Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage and provision cloud infrastructure practice sets

Google PCA Manage and provision cloud infrastructure • Complete Question Bank

Google PCA Manage and provision cloud infrastructure — All Questions With Answers

Complete Google PCA Manage and provision cloud infrastructure question bank — all 0 questions with answers and detailed explanations.

116
Questions
Free
No signup
Certifications/Google PCA/Practice Test/Manage and provision cloud infrastructure/All Questions
Question 1mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is deploying a new application on Compute Engine. They need to ensure that the application can automatically recover from a zone failure. What is the best approach?

Question 2hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization has multiple projects in Google Cloud and wants to centralize logging and monitoring for all projects. They need to aggregate logs from all projects into a single project for analysis. Which approach should they use?

Question 3easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer needs to deploy a containerized application on Google Kubernetes Engine (GKE) with minimal operational overhead. They want to automatically scale the number of pods based on CPU utilization. Which GKE feature should they use?

Question 4mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is deploying a web application on Compute Engine behind a global HTTP(S) load balancer. They want to restrict access to only traffic from specific IP ranges. Which load balancer feature should they use?

Question 5hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company has a production database running on Cloud SQL. They need to ensure high availability with automatic failover in the event of a zone outage. What should they do?

Question 6easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer wants to store and retrieve non-relational data with flexible schema and automatic scaling. Which Google Cloud service should they use?

Question 7mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company wants to migrate on-premises workloads to Google Cloud. They need to assess the existing infrastructure, plan the migration, and track progress. Which tool should they use?

Question 8hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is using Cloud Storage to store sensitive data. They need to enforce that objects are deleted exactly 30 days after creation. Which object lifecycle rule should they configure?

Question 9mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO options are valid ways to connect an on-premises network to a VPC in Google Cloud? (Choose two.)

Question 10hardmulti select
Read the full VPN explanation →

Which THREE components are required to set up a private connection between an on-premises network and a VPC using Cloud VPN? (Choose three.)

Question 11easymulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO statements about Google Cloud VPC networks are true? (Choose two.)

Question 12mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer runs the command above. The instance is created successfully, but cannot be reached via HTTP from the internet. What is the most likely cause?

Exhibit

Refer to the exhibit.

gcloud compute instances create my-instance \
    --zone=us-central1-a \
    --machine-type=n1-standard-2 \
    --image-family=debian-10 \
    --image-project=debian-cloud \
    --boot-disk-size=50GB \
    --boot-disk-type=pd-standard \
    --tags=http-server,https-server
Question 13hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An administrator creates a GKE cluster with the command above. After deployment, the cluster has 3 nodes, but the node pool autoscaler never scales up even under load. What is the most likely reason?

Exhibit

Refer to the exhibit.

gcloud container clusters create my-cluster \
    --zone us-central1-a \
    --num-nodes 3 \
    --machine-type e2-medium \
    --disk-size 100 \
    --image-type cos_containerd \
    --enable-autoscaling \
    --min-nodes 1 \
    --max-nodes 5 \
    --node-locations us-central1-a,us-central1-b,us-central1-f
Question 14hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a critical application on Compute Engine instances in a managed instance group (MIG) across three zones in us-central1. The application uses a Cloud Spanner database. Recently, the application experienced increased latency and timeouts during peak hours. The operations team noticed that the MIG's CPU utilization is consistently above 80% during peak hours, and the autoscaler is configured to scale based on CPU utilization with a target of 60%. However, the autoscaler is not adding new instances quickly enough, causing performance degradation. The team also observed that new instances take over 5 minutes to become healthy and serve traffic. The health check is a simple TCP check on port 8080. The application startup script downloads large configuration files from Cloud Storage. What should the team do to improve the autoscaling response time and reduce latency?

Question 15mediummultiple choice
Read the full NAT/PAT explanation →

A startup is deploying a microservices application on Google Kubernetes Engine (GKE) with a regional cluster. They have services that need to communicate with each other and also with external APIs. The cluster uses VPC-native routing. They have enabled Cloud NAT to allow outbound internet access for nodes without external IPs. However, the development team reports that some pods cannot reach the external APIs, while others can. All pods are in the same namespace and are not using any network policies. The pods that fail have the annotation 'cloud.google.com/gke-nat-ips' set to a list of static IP addresses. The pods that work do not have this annotation. What is the most likely cause of the failure?

