Practice PCA Managing and Provisioning a Solution Infrastructure questions with full explanations on every answer.
Start practicing
Managing and Provisioning a Solution Infrastructure — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
An engineer needs to provision a GKE cluster with a node pool that uses preemptible VMs to reduce costs. Which gcloud command should they use?
2A company uses Cloud Deployment Manager to manage infrastructure. They want to roll back to a previous deployment state after a failed update. What is the recommended approach?
3A team wants to enforce that only container images signed by their CI/CD system can be deployed to GKE. They have enabled Binary Authorization with a policy that requires an attestor. What additional step must they take to bind the attestor to the image signing process?
4An organization has multiple GCP projects managed by a central operations team. They want to define a common VPC configuration in a host project and allow service projects to use it. Which networking feature should they use?
5A Cloud Run service needs to connect to a Cloud SQL MySQL instance privately without using public IP. What must be configured?
6Which GCP service should be used to automatically scale a GKE cluster's number of nodes based on pending pods?
7An engineer is troubleshooting a Cloud Build trigger that fails with the error 'PERMISSION_DENIED: Cloud Build service account does not have permission to access Artifact Registry'. The build needs to push a Docker image to Artifact Registry. What is the correct IAM role to assign to the Cloud Build service account?
8Which GCP service provides distributed tracing to help analyze latency in microservices applications?
9A developer wants to deploy a Cloud Function that is triggered whenever a new object is created in a Cloud Storage bucket. Which trigger type should they choose?
10An organization wants to ensure that all VMs in a project have the 'restricted-vm' tag to apply a firewall rule that allows only SSH from a bastion host. The VMs are created by multiple teams. Which approach ensures the tag is automatically applied to all new VMs?
11A company runs a stateful workload on GKE that requires at most one pod per node. They want to survive a zonal failure with minimal downtime. The application can be restarted on a new node. Which configuration should they use?
12An engineer wants to store a database password securely and allow a Cloud Run service to access it. Which GCP service should they use?
13A team is building a CI/CD pipeline for a Java application that will run on GKE. They want to automatically build the application, run unit tests, create a Docker image, push it to Artifact Registry, and deploy to GKE. Which two GCP services should be combined? (Choose two.)
14An organization wants to monitor and alert on custom application metrics from a GKE cluster. They also need to view logs in real-time and create metrics from log content. Which two GCP services should they use? (Choose two.)
15A company uses Terraform to manage infrastructure. They want to store the Terraform state file remotely and enable state locking to prevent concurrent modifications. Which three Google Cloud services or features should they use? (Choose three.)
16A DevOps team wants to automate the deployment of infrastructure on Google Cloud using a declarative configuration language. They need to support Python and Jinja templates for reusable modules. Which service should they use?
17A team is using Cloud Build to deploy a microservice to Cloud Run. They want to ensure that only containers built from a specific trusted branch in their source repository are deployed to production. Which Cloud Build feature should they use?
18A company runs a stateful application on GKE that requires persistent storage. They want to ensure that during cluster upgrades, pods are not disrupted and storage is preserved. Which configuration should they use?
19A security team wants to enforce that only container images signed by their internal CI/CD pipeline can run on GKE clusters. They also need to ensure that unsigned images are rejected at admission time. Which combination of services and configurations should they use?
20A developer wants to deploy a containerized web application on Google Cloud that can scale to zero when not in use and charges only for resources consumed during request processing. Which compute service should they choose?
21A company has a Cloud Run service that processes high-throughput requests. They want to reduce latency by keeping a baseline of warm instances always ready to handle traffic. Which Cloud Run configuration parameters should they adjust?
22A team is deploying a microservice on Cloud Run that needs to access a Cloud SQL database securely. They want to avoid using public IPs and ensure traffic stays within Google's network. Which configuration should they use?
23A financial services company requires that all audit logs be retained for 7 years in a cost-effective, immutable storage. They also need to run ad-hoc SQL queries on the logs. Which configuration should they use?
