Practice PCD Integrating Google Cloud services questions with full explanations on every answer.
Start practicing
Integrating Google Cloud services — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
Your application runs on Compute Engine and uses Cloud Pub/Sub to receive messages from a third-party service. Recently, the message delivery latency has increased significantly. The third-party reports no issues on their end. You notice that the Pub/Sub subscription's 'ackDeadlineSeconds' is set to 10. What is the most likely cause of the latency?
2You are designing a data pipeline that ingests streaming data from IoT devices using Cloud IoT Core, processes it with Dataflow, and stores results in BigQuery. The data volume is expected to be 10 GB per day with occasional spikes. You need to minimize processing latency and cost. Which configuration should you choose for the Dataflow pipeline?
3A company stores sensitive user data in Cloud Storage. They want to ensure that only authenticated users with the appropriate permissions can access the data, and that data is encrypted at rest. Which two steps should they take? (Choose TWO.)
4You are designing a serverless application using Cloud Functions that processes events from Cloud Storage and Cloud Pub/Sub. The function must be idempotent and handle duplicate events. Which three best practices should you implement? (Choose THREE.)
5You need to monitor the CPU usage of a Compute Engine instance and trigger an alert when it exceeds 80% for 5 minutes. Which Google Cloud service should you use?
6Your company uses Cloud SQL for MySQL to store transactional data. You need to perform a point-in-time recovery (PITR) to recover from a logical error that occurred 30 minutes ago. Which two prerequisites must be met? (Choose TWO.)
7You are designing a CI/CD pipeline using Cloud Build. You want to automatically trigger a build when code is pushed to a specific branch in Cloud Source Repositories. What is the correct configuration?
8A company is migrating a legacy monolithic application to Google Cloud. They want to minimize code changes and operational overhead while improving scalability. The application currently uses a relational database and stores user-uploaded images on a local filesystem. Which combination of Google Cloud services should they use?
9A DevOps team is designing a CI/CD pipeline for a microservices application deployed on Google Kubernetes Engine (GKE). They want to automatically build and deploy each service when a new tag is pushed to its repository. They also need to run integration tests against a staging environment before promoting to production. Which service should they use to orchestrate the pipeline?
10A company is using Cloud Storage to store sensitive customer data. They need to ensure data is encrypted at rest and access is controlled. Which TWO statements are true regarding data protection in Cloud Storage? (Choose two.)
11You are a cloud architect at a financial services company. The company is deploying a new application on Google Kubernetes Engine (GKE) that processes sensitive financial transactions. The application must be highly available across two regions (us-central1 and europe-west1) and must fail over automatically if one region becomes unavailable. The application uses Cloud Spanner as its primary database. Additionally, the application needs to send audit logs to a centralized Cloud Storage bucket for compliance. The current design uses GKE clusters in each region with a global HTTP(S) load balancer. However, during a recent test, when the us-central1 cluster was deliberately taken down, the load balancer continued to send traffic to that region, causing errors. You need to troubleshoot and fix the issue. What is the most likely cause and the best solution?
12A company is running a critical application on Google Kubernetes Engine (GKE) that stores state in a Cloud SQL PostgreSQL instance. The application's latency-sensitive frontend needs to read data from Cloud SQL with minimal latency. The team wants to reduce read latency and offload read traffic from the primary database. What should they do?
13A company is deploying a microservices application on Google Cloud. They want to securely store and access secrets (e.g., API keys, database passwords) across multiple services. They need to minimize operational overhead and ensure secrets are automatically rotated. Which TWO approaches should they use?
14Drag and drop the steps to set up a Cloud SQL instance with a private IP in the correct order.
15Drag and drop the steps to troubleshoot a failed Cloud Build in the correct order.
16Match each Kubernetes resource to its function.
17Match each Firebase feature to its description.
18A company is using Cloud Functions (2nd gen) to process files uploaded to Cloud Storage. The function needs to access a Cloud SQL (PostgreSQL) database. What is the most secure way to store and provide the database password to the function?
