Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage implementation of cloud architecture practice sets

Google PCA Manage implementation of cloud architecture • Complete Question Bank

Google PCA Manage implementation of cloud architecture — All Questions With Answers

Complete Google PCA Manage implementation of cloud architecture question bank — all 0 questions with answers and detailed explanations.

88
Questions
Free
No signup
Certifications/Google PCA/Practice Test/Manage implementation of cloud architecture/All Questions
Question 1mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

Your team has deployed a microservices application on Google Kubernetes Engine (GKE) with multiple services communicating via internal ClusterIP services. You notice that some requests between services are failing intermittently with 'connection refused' errors. The services are defined with readiness probes. What is the most likely cause?

Question 2hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

An organization is running a stateful workload on Compute Engine with a single persistent disk. They want to migrate to a regional persistent disk for higher availability. The disk is 500 GB and currently 80% full. They need zero downtime during the migration. What is the recommended approach?

Question 3easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is planning to deploy a global web application on Google Cloud. They expect low latency for users worldwide and need to serve static content (images, CSS) as well as dynamic API responses. Which architecture should they use?

Question 4mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

You are designing a CI/CD pipeline for a containerized application on Google Cloud. The application is built with Cloud Build, stored in Container Registry, and deployed to GKE. The team wants to ensure that only images that pass vulnerability scanning are deployed. What should you do?

Question 5hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company runs a data analytics platform on Google Cloud using BigQuery, Dataflow, and Cloud Storage. They notice that Dataflow jobs are failing with 'out of memory' errors for certain large pipelines. The pipelines process variable amounts of data, sometimes spiking 10x normal. Which strategy should they use to handle these spikes cost-effectively?

Question 6easymultiple choice
Read the full NAT/PAT explanation →

A startup wants to deploy a web application on Google Cloud with a MySQL database. They anticipate low traffic initially but want the ability to scale seamlessly. They also want to minimize operational overhead. Which combination of services should they choose?

Question 7mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

Your organization has a policy that all Compute Engine instances must have specific labels (env, team, cost-center) applied. You want to enforce this automatically when instances are created. What should you do?

Question 8mediummulti select
Read the full Manage implementation of cloud architecture explanation →

Which TWO statements are true about Google Cloud HTTPS Load Balancers?

Question 9hardmulti select
Read the full Manage implementation of cloud architecture explanation →

Which THREE actions can help reduce costs for a BigQuery workload that runs frequent, ad-hoc analytical queries on a large dataset?

Question 10hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

An engineer runs the command above. A few days later, the instance becomes unresponsive. Upon investigation, you find that the boot disk is 100 GB and 95% full. The data disk is 500 GB and only 20% full. What is the most likely cause of the unresponsiveness?

Network Topology
image-family=ubuntu-2004-ltsimage-project=ubuntu-os-cloudzone=us-central1-a \machine-type=n1-standard-4 \boot-disk-size=100GB \boot-disk-type=pd-ssd \create-disk=name=data-diskRefer to the exhibit.```
Question 11easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

You are reviewing an IAM policy for a Cloud Storage bucket. Alice is a member of the data-team group. What level of access does Alice have to objects in this bucket?

Exhibit

Refer to the exhibit.
```
{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": [
        "user:alice@example.com",
        "serviceAccount:sa-bucket@project.iam.gserviceaccount.com"
      ]
    },
    {
      "role": "roles/storage.objectAdmin",
      "members": [
        "group:data-team@example.com"
      ]
    }
  ]
}
```
Question 12hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

Your company runs a critical application on Google Kubernetes Engine (GKE) in us-central1. The application consists of a frontend deployment with 3 replicas and a backend statefulset with 5 replicas using persistent volumes (SSD). Recently, the team noticed that during a regional outage in us-central1, the application became completely unavailable. They want to design a multi-region architecture that can survive a regional failure with RPO of 1 hour and RTO of 30 minutes. The application is stateless on the frontend but the backend stores critical data on persistent disks. The backend can operate in a read-only mode from a secondary region if needed. They have a limited budget and want to minimize ongoing costs. Which approach should they take?

Question 13mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is migrating a monolithic application to Google Kubernetes Engine (GKE). The application currently runs on a single Compute Engine instance and stores session state in local memory. The migration must support horizontal scaling and high availability. What should the company do to manage session state in the new architecture?

Question 14easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company runs a batch processing workload on Compute Engine instances in a managed instance group (MIG). The job is CPU-intensive and takes approximately 4 hours to complete. The company wants to reduce costs without sacrificing performance. Which action should they take?

