Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Design and plan a cloud solution architecture practice sets

Google PCA Design and plan a cloud solution architecture • Complete Question Bank

Google PCA Design and plan a cloud solution architecture — All Questions With Answers

Complete Google PCA Design and plan a cloud solution architecture question bank — all 0 questions with answers and detailed explanations.

55
Questions
Free
No signup
Certifications/Google PCA/Practice Test/Design and plan a cloud solution architecture/All Questions
Question 1mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is migrating on-premises workloads to Google Cloud. They have a critical application that requires consistent low-latency access to a database, with read replicas in multiple regions for disaster recovery. The application is expected to grow by 10x over the next year. Which database service and configuration should the architect choose to meet these requirements?

Question 2hardmulti select
Read the full Design and plan a cloud solution architecture explanation →

A financial services company is designing a multi-tier application on Google Cloud. The application must meet PCI DSS compliance, with data encrypted at rest and in transit. They plan to use Cloud SQL for PostgreSQL for transactional data and Cloud Storage for archival data. Which TWO actions should the architect take to meet compliance requirements?

Question 3hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. An architect created a VM instance using the above command. After the instance starts, the architect tries to access the nginx default page from the internet but gets a timeout. What is the most likely reason?

Exhibit

Refer to the exhibit.

gcloud compute instances create my-instance \
  --zone=us-central1-a \
  --machine-type=e2-micro \
  --image-family=debian-11 \
  --image-project=debian-cloud \
  --boot-disk-size=20GB \
  --boot-disk-type=pd-standard \
  --network-interface=subnet=default,no-address \
  --metadata=startup-script='#! /bin/bash
    sudo apt-get update
    sudo apt-get install -y nginx
    sudo systemctl enable nginx
    sudo systemctl start nginx'
Question 4easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A media streaming company is deploying a new video transcoding pipeline on Google Cloud. The pipeline receives raw video files uploaded to Cloud Storage, triggers a Cloud Function that submits transcoding jobs to a Compute Engine worker pool, and stores the transcoded output in another Cloud Storage bucket. The workers are managed by a managed instance group (MIG) running a custom container image. Currently, when there is a spike in uploads, the MIG takes 5-7 minutes to scale up new workers, causing processing delays. The architect needs to reduce the time to add new workers to under 2 minutes. The workers are stateless and the container image is about 2 GB. What should the architect do?

Question 5easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is migrating a legacy monolithic application to Google Cloud. The application currently runs on a single on-premises server and uses a local MySQL database. The company wants to minimize changes to the application code while improving scalability and reliability. Which migration strategy should the architect recommend?

Question 6hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A global e-commerce platform is experiencing intermittent latency spikes during flash sales. The application is deployed on Google Kubernetes Engine (GKE) with a regional cluster. The architecture includes a frontend service, a product catalog service using Cloud Spanner, and an order processing service using Cloud Pub/Sub. During high load, the catalog service shows increased query latency, and some requests time out. What should the architect prioritize to address the issue?

Question 7mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A startup is developing a real-time analytics dashboard that ingests data from IoT devices. The data volume is unpredictable but can spike to millions of events per second. The dashboard must display near real-time aggregations with sub-second latency. Which Google Cloud architecture should the architect recommend?

Question 8hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A financial services company is designing a multi-region disaster recovery architecture for a critical application. The application runs on Compute Engine with a stateful backend using Cloud Spanner. The Recovery Time Objective (RTO) is 1 hour, and the Recovery Point Objective (RPO) is 15 minutes. What architecture meets these requirements cost-effectively?

Question 9easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company wants to restrict access to a Cloud Storage bucket so that only a specific service account can read objects. The bucket contains sensitive data. Which identity and access management (IAM) approach should the architect use?