19A team uses Cloud Build to deploy a microservice to Cloud Run. They want to enforce that only builds from the main branch trigger deployments to the production Cloud Run service. What is the best approach?
20You are designing a system that ingests high-velocity event streams from IoT devices using Pub/Sub. Each event must be processed exactly once to update a Firestore database. However, due to the distributed nature, at-least-once delivery is guaranteed by Pub/Sub. Which design pattern should you use to achieve exactly-once processing?
21A developer wants to allow a Compute Engine instance to send messages to a Pub/Sub topic. What is the recommended way to grant permissions?
22An application running on GKE needs to access a Cloud SQL instance. The team wants to avoid using Cloud SQL Auth Proxy to reduce complexity. What is the most secure alternative?
23You are deploying a stateful application on GKE that requires persistent storage with high IOPS. You need to ensure that each pod can failover to a different node and still access the same data. Which volume type should you use?
24Which two statements are true about Cloud Load Balancing? (Choose two.)
25Which three are valid ways to authenticate a service account when using the Google Cloud client libraries? (Choose three.)
26You are designing a CI/CD pipeline using Cloud Build. Which three features can be used to secure the pipeline and enforce compliance? (Choose three.)
27A developer ran the following command: `gcloud compute instances list --filter='labels.env=prod'`. The command returned no instances even though there are instances with label env=prod. What is the most likely reason?
28A security audit reveals that a service account has been granted excessive permissions. The exhibit shows the IAM policy for a project. Which statement best describes the security issue?
29A developer sets environment variables for a Cloud Function as shown. What is the security concern?
30A company uses Cloud SQL for MySQL. They need to export data to Cloud Storage regularly. What is the recommended method?
31You want to deploy a containerized application on Google Cloud that requires no server management and automatically scales based on HTTP traffic. Which service should you use?
32You are designing a multi-region disaster recovery strategy for a Cloud Spanner database. The application requires read-your-writes consistency globally after failover. Which configuration should you choose?
33A developer is building a microservices application on Cloud Run. One service needs to make authenticated HTTP requests to another Cloud Run service in the same project. What is the best practice for authentication?
34A company has a hybrid cloud setup with on-premises applications that need to send messages to a Pub/Sub topic. The on-premises network is connected via Cloud VPN. What is the recommended way to publish messages?
35A team is designing a data pipeline that uses Cloud Storage for input files, Cloud Functions to process each file, and writes results to BigQuery. The pipeline must guarantee exactly-once processing of each file, even if the function fails and retries. Which approach should the team take?
36A developer wants to store application logs from Compute Engine instances in a centralized logging system. Which service should they use?
37An organization uses Cloud SQL for MySQL and wants to set up a read replica in a different region to improve read latency for global users. What is the recommended way to configure network connectivity between the primary and replica?
38A company is migrating a monolithic application to microservices on Google Cloud. They have strict requirements for service-to-service communication: requests must be authenticated, authorized, and encrypted in transit. They also need to enforce fine-grained access control based on the requesting service identity. Which Google Cloud service should they use to achieve these goals?
39A developer needs to store configuration parameters for a Cloud Run service, such as database connection strings and API keys. The values must be encrypted at rest and in transit. Which service should be used?
40An application running on Compute Engine needs to publish messages to a Pub/Sub topic. The VPC does not have external internet access. What must be configured to allow the instance to publish?
41A company uses Cloud Build to build Docker images and push to Artifact Registry. They want to trigger builds automatically when code is pushed to a Cloud Source Repository branch. They also need to ensure that only builds from the repository's main branch are allowed to push to the production Artifact Registry repository. What is the best way to implement this?
