement window allows, enabling proactive alerts before the SLO threshold is breached. This approach uses a burn rate (e.g., 2x, 10x) to trigger alerts when the error budget depletion rate exceeds a predefined multiple of the expected rate, allowing the team to respond early. It directly addresses the requirement of alerting on error budget consumption speed rather than waiting for a hard SLO violation.
Q3
easyFull explanation →

A company's on-premises IT team spends 70% of their time on routine maintenance tasks: patching servers, replacing failed hardware, and upgrading storage. After migrating to Google Cloud managed services, which operational outcome should they expect?

A

The IT team will need to hire more staff to manage additional cloud infrastructure.

B

The IT team can redirect time from maintenance to higher-value activities like innovation and feature development.

Google handles patching, hardware, and infrastructure management for managed services. The IT team's time shifts from undifferentiated maintenance to strategic, business-value work.

C

The IT team will still perform the same tasks but remotely via the Cloud Console.

D

The IT team will be fully automated out of their roles by Google's AI.

Why: By migrating to Google Cloud managed services like Compute Engine with sole-tenant nodes or fully managed services such as Cloud SQL and Google Kubernetes Engine, the cloud provider handles routine maintenance tasks (patching, hardware replacement, storage upgrades). This frees the IT team from approximately 70% of their previous workload, allowing them to focus on higher-value activities like application innovation, feature development, and optimizing cloud architecture. Option B correctly identifies this shift from operational overhead to strategic work.
Q4
mediumFull explanation →

A company has deployed a critical application on Google Cloud and wants to understand what happens to their workloads during a Google Cloud data center maintenance event (e.g., host system upgrades). What Google Compute Engine feature handles this automatically for most VMs?

A

VMs are terminated and restarted automatically on new hardware, causing a few minutes of downtime.

B

Live migration transparently moves VMs to healthy hosts during maintenance with no VM downtime.

Compute Engine's live migration moves running VMs between physical hosts during maintenance events. The VM continues running — there's no stop/start cycle and no application downtime.

C

VMs are snapshotted, the snapshot is restored on new hardware, and the VM is restarted.

D

Customers must subscribe to Google Cloud support to receive advance notice and schedule their own maintenance windows.

Why: Google Compute Engine uses Live Migration to automatically move running VMs from a host undergoing maintenance (e.g., host system upgrades) to a healthy host without interrupting the VM. This process preserves the VM's memory, network connections, and disk state, resulting in zero VM downtime. It is enabled by default for most VM instances, except those with GPUs or certain machine types that explicitly opt out.
Q5
mediumFull explanation →

A company's application experiences traffic spikes every weekday morning when employees log in at 9 AM. The team wants their infrastructure to automatically handle these spikes without manual intervention and without over-provisioning resources all day. Which Google Cloud capability addresses this?

A

Purchase reserved capacity for peak load and configure it to be active only on weekdays.

B

Configure autoscaling on the application's infrastructure to automatically scale up for load and scale down during off-peak hours.

Autoscaling monitors metrics (CPU, requests, custom) and automatically adds instances during the morning spike. Scheduled autoscaling can proactively scale before 9 AM. Resources scale down when load decreases.

C

Deploy additional VMs manually each weekday morning and terminate them at night.

D

Use Cloud Monitoring to send an email alert when CPU exceeds 80% so the team can manually scale.

Why: Option B is correct because Google Cloud's managed instance groups (MIGs) with autoscaling can automatically adjust the number of VM instances based on load metrics (e.g., CPU utilization, requests per second). This handles the 9 AM traffic spike without manual intervention and avoids over-provisioning during off-peak hours by scaling down when demand decreases.
Q6
hardFull explanation →

A digital media company hosts video content globally. They want to reduce origin server load and deliver content faster to viewers worldwide. Their current architecture routes all viewer requests directly to the origin servers in `us-central1`, causing high latency for viewers in Asia and Europe. Which Google Cloud networking capability addresses this?