Question 15hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

An organization has deployed a multi-region Cloud Spanner instance for a global application. The application is experiencing high latency for read requests from a specific region. The team has verified that the application is using stale reads and the data distribution is even. What is the most likely cause of the high latency?

Question 16mediummultiple choice
Review the full routing breakdown →

A company is using Cloud Load Balancing to distribute traffic to a managed instance group (MIG) of web servers. The web servers are currently running in us-central1. To improve availability, the company plans to add a second MIG in us-west1. What must be done to ensure traffic is automatically routed to the closest healthy backend?

Question 17hardmulti select
Read the full Manage implementation of cloud architecture explanation →

A company is designing a disaster recovery plan for a critical application running on Compute Engine. The application uses a PostgreSQL database and stores files on persistent disks. The recovery time objective (RTO) is 4 hours, and the recovery point objective (RPO) is 1 hour. Which two actions should the company take?

Question 18hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

Your company runs a containerized microservices application on Google Kubernetes Engine (GKE) with a regional cluster. The application consists of a frontend service, a backend API service, and a background worker service that processes messages from Cloud Pub/Sub. The worker service uses a Deployment with 3 replicas. Recently, the team noticed that the worker service is frequently failing with 'ContainerCreating' errors. The error message in the pod events is: 'Failed to pull image "gcr.io/my-project/my-worker:latest": rpc error: code = DeadlineExceeded desc = context deadline exceeded'. The image is stored in Container Registry in the same project. The cluster nodes are n1-standard-2 VMs with 10 GB of disk space. The team has confirmed that the image exists and that the nodes have internet access. What is the most likely cause of the issue?

Question 19mediummulti select
Read the full NAT/PAT explanation →

Your organization is moving a legacy monolithic application to Google Kubernetes Engine (GKE). The application currently runs on a single virtual machine with a local MySQL database. You need to design a cloud-native architecture that improves scalability and reliability. Which two actions should you take? (Choose TWO.)

Question 20easymultiple choice
Read the full NAT/PAT explanation →

Your company runs a critical application on Compute Engine instances in a managed instance group across three zones. The application writes logs to local disk. You are asked to improve the reliability of log retention and ensure logs are available in case of instance failure. You have already configured a health check that automatically recreates instances. However, after a recent zonal outage, logs from the affected instances were lost. You need to implement a solution that preserves logs even when instances are terminated. What should you do?

Question 21mediummulti select
Read the full Manage implementation of cloud architecture explanation →

A company is deploying a microservices application on Google Kubernetes Engine (GKE). They want to ensure that the cluster can automatically scale based on custom metrics, such as the number of pending requests per pod. Which two steps should they take? (Choose TWO)