Question 10mediumdrag order
Read the full Design and plan a cloud solution architecture explanation →

Drag and drop the steps to set up a VPC network peering between two projects in Google Cloud into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 11mediumdrag order
Read the full Design and plan a cloud solution architecture explanation →

Drag and drop the steps to recover a Cloud SQL instance from a backup into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 12mediummatching
Read the full Design and plan a cloud solution architecture explanation →

Match each Google Cloud service to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Distribute traffic across instances

Cache content at edge locations

Protect against DDoS and web attacks

Enable outbound internet for private instances

Dedicated connection between on-prem and GCP

Question 13mediummatching
Read the full Design and plan a cloud solution architecture explanation →

Match each GCP security service to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manage encryption keys

Hardware security module for key protection

Store API keys, passwords, certificates

Manage access control

Centralized security and risk management

Question 14easymultiple choice
Read the full NAT/PAT explanation →

A multinational e-commerce company needs a globally distributed database that provides strong consistency and transactional support for order processing. Which Google Cloud database service should they use?

Question 15mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A data analytics company runs nightly batch jobs using Compute Engine instances. The jobs can tolerate interruptions, and the company wants to minimize costs. What should they do?

Question 16hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A financial services company is designing a multi-region application on Google Kubernetes Engine (GKE) for high availability. They need to serve user requests from the closest region and automatically failover if a region becomes unavailable. Which architecture should they use?

Question 17easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A media company wants to serve publicly available images and videos to a global audience with low latency. Which Google Cloud service should they primarily use?

Question 18mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is migrating an on-premises PostgreSQL database to Cloud SQL with minimal downtime. The database is 1 TB and the network link has 500 Mbps bandwidth. Which migration approach is most appropriate?

Question 19hardmultiple choice
Read the full VPN explanation →

A company has a hub-and-spoke VPC topology with multiple on-premises locations connected via Cloud VPN to the hub VPC. They notice IP conflicts because overlapping CIDR ranges are used in different spokes. The network team wants to allow communication between spokes without re-IPing. What should they do?

Question 20easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A small startup wants to deploy a containerized web application that scales automatically and only charges for resources used. They have limited operational experience. Which compute solution should they choose?

Question 21mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

An organization has multiple Google Cloud projects that need to access a shared Cloud SQL database. The database should only be accessible from authorized projects. What is the most secure way to grant access?

Question 22hardmultiple choice
Read the full NAT/PAT explanation →

A company is building a real-time data pipeline that ingests events from IoT devices, processes them with Apache Beam, and stores results in BigQuery for analytics. The pipeline must handle spikes in traffic and guarantee exactly-once processing. Which combination of services should they use?

Question 23mediummulti select
Read the full VPN explanation →

Which TWO statements are true regarding the benefits of using VPC Network Peering over Cloud VPN for connecting two VPC networks?

Question 24hardmulti select
Read the full Design and plan a cloud solution architecture explanation →

A company has set up an external HTTP(S) load balancer with a backend service pointing to a managed instance group. Some instances are failing health checks. Which TWO actions should the company take to troubleshoot the issue?

Question 25easymulti select
Read the full Design and plan a cloud solution architecture explanation →

Which THREE practices are recommended for organizing projects in a Google Cloud organization?

Question 26easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. What is the primary benefit of the `--preemptible` flag in this command?

Exhibit

```
gcloud compute instances create my-instance \
    --zone=us-central1-a \
    --machine-type=e2-medium \
    --image-family=debian-10 \
    --image-project=debian-cloud \
    --preemptible
```
Question 27mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. A Cloud Storage bucket has this IAM policy. What security recommendation should be made?

Exhibit

```json
{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": [
        "allUsers"
      ]
    }
  ]
}
```
Question 28hardmultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. A subnet was created with the `--enable-private-ip-google-access` flag. What does this flag enable for instances in this subnet?

Exhibit

```
gcloud compute networks subnets create private-subnet \
    --network=my-vpc \
    --region=us-west1 \
    --range=10.0.1.0/24 \
    --enable-private-ip-google-access
```
Question 29easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A startup is building a web application that experiences unpredictable traffic spikes. They want a scalable solution that minimizes costs. Which Google Cloud service should they use to run their containerized application?

