Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPCADomainsManage implementation of cloud architecture
PCAFree — No Signup

Manage implementation of cloud architecture

Practice PCA Manage implementation of cloud architecture questions with full explanations on every answer.

88questions

Start practicing

Manage implementation of cloud architecture — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

PCA Domains

Design and plan a cloud solution architectureManage and provision cloud infrastructureDesign for security and complianceAnalyze and optimize technical and business processesManage implementation of cloud architectureEnsure solution and operations reliability

Practice Manage implementation of cloud architecture questions

10Q20Q30Q50Q

All PCA Manage implementation of cloud architecture questions (88)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Your team has deployed a microservices application on Google Kubernetes Engine (GKE) with multiple services communicating via internal ClusterIP services. You notice that some requests between services are failing intermittently with 'connection refused' errors. The services are defined with readiness probes. What is the most likely cause?

2

An organization is running a stateful workload on Compute Engine with a single persistent disk. They want to migrate to a regional persistent disk for higher availability. The disk is 500 GB and currently 80% full. They need zero downtime during the migration. What is the recommended approach?

3

A company is planning to deploy a global web application on Google Cloud. They expect low latency for users worldwide and need to serve static content (images, CSS) as well as dynamic API responses. Which architecture should they use?

4

You are designing a CI/CD pipeline for a containerized application on Google Cloud. The application is built with Cloud Build, stored in Container Registry, and deployed to GKE. The team wants to ensure that only images that pass vulnerability scanning are deployed. What should you do?

5

A company runs a data analytics platform on Google Cloud using BigQuery, Dataflow, and Cloud Storage. They notice that Dataflow jobs are failing with 'out of memory' errors for certain large pipelines. The pipelines process variable amounts of data, sometimes spiking 10x normal. Which strategy should they use to handle these spikes cost-effectively?

6

A startup wants to deploy a web application on Google Cloud with a MySQL database. They anticipate low traffic initially but want the ability to scale seamlessly. They also want to minimize operational overhead. Which combination of services should they choose?

7

Your organization has a policy that all Compute Engine instances must have specific labels (env, team, cost-center) applied. You want to enforce this automatically when instances are created. What should you do?

8

Which TWO statements are true about Google Cloud HTTPS Load Balancers?

9

Which THREE actions can help reduce costs for a BigQuery workload that runs frequent, ad-hoc analytical queries on a large dataset?

10

An engineer runs the command above. A few days later, the instance becomes unresponsive. Upon investigation, you find that the boot disk is 100 GB and 95% full. The data disk is 500 GB and only 20% full. What is the most likely cause of the unresponsiveness?

11

You are reviewing an IAM policy for a Cloud Storage bucket. Alice is a member of the data-team group. What level of access does Alice have to objects in this bucket?

12

Your company runs a critical application on Google Kubernetes Engine (GKE) in us-central1. The application consists of a frontend deployment with 3 replicas and a backend statefulset with 5 replicas using persistent volumes (SSD). Recently, the team noticed that during a regional outage in us-central1, the application became completely unavailable. They want to design a multi-region architecture that can survive a regional failure with RPO of 1 hour and RTO of 30 minutes. The application is stateless on the frontend but the backend stores critical data on persistent disks. The backend can operate in a read-only mode from a secondary region if needed. They have a limited budget and want to minimize ongoing costs. Which approach should they take?

13

A company is migrating a monolithic application to Google Kubernetes Engine (GKE). The application currently runs on a single Compute Engine instance and stores session state in local memory. The migration must support horizontal scaling and high availability. What should the company do to manage session state in the new architecture?

14

A company runs a batch processing workload on Compute Engine instances in a managed instance group (MIG). The job is CPU-intensive and takes approximately 4 hours to complete. The company wants to reduce costs without sacrificing performance. Which action should they take?

15

An organization has deployed a multi-region Cloud Spanner instance for a global application. The application is experiencing high latency for read requests from a specific region. The team has verified that the application is using stale reads and the data distribution is even. What is the most likely cause of the high latency?