A

Deploy identical origin servers in every Google Cloud region globally.

B

Enable Cloud CDN to cache video content at Google's global edge PoPs, serving viewers from the nearest location.

Cloud CDN caches video content at edge PoPs globally. Asian viewers receive content from nearby PoPs (not us-central1), reducing latency significantly and offloading origin servers.

C

Use Cloud VPN to route viewer traffic through a direct tunnel to the origin servers.

D

Increase the origin servers' network bandwidth to handle more simultaneous viewer connections.

Why: Cloud CDN uses Google's global edge Points of Presence (PoPs) to cache video content closer to viewers, reducing latency and offloading origin servers. When a viewer requests content, Cloud CDN serves it from the nearest edge cache if available, avoiding a direct trip to the origin in us-central1. This directly addresses the high latency for viewers in Asia and Europe without requiring server replication or bandwidth increases.

Want more Scaling with Google Cloud operations practice?

Practice this domain
5

Domain 5: Trust and security with Google Cloud

All Trust and security with Google Cloud questions
Q1
easyFull explanation →

Google Cloud encrypts all customer data at rest by default without any configuration required. A customer asks: 'Do we need to do anything special to encrypt our data stored in Cloud Storage?' What is the correct answer?

A

Yes, customers must enable encryption in the Cloud Storage bucket settings for each bucket.

B

No, Google Cloud encrypts all data at rest automatically using AES-256 — no configuration is needed.

All Google Cloud storage services encrypt data at rest by default with AES-256. Customers receive encryption without any setup, and can optionally use CMEK for key management control.

C

Only data in premium storage tiers is encrypted; Standard storage requires manual encryption.

D

Customers must purchase the Security Command Center Premium tier to enable data encryption.

Why: Option B is correct because Google Cloud automatically encrypts all customer data at rest using AES-256 encryption, with no configuration required. This default encryption applies to all Cloud Storage buckets, regardless of storage class or region, and the encryption keys are managed by Google Cloud unless the customer chooses to use Customer-Managed Encryption Keys (CMEK) or Customer-Supplied Encryption Keys (CSEK).
Q2
mediumFull explanation →

A security architect wants to implement a 'never trust, always verify' security approach where no user or service is assumed to be trustworthy based on network location alone. Every access request must be authenticated and authorized regardless of whether it comes from inside or outside the corporate network. Which security model describes this approach?

A

Perimeter security model

B

Zero Trust security model

Zero Trust requires authentication and authorization for every request, regardless of network origin. 'Never trust, always verify' is the defining principle of Zero Trust.

C

Defense in depth model

D

Principle of least privilege

Why: The Zero Trust security model (Option B) is correct because it explicitly enforces the 'never trust, always verify' principle, requiring authentication and authorization for every access request regardless of network location. In Google Cloud, this aligns with BeyondCorp, which uses identity-aware proxy (IAP) and context-aware access to verify each request based on user identity, device posture, and other attributes, rather than trusting based on IP address or network perimeter.
Q3
easyFull explanation →

A company is concerned about which security responsibilities belong to Google versus which belong to them when using Google Cloud's managed database service (Cloud SQL). In the shared responsibility model, which security tasks does Google handle?

A

Google controls who can access the database and what data can be stored.

B

Google handles physical security, hardware maintenance, and OS and database software patching.

For managed services, Google manages the entire infrastructure layer: physical security, hardware, hypervisor, and service software updates. Customers manage their configuration and data.

C

Google is responsible for backing up customer data and ensuring data recovery.

D

Google determines which compliance certifications the customer's application must meet.

Why: In the shared responsibility model for Google Cloud services like Cloud SQL, Google is responsible for security 'of' the cloud, which includes physical security of data centers, hardware maintenance, and patching the underlying operating system and database software. This ensures the infrastructure hosting Cloud SQL instances is secure, while the customer remains responsible for securing their data, access policies, and application-level configurations.
Q4
mediumFull explanation →

A healthcare company needs to store patient data in Google Cloud and must comply with HIPAA (Health Insurance Portability and Accountability Act). Which statement correctly describes how Google Cloud helps them achieve HIPAA compliance?