42A company is using Cloud Build for CI/CD. They want to automatically trigger builds when code is pushed to a Cloud Source Repository and store the resulting Docker images in a secure, immutable artifact store. Which TWO services should they use? (Choose 2)
43A developer is building a serverless application that processes user-uploaded images. The images are stored in Cloud Storage, and each upload should trigger a Cloud Function that performs image analysis and stores the result in Firestore. Which TWO Google Cloud services are essential for this integration? (Choose 2)
44A company is building a data processing pipeline that needs to ingest events from multiple sources, process them in order, and handle failures with retry. They also need to schedule periodic tasks. Which THREE services should they use? (Choose 3)
45Refer to the exhibit. A developer runs the command and sees that the Cloud Run service is publicly accessible. The security team requires that only authenticated requests from a specific service account in the same project are allowed. What should the developer do to modify the IAM policy?
46Refer to the exhibit. A team is deploying a Cloud Function that needs to connect to a Cloud SQL instance in a VPC. They have set up a VPC connector. After deployment, the function fails to connect to the database. What is the most likely cause?
47Refer to the exhibit. A developer configured a Pub/Sub push subscription to a Cloud Run service. Messages are not being delivered to the Cloud Run service. The developer verified that the service is running and the IAM permissions are correct. What is the most likely issue?
48A company wants to send events from a custom application to Cloud Pub/Sub, then process them with a Cloud Run service. The application runs on Compute Engine. What is the simplest way for the application to authenticate to Pub/Sub?
49A developer is integrating a legacy on-premises application with Cloud Storage. The application generates files that must be uploaded to a bucket. The developer cannot install any additional software on the on-premises server. Which approach should the developer use?
50A company has a Cloud Run service that ingests messages from a Cloud Pub/Sub subscription. The service uses automatic scaling based on CPU. Recently, the team noticed that when message volume spikes, the service scales up slowly, causing a backlog. What is the most effective solution to reduce the time to scale out?
51A team wants to use Cloud Scheduler to trigger a Cloud Function that calls an external API every hour. The Cloud Function requires an API key for the external service. How should the team securely provide the API key to the function?
52A company uses Cloud SQL for PostgreSQL and wants to run periodic analytical queries on the data without impacting the transactional workload. The data is updated frequently. Which integration approach is most suitable?
53A developer is integrating an App Engine standard environment app with Cloud Storage. The app needs to read objects from a bucket that is in a different project. The developer has granted the App Engine service account the Storage Object Viewer role on the bucket. However, the app still gets a 403 error when trying to read objects. What is the most likely cause?
54A company wants to trigger a Cloud Run job every time a new file is uploaded to a Cloud Storage bucket. Which integration should be used?
55A team is building a microservices architecture on Google Cloud. They want services to communicate asynchronously to avoid tight coupling. They also need to guarantee at-least-once delivery of messages. Which two services should they use together? (Choose TWO.)
56A company is integrating a legacy application with Google Cloud using Cloud VPN. The application must be accessed from multiple remote offices over the internet. Which TWO technologies should the company use to ensure secure and reliable connectivity? (Choose TWO.)
57A company has a Cloud Function that processes events from Cloud Pub/Sub. The function uses HTTP client libraries to call external APIs. The team notices that the function sometimes times out during high traffic. Which THREE actions should they take to improve reliability? (Choose THREE.)
58You are a developer at a company that runs a critical pricing engine on Compute Engine instances in a managed instance group (MIG) behind an internal TCP load balancer. The pricing engine is a stateful application that stores state in memory and also writes to a Cloud Bigtable instance for persistence. The application uses a custom port 8080. You need to migrate this application to Cloud Run for better scalability and reduced operational overhead. The application must maintain session affinity so that requests from the same client are routed to the same instance (since the in-memory state is not yet fully externalized). The application currently uses a health check on /healthz that returns 200 OK. You have containerized the application. When you deploy to Cloud Run, you notice that traffic is not sticky; every request might go to a different revision. You also need to ensure that Bigtable writes are performed asynchronously to avoid slowing down the pricing calculations. What should you do?