Question 30easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is migrating to Google Cloud and needs to connect their on-premises network to a VPC. They require high bandwidth and a reliable connection with a Service Level Agreement (SLA). Which solution should they choose?

Question 31easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

You need to store object data that is accessed infrequently (once a quarter) but must be retained for 10 years for compliance. Which storage class is the most cost-effective?

Question 32mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is designing a multi-region architecture for disaster recovery. Their primary region is us-central1 and they want a warm standby in another region. The application runs on Compute Engine with a stateful backend. Which approach minimizes RTO while keeping costs reasonable?

Question 33mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A financial services company requires that all data stored in Cloud Storage be encrypted with keys they manage, rotate, and audit. They also need to enforce encryption at the bucket level. Which configuration should they use?

Question 34mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company hosts a web application on Compute Engine behind a global HTTP(S) load balancer. They notice that some users experience high latency from certain regions. They want to improve performance without adding complexity. What should they do?

Question 35hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is migrating a monolithic application to Google Cloud. The application consists of a stateful service that writes to local disk and a stateless web server. They want to minimize changes to the code. Which architecture should they use?

Question 36hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company has a Cloud SQL for PostgreSQL instance with high read traffic. They want to offload read queries without modifying the application. Which strategy should they implement?

Question 37hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is designing a VPC architecture for a multi-tenant SaaS platform. Each tenant has isolated workloads that must not communicate with each other. They also need centralized network security and logging. Which VPC design meets these requirements?

Question 38mediummulti select
Read the full Design and plan a cloud solution architecture explanation →

Which TWO actions reduce egress costs when transferring data from Compute Engine to the internet? (Choose 2)

Question 39mediummulti select
Read the full Design and plan a cloud solution architecture explanation →

Which THREE are best practices for designing a highly available Cloud SQL for MySQL instance? (Choose 3)

Question 40hardmulti select
Read the full Design and plan a cloud solution architecture explanation →

A company wants to deploy a stateful application with strict low-latency requirements across multiple zones in a single region. They need to minimize inter-zone latency. Which THREE actions should they take? (Choose 3)

Question 41hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

The exhibit shows a command to create a Compute Engine instance. The instance is intended to run a web server that needs to access Cloud Storage buckets using its service account. However, the web server fails to read from a storage bucket. What is the most likely cause?

Exhibit

Refer to the exhibit.

gcloud compute instances create my-instance \
    --zone=us-central1-a \
    --machine-type=n1-standard-4 \
    --image-family=ubuntu-2004-lts \
    --image-project=ubuntu-os-cloud \
    --boot-disk-size=50GB \
    --boot-disk-type=pd-ssd \
    --scopes=cloud-platform \
    --service-account=my-sa@project.iam.gserviceaccount.com \
    --tags=http-server,https-server
Question 42mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

The exhibit shows a Cloud Storage bucket IAM policy. A developer (admin@example.com) wants to upload a file to the bucket but gets a permission denied error. What is the most likely reason?

Exhibit

Refer to the exhibit.

{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": [
        "user:admin@example.com"
      ]
    },
    {
      "role": "roles/storage.objectAdmin",
      "members": [
        "serviceAccount:my-sa@project.iam.gserviceaccount.com"
      ]
    }
  ]
}
Question 43hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is migrating a critical on-premises application to Google Cloud. The application consists of a frontend web server that handles user requests and a backend database server that stores session state and processed data. The application is stateful because session data is stored in memory on the backend server. The company wants to minimize downtime during migration and ensure that the application can scale horizontally in the future. The current on-premises architecture has the web server and database server on separate physical machines. The web server communicates with the database server via a private network. The company expects that after migration, the application will need to handle double the current traffic. They also need to ensure that the architecture is resilient to zone failures within a single region. They are considering using Compute Engine for both the web and database servers, but they are open to other Google Cloud services. They have a requirement that the database must be relational and support ACID transactions. The database currently uses Microsoft SQL Server, but they are willing to migrate to a different database engine if it reduces operational overhead and provides better scalability. The team has limited experience with Google Cloud and wants to minimize architectural changes. Which course of action should the company take?