A

Storing data in Google Cloud automatically makes an application HIPAA-compliant.

B

Google offers HIPAA-eligible services and signs a Business Associate Agreement (BAA), but customers must implement their own technical safeguards and access controls.

Google provides HIPAA-eligible cloud infrastructure and signs BAAs. However, HIPAA compliance requires customer actions: access control, audit logging, workforce training, and breach procedures — all customer responsibilities.

C

HIPAA compliance is impossible on public cloud; healthcare data must stay on-premises.

D

Google Cloud's automatic data encryption fully satisfies all HIPAA technical safeguard requirements.

Why: Option B is correct because Google Cloud provides HIPAA-eligible services and offers a Business Associate Agreement (BAA) to covered entities, but compliance is a shared responsibility. Customers must configure their own technical safeguards, such as access controls, audit logging, and encryption key management, to meet HIPAA requirements. Google Cloud does not automatically make an application compliant; the customer must implement the necessary controls.
Q5
mediumFull explanation →

An organization uses Google Cloud Identity and Access Management (IAM). A new employee is a data engineer who needs to read BigQuery datasets and run queries but should NOT be able to create new datasets, delete tables, or modify IAM policies. Which IAM role should be assigned?

A

`roles/bigquery.admin`

B

`roles/bigquery.dataViewer` (with `roles/bigquery.jobUser` if needed to run queries)

dataViewer grants read-only access to datasets. jobUser allows creating and running query jobs. Together they provide read + query capability without write, delete, or admin access.

C

`roles/viewer` (project-level Viewer)

D

`roles/bigquery.dataEditor`

Why: Option B is correct because the `roles/bigquery.dataViewer` role grants read access to BigQuery datasets and their contents, while `roles/bigquery.jobUser` allows the user to run query jobs. Together, they satisfy the requirement to read datasets and run queries without permitting dataset creation, table deletion, or IAM policy modification.
Q6
hardFull explanation →

A company wants to ensure that sensitive data (credit card numbers, SSNs) stored in BigQuery is automatically identified and protected. They also want ongoing scanning to detect if any new data violates their data governance policies. Which Google Cloud service provides these capabilities?

A

Security Command Center — it scans BigQuery for sensitive data automatically.

B

Cloud Data Loss Prevention (Cloud DLP) with BigQuery inspection jobs.

Cloud DLP natively scans BigQuery tables to identify sensitive data using built-in and custom infoTypes. Scheduled jobs provide continuous governance monitoring; de-identification transforms protect identified data.

C

Cloud Monitoring custom dashboards with SQL queries that search for PII patterns.

D

Cloud Audit Logs — they record all BigQuery queries and can identify when sensitive columns are accessed.

Why: Cloud DLP with BigQuery inspection jobs is the correct choice because it provides both automated identification of sensitive data (such as credit card numbers and SSNs) within BigQuery tables and ongoing scanning capabilities via scheduled inspection jobs. Cloud DLP uses built-in infoType detectors to match patterns like credit card numbers (Luhn check) and SSNs, and can trigger actions or alerts when new data violates governance policies.

Want more Trust and security with Google Cloud practice?

Practice this domain

Frequently asked questions

How many questions are on the GCDL exam?

The GCDL exam has 60 questions and must be completed in 90 minutes. The passing score is 700/1000.

What types of questions appear on the GCDL exam?

Scenario-based questions covering exam objectives with detailed answer explanations.

How are GCDL questions organised by domain?

The exam covers 5 domains: Why cloud technology is transforming business, Fundamental cloud concepts, Google Cloud products, services, and solutions, Scaling with Google Cloud operations, Trust and security with Google Cloud. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual GCDL exam questions?

No. These are original exam-style practice questions written against the official Google Cloud GCDL exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 60 GCDL questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all GCDL questionsTake a timed practice test