Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPCADomainsManage and provision cloud infrastructure
PCAFree — No Signup

Manage and provision cloud infrastructure

Practice PCA Manage and provision cloud infrastructure questions with full explanations on every answer.

116questions

Start practicing

Manage and provision cloud infrastructure — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

PCA Domains

Design and plan a cloud solution architectureManage and provision cloud infrastructureDesign for security and complianceAnalyze and optimize technical and business processesManage implementation of cloud architectureEnsure solution and operations reliability

Practice Manage and provision cloud infrastructure questions

10Q20Q30Q50Q

All PCA Manage and provision cloud infrastructure questions (116)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A company is deploying a new application on Compute Engine. They need to ensure that the application can automatically recover from a zone failure. What is the best approach?

2

An organization has multiple projects in Google Cloud and wants to centralize logging and monitoring for all projects. They need to aggregate logs from all projects into a single project for analysis. Which approach should they use?

3

A developer needs to deploy a containerized application on Google Kubernetes Engine (GKE) with minimal operational overhead. They want to automatically scale the number of pods based on CPU utilization. Which GKE feature should they use?

4

A company is deploying a web application on Compute Engine behind a global HTTP(S) load balancer. They want to restrict access to only traffic from specific IP ranges. Which load balancer feature should they use?

5

A company has a production database running on Cloud SQL. They need to ensure high availability with automatic failover in the event of a zone outage. What should they do?

6

A developer wants to store and retrieve non-relational data with flexible schema and automatic scaling. Which Google Cloud service should they use?

7

A company wants to migrate on-premises workloads to Google Cloud. They need to assess the existing infrastructure, plan the migration, and track progress. Which tool should they use?

8

A company is using Cloud Storage to store sensitive data. They need to enforce that objects are deleted exactly 30 days after creation. Which object lifecycle rule should they configure?

9

Which TWO options are valid ways to connect an on-premises network to a VPC in Google Cloud? (Choose two.)

10

Which THREE components are required to set up a private connection between an on-premises network and a VPC using Cloud VPN? (Choose three.)

11

Which TWO statements about Google Cloud VPC networks are true? (Choose two.)

12

A developer runs the command above. The instance is created successfully, but cannot be reached via HTTP from the internet. What is the most likely cause?

13

An administrator creates a GKE cluster with the command above. After deployment, the cluster has 3 nodes, but the node pool autoscaler never scales up even under load. What is the most likely reason?

14

A company runs a critical application on Compute Engine instances in a managed instance group (MIG) across three zones in us-central1. The application uses a Cloud Spanner database. Recently, the application experienced increased latency and timeouts during peak hours. The operations team noticed that the MIG's CPU utilization is consistently above 80% during peak hours, and the autoscaler is configured to scale based on CPU utilization with a target of 60%. However, the autoscaler is not adding new instances quickly enough, causing performance degradation. The team also observed that new instances take over 5 minutes to become healthy and serve traffic. The health check is a simple TCP check on port 8080. The application startup script downloads large configuration files from Cloud Storage. What should the team do to improve the autoscaling response time and reduce latency?

15

A startup is deploying a microservices application on Google Kubernetes Engine (GKE) with a regional cluster. They have services that need to communicate with each other and also with external APIs. The cluster uses VPC-native routing. They have enabled Cloud NAT to allow outbound internet access for nodes without external IPs. However, the development team reports that some pods cannot reach the external APIs, while others can. All pods are in the same namespace and are not using any network policies. The pods that fail have the annotation 'cloud.google.com/gke-nat-ips' set to a list of static IP addresses. The pods that work do not have this annotation. What is the most likely cause of the failure?

16

A company is migrating its on-premises application to Google Cloud. The application requires low-latency access to a shared filesystem that can be mounted by multiple Compute Engine instances across different zones. Which storage solution should they use?

17

An organization has a VPC with two subnets: subnet-a (10.0.1.0/24) and subnet-b (10.0.2.0/24). They launched a Compute Engine instance in subnet-a with an internal IP 10.0.1.2 and a public IP. They want the instance to only allow HTTPS traffic from the internet. Which firewall rule should they create?

18

A developer needs to programmatically create and manage Compute Engine instances. Which Google Cloud service should they use to authenticate and authorize service accounts?

