Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsPCDEDomainsBootstrapping a Google Cloud Organisation for DevOps
PCDEFree — No Signup

Bootstrapping a Google Cloud Organisation for DevOps

Practice PCDE Bootstrapping a Google Cloud Organisation for DevOps questions with full explanations on every answer.

84questions

Start practicing

Bootstrapping a Google Cloud Organisation for DevOps — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

PCDE Domains

Building and Implementing CI/CD Pipelines for a ServiceBootstrapping a Google Cloud Organisation for DevOpsApplying Site Reliability Engineering Practices to a ServiceImplementing Service Monitoring StrategiesOptimising Service PerformancePlan and manage database infrastructureDefine data structures and implement SQL for Business IntelligenceDesign and implement database schemasMonitor and optimize database performance

Practice Bootstrapping a Google Cloud Organisation for DevOps questions

10Q20Q30Q50Q

All PCDE Bootstrapping a Google Cloud Organisation for DevOps questions (84)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A DevOps engineer is setting up a new Google Cloud organization for their company. They need to ensure that all projects are created within a structured hierarchy that separates production, staging, development, and sandbox environments. Which folder structure BEST supports this requirement?

2

An organization wants to enforce that all Compute Engine instances in their Google Cloud organization are created with Shielded VM enabled. What is the MOST effective way to enforce this requirement?

3

A financial services company is using Terraform to manage their Google Cloud infrastructure. They have multiple environments (dev, staging, prod) and want to use a single Terraform configuration with separate state files per environment. They also need to store the Terraform state securely in a shared backend. Which approach should they use?

4

A DevOps team wants to implement policy-as-code to enforce that all Terraform configurations comply with security rules before deployment. Which tool is most appropriate for pre-commit policy checks on Terraform plans?

5

An organization wants to centralize cost management across multiple projects. They need to analyze spending trends and set budget alerts. Which combination of services should they use?

6

What is the primary benefit of using Workload Identity Federation over service account keys when authenticating workloads running outside Google Cloud?

7

A company is adopting GitOps for managing their Kubernetes infrastructure with Config Sync. They want to ensure that any changes to the cluster's desired state are automatically applied from a Git repository. Which branching strategy is MOST suitable for this workflow?

8

An organization wants to restrict the creation of Compute Engine instances in their Google Cloud organization to only certain regions. Which organization policy constraint should they use?

9

A DevOps engineer is designing a shared VPC topology for a multi-project environment. Which service project permission allows a project to use subnets from a host project?

10

A company wants to implement granular cost tracking for their cloud resources. They need to attribute costs to specific teams and environments. Which approach should they use?

11

A DevOps team is using Terraform to manage infrastructure. They have a module that creates a Cloud Storage bucket. They want to reference the bucket's URL in another part of the configuration without hardcoding. Which approach should they use?

12

A DevOps engineer is setting up CI/CD for a microservice application. They want to use Cloud Build to deploy to Google Kubernetes Engine (GKE) only if the build passes tests. Which Cloud Build configuration approach should they use?

13

An organization wants to enforce that no Compute Engine instances have public IP addresses. Which TWO methods can achieve this? (Choose TWO.)

14

A company is adopting Infrastructure as Code with Terraform and wants to enforce policy as code using Open Policy Agent (OPA). Which THREE components are required to implement this in a CI/CD pipeline? (Choose THREE.)

15

A DevOps engineer is designing a landing zone for a large enterprise. Which THREE components are essential for a well-architected landing zone? (Choose THREE.)

16

An organization wants to enforce that all Compute Engine VMs are created with Shielded VM features enabled to protect against rootkits and boot-level malware. Which Google Cloud mechanism should be used?

17

A DevOps team is designing a landing zone for a multi-team organization. They need to separate environments (prod, staging, dev) and also provide isolated projects for each team's sandbox testing. The team wants to centrally manage networking and security through a shared VPC. Which folder structure best supports this design?

18

A company uses Terraform to manage infrastructure. They have a monolithic Terraform configuration that manages all projects in a single state file. As the organization grows, the configuration becomes slow and error-prone. The team wants to adopt a modular approach with separate state files for each project while reusing common modules. Which strategy should they follow?

19

An organization wants to enforce that Compute Engine instances cannot have public IP addresses. Which organization policy constraint should be applied?

20

A team is adopting GitOps for infrastructure. They want to ensure that all Terraform configuration changes are automatically applied after merging to the main branch. Which CI/CD approach best supports this?

21

A company uses a shared VPC with multiple service projects. The network team wants to allow a DevOps team to create Cloud Run services in a service project but prevent them from creating Cloud Run services with public access (allowUnauthenticated invocations). What is the best approach?

22

An organization wants to implement policy-as-code to validate Terraform plans against security policies before applying them. They are using Terraform Cloud (TFE). Which tool is natively integrated with Terraform Cloud for policy checks?