Question 16mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is migrating its on-premises application to Google Cloud. The application requires low-latency access to a shared filesystem that can be mounted by multiple Compute Engine instances across different zones. Which storage solution should they use?

Question 17hardmultiple choice
Review the full subnetting walkthrough →

An organization has a VPC with two subnets: subnet-a (10.0.1.0/24) and subnet-b (10.0.2.0/24). They launched a Compute Engine instance in subnet-a with an internal IP 10.0.1.2 and a public IP. They want the instance to only allow HTTPS traffic from the internet. Which firewall rule should they create?

Question 18easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer needs to programmatically create and manage Compute Engine instances. Which Google Cloud service should they use to authenticate and authorize service accounts?

Question 19mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company deploys a web application on Compute Engine behind a Global HTTPS Load Balancer. They need to restrict access to the application based on the client's IP address. Which Google Cloud service should they use?

Question 20hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization uses Cloud SQL for MySQL in a production environment. They need to ensure high availability with automatic failover in case of a zonal failure. Which configuration should they use?

Question 21mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO statements are true about Google Cloud VPC networks? (Select exactly 2.)

Question 22hardmulti select
Read the full Manage and provision cloud infrastructure explanation →

Which THREE are best practices for managing secrets (e.g., API keys, passwords) in Google Cloud? (Select exactly 3.)

Question 23hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Your company runs a stateful web application on Compute Engine instances in a managed instance group (MIG) with autoscaling based on CPU utilization. The application maintains session state in memory on each instance. Recently, users have been experiencing session timeouts and data loss during scaling events. Additionally, the application's performance degrades under load due to frequent database queries for session data. You need to design a solution that ensures session persistence, improves performance, and minimizes application changes. The application is written in Java and uses Tomcat. Which of the following should you do?

Question 24mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is migrating a legacy monolithic application to Google Cloud. The application runs on a single VM and uses a local MySQL database. The goal is to minimize changes to the application code while improving availability. Which strategy should the company use?

Question 25hardmulti select
Read the full Manage and provision cloud infrastructure explanation →

A company is designing a highly available web application on Google Cloud. The application consists of stateless compute instances behind a global HTTP(S) Load Balancer. The compute instances must be able to handle sudden spikes in traffic. Which TWO strategies should the company implement? (Choose two.)

Question 26easymulti select
Read the full Manage and provision cloud infrastructure explanation →

A company wants to enable a new DevOps team to have read-only access to logs in the default Cloud Logging bucket for their project, but prevent them from modifying log views or creating linked datasets in BigQuery. Which two IAM roles should be granted to the team?

Question 27hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs an e-commerce platform on Google Cloud. The application is deployed on Google Kubernetes Engine (GKE) with a regional cluster (us-central1, three zones). The frontend service is exposed via an HTTP Load Balancer with Cloud CDN. Recently, during a flash sale, users experienced high latency and occasional 502 errors. The backend service is a Java application that reads from Cloud Spanner. The team has observed that Spanner CPU utilization averaged 65% during the sale, with a few spikes to 80%. The number of frontend pods was auto-scaled to 50, each running on n1-standard-2 nodes. The node pool is set to autoscale up to 100 nodes. The errors appear to correlate with periods of high CPU on the nodes, but not always. What is the most likely cause and recommended action?

Question 28mediumdrag order
Read the full Manage and provision cloud infrastructure explanation →

Drag and drop the steps to migrate a Compute Engine VM to a different region using a snapshot into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 29mediumdrag order
Read the full Manage and provision cloud infrastructure explanation →

Drag and drop the steps to configure IAM roles for a service account to access Cloud Storage from a Compute Engine instance into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 30mediummatching
Read the full Manage and provision cloud infrastructure explanation →

Match each GCP storage service to its typical use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Object storage for unstructured data

Managed NFS file server

Block storage for VM instances

NoSQL database for large analytical workloads

Globally distributed relational database

Question 31mediummatching
Read the full Manage and provision cloud infrastructure explanation →

Match each GCP monitoring/logging tool to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Metrics, dashboards, alerts

Centralized log storage and analysis

Distributed tracing for latency analysis

Inspect code behavior in production

CPU and memory profiling

Question 32easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer needs to pass a startup script to a Compute Engine instance during creation. Which method should be used to ensure the script runs on first boot?

