Google Cloud · Free Practice Questions · Last reviewed May 2026
30real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.
A company is designing a cloud-native application on Google Cloud that requires low-latency access to a global user base. The application serves static content and dynamic APIs. Which strategy best minimizes latency while maintaining high availability?
Deploy the application in a single region and use Cloud Interconnect for global access.
Use Cloud CDN to cache static content and deploy the API across multiple regions with global load balancing.
Cloud CDN caches at edge locations, and multi-region deployment with global load balancing reduces latency for dynamic content.
Use Cloud Armor to protect the application and rely on Google's backbone for low latency.
Store all content in Cloud Storage and serve directly from there.
A team is migrating a monolithic application to a microservices architecture on Google Kubernetes Engine (GKE). They want to ensure that failures in one microservice do not cascade to others. Which design pattern should they implement?
Implement retry logic with exponential backoff for all inter-service calls.
Implement a circuit breaker pattern that opens when failure thresholds are exceeded.
Circuit breaker fails fast and prevents unnecessary load on failing services.
Use synchronous HTTP calls with timeouts to detect failures quickly.
Use bulkheads to separate thread pools for each service.
A company running a high-traffic e-commerce platform on Google Cloud experiences occasional data loss in their Cloud SQL database during failover events. The database is configured with a failover replica in a different zone. What is the most likely cause of the data loss?
Automated backups are not enabled.
The database is using asynchronous replication to the failover replica.
Asynchronous replication may not have replicated the most recent transactions before failover.
The failover replica is configured as a read replica instead of a failover replica.
The database is not using regional persistent disks.
An organization wants to design a serverless data processing pipeline that is highly available and can automatically scale based on the number of incoming requests. The pipeline processes JSON messages from a Cloud Pub/Sub topic and writes results to BigQuery. Which service should be used as the compute component?
Cloud Dataflow
Cloud Run
Cloud Run provides automatic scaling, can be triggered via Pub/Sub push, and supports longer processing times.
Cloud Functions
Compute Engine with managed instance groups
A company is building a real-time analytics application on Google Cloud that ingests data from thousands of IoT devices. The data must be processed with sub-second latency and stored in a time-series database for querying. Which combination of services provides the best scalability and availability?
Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore
Cloud Pub/Sub, Cloud Functions, Cloud SQL
Cloud Pub/Sub, Cloud Dataflow, Cloud Storage
Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable
Bigtable is ideal for high-throughput time-series data with low-latency access.
A team is designing a globally distributed application on Google Cloud that requires strong consistency for writes but can tolerate eventual consistency for reads. The application expects millions of concurrent users. Which two strategies should they implement? (Choose two.)
Use Cloud Spanner for write operations requiring strong consistency.
Spanner provides global strong consistency and high availability.
Use Firestore in multi-region mode for all operations.
Use global HTTP(S) Load Balancer with Cloud CDN for read-heavy traffic.
Cloud CDN caches content globally, providing low-latency reads with eventual consistency.
Deploy Cloud SQL with cross-region replication for read scalability.
Use Cloud Bigtable for reading data with strong consistency.
Want more Designing highly scalable, available, and reliable cloud-native applications practice?
Practice this domainA company is developing a microservices application on Google Cloud. Each service is deployed as a Docker container on Cloud Run. The development team wants to ensure that inter-service communication is encrypted and authenticated. What is the best approach?
Use Cloud Run's built-in IAM-based authentication and automatic TLS for internal requests.
Cloud Run uses IAM to authenticate requests between services and automatically provisions TLS certificates.
Configure mutual TLS (mTLS) between services using Cloud Endpoints.
Deploy a sidecar proxy on each Cloud Run service to handle TLS termination.
Assign a service account to each service and use its private key to sign requests.
A developer is designing a CI/CD pipeline for a Node.js application hosted on Cloud Run using Cloud Build. The pipeline should run unit tests, build the container, push to Artifact Registry, and deploy to Cloud Run. The developer wants to minimize build time by caching dependencies. What is the recommended approach?
Run npm install locally and commit the node_modules folder to the repository for faster builds.
Use Cloud Build's step-level caching by copying the node_modules from a previous build step.
Create a custom base image that includes all dependencies and reference it in the Dockerfile.
Use Cloud Build's built-in caching with a persistent volume to store node_modules between builds.
Cloud Build's volume caching allows dependency caching across builds.
A developer needs to test a Cloud Function locally before deploying. Which tool should they use?
Docker container with a custom entrypoint.
gcloud functions call command.
Cloud Code for VS Code or IntelliJ.
Functions Framework for your language.
Functions Framework provides a local server for testing Cloud Functions.
A team is building a mobile backend on Google Cloud using Cloud Endpoints with Firebase Authentication. They want to protect their API from abuse by implementing rate limiting per user. What approach should they take?
Implement rate limiting in the backend code and enforce it via Cloud Endpoints.
Use Apigee API Management as a proxy to enforce rate limiting per developer app.