Question 44mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company is designing a microservices architecture on Google Kubernetes Engine (GKE) for a global user base. They require high availability across multiple zones, automatic scaling, and rolling updates without downtime. Which Kubernetes workload resource should they use for each service?

Question 45hardmulti select
Read the full Design and plan a cloud solution architecture explanation →

A company is planning a hybrid cloud architecture using Anthos to manage workloads across on-premises data centers and Google Cloud. They need to select two key components that enable consistent configuration, policy, and security across environments. Which two should they choose?

Question 46easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Your company has migrated its legacy web application from a single Compute Engine instance to a managed instance group (MIG) behind an HTTP(S) load balancer. The application was updated to a new version as part of the migration. After the migration, users report intermittent 502 Bad Gateway errors. The application logs show no errors, and the load balancer backend health checks are reported as healthy. On investigation, the developers discover that the new version requires a specific environment variable for authentication to a downstream service. This variable was set manually on the original instance but is missing from the MIG's instance template. The health check endpoint does not depend on this variable and always returns a 200 status even when the variable is absent. As a result, instances created from the template are considered healthy by the load balancer, but when they receive requests that require authentication, they fail and return a 502 error to the client. What is the most likely cause of the 502 errors?

Question 47mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company runs a multi-tier web application on Google Kubernetes Engine (GKE) with a frontend service, a backend service, and a Cloud SQL for PostgreSQL database. During peak hours, the frontend pod CPU usage is high (consistently above 80%), while the backend service shows moderate CPU usage (around 50%). Response times for user requests increase significantly, often exceeding the 200ms p99 latency target. Cloud SQL metrics show low query latency and no contention. The team wants to improve performance in a cost-effective manner. Which initial step should they take?

Question 48mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. A user alice@example.com is unable to list objects in bucket 'bucket-b'. What is the most likely reason?

Exhibit

Refer to the exhibit.

```json
{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": ["user:alice@example.com"],
      "condition": {
        "title": "only_bucket_a",
        "expression": "resource.name.startsWith('projects/_/buckets/bucket-a/')"
      }
    }
  ]
}
```
Question 49hardmulti select
Read the full Design and plan a cloud solution architecture explanation →

A company is migrating a legacy on-premises application to Google Cloud. The application has strict low-latency requirements between its components and requires stateful TCP sessions. Which TWO design decisions should the architect recommend?

Question 50easymultiple choice
Read the full Design and plan a cloud solution architecture explanation →

A company runs a web application on Compute Engine instances behind a global HTTP(S) Load Balancer. The application uses Cloud SQL for MySQL for user data. Users report that during peak hours, the page load times increase significantly. The development team notices that the number of database connections exceeds the maximum allowed, causing some requests to fail. The application is designed to use connection pooling with a maximum pool size of 100 connections per instance. There are currently 10 instances. The Cloud SQL instance is configured with 4 vCPUs and 15 GB memory, and the maximum connections is set to 400. The application team wants to minimize cost while resolving the issue. What should the architect recommend?

Question 51hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. A user creates a snapshot of a persistent disk. Later, they want to create a new VM from this snapshot in the same project but in a different region (europe-west1). Which step is missing or incorrect?

Network Topology
gcloud compute instances listfilter='name:my-instance'format='value(name,zone,status,networkInterfaces[0].networkIP,disks[0].deviceName)'zone=us-central1format='value(name,sizeGb,type,users)'gcloud compute snapshots listfilter='sourceDisk:my-instance-disk'format='value(name,sourceDisk,diskSizeGb,creationTimestamp)'source-disk=my-instance-disksource-disk-zone=us-central1asyncNAME ZONE STATUS NETWORK_IP DEVICE_NAMEmy-instance us-central1 RUNNING 10.128.0.2 my-instance-diskmy-instance-disk 100 pd-standard us-central1-a/instances/my-instanceNo snapshots found.Output:Operation [operation-12345] is running...
Question 52hardmultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. A security team wants to ensure that the service account 'sa-compute' can only be used by the instance admin role. Currently, any user with 'iam.serviceAccountUser' on the project can impersonate it. Which change should be made to the policy?