Question 22easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A developer runs the command above and sees the output. The cluster has one node pool with 3 nodes, each of type e2-standard-4 (4 vCPU, 16 GB RAM). The application requires at least 2 GB of memory per pod and the cluster has 10 pods that need to be scheduled. The developer also notices that the node pool autoscaling is enabled with a minimum of 1 and maximum of 5 nodes. However, the cluster is unable to schedule all pods. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
$ gcloud container clusters describe my-cluster --zone us-central1-a --format 'table(name, nodeConfig.machineType, nodePools[].initialNodeCount, nodePools[].config.machineType)'
NAME: my-cluster
MASTER_VERSION: 1.28.5-gke.2000
NODE_CONFIG_MACHINE_TYPE: e2-standard-4
NODE_POOLS: [0].initialNodeCount: 3
NODE_POOLS: [0].config.machineType: e2-standard-4
```
Question 23hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A large e-commerce company runs a multi-tier application on Google Cloud. The frontend is served by a global HTTP Load Balancer with a backend service pointing to a managed instance group (MIG) of nginx web servers. The application tier consists of a regional internal TCP/UDP load balancer distributing traffic to a MIG of Java application servers. The database tier uses Cloud SQL for PostgreSQL in a failover replica configuration. The architecture is deployed in the us-central1 region across three zones. Recently, the operations team noticed intermittent 502 Bad Gateway errors from the frontend load balancer during peak traffic hours. The errors last for a few minutes and then recover. The team suspects the application tier is overwhelmed. They need to implement a solution that can handle traffic spikes without manual intervention. Which course of action should they take?

Question 24mediumdrag order
Read the full Manage implementation of cloud architecture explanation →

Drag and drop the steps to deploy a containerized application to Google Kubernetes Engine (GKE) using a Deployment into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 25mediummatching
Read the full Manage implementation of cloud architecture explanation →

Match each IAM role type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Legacy roles like Owner, Editor, Viewer

Fine-grained roles managed by Google

User-defined roles with specific permissions

Another name for Basic roles

Identity for applications, not users

Question 26easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is migrating a monolithic application to Google Cloud. They want to minimize changes to the application code while taking advantage of Cloud Run for serverless containers. Which approach should they take?

Question 27hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

An organization has a multi-regional deployment of a stateful application on GKE using regional persistent disks. They need to implement disaster recovery with an RPO of less than 1 hour and RTO of 30 minutes. What is the most cost-effective approach?

Question 28mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A DevOps team is building a CI/CD pipeline for a microservices application deployed on Google Kubernetes Engine. They want to ensure that each microservice can be deployed independently without affecting other services. Which strategy should they use?

Question 29easymultiple choice
Read the full NAT/PAT explanation →

A company is using Cloud NAT to allow private instances to access the internet. They notice that outbound connections are failing intermittently. What is the most likely cause?

Question 30hardmultiple choice
Open the full VLAN trunking answer →

An organization needs to connect an on-premises data center to Google Cloud using Dedicated Interconnect with a 10 Gbps link. They require high availability and want to achieve 99.99% SLA. What is the minimum number of VLAN attachments and Interconnect connections needed?

Question 31mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is using Cloud SQL for PostgreSQL and needs to run a one-time heavy analytical query that takes over 30 minutes and uses 100% CPU. The production database is serving user traffic with high QPS. What should the company do to run the query without impacting production?

Question 32easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A developer accidentally deleted a bucket in Cloud Storage. The bucket had object versioning enabled. How can the bucket and its objects be restored?

Question 33hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is using Cloud Armor with HTTP Load Balancing to protect a web application. They want to block traffic from specific IP ranges for all requests except those that include a valid reCAPTCHA token. Which Cloud Armor rule configuration should they use?

Question 34mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is deploying a new application on Compute Engine and wants to automate the installation of a custom agent on every newly created VM in a specific project. Which Google Cloud service should they use?

Question 35mediummulti select
Read the full Manage implementation of cloud architecture explanation →

Which TWO statements about Google Cloud VPC firewall rules are correct? (Choose two.)

Question 36hardmulti select
Read the full Manage implementation of cloud architecture explanation →

Which THREE factors should be considered when choosing a Google Cloud region for deploying a low-latency application serving global users? (Choose three.)

Question 37easymulti select
Read the full Manage implementation of cloud architecture explanation →

Which TWO methods can be used to provide secure access to a private Google Kubernetes Engine (GKE) cluster from the internet? (Choose two.)

Question 38hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

What is the most likely reason the NetworkPolicy is not taking effect?

Exhibit

Refer to the exhibit.

gcloud container clusters describe prod-cluster --region us-central1
...
networkPolicy:
  enabled: true
  provider: CALICO
...

The cluster is using Calico network policies. A developer deploys a manifest that defines a NetworkPolicy that allows ingress from pods with label 'app: frontend' but the traffic is still blocked. The pod logs show no network error but the connection times out.
Question 39mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

Why did the VM resource fail while the disk succeeded?