Apigee can rate limit based on API keys or tokens associated with users.
Configure Cloud Armor with a rule to block requests from users exceeding a threshold.
Use Cloud CDN with a cache key based on the user ID.
A company is migrating a monolithic Java application to microservices on Google Kubernetes Engine (GKE). The application uses a shared MySQL database. The team wants to adopt a testing strategy that validates service interactions without deploying to a full cluster. Which testing approach is most appropriate?
Load testing to simulate production traffic.
Unit testing with mocked dependencies.
Consumer-driven contract testing with tools like Spring Cloud Contract.
Contract testing validates that services adhere to agreed-upon contracts without full deployment.
End-to-end testing in a staging environment.
Which TWO statements about building container images for Google Cloud Run are correct? (Choose TWO.)
The container must use HTTP/1.1; HTTP/2 is not supported.
The container must respond to health checks on the same port as the main application.
Health checks are sent to the container's port; the app must respond with 200 OK.
The container must be stateless and not rely on local file system persistence.
Cloud Run is stateless; any local file system writes are ephemeral.
The container must listen on port 8080 by default.
The container must run as root user.
Want more Building and testing applications practice?
Practice this domainA team deploys a containerized web application on Google Kubernetes Engine (GKE) using a Deployment. They need to expose the application externally via a stable IP address and enable SSL termination. Which resource should they use?
HorizontalPodAutoscaler
Ingress with Google-managed SSL certificate
Provides SSL termination and a stable IP via the load balancer.
Service type NodePort
Service type LoadBalancer
During a deployment to App Engine flexible environment, the new version fails to start and the logs show 'Container failed to start: context deadline exceeded'. The previous version remains serving traffic. What is the most likely cause?
The health check is misconfigured, causing the instance to be considered unhealthy.
The app requires an environment variable that is not set.
The container startup time exceeds the 10-minute timeout.
App Engine flexible environment has a 10-minute startup timeout; if the container takes longer, it fails with this error.
The Dockerfile has a syntax error that prevents the container from building.
A company has a multi-region Cloud Run service with traffic splitting between revisions. They notice that a newly rolled-out revision is receiving 0% of traffic even though they set traffic to 100% via the console. The revision shows 'Ready: Yes'. What is the most likely cause?
The revision has a low CPU limit causing it to be throttled.
The revision is not healthy because of a misconfigured health check.
The revision has a tag but no traffic percentage assigned; the tag is being used for routing.
If a revision has a tag, it may be accessible only via that URL; without a traffic percentage, it won't serve at the default URL.
The revision has a concurrency setting of 0, which is invalid.
A DevOps engineer is automating deployments to Compute Engine using a CI/CD pipeline. They want to minimize downtime and ensure that if a new VM fails health checks, the old VM continues serving. Which deployment strategy should they implement?
Redeploy the old version manually if the new version fails
Rolling update with a readiness probe
Blue/green deployment with health checks and a managed instance group
Blue/green allows keeping the old version (blue) serving while the new version (green) is tested; if health checks fail, traffic remains on blue.
Canary deployment with a small percentage of traffic
A developer deploys a Cloud Function (2nd gen) that processes messages from Pub/Sub. The function sometimes fails with 'Deadline Exceeded' for messages that take longer than 9 minutes. What should the developer do to handle these long-running messages without losing them?
Configure the function to retry on failure and set a maximum retry count.
Increase the Cloud Function timeout to 60 minutes.
Set the Pub/Sub subscription acknowledgment deadline to 10 minutes and implement a push endpoint that acknowledges after processing.
Extending the ack deadline prevents the message from being redelivered before processing completes.
Use Cloud Tasks instead of Pub/Sub for asynchronous invocation.
Which TWO statements about deploying applications on Google Kubernetes Engine (GKE) are correct?
HorizontalPodAutoscaler can use custom metrics from Cloud Monitoring.
HPA supports custom metrics via the custom.metrics.k8s.io API.
Kubernetes Secrets are encrypted at rest by default.
A zonal GKE cluster automatically uses regional persistent disks for high availability.
PodDisruptionBudget can be used to ensure a minimum number of pods are available during node repair.
PodDisruptionBudget protects against voluntary disruptions like node repair.
To expose a Deployment externally, you must create an Ingress resource.
Want more Deploying applications practice?
Practice this domainYour application runs on Compute Engine and uses Cloud Pub/Sub to receive messages from a third-party service. Recently, the message delivery latency has increased significantly. The third-party reports no issues on their end. You notice that the Pub/Sub subscription's 'ackDeadlineSeconds' is set to 10. What is the most likely cause of the latency?
The ackDeadlineSeconds is too short, causing frequent message redelivery.
Short ack deadline leads to redelivery before processing completes.
The topic's message retention duration is too long.
The push endpoint is not responding, causing Pub/Sub to retry.
The subscription has an exponential backoff policy that is too aggressive.