19

A company deploys a web application on Compute Engine behind a Global HTTPS Load Balancer. They need to restrict access to the application based on the client's IP address. Which Google Cloud service should they use?

20

An organization uses Cloud SQL for MySQL in a production environment. They need to ensure high availability with automatic failover in case of a zonal failure. Which configuration should they use?

21

Which TWO statements are true about Google Cloud VPC networks? (Select exactly 2.)

22

Which THREE are best practices for managing secrets (e.g., API keys, passwords) in Google Cloud? (Select exactly 3.)

23

Your company runs a stateful web application on Compute Engine instances in a managed instance group (MIG) with autoscaling based on CPU utilization. The application maintains session state in memory on each instance. Recently, users have been experiencing session timeouts and data loss during scaling events. Additionally, the application's performance degrades under load due to frequent database queries for session data. You need to design a solution that ensures session persistence, improves performance, and minimizes application changes. The application is written in Java and uses Tomcat. Which of the following should you do?

24

A company is migrating a legacy monolithic application to Google Cloud. The application runs on a single VM and uses a local MySQL database. The goal is to minimize changes to the application code while improving availability. Which strategy should the company use?

25

A company is designing a highly available web application on Google Cloud. The application consists of stateless compute instances behind a global HTTP(S) Load Balancer. The compute instances must be able to handle sudden spikes in traffic. Which TWO strategies should the company implement? (Choose two.)

26

A company wants to enable a new DevOps team to have read-only access to logs in the default Cloud Logging bucket for their project, but prevent them from modifying log views or creating linked datasets in BigQuery. Which two IAM roles should be granted to the team?

27

A company runs an e-commerce platform on Google Cloud. The application is deployed on Google Kubernetes Engine (GKE) with a regional cluster (us-central1, three zones). The frontend service is exposed via an HTTP Load Balancer with Cloud CDN. Recently, during a flash sale, users experienced high latency and occasional 502 errors. The backend service is a Java application that reads from Cloud Spanner. The team has observed that Spanner CPU utilization averaged 65% during the sale, with a few spikes to 80%. The number of frontend pods was auto-scaled to 50, each running on n1-standard-2 nodes. The node pool is set to autoscale up to 100 nodes. The errors appear to correlate with periods of high CPU on the nodes, but not always. What is the most likely cause and recommended action?

28

Drag and drop the steps to migrate a Compute Engine VM to a different region using a snapshot into the correct order.

29

Drag and drop the steps to configure IAM roles for a service account to access Cloud Storage from a Compute Engine instance into the correct order.

30

Match each GCP storage service to its typical use case.

31

Match each GCP monitoring/logging tool to its purpose.

32

A developer needs to pass a startup script to a Compute Engine instance during creation. Which method should be used to ensure the script runs on first boot?

33

A company has Compute Engine instances in us-east1-a and us-east1-b zones. They want to allow communication between these instances with minimal latency and no additional cost. What is the best networking approach?

34

A Cloud Router BGP session is flapping. The logs show 'Interface flapping due to changes in the underlying network'. What is the most likely cause?

35

Which TWO actions are required to allow a private GKE cluster to pull container images from Artifact Registry in the same project?

36

Which THREE factors should be considered when selecting a machine series for a Compute Engine instance running a memory-intensive batch job?

37

Which TWO statements are true about Cloud Load Balancing?

38

Refer to the exhibit. A user reports that the instance 'batch-vm' is unavailable. Based on the output, what is the most likely cause of the unavailability?

39

Refer to the exhibit. A Cloud Deployment Manager deployment fails with the error 'Resource 'my-firewall' already exists'. What is the most likely cause?

40

Refer to the exhibit. A user (ops@example.com) is unable to create a new VPC network in the project. What should the administrator verify first?

41

A company wants to provision multiple similar environments (dev, test, prod) with consistent networking configurations. Which approach is a best practice for infrastructure as code?

42

A Cloud Function fails to connect to a Cloud SQL instance. The Cloud SQL instance has a private IP. What should the developer check?

43

A company uses Shared VPC. A project admin in a service project tries to create a subnet in the shared VPC network but receives a permission denied error. What is the most likely cause?

44

When creating a Compute Engine instance from a custom image stored in another project, which gcloud flag is required?

45

A web application running on Compute Engine behind a global HTTP(S) load balancer experiences high latency during traffic spikes. Which quick fix would best address this issue without changing the architecture?