16

A company is using Cloud Load Balancing to distribute traffic to a managed instance group (MIG) of web servers. The web servers are currently running in us-central1. To improve availability, the company plans to add a second MIG in us-west1. What must be done to ensure traffic is automatically routed to the closest healthy backend?

17

A company is designing a disaster recovery plan for a critical application running on Compute Engine. The application uses a PostgreSQL database and stores files on persistent disks. The recovery time objective (RTO) is 4 hours, and the recovery point objective (RPO) is 1 hour. Which two actions should the company take?

18

Your company runs a containerized microservices application on Google Kubernetes Engine (GKE) with a regional cluster. The application consists of a frontend service, a backend API service, and a background worker service that processes messages from Cloud Pub/Sub. The worker service uses a Deployment with 3 replicas. Recently, the team noticed that the worker service is frequently failing with 'ContainerCreating' errors. The error message in the pod events is: 'Failed to pull image "gcr.io/my-project/my-worker:latest": rpc error: code = DeadlineExceeded desc = context deadline exceeded'. The image is stored in Container Registry in the same project. The cluster nodes are n1-standard-2 VMs with 10 GB of disk space. The team has confirmed that the image exists and that the nodes have internet access. What is the most likely cause of the issue?

19

Your organization is moving a legacy monolithic application to Google Kubernetes Engine (GKE). The application currently runs on a single virtual machine with a local MySQL database. You need to design a cloud-native architecture that improves scalability and reliability. Which two actions should you take? (Choose TWO.)

20

Your company runs a critical application on Compute Engine instances in a managed instance group across three zones. The application writes logs to local disk. You are asked to improve the reliability of log retention and ensure logs are available in case of instance failure. You have already configured a health check that automatically recreates instances. However, after a recent zonal outage, logs from the affected instances were lost. You need to implement a solution that preserves logs even when instances are terminated. What should you do?

21

A company is deploying a microservices application on Google Kubernetes Engine (GKE). They want to ensure that the cluster can automatically scale based on custom metrics, such as the number of pending requests per pod. Which two steps should they take? (Choose TWO)

22

A developer runs the command above and sees the output. The cluster has one node pool with 3 nodes, each of type e2-standard-4 (4 vCPU, 16 GB RAM). The application requires at least 2 GB of memory per pod and the cluster has 10 pods that need to be scheduled. The developer also notices that the node pool autoscaling is enabled with a minimum of 1 and maximum of 5 nodes. However, the cluster is unable to schedule all pods. What is the most likely cause?

23

A large e-commerce company runs a multi-tier application on Google Cloud. The frontend is served by a global HTTP Load Balancer with a backend service pointing to a managed instance group (MIG) of nginx web servers. The application tier consists of a regional internal TCP/UDP load balancer distributing traffic to a MIG of Java application servers. The database tier uses Cloud SQL for PostgreSQL in a failover replica configuration. The architecture is deployed in the us-central1 region across three zones. Recently, the operations team noticed intermittent 502 Bad Gateway errors from the frontend load balancer during peak traffic hours. The errors last for a few minutes and then recover. The team suspects the application tier is overwhelmed. They need to implement a solution that can handle traffic spikes without manual intervention. Which course of action should they take?

24

Drag and drop the steps to deploy a containerized application to Google Kubernetes Engine (GKE) using a Deployment into the correct order.

25

Match each IAM role type to its description.

26

A company is migrating a monolithic application to Google Cloud. They want to minimize changes to the application code while taking advantage of Cloud Run for serverless containers. Which approach should they take?

27

An organization has a multi-regional deployment of a stateful application on GKE using regional persistent disks. They need to implement disaster recovery with an RPO of less than 1 hour and RTO of 30 minutes. What is the most cost-effective approach?

28

A DevOps team is building a CI/CD pipeline for a microservices application deployed on Google Kubernetes Engine. They want to ensure that each microservice can be deployed independently without affecting other services. Which strategy should they use?

29

A company is using Cloud NAT to allow private instances to access the internet. They notice that outbound connections are failing intermittently. What is the most likely cause?

30

An organization needs to connect an on-premises data center to Google Cloud using Dedicated Interconnect with a 10 Gbps link. They require high availability and want to achieve 99.99% SLA. What is the minimum number of VLAN attachments and Interconnect connections needed?