Exhibit

Refer to the exhibit.

gcloud deployment-manager deployments describe my-deployment
---
id: '12345'
name: my-deployment
manifest: manifest-123
state: DEPLOYED
resources:
- name: my-vm
  type: compute.v1.instance
  properties:
    machineType: zones/us-central1-a/machineTypes/n1-standard-1
    networkInterfaces:
    - network: global/networks/default
  currentStatus: FAILED
- name: my-disk
  type: compute.v1.disk
  properties:
    zone: us-central1-a
    sizeGb: 10
  currentStatus: SUCCESS
Question 40easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A developer is trying to deploy a Compute Engine instance from a Cloud Build step. The build fails with the above error. What is the problem?

Exhibit

Refer to the exhibit.

error: googleapi: Error 403: The caller does not have permission, forbidden
Stackdriver Logging logged: 'iam.serviceAccounts.actAs' permission on service account '12345-compute@developer.gserviceaccount.com'.
Question 41easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A startup wants to deploy a containerized application with minimal operational overhead. They expect variable traffic. Which compute option should they choose?

Question 42mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company has a requirement to store application logs for 7 years for compliance. They are using Cloud Logging. What is the most cost-effective way to retain logs?

Question 43hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

An organization is using Shared VPC with multiple projects. They want to allow a service project to use a Cloud SQL instance created in the host project. Which step is required?

Question 44mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A developer is using Cloud Build to automate deployments. The build fails with an error: 'Permission 'iam.serviceAccounts.actAs' denied.' What is the most likely cause?

Question 45easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company wants to store backup data that is accessed rarely but must be available for retrieval within minutes. Which Cloud Storage class is appropriate?

Question 46mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

An organization is implementing a Hub-and-Spoke network topology with multiple VPCs. Which Google Cloud product is designed for centralized connectivity and policy enforcement?

Question 47hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company uses Cloud Bigtable for time-series data. They experience high latency and uneven load distribution across nodes. What is the most likely cause?

Question 48easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A developer needs to secure secrets (API keys, passwords) used in a Cloud Function. What is the recommended approach?

Question 49hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

An organization wants to enforce that all Compute Engine VMs are created with specific disk encryption keys. Which policy mechanism should they use?

Question 50hardmulti select
Read the full Manage implementation of cloud architecture explanation →

A company is designing a highly available architecture for a stateful application on Compute Engine. They need to protect against zonal failures. Which THREE steps should they take?

Question 51mediummulti select
Read the full Manage implementation of cloud architecture explanation →

An organization wants to monitor network traffic between VMs in a VPC for troubleshooting. Which TWO services can provide this?

Question 52easymulti select
Read the full Manage implementation of cloud architecture explanation →

What are two best practices for designing a scalable Kubernetes architecture on GKE?

Question 53easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A startup is migrating a monolithic application to Google Cloud. They want to minimize operational overhead and auto-scale based on HTTP request load. Which compute solution should they choose?

Question 54mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A financial services company runs a mission-critical database on Compute Engine with local SSDs. They need to ensure data durability in case of an instance failure while maintaining low latency. What should they do?

Question 55hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A global e-commerce platform uses Spanner for its transactional database. They observe that some transactions are aborted with 'ABORTED' status due to contention. The application retries immediately, but throughput degrades. What design change should they implement to reduce contention?

Question 56easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company wants to store customer transaction logs for 7 years for compliance. The logs are accessed rarely but must be retrievable within 24 hours. Which storage option is most cost-effective?

Question 57mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A healthcare SaaS provider runs workloads in Google Cloud and needs to comply with HIPAA. They use Cloud SQL for PostgreSQL and want to encrypt data at rest with customer-managed encryption keys (CMEK). Which steps must they take?

Question 58hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A media streaming company uses Google Cloud CDN to deliver content. They notice that users in certain regions experience high latency despite CDN caching. The content is dynamic based on user location (e.g., local news). What should they do to improve performance?

Question 59easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company wants to deploy a containerized application on Google Cloud and needs persistent storage that can be accessed by multiple pods in a GKE cluster concurrently. Which storage solution should they use?

Question 60mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

An organization uses Cloud Deployment Manager to manage infrastructure as code. They need to ensure that changes to production resources are reviewed and approved before deployment. What should they do?

Question 61hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is migrating a legacy application to Google Cloud. The application has a stateful TCP-based protocol that requires client IP persistence. They plan to use a load balancer. Which load balancer type should they choose?

Question 62mediummulti select
Read the full Manage implementation of cloud architecture explanation →