46

An organization needs to audit all changes to network firewall rules in a GCP project. Which service should be used to capture these changes?

47

A company wants to minimize egress costs for data transferred between Compute Engine instances in the same region but different zones. What is the best practice?

48

A developer wants to automate the creation of a Google Cloud project with a specific VPC and firewall rules. Which tool should they use?

49

An organization needs to ensure that only Compute Engine instances with a specific label can access a Cloud Storage bucket. Which policy type should be used?

50

A company runs a web application on Compute Engine with an HTTP Load Balancer. Users report intermittent 502 Bad Gateway errors. What is the most likely cause?

51

A company wants to migrate an on-premises Oracle database to Google Cloud. They need high availability and want to minimize application changes. Which service should they use?

52

A DevOps engineer notices that a GKE cluster has nodes that are frequently preempted. They want to reduce costs but maintain resilience. What should they do?

53

An organization requires that all Compute Engine instances in a project must have a specific tag for firewall rule compliance. How can they enforce this?

54

A company is migrating a monolithic application to microservices on Google Cloud. They need to manage service-to-service authentication and authorization. Which service should they use?

55

A security team wants to audit all IAM role assignments in an organization. They need a historical record of changes. Which tool should they use?

56

Which TWO features help reduce costs for batch processing workloads on Compute Engine?

57

Which THREE are valid methods to connect an on-premises network to a Google Cloud VPC?

58

Which THREE are best practices for designing a highly available application on Compute Engine?

59

Refer to the exhibit. What is the effect of this IAM policy on a Cloud Storage bucket?

60

Refer to the exhibit. A developer wants to SSH into instance-1 from their local machine. Which command should they use?

61

Refer to the exhibit. Which statement is true about this Deployment Manager template?

62

A company has two VPC networks in the same project: vpc-a (us-central1) and vpc-b (us-east1). They want to allow communication between instances in these VPCs using internal IPs. Which action should they take?

63

An organization is migrating a MySQL database to Cloud SQL. They require automatic failover with zero data loss in the event of a zone outage. Which configuration should they use?

64

A company uses a Shared VPC hosted in a common project (host project) to centralize network management. A service project team needs to create a Compute Engine instance with a specific static internal IP address from the Shared VPC subnet. What IAM permissions should be granted to the service project's Compute Engine default service account?

65

A developer needs to grant public read access to all objects in a Cloud Storage bucket named 'my-public-assets'. What is the simplest way to achieve this?

66

A team manages a GKE cluster with node pools using different machine types. They plan to upgrade the cluster to a new Kubernetes version. What is the safest upgrade strategy to minimize application downtime?

67

A company has Compute Engine instances that need to access the internet for updates but should not be reachable from the internet. They also need to access Google APIs and services like Cloud Storage. Which configuration meets these requirements?

68

An administrator is configuring firewall rules in a VPC. Two rules apply to the same traffic: rule 1 allows ingress from 0.0.0.0/0 on TCP 80, rule 2 denies ingress from 10.0.0.0/8 on TCP 80. Rule 1 has priority 1000, rule 2 has priority 500. What is the effective behavior for traffic from 10.0.0.1?

69

A company is experiencing high latency in their VPC. They enabled VPC Flow Logs to capture metadata but need to analyze the logs for traffic patterns. Which Google Cloud service should they use to query and analyze VPC Flow Logs?

70

An organization wants to enforce a policy that prohibits the creation of Cloud Storage buckets with uniform bucket-level access disabled. What should they use?

71

Which TWO IAM predefined roles grant read-only access to Cloud Storage objects but not the ability to list buckets?

72

Which TWO are best practices when designing a VPC network for a multi-tier application in Google Cloud?

73

Which THREE are valid Google Cloud Dedicated Interconnect connection options?

74

A developer notices that web-server-1 is preemptible. They want to ensure their application remains available even if this instance is terminated. What should they do?

75

An organization policy at the organization level restricts project creation to only Project Creator role holders. The exhibit shows the IAM policy for the organization. A member of the group pm-team@example.com attempts to create a project but receives a permission denied error. What is the most likely cause?

76

A user runs the gsutil command shown in the exhibit and gets an AccessDenied error. The user is not authenticated with gcloud. What should the user do first?

77

A company wants to deploy a standard VM image with pre-installed software across multiple projects. Which Google Cloud solution should they use to automate this process?