Exhibit

{
  "bindings": [
    {
      "role": "roles/compute.networkAdmin",
      "members": [
        "user:admin@example.com"
      ]
    },
    {
      "role": "roles/compute.instanceAdmin.v1",
      "members": [
        "user:developer@example.com"
      ]
    },
    {
      "role": "roles/iam.serviceAccountUser",
      "members": [
        "serviceAccount:sa-compute@project.iam.gserviceaccount.com"
      ]
    }
  ],
  "etag": "BwVJQ2RfPHQ="
}
Question 53mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. An engineer deploys this Terraform configuration. After deployment, they can SSH into the VM using its public IP. However, they want to restrict SSH access to only a specific IP range (203.0.113.0/24). What change is required?

Exhibit

resource "google_compute_firewall" "allow_ssh" {
  name    = "allow-ssh"
  network = "default"
  priority = 1000
  allow {
    protocol = "tcp"
    ports    = ["22"]
  }
  source_ranges = ["0.0.0.0/0"]
  target_tags   = ["ssh-allowed"]
}

resource "google_compute_instance" "my_instance" {
  name         = "my-instance"
  machine_type = "e2-micro"
  zone         = "us-central1-a"
  tags         = ["web", "ssh-allowed"]
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }
  network_interface {
    network = "default"
    access_config {
      // Ephemeral public IP
    }
  }
}
Question 54hardmultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. All five nginx pods are scheduled on the same node (default-pool-1). What is the most likely reason?

Network Topology
zone us-central1-anum-nodes=3enable-autoscalingmin-nodes=1max-nodes=10machine-type=e2-standard-2scopes=cloud-platformkubectl run nginximage=nginxreplicas=5requests=cpu=500mlimits=cpu=1kubectl get pods -o widekubectl get nodesNAME STATUS ROLES AGE VERSIONgke-my-cluster-default-pool-1 Ready node 15m v1.28gke-my-cluster-default-pool-2 Ready node 15m v1.28gke-my-cluster-default-pool-3 Ready node 15m v1.28
Question 55mediummultiple choice
Read the full Design and plan a cloud solution architecture explanation →

Refer to the exhibit. A user creates a Cloud SQL for PostgreSQL instance and a Compute Engine VM. The VM cannot connect to the database. What is the most likely cause?

Network Topology
database-version=POSTGRES_13tier=db-custom-2-7680region=us-central1edition=enterpriseroot-password=Passw0rd!assign-ip

Practice tests

Scored 10-question sessions with instant feedback and explanations.

Google PCA Practice Test 1 — 10 Questions→Google PCA Practice Test 2 — 10 Questions→Google PCA Practice Test 3 — 10 Questions→Google PCA Practice Test 4 — 10 Questions→Google PCA Practice Test 5 — 10 Questions→Google PCA Practice Exam 1 — 20 Questions→Google PCA Practice Exam 2 — 20 Questions→Google PCA Practice Exam 3 — 20 Questions→Google PCA Practice Exam 4 — 20 Questions→Free Google PCA Practice Test 1 — 30 Questions→Free Google PCA Practice Test 2 — 30 Questions→Free Google PCA Practice Test 3 — 30 Questions→Google PCA Practice Questions 1 — 50 Questions→Google PCA Practice Questions 2 — 50 Questions→Google PCA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Design and plan a cloud solution architectureManage and provision cloud infrastructureDesign for security and complianceAnalyze and optimize technical and business processesManage implementation of cloud architectureEnsure solution and operations reliability

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Design and plan a cloud solution architecture setsAll Design and plan a cloud solution architecture questionsGoogle PCA Practice Hub