Question 33mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company has Compute Engine instances in us-east1-a and us-east1-b zones. They want to allow communication between these instances with minimal latency and no additional cost. What is the best networking approach?

Question 34hardmultiple choice
Open the full BGP breakdown →

A Cloud Router BGP session is flapping. The logs show 'Interface flapping due to changes in the underlying network'. What is the most likely cause?

Question 35mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO actions are required to allow a private GKE cluster to pull container images from Artifact Registry in the same project?

Question 36hardmulti select
Read the full Manage and provision cloud infrastructure explanation →

Which THREE factors should be considered when selecting a machine series for a Compute Engine instance running a memory-intensive batch job?

Question 37easymulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO statements are true about Cloud Load Balancing?

Question 38mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Refer to the exhibit. A user reports that the instance 'batch-vm' is unavailable. Based on the output, what is the most likely cause of the unavailability?

Network Topology
filter='name~batch-vm'gcloud compute instances listformat='table(name,zone,machineType,preemptible,networkInterfaces[0].networkIP,status)'
Question 39hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Refer to the exhibit. A Cloud Deployment Manager deployment fails with the error 'Resource 'my-firewall' already exists'. What is the most likely cause?

Exhibit

resources:
- name: my-firewall
  type: compute.v1.firewall
  properties:
    network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default
    allowed:
    - IPProtocol: tcp
      ports: ['80','443']
    sourceRanges: ['0.0.0.0/0']
- name: my-instance
  type: compute.v1.instance
  properties:
    zone: us-central1-a
    machineType: https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/machineTypes/n1-standard-1
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
Question 40easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Refer to the exhibit. A user (ops@example.com) is unable to create a new VPC network in the project. What should the administrator verify first?

Exhibit

{
  "bindings": [
    {
      "role": "roles/compute.viewer",
      "members": [
        "user:ops@example.com"
      ]
    }
  ]
}
Question 41easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company wants to provision multiple similar environments (dev, test, prod) with consistent networking configurations. Which approach is a best practice for infrastructure as code?

Question 42mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A Cloud Function fails to connect to a Cloud SQL instance. The Cloud SQL instance has a private IP. What should the developer check?

Question 43hardmultiple choice
Review the full subnetting walkthrough →

A company uses Shared VPC. A project admin in a service project tries to create a subnet in the shared VPC network but receives a permission denied error. What is the most likely cause?

Question 44easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

When creating a Compute Engine instance from a custom image stored in another project, which gcloud flag is required?

Question 45mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A web application running on Compute Engine behind a global HTTP(S) load balancer experiences high latency during traffic spikes. Which quick fix would best address this issue without changing the architecture?

Question 46hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization needs to audit all changes to network firewall rules in a GCP project. Which service should be used to capture these changes?

Question 47easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company wants to minimize egress costs for data transferred between Compute Engine instances in the same region but different zones. What is the best practice?

Question 48easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer wants to automate the creation of a Google Cloud project with a specific VPC and firewall rules. Which tool should they use?

Question 49easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization needs to ensure that only Compute Engine instances with a specific label can access a Cloud Storage bucket. Which policy type should be used?

Question 50mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a web application on Compute Engine with an HTTP Load Balancer. Users report intermittent 502 Bad Gateway errors. What is the most likely cause?

Question 51mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company wants to migrate an on-premises Oracle database to Google Cloud. They need high availability and want to minimize application changes. Which service should they use?

Question 52mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A DevOps engineer notices that a GKE cluster has nodes that are frequently preempted. They want to reduce costs but maintain resilience. What should they do?

Question 53hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization requires that all Compute Engine instances in a project must have a specific tag for firewall rule compliance. How can they enforce this?