24An organization wants to manage DNS records for a domain they own (e.g., example.com) and use Google Cloud for authoritative DNS. They also need to resolve internal hostnames for resources within their VPC. Which Cloud DNS configuration should they use?
25A company uses Cloud Build to deploy a Java application to Artifact Registry. They want to automatically trigger a build only when changes are pushed to the 'main' branch in their Cloud Source Repository. Which configuration should they use?
26A team is running a GKE cluster with a workload that has variable CPU and memory usage. They want to automatically adjust pod resource requests and limits based on historical usage to improve resource efficiency. Which feature should they use?
27A company wants to grant a service account in Project A the ability to push containers to Artifact Registry in Project B. They want to follow the principle of least privilege. Which IAM roles should they assign?
28A company is deploying a critical application on GKE and wants to ensure high availability during node upgrades and failures. Which TWO configurations should they implement? (Choose 2.)
29A data analytics team wants to build a pipeline that processes files from a Cloud Storage bucket, transforms the data, and loads it into BigQuery. They want to trigger the pipeline only when new files arrive. Which THREE services can be used together to achieve this? (Choose 3.)
30A startup wants to store application secrets (e.g., API keys, database passwords) securely on Google Cloud. They need to support automatic rotation of secrets and fine-grained access control. Which TWO services should they use? (Choose 2.)
31A development team wants to automate the process of building container images from their GitHub repository and storing them in Artifact Registry. Which Google Cloud service should they use to create a build trigger that runs on every push to the main branch?
32An organization wants to manage Google Cloud infrastructure as code using declarative configuration files. They need a solution that supports Python and Jinja templating languages. Which service should they choose?
33A company runs a critical application on Compute Engine instances. They want to automatically patch the operating system on a weekly schedule to meet compliance requirements. Which Google Cloud service should they use?
34You need to create a private GKE cluster with Workload Identity enabled to allow pods to access Google Cloud APIs without static service account keys. What must you configure for the cluster?
35A Cloud Run service needs to access resources in a VPC network (e.g., a Cloud SQL instance). The service should be able to send requests to the VPC and receive responses. What is the correct configuration?
36Your organization requires all container images deployed to GKE to be signed by an approved authority. Which service enforces that only signed images are allowed to run?
37A team is using Cloud Functions with a Cloud Storage trigger. They notice that sometimes the function does not execute after a file is uploaded. What is the most likely cause?
38You have a Cloud Deploy delivery pipeline with an approval gate. You want to automatically roll back a release if the rollout fails during the deploy step. How should you configure the pipeline?
39A GKE cluster has a Horizontal Pod Autoscaler (HPA) configured for CPU utilization. The pods are not scaling up even though CPU usage is high. What could be the reason?
40Your organization uses a Shared VPC to centrally manage network resources. A project that is not the host project needs to create a Cloud SQL instance using a private IP in the Shared VPC. What must be configured?
41You want to monitor the latency of an application running on Compute Engine and create an alert if the 99th percentile latency exceeds 500ms for more than 5 minutes. Which approach should you use?
42A company needs to store secrets such as API keys and database passwords securely and access them from Compute Engine instances. Which service provides secret storage with built-in IAM integration and automatic rotation?
43Which TWO services can be used to create a CI/CD pipeline for a containerized application on Google Cloud? (Choose 2)
44You are designing a multi-region deployment for a critical application on GKE. The application must withstand a regional outage and automatically redirect traffic to the healthy region. Which THREE components must be configured? (Choose 3)
45You need to collect and analyze logs from multiple projects in a centralized BigQuery dataset for auditing. Which THREE steps are required? (Choose 3)
46A DevOps team wants to manage Google Cloud resources declaratively using Infrastructure as Code. They need to version control their configuration and automate deployments. Which two tools are natively supported by Google Cloud for this purpose?
47An organization is using Cloud Build to build container images and push them to Artifact Registry. Which step in the cloudbuild.yaml file is necessary to tag and push the image?
48A company wants to deploy a microservice on Cloud Run that requires high throughput and low latency. The service processes requests that can spike unpredictably. The team wants to minimize cold starts and ensure availability during traffic bursts. Which combination of Cloud Run settings should they configure?