59You are building a data pipeline that ingests streaming data from thousands of IoT devices. The devices send JSON payloads to a Cloud Pub/Sub topic. You want to process the data in near real-time and store the results in BigQuery for analytics. You also need to handle occasional schema changes in the incoming data (new fields added) without manual intervention. You have set up a Dataflow streaming pipeline using Apache Beam to read from Pub/Sub and write to BigQuery. The pipeline uses the `WriteToBigQuery` transform with `createDisposition=CREATE_NEVER` and `writeDisposition=WRITE_APPEND`. Recently, a batch of devices started sending a new field `temperature_celsius` that does not exist in the BigQuery schema. The pipeline logs errors and the data is not written. You need to modify the pipeline to automatically handle such schema evolution. What should you do?
60Your organization runs a multi-region application on Cloud Run that serves an API. The API is consumed by clients worldwide. You want to reduce latency by routing users to the nearest regional Cloud Run service. Currently, all traffic goes to a single Cloud Run service in us-central1. You have set up additional Cloud Run services in europe-west1 and asia-east1. Each service is fronted by an external HTTPS load balancer with a regional backend. You want to use a single global anycast IP address that automatically directs users to the closest healthy backend. You also need to support HTTPS with a custom domain and a Google-managed certificate. What should you do?
61A company is deploying a containerized application on Cloud Run that requires access to a Cloud SQL PostgreSQL instance. The application needs to connect to the database using private IP to minimize latency and avoid public internet exposure. The Cloud Run service and Cloud SQL instance are in the same region and project. The database user and password are stored in Secret Manager. Which two steps should the developer take to enable the connection? (Choose TWO.)
62A company runs a microservices application on Cloud Run. One service, `order-processor`, is invoked asynchronously via a Cloud Tasks queue. The Cloud Tasks queue is configured with an HTTP target pointing to the `order-processor` service URL. The service requires authentication (no unauthenticated invocations). The service account used by Cloud Tasks to invoke the service is `cloud-tasks-system@project.iam.gserviceaccount.com`. After deploying a new revision of `order-processor` using Cloud Build and Cloud Deploy, the team notices that tasks are failing with a 403 status. The Cloud Run service logs show the requests are reaching the service but returning 403. The previous revision worked fine. What is the most likely cause?
63A developer is deploying a 2nd gen Cloud Function that needs to connect to a Cloud SQL MySQL instance. The Cloud SQL instance is configured with a private IP only. The Cloud Function is deployed with a VPC connector that is connected to the same VPC network as the Cloud SQL instance. The developer has granted the Cloud Function's service account the Cloud SQL Client role. However, when the function is invoked, connection attempts to the Cloud SQL instance time out. The Cloud Function code uses the MySQL connector with the private IP address of the Cloud SQL instance. The developer has verified that the VPC connector is healthy and that the Cloud SQL instance is running. Which additional configuration is most likely required?
64A company is deploying a containerized application on Cloud Run that needs to connect to a Cloud SQL (MySQL) database. The database must not be accessible from the public internet. Which two steps should the company take to secure the connection?
65Refer to the exhibit. A Cloud Run service is unable to connect to a Cloud SQL instance. The log entry shows the following. What is the most likely cause?
66A retail company processes customer orders through a pipeline. New orders are written to a Cloud Storage bucket as JSON files. A Cloud Function (currently triggered directly by Cloud Storage finalize events) parses the order and sends it to a third-party fulfillment service via an HTTP POST. As order volume grows, the team observes that the Cloud Function often times out (60s default) because the fulfillment service is slow. The team wants to decouple the processing to improve reliability. The order must be attempted at least once, and if the fulfillment service fails, retries should be exponential with a maximum of 5 attempts. Which solution should the team implement?
The Integrating Google Cloud services domain covers the key concepts tested in this area of the PCD exam blueprint published by Google Cloud. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCD domains — no account required.
The Courseiva PCD question bank contains 66 questions in the Integrating Google Cloud services domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Integrating Google Cloud services domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included