Question 54hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is migrating a monolithic application to microservices on Google Cloud. They need to manage service-to-service authentication and authorization. Which service should they use?

Question 55hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A security team wants to audit all IAM role assignments in an organization. They need a historical record of changes. Which tool should they use?

Question 56easymulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO features help reduce costs for batch processing workloads on Compute Engine?

Question 57mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

Which THREE are valid methods to connect an on-premises network to a Google Cloud VPC?

Question 58hardmulti select
Read the full Manage and provision cloud infrastructure explanation →

Which THREE are best practices for designing a highly available application on Compute Engine?

Question 59easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Refer to the exhibit. What is the effect of this IAM policy on a Cloud Storage bucket?

Exhibit

{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": [
        "user:alice@example.com",
        "domain:example.com"
      ]
    }
  ]
}
Question 60mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Refer to the exhibit. A developer wants to SSH into instance-1 from their local machine. Which command should they use?

Exhibit

NAME       ZONE        MACHINE_TYPE  PREEMPTIBLE  INTERNAL_IP   EXTERNAL_IP
instance-1 us-central1-a n1-standard-4 true        10.128.0.2    35.184.0.1
instance-2 us-central1-b n1-standard-4 false       10.128.0.3    35.184.0.2
Question 61hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Refer to the exhibit. Which statement is true about this Deployment Manager template?

Exhibit

resources:
- name: my-vm
  type: compute.v1.instance
  properties:
    zone: us-central1-a
    machineType: zones/us-central1-a/machineTypes/n1-standard-4
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        sourceImage: projects/debian-cloud/global/images/family/debian-10
    networkInterfaces:
    - network: global/networks/default
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
Question 62easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company has two VPC networks in the same project: vpc-a (us-central1) and vpc-b (us-east1). They want to allow communication between instances in these VPCs using internal IPs. Which action should they take?

Question 63mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization is migrating a MySQL database to Cloud SQL. They require automatic failover with zero data loss in the event of a zone outage. Which configuration should they use?

Question 64hardmultiple choice
Review the full subnetting walkthrough →

A company uses a Shared VPC hosted in a common project (host project) to centralize network management. A service project team needs to create a Compute Engine instance with a specific static internal IP address from the Shared VPC subnet. What IAM permissions should be granted to the service project's Compute Engine default service account?

Question 65easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer needs to grant public read access to all objects in a Cloud Storage bucket named 'my-public-assets'. What is the simplest way to achieve this?

Question 66mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A team manages a GKE cluster with node pools using different machine types. They plan to upgrade the cluster to a new Kubernetes version. What is the safest upgrade strategy to minimize application downtime?

Question 67hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company has Compute Engine instances that need to access the internet for updates but should not be reachable from the internet. They also need to access Google APIs and services like Cloud Storage. Which configuration meets these requirements?

Question 68easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An administrator is configuring firewall rules in a VPC. Two rules apply to the same traffic: rule 1 allows ingress from 0.0.0.0/0 on TCP 80, rule 2 denies ingress from 10.0.0.0/8 on TCP 80. Rule 1 has priority 1000, rule 2 has priority 500. What is the effective behavior for traffic from 10.0.0.1?

Question 69mediummultiple choice
Read the full NAT/PAT explanation →

A company is experiencing high latency in their VPC. They enabled VPC Flow Logs to capture metadata but need to analyze the logs for traffic patterns. Which Google Cloud service should they use to query and analyze VPC Flow Logs?

Question 70hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization wants to enforce a policy that prohibits the creation of Cloud Storage buckets with uniform bucket-level access disabled. What should they use?

Question 71easymulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO IAM predefined roles grant read-only access to Cloud Storage objects but not the ability to list buckets?

Question 72mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO are best practices when designing a VPC network for a multi-tier application in Google Cloud?

Question 73hardmulti select
Read the full Manage and provision cloud infrastructure explanation →

Which THREE are valid Google Cloud Dedicated Interconnect connection options?

Question 74mediummultiple choice
Read the full NAT/PAT explanation →

A developer notices that web-server-1 is preemptible. They want to ensure their application remains available even if this instance is terminated. What should they do?