Which TWO of the following are valid methods to securely access Google Cloud APIs from a Compute Engine instance without managing service account keys?

Question 63hardmulti select
Read the full Manage implementation of cloud architecture explanation →

Which THREE of the following are recommended practices when designing a highly available architecture on Google Cloud using multiple regions?

Question 64easymulti select
Read the full Manage implementation of cloud architecture explanation →

Which TWO of the following are benefits of using a VPC Service Controls perimeter?

Question 65easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is migrating a monolithic application to Google Cloud and wants to minimize operational overhead for scaling. Which service should they use?

Question 66easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A developer needs to deploy a stateful application that requires persistent storage across pod restarts in Google Kubernetes Engine. Which resource should they use?

Question 67easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company stores sensitive data in Cloud Storage and wants to enforce encryption at rest using customer-managed keys. Which Google Cloud service should they use to manage the keys?

Question 68mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is using Cloud Load Balancing with backend services across multiple regions. They notice that traffic is not being evenly distributed and some backends are overloaded. Which configuration should they check?

Question 69mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A team is designing a multi-tier web application on Compute Engine. They need to ensure that only the web tier can access the application tier over a specific port. They plan to use VPC firewall rules. Which approach minimizes the attack surface?

Question 70mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is using Cloud SQL for MySQL and wants to implement automated backups that are retained for 30 days. They also need point-in-time recovery. Which configuration should they use?

Question 71hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company runs a critical application on Compute Engine with a stateful workload. They want to achieve 99.99% availability within a single region. Which architecture should they recommend?

Question 72hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A large enterprise is migrating their on-premises data center to Google Cloud. They have hundreds of VMs and need to minimize network latency between on-prem and cloud during migration. They have high bandwidth requirements. Which connectivity solution should they use?

Question 73hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company is using Cloud Armor to protect their external HTTPS load balancer. They want to block traffic from a specific list of IP ranges. They create a security policy with a deny rule. However, the denials seem not to be applied to all backend services. What is the most likely cause?

Question 74easymulti select
Read the full Manage implementation of cloud architecture explanation →

A company is deploying a web application on Compute Engine. They want to automatically scale the number of instances based on CPU utilization. Which two components are required to set up autoscaling? (Choose two.)

Question 75mediummulti select
Read the full Manage implementation of cloud architecture explanation →

A company is designing a disaster recovery plan for their Cloud SQL for PostgreSQL instance. They want to ensure that the database can be recovered in another region within minutes with minimal data loss. Which three actions should they take? (Choose three.)

Question 76hardmulti select
Review the full routing breakdown →

A company is running a multi-region application on Google Kubernetes Engine with workloads in us-central1 and europe-west1. They want to route traffic to the closest region based on user location. Which three components should they configure? (Choose three.)

Question 77mediummultiple choice
Read the full NAT/PAT explanation →

A company uses preemptible VMs for batch processing. They notice that during peak hours, many instances are terminated before finishing their tasks. The operations team observes the output shown in the exhibit. Which action would best improve job completion rates without significantly increasing costs?

Exhibit

Refer to the exhibit.

$ gcloud compute instances list --zones=us-central1-a,us-central1-b,us-central1-c

NAME         ZONE           MACHINE_TYPE   PREEMPTIBLE  STATUS
instance-1   us-central1-a  n1-standard-4  yes          RUNNING
instance-2   us-central1-b  n1-standard-4  yes          RUNNING
instance-3   us-central1-c  n1-standard-4  yes          RUNNING
instance-4   us-central1-a  n1-standard-4  yes          RUNNING
instance-5   us-central1-b  n1-standard-4  yes          TERMINATED
instance-6   us-central1-c  n1-standard-4  yes          RUNNING
Question 78hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A company runs a real-time data analytics platform on Google Cloud that ingests streaming data from IoT devices. The architecture uses Cloud Pub/Sub to receive messages, Dataflow for processing, and BigQuery for storage. Recently, the team noticed that the processing latency has increased significantly during peak hours. Upon investigation, they found that the Dataflow pipeline is experiencing high system lag and some workers are being killed due to out-of-memory errors. The pipeline uses a fixed window of 10 seconds and writes to BigQuery using streaming inserts. The company wants to reduce latency without sacrificing data accuracy. Which course of action should they take?

Question 79hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation has deployed a web application across multiple Google Cloud regions using an external HTTPS load balancer with backend services in each region. They recently added a new region (asia-southeast1) and updated the load balancer configuration. After the update, some users in that region report high latency and occasional connection timeouts when accessing the application. The load balancer health checks show all backends as healthy. The network team confirms that the backend instances in asia-southeast1 are correctly configured and can be accessed directly via their external IPs. What should the architects investigate next?

Question 80mediummulti select
Read the full Manage implementation of cloud architecture explanation →