78

A company has a production GKE cluster with a node pool using n1-standard-4 machine types. They need to change to e2-standard-4 without downtime. Which approach should be taken?

79

A company runs a service on Cloud Run that needs to access a Cloud SQL instance via private IP. Both are in the same VPC network. The service cannot connect to the database. What is the most likely cause?

80

A team wants to allow a service account to be used only on specific Compute Engine VMs. Which IAM condition should be applied to the service account's roles?

81

A company is migrating hundreds of on-premises VMs to Compute Engine. They want to minimize manual effort and downtime. Which service should they use?

82

An organization's security policy requires that all Compute Engine VMs have Shielded VM features enabled. How can this be enforced at the organization level?

83

A developer wants to deploy a stateless web application that automatically scales based on HTTP traffic. The application should be cost-effective and require minimal configuration. Which compute option is best?

84

A company uses Terraform to manage Google Cloud infrastructure. They want to store the Terraform state file in a remote backend with state locking to prevent concurrent modifications. Which Google Cloud service supports this natively?

85

A company has a global web application deployed across multiple regions. They use an external HTTPS Load Balancer with backend services in us-central1 and europe-west1. They want users to be routed to the closest healthy backend. Which load balancing configuration is required?

86

Which TWO of the following are valid ways to deploy a Cloud Function? (Choose two.)

87

Which THREE of the following are best practices when using Deployment Manager to manage infrastructure? (Choose three.)

88

A company has a Cloud SQL for PostgreSQL instance that is experiencing high latency. They suspect a connection pooling issue. Which TWO configurations should be checked? (Choose two.)

89

What will happen to this instance during a Google-initiated maintenance event?

90

What does the condition in this IAM policy do?

91

What is the networking mode of this GKE cluster?

92

A company runs a batch processing job that runs daily and can handle interruptions. The job runs on a single Compute Engine instance. Which machine configuration is the most cost-effective?

93

A Cloud Run service frequently fails with 502 errors when making requests to a backend service running on Compute Engine. The two services are in the same VPC network. The Cloud Run service is configured with a VPC connector. What is the most likely cause?

94

A company runs a stateful application on Google Kubernetes Engine (GKE) that requires persistent storage and low-latency access across multiple zones. The application needs to perform well even during zonal failures. Which storage solution should they use?

95

A user wants to store a database password that will be used by a Compute Engine instance. What is the most secure and manageable approach?

96

A company has two VPC networks in the same project: 'vpc-prod' and 'vpc-dev'. They want to allow communication between instances in both VPCs. What is the simplest method?

97

A global e-commerce site uses an external HTTPS load balancer with a backend service pointing to a managed instance group. Some users report 503 errors during peak traffic. The backend instances are healthy and not overloaded. What is the most likely cause?

98

A service account needs to be able to start and stop Compute Engine instances in a specific project. Which IAM role should be assigned at the project level?

99

A team uses Cloud Build to build container images and deploy to Cloud Run. They want to automate deployments whenever a new image is pushed to Container Registry. What is the best approach?

100

A company is migrating a large on-premises SQL Server database to Cloud SQL for SQL Server. The database is 2 TB in size and must have minimal downtime. Which approach should they use?

101

Which TWO methods can be used to restrict inbound traffic to a Compute Engine instance to only specific IP addresses without relying on instance-level firewall rules? (Choose 2)

102

Which TWO are required to allow on-premises hosts to access Google APIs using internal IP addresses (Private Google Access)? (Choose 2)

103

Which THREE are required to configure Workload Identity for a GKE cluster? (Choose 3)

104

A company runs a microservices application on Google Kubernetes Engine (GKE). Each service is deployed as a Deployment with resource requests and limits. After deploying a new version of a service, the pods start crashing with OOMKilled. The team increased the memory limits in the Deployment manifest, but the pods still crash after a few minutes. The cluster has cluster autoscaling enabled. The node pool has sufficient capacity. What is the most likely cause of the issue?

105

A company runs a critical web application behind an external HTTPS load balancer. The backend consists of a managed instance group of Compute Engine instances. Users report intermittent 502 Bad Gateway errors. The load balancer logs show occasional health check failures for some instances. The instances have a custom health check endpoint that returns a 200 status code only if the application is fully healthy. The application logs do not show any errors, and CPU/memory usage on the instances is normal. What should be the first troubleshooting step to identify the root cause?