Exhibit

Refer to the exhibit.
```
$ gcloud compute instances list
NAME: web-server-1
ZONE: us-central1-a
MACHINE_TYPE: n1-standard-2
PREEMPTIBLE: true
INTERNAL_IP: 10.128.0.2
EXTERNAL_IP: 35.184.12.34
STATUS: RUNNING

NAME: web-server-2
ZONE: us-central1-b
MACHINE_TYPE: n1-standard-2
PREEMPTIBLE: false
INTERNAL_IP: 10.128.0.3
EXTERNAL_IP: 35.184.12.35
STATUS: RUNNING
```
Question 75hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization policy at the organization level restricts project creation to only Project Creator role holders. The exhibit shows the IAM policy for the organization. A member of the group pm-team@example.com attempts to create a project but receives a permission denied error. What is the most likely cause?

Exhibit

Refer to the exhibit.
```json
{
  "bindings": [
    {
      "role": "roles/owner",
      "members": [
        "user:admin@example.com"
      ]
    },
    {
      "role": "roles/resourcemanager.organizationAdmin",
      "members": [
        "user:admin@example.com"
      ]
    },
    {
      "role": "roles/resourcemanager.projectCreator",
      "members": [
        "group:pm-team@example.com"
      ]
    }
  ],
  "etag": "BwWU7a9h"
}
```
Question 76easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A user runs the gsutil command shown in the exhibit and gets an AccessDenied error. The user is not authenticated with gcloud. What should the user do first?

Exhibit

Refer to the exhibit.
```
$ gsutil cp myfile.txt gs://my-bucket/
Copying file://myfile.txt [Content-Type=text/plain]...
AccessDeniedException: 403 Anonymous caller does not have storage.objects.create access to the Google Cloud Storage bucket.
```
Question 77easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company wants to deploy a standard VM image with pre-installed software across multiple projects. Which Google Cloud solution should they use to automate this process?

Question 78mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company has a production GKE cluster with a node pool using n1-standard-4 machine types. They need to change to e2-standard-4 without downtime. Which approach should be taken?

Question 79hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a service on Cloud Run that needs to access a Cloud SQL instance via private IP. Both are in the same VPC network. The service cannot connect to the database. What is the most likely cause?

Question 80easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A team wants to allow a service account to be used only on specific Compute Engine VMs. Which IAM condition should be applied to the service account's roles?

Question 81mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is migrating hundreds of on-premises VMs to Compute Engine. They want to minimize manual effort and downtime. Which service should they use?

Question 82hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

An organization's security policy requires that all Compute Engine VMs have Shielded VM features enabled. How can this be enforced at the organization level?

Question 83easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A developer wants to deploy a stateless web application that automatically scales based on HTTP traffic. The application should be cost-effective and require minimal configuration. Which compute option is best?

Question 84mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Terraform to manage Google Cloud infrastructure. They want to store the Terraform state file in a remote backend with state locking to prevent concurrent modifications. Which Google Cloud service supports this natively?

Question 85hardmultiple choice
Review the full routing breakdown →

A company has a global web application deployed across multiple regions. They use an external HTTPS Load Balancer with backend services in us-central1 and europe-west1. They want users to be routed to the closest healthy backend. Which load balancing configuration is required?

Question 86easymulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO of the following are valid ways to deploy a Cloud Function? (Choose two.)

Question 87mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

Which THREE of the following are best practices when using Deployment Manager to manage infrastructure? (Choose three.)

Question 88hardmulti select
Read the full Manage and provision cloud infrastructure explanation →

A company has a Cloud SQL for PostgreSQL instance that is experiencing high latency. They suspect a connection pooling issue. Which TWO configurations should be checked? (Choose two.)

Question 89easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

What will happen to this instance during a Google-initiated maintenance event?

Exhibit

Refer to the exhibit.

gcloud compute instances describe my-instance
...
scheduling:
  automaticRestart: true
  onHostMaintenance: TERMINATE
  preemptible: false
...
Question 90mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

What does the condition in this IAM policy do?