31

A company is using Cloud SQL for PostgreSQL and needs to run a one-time heavy analytical query that takes over 30 minutes and uses 100% CPU. The production database is serving user traffic with high QPS. What should the company do to run the query without impacting production?

32

A developer accidentally deleted a bucket in Cloud Storage. The bucket had object versioning enabled. How can the bucket and its objects be restored?

33

A company is using Cloud Armor with HTTP Load Balancing to protect a web application. They want to block traffic from specific IP ranges for all requests except those that include a valid reCAPTCHA token. Which Cloud Armor rule configuration should they use?

34

A company is deploying a new application on Compute Engine and wants to automate the installation of a custom agent on every newly created VM in a specific project. Which Google Cloud service should they use?

35

Which TWO statements about Google Cloud VPC firewall rules are correct? (Choose two.)

36

Which THREE factors should be considered when choosing a Google Cloud region for deploying a low-latency application serving global users? (Choose three.)

37

Which TWO methods can be used to provide secure access to a private Google Kubernetes Engine (GKE) cluster from the internet? (Choose two.)

38

What is the most likely reason the NetworkPolicy is not taking effect?

39

Why did the VM resource fail while the disk succeeded?

40

A developer is trying to deploy a Compute Engine instance from a Cloud Build step. The build fails with the above error. What is the problem?

41

A startup wants to deploy a containerized application with minimal operational overhead. They expect variable traffic. Which compute option should they choose?

42

A company has a requirement to store application logs for 7 years for compliance. They are using Cloud Logging. What is the most cost-effective way to retain logs?

43

An organization is using Shared VPC with multiple projects. They want to allow a service project to use a Cloud SQL instance created in the host project. Which step is required?

44

A developer is using Cloud Build to automate deployments. The build fails with an error: 'Permission 'iam.serviceAccounts.actAs' denied.' What is the most likely cause?

45

A company wants to store backup data that is accessed rarely but must be available for retrieval within minutes. Which Cloud Storage class is appropriate?

46

An organization is implementing a Hub-and-Spoke network topology with multiple VPCs. Which Google Cloud product is designed for centralized connectivity and policy enforcement?

47

A company uses Cloud Bigtable for time-series data. They experience high latency and uneven load distribution across nodes. What is the most likely cause?

48

A developer needs to secure secrets (API keys, passwords) used in a Cloud Function. What is the recommended approach?

49

An organization wants to enforce that all Compute Engine VMs are created with specific disk encryption keys. Which policy mechanism should they use?

50

A company is designing a highly available architecture for a stateful application on Compute Engine. They need to protect against zonal failures. Which THREE steps should they take?

51

An organization wants to monitor network traffic between VMs in a VPC for troubleshooting. Which TWO services can provide this?

52

What are two best practices for designing a scalable Kubernetes architecture on GKE?

53

A startup is migrating a monolithic application to Google Cloud. They want to minimize operational overhead and auto-scale based on HTTP request load. Which compute solution should they choose?

54

A financial services company runs a mission-critical database on Compute Engine with local SSDs. They need to ensure data durability in case of an instance failure while maintaining low latency. What should they do?

55

A global e-commerce platform uses Spanner for its transactional database. They observe that some transactions are aborted with 'ABORTED' status due to contention. The application retries immediately, but throughput degrades. What design change should they implement to reduce contention?

56

A company wants to store customer transaction logs for 7 years for compliance. The logs are accessed rarely but must be retrievable within 24 hours. Which storage option is most cost-effective?

57

A healthcare SaaS provider runs workloads in Google Cloud and needs to comply with HIPAA. They use Cloud SQL for PostgreSQL and want to encrypt data at rest with customer-managed encryption keys (CMEK). Which steps must they take?

58

A media streaming company uses Google Cloud CDN to deliver content. They notice that users in certain regions experience high latency despite CDN caching. The content is dynamic based on user location (e.g., local news). What should they do to improve performance?

59

A company wants to deploy a containerized application on Google Cloud and needs persistent storage that can be accessed by multiple pods in a GKE cluster concurrently. Which storage solution should they use?