23

A team manages infrastructure across multiple Google Cloud projects using Terraform. They want to centralize state file management in a GCS bucket and ensure that each project's state is isolated. Which backend configuration best achieves this?

24

A company needs to track costs across different teams and projects. They want to see detailed breakdowns by team, environment, and application. Which GCP feature should they use to tag resources for cost analysis?

25

A DevOps engineer is bootstrapping a new organization. They need to set up a centralized logging project to collect audit logs from all projects. What is the required step to enable cross-project log sinks?

26

A company uses Terraform with remote state stored in GCS. They want to prevent concurrent `terraform apply` runs for the same configuration to avoid state corruption. Which feature should they use?

27

A team wants to implement policy-as-code to check Terraform plans for compliance before deployment. They prefer an open-source tool that works with any CI/CD pipeline and can evaluate policies expressed in Rego. Which tool should they use?

28

A company is designing a landing zone for a large enterprise with multiple business units. They need to implement cost tracking and billing management. Which TWO actions should they take?

29

A DevOps team is adopting trunk-based development for their Terraform configurations. They want to ensure that all changes are tested before being applied to production. Which THREE practices should they implement?

30

A company wants to enforce least-privilege IAM for their DevOps team. They need to grant permissions to manage Compute Engine instances but not to delete them. Which TWO approaches should they use?

31

A DevOps engineer is bootstrapping a new Google Cloud organization. They need to enforce that all Compute Engine VM instances must use Shielded VM features. Which method should they use?

32

A company has a Google Cloud organization with separate folders for development, staging, and production. They want to deploy Terraform using a CI/CD pipeline that runs in a shared tools project. Where should the Terraform state files be stored and how should the pipeline authenticate?

33

An organization wants to implement a landing zone with shared VPC, centralized logging, and security projects. Which folder structure best follows Google Cloud's recommended landing zone design?

34

A team uses Terraform with remote state stored in a GCS bucket. They are implementing policy as code using Conftest to validate Terraform plans before apply. The Conftest checks run in a CI/CD pipeline. Which approach ensures that Conftest policies are enforced consistently across all Terraform workspaces?

35

A DevOps engineer needs to ensure that no Compute Engine VM in the organization can have an external IP address, except for a specific set of approved projects. Which organization policy configuration should they use?

36

A company wants to enforce that all Cloud Run services must not be publicly accessible. They need a preventive control rather than a detective one. Which approach should they use?

37

An organization uses Terraform to manage infrastructure across multiple teams. They want to implement a branching strategy that supports rapid iteration and continuous integration for infrastructure changes while ensuring that the main branch always reflects the desired state. Which Git branching model is most aligned with GitOps principles for IaC?

38

A DevOps engineer needs to set up billing export to analyze costs by team and environment. They have organized projects with labels: team (e.g., 'platform', 'data') and environment (e.g., 'prod', 'dev'). Which billing export configuration should they use?

39

A team is migrating from Cloud Deployment Manager to Terraform. They need to manage state for multiple environments (dev, staging, prod) using a single Terraform configuration. Which Terraform feature should they use to achieve this?

40

An organization wants to implement privileged access management (PAM) for their Google Cloud environment. They need to grant temporary, just-in-time access to production projects for incident responders. Which GCP service should they use?

41

A company wants to ensure that all new projects created in their Google Cloud organization automatically inherit a set of baseline IAM roles for the security team. Which approach should they use?

42

A DevOps team uses Terraform Cloud to manage infrastructure. They want to enforce that all Terraform plans must pass a set of policy checks before they can be applied. The policies include restricting resource types and ensuring proper tagging. Which Terraform Cloud feature should they use?

43

A company is designing a landing zone in Google Cloud. They need to set up a shared VPC for multiple projects. Which TWO steps should they take? (Choose two.)

44

An organization uses Terraform with a GCS backend for state. They want to implement a GitOps workflow where changes merged to the main branch are automatically applied. The CI/CD pipeline uses a service account with Workload Identity Federation. Which THREE components are required? (Choose three.)

45

A team wants to enforce that all Compute Engine disks must be encrypted with Customer-Managed Encryption Keys (CMEK) stored in Cloud Key Management Service (KMS). Which TWO steps should they take? (Choose two.)

46

An organization wants to enforce that all Compute Engine instances are created in a specific set of regions. Which Google Cloud feature should be used?

47

A DevOps team uses Terraform to manage infrastructure. They want to store state files in a shared backend that supports locking and versioning. Which backend meets these requirements?

48

A company wants to centralize audit logs and billing data from multiple projects in a single project for analysis. What is the best approach?

49

A team uses Terraform with a GCS backend. After a failed apply, the state file is corrupted. How can they recover to the last known good state?

50

An organization wants to enforce that no Compute Engine VM has an external IP address. Which approach should be used?

51

A DevOps engineer wants to manage Google Cloud resources as code using a declarative language. Which tool is the current industry standard and recommended by Google?