49A team uses Cloud Functions triggered by Cloud Storage events to process uploaded images. They want to ensure that only HTTP-triggered functions can be invoked from outside the project. Which configuration should they apply?
50What is the purpose of a Pod Disruption Budget (PDB) in GKE?
51A company wants to enforce that only container images built and signed by their CI/CD pipeline can be deployed in their GKE cluster. Which Google Cloud service should they use?
52An engineer needs to share a VPC network across multiple projects in an organization while maintaining centralized network administration. Which approach should they use?
53Which Google Cloud service allows you to create alerting policies based on log entries?
54A company wants to use Cloud Deploy to automate deployments to GKE. They need to configure an approval gate that requires manual approval before promoting a release to a production cluster. Where is this approval gate defined?
55An organization wants to export their Cloud Logging logs to a centralized BigQuery dataset for long-term analysis. They also need to exclude logs from a specific source (e.g., a test project) to reduce costs. How should they set this up?
56A team is using GKE with cluster autoscaling enabled. They notice that some nodes are underutilized but the cluster autoscaler does not remove them. What could be the reason?
57A developer needs to store a database password securely and access it from a Cloud Run service. Which Google Cloud service should they use?
58A company wants to monitor the performance of their microservices deployed on Cloud Run. They need to capture request latencies and error rates, and also trace requests across services. Which TWO services should they use?
59A finance company needs to ensure that all compute instances in their VPC can only communicate with Google APIs (e.g., Cloud Storage) over internal IPs. Additionally, instances without external IPs should be able to access the internet for updates. Which TWO configurations should they implement?
60A team is deploying a stateful application on GKE. They want to ensure that the application's pods are distributed across different zones for high availability and that during cluster upgrades, at least one pod remains available. Which THREE features should they configure?
61A company wants to automate the creation and management of Google Cloud resources using an infrastructure-as-code tool that supports configuration drift detection and is Google Cloud-native. Which tool should they use?
62A DevOps team uses Cloud Build to deploy Docker images to GKE. They want to ensure that only images that have passed a vulnerability scan and been signed by a trusted authority can be deployed. Which service should they integrate with Cloud Build and GKE?
63An organization runs a Cloud Run service that processes incoming HTTP requests. Under heavy load, some requests timeout. The team wants to reduce cold starts and ensure consistent performance. They set min instances to 1, but the issue persists. Which additional configuration should they change?
64A company uses Cloud Deploy for continuous delivery. They have a delivery pipeline with multiple targets: dev, staging, and prod. They want to require manual approval before deploying to prod. How should they configure this?
65A developer is writing a Cloud Function that processes files uploaded to a Cloud Storage bucket. Which trigger should they use?
66A company has a Shared VPC with a service project hosting GKE clusters. The GKE nodes need to access Cloud SQL instances in the host project. The team wants to avoid public IP and use Private Service Access. They have configured a VPC peering between the host VPC and the service producer VPC for Cloud SQL. However, the GKE pods cannot reach the Cloud SQL instance. What is the most likely cause?
67A team wants to collect and analyze logs from multiple projects into a centralized BigQuery dataset for long-term retention and SQL querying. They want to exclude health check logs to reduce costs. Which approach should they use?
68An organization runs a stateful application on GKE that must not lose data during cluster upgrades or node repairs. The application uses persistent volumes with ReadWriteOnce access mode. The team wants to ensure pods are not evicted simultaneously. Which Kubernetes resource should they configure?
69A company has a GKE cluster with Workload Identity enabled. A pod needs to access a BigQuery dataset in a different project. The team has created a service account in the pod's project and granted it BigQuery Data Viewer on the dataset. They also created an IAM policy binding between the Kubernetes service account and the Google service account. The pod still gets permission denied. What is missing?
70A team wants to deploy a microservice on Cloud Run that needs to access a Cloud Memorystore for Redis instance in the same region. The Redis instance is in a VPC network. Which configuration is required for Cloud Run to reach the Redis instance?