You are designing a data pipeline that ingests streaming data from IoT devices using Cloud IoT Core, processes it with Dataflow, and stores results in BigQuery. The data volume is expected to be 10 GB per day with occasional spikes. You need to minimize processing latency and cost. Which configuration should you choose for the Dataflow pipeline?
Use streaming mode with autoscaling and maximum workers set to 10.
Use Dataflow Prime for automatic optimization.
Use streaming mode with streaming engine enabled and 2 workers.
Streaming engine reduces latency and cost for moderate throughput.
Use batch mode with a fixed number of workers to reduce cost.
A company stores sensitive user data in Cloud Storage. They want to ensure that only authenticated users with the appropriate permissions can access the data, and that data is encrypted at rest. Which two steps should they take? (Choose TWO.)
Configure a Customer-Managed Encryption Key (CMEK) in Cloud KMS.
Enable default encryption on the bucket using Google-managed keys.
Default server-side encryption is already enabled.
Use IAM roles to grant access to specific users and groups.
IAM controls access.
Set bucket-level public access prevention.
Enable VPC Service Controls to restrict data access.
You are designing a serverless application using Cloud Functions that processes events from Cloud Storage and Cloud Pub/Sub. The function must be idempotent and handle duplicate events. Which three best practices should you implement? (Choose THREE.)
Generate a unique idempotency key for each event and store processed keys in a database.
Idempotency keys prevent duplicate processing.
Invoke the function synchronously to avoid duplicates.
Implement a deduplication logic that checks the event's publish time against a threshold.
Timestamps can help filter duplicates.
Use Cloud Firestore to record the state of each processed event.
Transactional state helps idempotency.
Set the function timeout to maximum (540 seconds) to ensure processing completes.
You need to monitor the CPU usage of a Compute Engine instance and trigger an alert when it exceeds 80% for 5 minutes. Which Google Cloud service should you use?
Cloud Debugger
Cloud Monitoring
Cloud Monitoring provides metrics and alerting.
Cloud Logging
Error Reporting
Your company uses Cloud SQL for MySQL to store transactional data. You need to perform a point-in-time recovery (PITR) to recover from a logical error that occurred 30 minutes ago. Which two prerequisites must be met? (Choose TWO.)
High availability (HA) is configured.
Binary logging is enabled.
Binary logs enable PITR.
Automated backups are enabled.
Backups are the base for PITR.
The backup window is set to a time before the incident.
A read replica is configured.
Want more Integrating Google Cloud services practice?
Practice this domainA company deploys a microservices application on Google Kubernetes Engine (GKE). The operations team needs to monitor API latency between services. Which Google Cloud service should they use to trace requests across services?
Error Reporting
Cloud Logging
Cloud Monitoring
Cloud Trace
Cloud Trace provides distributed tracing to analyze latency across services.
A developer notices that a Cloud Function is timing out after 60 seconds. The function makes an external API call that occasionally takes longer than the timeout. What is the best practice to handle this?
Implement retry logic without changing the timeout
Increase the timeout for all Cloud Functions in the project
Increase the timeout for the specific Cloud Function to a higher value
Adjusting the timeout for the specific function allows the external call to complete.
Decrease the timeout to fail fast and implement retry logic
A company uses Cloud Monitoring to set up an alerting policy for CPU utilization on Compute Engine instances. They want to be notified when average CPU usage exceeds 80% for 5 minutes. Which threshold type should they use?
Forecast
Change rate
Threshold
Threshold alert fires when metric crosses a set value for a duration.
Metric absence
An application running on GKE is experiencing high latency. The team uses Cloud Trace to identify the bottleneck. They notice that a particular service spends most of its time waiting on a database query. How can they optimize performance?
Decrease the number of pods to reduce load
Use Cloud CDN to cache database results
Optimize the database query and add appropriate indexes
Query optimization reduces execution time.
Increase the number of replicas for the service
A company uses Cloud Run for a serverless application. They notice that cold starts are causing high latency for some requests. What is the best strategy to reduce cold starts?
Increase the max instances setting
Set a minimum number of instances to keep containers always warm
Min instances ensures pre-warmed containers are always ready.
Migrate the application to Cloud Functions
Reduce the container concurrency setting
A team wants to monitor custom application metrics from a Compute Engine instance. They use the Cloud Monitoring agent. Which metric type should they use to report a gauge measurement like current memory usage?
histogram
delta
cumulative
gauge
Gauge metric type reports instantaneous values.
Want more Managing application performance monitoring practice?
Practice this domainThe PCD exam has 60 questions and must be completed in 120 minutes. The passing score is 720/1000.
Scenario-based questions covering exam objectives with detailed answer explanations.
The exam covers 5 domains: Designing highly scalable, available, and reliable cloud-native applications, Building and testing applications, Deploying applications, Integrating Google Cloud services, Managing application performance monitoring. Questions are weighted by domain — higher-weight domains appear more on your actual exam.
No. These are original exam-style practice questions written against the official Google Cloud PCD exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.
Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.