A cloud architect is implementing a CI/CD pipeline for a microservices-based application on Google Kubernetes Engine (GKE). The team needs to deploy new versions of the services with zero downtime and the ability to quickly roll back if issues are detected. Which two strategies should the architect consider? (Choose two.)

Question 81easymultiple choice
Read the full NAT/PAT explanation →

A company has a Cloud Run service that processes images uploaded by users. The service reads the images from a Cloud Storage bucket and writes processed images to another bucket. The team recently updated the service to use a custom service account named 'image-processor-sa' with minimal permissions. After the update, the service fails with permission errors when trying to read from the source bucket. The team verified that the service account has the Storage Object Viewer role on the source bucket and Storage Object Creator role on the destination bucket. What should the architect do to resolve the issue?

Question 82mediummultiple choice
Review the full subnetting walkthrough →

An organization has two Google Cloud projects: Project A hosts a Compute Engine instance with a MySQL database, and Project B hosts an application that needs to connect to the database. The network team set up VPC peering between the two VPCs. The application cannot connect to the database on port 3306. The database instance has a private IP. The network team has verified that firewall rules in both VPCs allow traffic from Project B's subnets to the database IP on port 3306. Ping from the application instance to the database IP succeeds. What should the architect do to resolve the connectivity issue?

Question 83hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A global e-commerce platform uses Cloud Spanner in a multi-region configuration across us-central1 (leader) and europe-west1. The application writes all orders to a single table and reads from both regions. During a flash sale, write latency spikes, causing order failures. The team notices that the leader region's CPU utilization is at 95%, while the europe-west1 region is mostly idle. The application uses partitioned DML for batch updates. The development team proposes increasing node count. What should the architect do to reduce write latency while maintaining global read performance?

Question 84easymultiple choice
Read the full Manage implementation of cloud architecture explanation →

A startup is setting up a CI/CD pipeline for their web application using Cloud Build and Cloud Deploy. They have configured a Cloud Build trigger that executes on pushes to the main branch of a Cloud Source Repositories repository. The trigger runs a build step that builds a Docker image and pushes it to Artifact Registry, then creates a release using Cloud Deploy. The pipeline fails with an error message indicating that the Cloud Build service account does not have permission to create releases. What should the architect do to resolve the issue?

Question 85hardmultiple choice
Read the full Manage implementation of cloud architecture explanation →

A financial services company uses VPC Service Controls to protect their project containing BigQuery datasets and Cloud Storage buckets. They have a perimeter that includes the BigQuery service. Users report that they cannot export data from BigQuery to Cloud Storage using the web console. The export job fails with an access denied error. The team needs to allow exports while maintaining data exfiltration prevention. The users have the necessary IAM permissions (BigQuery Data Editor, Storage Object Admin) on the appropriate resources. What should the architect do?

Question 86easymulti select
Read the full Manage implementation of cloud architecture explanation →

A company is designing a data pipeline to ingest streaming data from IoT devices and store it in BigQuery for analysis. They need to minimize latency and operational overhead. Which two Google Cloud services should they use? (Choose two.)

Question 87mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →

Refer to the exhibit. A cloud administrator is attempting to grant the BigQuery Data Viewer role to an external user (user@example.com) but receives the error shown. What is the most likely cause?

Exhibit

{
 "textPayload": "Error 403: The caller does not have permission to access the resource. Request prohibited by organization's policy. [ORGANIZATION_POLICY: constraints/iam.allowedPolicyMemberDomains]"
}
Question 88hardmultiple choice
Review the full subnetting walkthrough →

A company runs multiple microservices on Cloud Run. Each service uses a Serverless VPC Access connector to connect to a shared Cloud Memorystore for Redis instance (standard tier) in a VPC network. The Redis instance is configured with a firewall rule that allows TCP connections on port 6379 from the VPC connector's subnet (10.8.0.0/28). After a recent code update, the order-service fails to connect to Redis, while the user-service continues to work. The error logs in order-service show 'connection refused'. The engineer verifies that both services use the same VPC connector, the same Redis instance IP, and the same service account. The VPC connector's metrics show no errors. What is the most likely cause?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

Google PCA Practice Test 1 — 10 Questions→Google PCA Practice Test 2 — 10 Questions→Google PCA Practice Test 3 — 10 Questions→Google PCA Practice Test 4 — 10 Questions→Google PCA Practice Test 5 — 10 Questions→Google PCA Practice Exam 1 — 20 Questions→Google PCA Practice Exam 2 — 20 Questions→Google PCA Practice Exam 3 — 20 Questions→Google PCA Practice Exam 4 — 20 Questions→Free Google PCA Practice Test 1 — 30 Questions→Free Google PCA Practice Test 2 — 30 Questions→Free Google PCA Practice Test 3 — 30 Questions→Google PCA Practice Questions 1 — 50 Questions→Google PCA Practice Questions 2 — 50 Questions→Google PCA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Design and plan a cloud solution architectureManage and provision cloud infrastructureDesign for security and complianceAnalyze and optimize technical and business processesManage implementation of cloud architectureEnsure solution and operations reliability

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage implementation of cloud architecture setsAll Manage implementation of cloud architecture questionsGoogle PCA Practice Hub