71A company wants to automatically apply security patches to Compute Engine instances running Windows Server. They need a solution that can schedule patch installations and report compliance. Which service should they use?
72A data science team wants to run training jobs on a GKE cluster. The jobs are resource-intensive and can tolerate interruptions. To reduce costs, the team wants to use preemptible VMs for the node pool. Which additional step should they take to ensure training jobs are not lost when nodes are preempted?
73A company is migrating a legacy application that uses a file server to GCP. The application requires a shared file system that supports the NFS protocol and can be mounted by multiple Compute Engine instances. The team also needs to use Cloud NAT to allow the instances to download updates. Which TWO services should they use? (Choose 2)
74A company wants to implement a CI/CD pipeline for a Java application that will be deployed to Cloud Run. They use Cloud Build and Artifact Registry. The pipeline must compile the Java code, run unit tests, build a container image, and deploy to Cloud Run. Which THREE steps are required in the cloudbuild.yaml? (Choose 3)
75A company wants to store application secrets such as API keys and database passwords securely and audit access. They also need to automatically rotate secrets periodically. Which TWO Google Cloud services should they use? (Choose 2)
76A DevOps engineer needs to automate the deployment of a containerized application to Google Kubernetes Engine (GKE) using a CI/CD pipeline. The pipeline should build a Docker image, store it in Artifact Registry, and then deploy it to a GKE cluster. Which two Google Cloud services should be used together to achieve this?
77An organization requires that only container images signed by a trusted authority can be deployed on Google Kubernetes Engine (GKE). Which Google Cloud service should they implement?
78A company runs a batch processing workload on Compute Engine instances that read from Cloud Storage and write results to BigQuery. The instances are launched via a managed instance group (MIG) and each job takes about 30 minutes. The company wants to reduce costs without sacrificing performance. What is the most cost-effective way to provision these instances?
79A cloud architect is designing a CI/CD pipeline for a microservices application. Each service is deployed to Cloud Run. They want to use Cloud Build to automate building and deploying services only when changes occur in their respective directories. Which Cloud Build feature should they configure?
80A company is migrating its on-premises MongoDB database to Google Cloud. They want a fully managed, highly available NoSQL database that is compatible with MongoDB drivers. Which Google Cloud service should they choose?
81An organization wants to ensure that all Compute Engine instances in a project are patched with the latest security updates. They also want to enforce a custom configuration (e.g., disable root SSH login) across all instances. Which TWO Google Cloud services should they use together?
82A company runs a web application on Google Kubernetes Engine (GKE) that experiences sudden spikes in traffic. They need to automatically scale the number of pods and also ensure that the cluster itself can scale by adding new nodes when needed. Which THREE components should they configure to achieve this?
83A data engineering team wants to ingest streaming data from Pub/Sub, transform it using Apache Beam, and load it into BigQuery for real-time analytics. They need a fully managed solution that handles autoscaling and does not require managing servers. Which TWO Google Cloud services should they use?
84A company has a legacy application that runs on a single Compute Engine VM and expects to use a fixed IP address. They want to migrate the VM to a different region with minimal downtime. Which TWO actions should they take?
85A security team wants to monitor and audit all changes to IAM policies in a Google Cloud organization. They need to set up real-time alerts when a new binding is added. Which THREE services should they combine to achieve this?
86A company wants to provide a private, low-latency connection between their on-premises data center and Google Cloud, with bandwidth up to 10 Gbps and a service level agreement (SLA) of 99.99% availability. Which TWO connectivity options should they consider?
87A cloud architect needs to implement a CI/CD pipeline for a team developing a Python-based microservice. The team uses GitHub as their source repository. The pipeline should automatically run unit tests and deploy the service to Cloud Run when changes are pushed to the main branch. Which THREE Google Cloud services should they use?
The Managing and Provisioning a Solution Infrastructure domain covers the key concepts tested in this area of the PCA exam blueprint published by Google Cloud. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCA domains — no account required.
The Courseiva PCA question bank contains 87 questions in the Managing and Provisioning a Solution Infrastructure domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Managing and Provisioning a Solution Infrastructure domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included