60

An organization uses Cloud Deployment Manager to manage infrastructure as code. They need to ensure that changes to production resources are reviewed and approved before deployment. What should they do?

61

A company is migrating a legacy application to Google Cloud. The application has a stateful TCP-based protocol that requires client IP persistence. They plan to use a load balancer. Which load balancer type should they choose?

62

Which TWO of the following are valid methods to securely access Google Cloud APIs from a Compute Engine instance without managing service account keys?

63

Which THREE of the following are recommended practices when designing a highly available architecture on Google Cloud using multiple regions?

64

Which TWO of the following are benefits of using a VPC Service Controls perimeter?

65

A company is migrating a monolithic application to Google Cloud and wants to minimize operational overhead for scaling. Which service should they use?

66

A developer needs to deploy a stateful application that requires persistent storage across pod restarts in Google Kubernetes Engine. Which resource should they use?

67

A company stores sensitive data in Cloud Storage and wants to enforce encryption at rest using customer-managed keys. Which Google Cloud service should they use to manage the keys?

68

A company is using Cloud Load Balancing with backend services across multiple regions. They notice that traffic is not being evenly distributed and some backends are overloaded. Which configuration should they check?

69

A team is designing a multi-tier web application on Compute Engine. They need to ensure that only the web tier can access the application tier over a specific port. They plan to use VPC firewall rules. Which approach minimizes the attack surface?

70

A company is using Cloud SQL for MySQL and wants to implement automated backups that are retained for 30 days. They also need point-in-time recovery. Which configuration should they use?

71

A company runs a critical application on Compute Engine with a stateful workload. They want to achieve 99.99% availability within a single region. Which architecture should they recommend?

72

A large enterprise is migrating their on-premises data center to Google Cloud. They have hundreds of VMs and need to minimize network latency between on-prem and cloud during migration. They have high bandwidth requirements. Which connectivity solution should they use?

73

A company is using Cloud Armor to protect their external HTTPS load balancer. They want to block traffic from a specific list of IP ranges. They create a security policy with a deny rule. However, the denials seem not to be applied to all backend services. What is the most likely cause?

74

A company is deploying a web application on Compute Engine. They want to automatically scale the number of instances based on CPU utilization. Which two components are required to set up autoscaling? (Choose two.)

75

A company is designing a disaster recovery plan for their Cloud SQL for PostgreSQL instance. They want to ensure that the database can be recovered in another region within minutes with minimal data loss. Which three actions should they take? (Choose three.)

76

A company is running a multi-region application on Google Kubernetes Engine with workloads in us-central1 and europe-west1. They want to route traffic to the closest region based on user location. Which three components should they configure? (Choose three.)

77

A company uses preemptible VMs for batch processing. They notice that during peak hours, many instances are terminated before finishing their tasks. The operations team observes the output shown in the exhibit. Which action would best improve job completion rates without significantly increasing costs?

78

A company runs a real-time data analytics platform on Google Cloud that ingests streaming data from IoT devices. The architecture uses Cloud Pub/Sub to receive messages, Dataflow for processing, and BigQuery for storage. Recently, the team noticed that the processing latency has increased significantly during peak hours. Upon investigation, they found that the Dataflow pipeline is experiencing high system lag and some workers are being killed due to out-of-memory errors. The pipeline uses a fixed window of 10 seconds and writes to BigQuery using streaming inserts. The company wants to reduce latency without sacrificing data accuracy. Which course of action should they take?

79

A multinational corporation has deployed a web application across multiple Google Cloud regions using an external HTTPS load balancer with backend services in each region. They recently added a new region (asia-southeast1) and updated the load balancer configuration. After the update, some users in that region report high latency and occasional connection timeouts when accessing the application. The load balancer health checks show all backends as healthy. The network team confirms that the backend instances in asia-southeast1 are correctly configured and can be accessed directly via their external IPs. What should the architects investigate next?

80

A cloud architect is implementing a CI/CD pipeline for a microservices-based application on Google Kubernetes Engine (GKE). The team needs to deploy new versions of the services with zero downtime and the ability to quickly roll back if issues are detected. Which two strategies should the architect consider? (Choose two.)