Exhibit

Refer to the exhibit.

{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": ["user:alice@example.com"],
      "condition": {
        "title": "restrict_to_bucket_x",
        "expression": "resource.name.startsWith('projects/_/buckets/bucket-x/')"
      }
    }
  ]
}
Question 91hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

What is the networking mode of this GKE cluster?

Exhibit

Refer to the exhibit.

gcloud container clusters describe my-cluster
...
network: default
clusterIpv4Cidr: /14
servicesIpv4Cidr: /20
enableIpAliases: true
privateCluster: false
...
Question 92easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a batch processing job that runs daily and can handle interruptions. The job runs on a single Compute Engine instance. Which machine configuration is the most cost-effective?

Question 93mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A Cloud Run service frequently fails with 502 errors when making requests to a backend service running on Compute Engine. The two services are in the same VPC network. The Cloud Run service is configured with a VPC connector. What is the most likely cause?

Question 94hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a stateful application on Google Kubernetes Engine (GKE) that requires persistent storage and low-latency access across multiple zones. The application needs to perform well even during zonal failures. Which storage solution should they use?

Question 95easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A user wants to store a database password that will be used by a Compute Engine instance. What is the most secure and manageable approach?

Question 96mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company has two VPC networks in the same project: 'vpc-prod' and 'vpc-dev'. They want to allow communication between instances in both VPCs. What is the simplest method?

Question 97hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A global e-commerce site uses an external HTTPS load balancer with a backend service pointing to a managed instance group. Some users report 503 errors during peak traffic. The backend instances are healthy and not overloaded. What is the most likely cause?

Question 98easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A service account needs to be able to start and stop Compute Engine instances in a specific project. Which IAM role should be assigned at the project level?

Question 99mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A team uses Cloud Build to build container images and deploy to Cloud Run. They want to automate deployments whenever a new image is pushed to Container Registry. What is the best approach?

Question 100hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is migrating a large on-premises SQL Server database to Cloud SQL for SQL Server. The database is 2 TB in size and must have minimal downtime. Which approach should they use?

Question 101easymulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO methods can be used to restrict inbound traffic to a Compute Engine instance to only specific IP addresses without relying on instance-level firewall rules? (Choose 2)

Question 102mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

Which TWO are required to allow on-premises hosts to access Google APIs using internal IP addresses (Private Google Access)? (Choose 2)

Question 103hardmulti select
Read the full Manage and provision cloud infrastructure explanation →

Which THREE are required to configure Workload Identity for a GKE cluster? (Choose 3)

Question 104mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a microservices application on Google Kubernetes Engine (GKE). Each service is deployed as a Deployment with resource requests and limits. After deploying a new version of a service, the pods start crashing with OOMKilled. The team increased the memory limits in the Deployment manifest, but the pods still crash after a few minutes. The cluster has cluster autoscaling enabled. The node pool has sufficient capacity. What is the most likely cause of the issue?

Question 105hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a critical web application behind an external HTTPS load balancer. The backend consists of a managed instance group of Compute Engine instances. Users report intermittent 502 Bad Gateway errors. The load balancer logs show occasional health check failures for some instances. The instances have a custom health check endpoint that returns a 200 status code only if the application is fully healthy. The application logs do not show any errors, and CPU/memory usage on the instances is normal. What should be the first troubleshooting step to identify the root cause?

Question 106easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is migrating a monolithic e-commerce application to Google Cloud. The application has been refactored into microservices. Most services are stateless and can run on Cloud Run. However, the checkout service requires maintaining session state across multiple requests, and the session data must be available globally for low latency. The application will be deployed in multiple regions to serve a global user base. Which approach should the company take?

Question 107mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is migrating a stateful application to Google Cloud. The application requires persistent disks with low latency and high IOPS for database workloads. They plan to use Compute Engine instances with SSD persistent disks. However, the database performance is lower than expected. Which action should the company take to improve disk performance?

Question 108easymulti select
Read the full Manage and provision cloud infrastructure explanation →

A DevOps team is deploying a microservices application on Google Kubernetes Engine (GKE). They want to ensure that the pods can securely access Google Cloud APIs (e.g., Cloud Storage) without managing service account keys. Which TWO steps should they take? (Choose two.)