106

A company is migrating a monolithic e-commerce application to Google Cloud. The application has been refactored into microservices. Most services are stateless and can run on Cloud Run. However, the checkout service requires maintaining session state across multiple requests, and the session data must be available globally for low latency. The application will be deployed in multiple regions to serve a global user base. Which approach should the company take?

107

A company is migrating a stateful application to Google Cloud. The application requires persistent disks with low latency and high IOPS for database workloads. They plan to use Compute Engine instances with SSD persistent disks. However, the database performance is lower than expected. Which action should the company take to improve disk performance?

108

A DevOps team is deploying a microservices application on Google Kubernetes Engine (GKE). They want to ensure that the pods can securely access Google Cloud APIs (e.g., Cloud Storage) without managing service account keys. Which TWO steps should they take? (Choose two.)

109

A company is designing a hybrid network architecture connecting an on-premises data center to Google Cloud. They need high availability (99.99% SLA) and bandwidth up to 10 Gbps. They also need to use their existing MPLS circuits. Which THREE components should they include in the design? (Choose three.)

110

Your company runs a critical application on Compute Engine instances in us-central1. The application requires low latency between instances that are all in the same region. You notice that network latency between instances varies and sometimes spikes. You want to ensure consistent low-latency communication. You currently use external IP addresses for communication between instances. What should you do?

111

A company is deploying a web application on Google Kubernetes Engine. The application serves HTTP traffic and needs to scale based on CPU utilization. They also need to expose the application to the internet with a single global IP address. They create a Deployment with a HorizontalPodAutoscaler. However, the application is not receiving traffic from the internet. What should they do to expose the application correctly?

112

Your company is using Cloud Storage to store sensitive customer data. The security team requires that all objects be encrypted with a customer-managed encryption key (CMEK) and that the key be automatically rotated every 90 days. You need to implement this without changing the application code. You have created a Cloud KMS key ring and a key with rotation period set to 90 days. What additional configuration is required?

113

A company runs a batch processing workload on Compute Engine instances. The workload is triggered every hour and runs for about 10 minutes. They want to reduce costs. They currently use preemptible VMs, but they notice that sometimes the workload fails because VMs are preempted before completion. They need a cost-effective solution that ensures the workload completes reliably. What should they do?

114

Your organization uses Cloud SQL for MySQL to host a production database. The database size is 500 GB. You need to create a read replica for reporting purposes. The read replica should be in a different region for disaster recovery. You have created the read replica in the us-west1 region. However, the replication lag is higher than expected, sometimes exceeding 5 minutes. What should you do to reduce replication lag?

115

A company needs to connect two VPC networks in different Google Cloud regions. The VPCs are in separate projects under the same organization. The connection must use private IP addresses and support high throughput. Which TWO options meet these requirements? (Choose 2.)

116

Your company runs a global e-commerce platform on Google Cloud. The application is deployed across multiple regions for low latency. You use Cloud SQL for transactional data and Cloud Spanner for global consistency of inventory. Recently, the operations team reported that the application is experiencing increased latency during peak hours, and the monthly cloud bill has risen significantly. Upon investigation, you find that the Cloud SQL instance is underutilized (CPU < 20%) while Cloud Spanner split utilization is over 80%. The application instances are fronted by a global external HTTPS load balancer. Network egress costs are high. Which course of action would best address both the latency and cost issues?

Practice all 116 Manage and provision cloud infrastructure questions

Other PCA exam domains

Design and plan a cloud solution architectureDesign for security and complianceAnalyze and optimize technical and business processesManage implementation of cloud architectureEnsure solution and operations reliability

Frequently asked questions

What does the Manage and provision cloud infrastructure domain cover on the PCA exam?

The Manage and provision cloud infrastructure domain covers the key concepts tested in this area of the PCA exam blueprint published by Google Cloud. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCA domains — no account required.

How many Manage and provision cloud infrastructure questions are in the PCA question bank?

The Courseiva PCA question bank contains 116 questions in the Manage and provision cloud infrastructure domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Manage and provision cloud infrastructure for PCA?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Manage and provision cloud infrastructure questions for PCA?

Yes — the session launcher on this page draws questions exclusively from the Manage and provision cloud infrastructure domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your PCA domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

ACEPCSESAP-C02