81

A company has a Cloud Run service that processes images uploaded by users. The service reads the images from a Cloud Storage bucket and writes processed images to another bucket. The team recently updated the service to use a custom service account named 'image-processor-sa' with minimal permissions. After the update, the service fails with permission errors when trying to read from the source bucket. The team verified that the service account has the Storage Object Viewer role on the source bucket and Storage Object Creator role on the destination bucket. What should the architect do to resolve the issue?

82

An organization has two Google Cloud projects: Project A hosts a Compute Engine instance with a MySQL database, and Project B hosts an application that needs to connect to the database. The network team set up VPC peering between the two VPCs. The application cannot connect to the database on port 3306. The database instance has a private IP. The network team has verified that firewall rules in both VPCs allow traffic from Project B's subnets to the database IP on port 3306. Ping from the application instance to the database IP succeeds. What should the architect do to resolve the connectivity issue?

83

A global e-commerce platform uses Cloud Spanner in a multi-region configuration across us-central1 (leader) and europe-west1. The application writes all orders to a single table and reads from both regions. During a flash sale, write latency spikes, causing order failures. The team notices that the leader region's CPU utilization is at 95%, while the europe-west1 region is mostly idle. The application uses partitioned DML for batch updates. The development team proposes increasing node count. What should the architect do to reduce write latency while maintaining global read performance?

84

A startup is setting up a CI/CD pipeline for their web application using Cloud Build and Cloud Deploy. They have configured a Cloud Build trigger that executes on pushes to the main branch of a Cloud Source Repositories repository. The trigger runs a build step that builds a Docker image and pushes it to Artifact Registry, then creates a release using Cloud Deploy. The pipeline fails with an error message indicating that the Cloud Build service account does not have permission to create releases. What should the architect do to resolve the issue?

85

A financial services company uses VPC Service Controls to protect their project containing BigQuery datasets and Cloud Storage buckets. They have a perimeter that includes the BigQuery service. Users report that they cannot export data from BigQuery to Cloud Storage using the web console. The export job fails with an access denied error. The team needs to allow exports while maintaining data exfiltration prevention. The users have the necessary IAM permissions (BigQuery Data Editor, Storage Object Admin) on the appropriate resources. What should the architect do?

86

A company is designing a data pipeline to ingest streaming data from IoT devices and store it in BigQuery for analysis. They need to minimize latency and operational overhead. Which two Google Cloud services should they use? (Choose two.)

87

Refer to the exhibit. A cloud administrator is attempting to grant the BigQuery Data Viewer role to an external user (user@example.com) but receives the error shown. What is the most likely cause?

88

A company runs multiple microservices on Cloud Run. Each service uses a Serverless VPC Access connector to connect to a shared Cloud Memorystore for Redis instance (standard tier) in a VPC network. The Redis instance is configured with a firewall rule that allows TCP connections on port 6379 from the VPC connector's subnet (10.8.0.0/28). After a recent code update, the order-service fails to connect to Redis, while the user-service continues to work. The error logs in order-service show 'connection refused'. The engineer verifies that both services use the same VPC connector, the same Redis instance IP, and the same service account. The VPC connector's metrics show no errors. What is the most likely cause?

Practice all 88 Manage implementation of cloud architecture questions

Other PCA exam domains

Design and plan a cloud solution architectureManage and provision cloud infrastructureDesign for security and complianceAnalyze and optimize technical and business processesEnsure solution and operations reliability

Frequently asked questions

What does the Manage implementation of cloud architecture domain cover on the PCA exam?

The Manage implementation of cloud architecture domain covers the key concepts tested in this area of the PCA exam blueprint published by Google Cloud. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCA domains — no account required.

How many Manage implementation of cloud architecture questions are in the PCA question bank?

The Courseiva PCA question bank contains 88 questions in the Manage implementation of cloud architecture domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Manage implementation of cloud architecture for PCA?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Manage implementation of cloud architecture questions for PCA?

Yes — the session launcher on this page draws questions exclusively from the Manage implementation of cloud architecture domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your PCA domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

ACEPCSESAP-C02