Question 109hardmulti select
Read the full MPLS explanation →

A company is designing a hybrid network architecture connecting an on-premises data center to Google Cloud. They need high availability (99.99% SLA) and bandwidth up to 10 Gbps. They also need to use their existing MPLS circuits. Which THREE components should they include in the design? (Choose three.)

Question 110easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Your company runs a critical application on Compute Engine instances in us-central1. The application requires low latency between instances that are all in the same region. You notice that network latency between instances varies and sometimes spikes. You want to ensure consistent low-latency communication. You currently use external IP addresses for communication between instances. What should you do?

Question 111mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company is deploying a web application on Google Kubernetes Engine. The application serves HTTP traffic and needs to scale based on CPU utilization. They also need to expose the application to the internet with a single global IP address. They create a Deployment with a HorizontalPodAutoscaler. However, the application is not receiving traffic from the internet. What should they do to expose the application correctly?

Question 112mediummultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Your company is using Cloud Storage to store sensitive customer data. The security team requires that all objects be encrypted with a customer-managed encryption key (CMEK) and that the key be automatically rotated every 90 days. You need to implement this without changing the application code. You have created a Cloud KMS key ring and a key with rotation period set to 90 days. What additional configuration is required?

Question 113hardmultiple choice
Read the full Manage and provision cloud infrastructure explanation →

A company runs a batch processing workload on Compute Engine instances. The workload is triggered every hour and runs for about 10 minutes. They want to reduce costs. They currently use preemptible VMs, but they notice that sometimes the workload fails because VMs are preempted before completion. They need a cost-effective solution that ensures the workload completes reliably. What should they do?

Question 114easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Your organization uses Cloud SQL for MySQL to host a production database. The database size is 500 GB. You need to create a read replica for reporting purposes. The read replica should be in a different region for disaster recovery. You have created the read replica in the us-west1 region. However, the replication lag is higher than expected, sometimes exceeding 5 minutes. What should you do to reduce replication lag?

Question 115mediummulti select
Read the full Manage and provision cloud infrastructure explanation →

A company needs to connect two VPC networks in different Google Cloud regions. The VPCs are in separate projects under the same organization. The connection must use private IP addresses and support high throughput. Which TWO options meet these requirements? (Choose 2.)

Question 116easymultiple choice
Read the full Manage and provision cloud infrastructure explanation →

Your company runs a global e-commerce platform on Google Cloud. The application is deployed across multiple regions for low latency. You use Cloud SQL for transactional data and Cloud Spanner for global consistency of inventory. Recently, the operations team reported that the application is experiencing increased latency during peak hours, and the monthly cloud bill has risen significantly. Upon investigation, you find that the Cloud SQL instance is underutilized (CPU < 20%) while Cloud Spanner split utilization is over 80%. The application instances are fronted by a global external HTTPS load balancer. Network egress costs are high. Which course of action would best address both the latency and cost issues?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

Google PCA Practice Test 1 — 10 Questions→Google PCA Practice Test 2 — 10 Questions→Google PCA Practice Test 3 — 10 Questions→Google PCA Practice Test 4 — 10 Questions→Google PCA Practice Test 5 — 10 Questions→Google PCA Practice Exam 1 — 20 Questions→Google PCA Practice Exam 2 — 20 Questions→Google PCA Practice Exam 3 — 20 Questions→Google PCA Practice Exam 4 — 20 Questions→Free Google PCA Practice Test 1 — 30 Questions→Free Google PCA Practice Test 2 — 30 Questions→Free Google PCA Practice Test 3 — 30 Questions→Google PCA Practice Questions 1 — 50 Questions→Google PCA Practice Questions 2 — 50 Questions→Google PCA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Design and plan a cloud solution architectureManage and provision cloud infrastructureDesign for security and complianceAnalyze and optimize technical and business processesManage implementation of cloud architectureEnsure solution and operations reliability

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage and provision cloud infrastructure setsAll Manage and provision cloud infrastructure questionsGoogle PCA Practice Hub