52

A team wants to implement GitOps for their Terraform infrastructure. They want to automatically apply changes when a pull request is merged to the main branch. Which approach should they use?

53

An organization wants to implement least-privilege IAM for their DevOps team. They need permissions to manage Compute Engine instances but not to create or delete them. Which IAM role should be assigned?

54

A company has multiple teams in a GCP organization. They want to isolate environments (prod, staging, dev) and give each team a separate project for development. Which folder structure is recommended?

55

An organization wants to enforce that all Cloud Run services are not publicly accessible. Which organization policy should they use?

56

A DevOps engineer is using Terraform and wants to reference outputs from another Terraform configuration that manages networking. Which approach should they use?

57

An organization wants to track cloud costs per team and per project. They have already enabled billing export to BigQuery. What additional step should they take to enable cost attribution?

58

A DevOps team is designing a landing zone on GCP. They want to centralize networking, logging, and security. Which TWO projects should they create? (Choose 2)

59

An organization wants to enforce policy as code for Terraform configurations. Which TWO tools can be used to validate Terraform plans against custom policies before apply? (Choose 2)

60

A company wants to implement security controls for Compute Engine VMs across their organization. Which THREE organization policies can enforce VM security? (Choose 3)

61

A company is setting up a new Google Cloud organization. The DevOps team wants to enforce that all Compute Engine instances are created only in us-central1 or europe-west1. Which approach should they use?

62

A team manages Terraform state for multiple projects using a single GCS bucket. They need to ensure that state operations are not concurrent to avoid corruption. What should they do?

63

An organization wants to use a GitOps workflow for infrastructure deployment with Terraform. They use GitHub as the source of truth and want to automatically apply Terraform changes when a pull request is merged to the main branch. They need to review Terraform plans before apply. Which solution meets these requirements?

64

A DevOps engineer needs to create a custom IAM role that allows only the permission to create Compute Engine instances, but not to modify or delete them. What is the best practice for defining this role?

65

A company has multiple GCP projects and wants to audit all IAM policy changes. They need a solution that captures who made the change, what was changed, and when. The solution should be cost-effective and require minimal setup. What should they use?

66

A team uses Terraform to manage infrastructure. They want to ensure that all Terraform code passes policy checks before being applied. They use Terraform Cloud. Which built-in feature allows them to define policies that are checked during the plan phase?

67

An organization wants to set up a landing zone with separate projects for development, staging, and production environments. They also need a shared VPC for networking and a centralized logging project. Which folder structure aligns with Google Cloud best practices?

68

What is the purpose of a Google Cloud organization node in the resource hierarchy?

69

A company wants to implement least-privilege IAM for their DevOps team. The team needs to manage Compute Engine instances and Cloud Storage buckets, but not delete resources. Which approach is recommended?

70

A team uses Terraform with a GCS backend for state. They want to use remote state from another project to read output values. What Terraform configuration element is used to retrieve outputs from a different state file?

71

A company needs to control cost by setting a budget alert on their billing account. They want to be notified when spending exceeds 80% of the budget. What should they configure?

72

Which Git branching strategy is recommended for infrastructure as code in a DevOps environment to enable continuous delivery?

73

A company wants to enforce that all Compute Engine VMs have Shielded VM features enabled. Which mechanism should they use?

74

A team is migrating to GCP and wants to use Cloud Deployment Manager for infrastructure. They have existing Terraform modules. What is the best approach?

75

An organization wants to restrict the creation of Cloud SQL instances outside of specific regions. Which organization policy constraint should they use?

76

A company wants to implement a landing zone with centralized logging and monitoring. Which TWO services should they use to collect and analyze logs from all projects? (Choose 2)

77

A team uses Terraform and wants to enforce policy checks before code is committed to the repository. Which TWO tools can be used for pre-commit policy as code checks? (Choose 2)

78

A company wants to implement least-privilege access for service accounts. Which THREE practices should they follow? (Choose 3)

79

An organization wants to enforce that no Compute Engine instances have external IP addresses except for a specific project. Which TWO steps should they take? (Choose 2)

80

A company wants to set up cost tracking by project, environment, and team. Which THREE methods should they use? (Choose 3)

81

A DevOps team is bootstrapping a new Google Cloud organization. They want to enforce that all Compute Engine instances must use Shielded VM features (Secure Boot, vTPM, Integrity Monitoring). Which organization policy should they set at the organization level?

82

An organization uses Terraform to manage infrastructure across multiple projects. They want to use a single shared Terraform state file for their production environment but isolate state for development environments. The team uses Terraform Cloud workspaces. Which state management approach is most appropriate?

83

A company wants to enforce that no Compute Engine instances are created with external IP addresses unless explicitly allowed. Which organization policy constraint should be used?

84

A DevOps team is designing a landing zone in Google Cloud. They need to set up a folder structure that supports multiple teams and environments. Which TWO practices should they follow? (Choose 2)

Practice all 84 Bootstrapping a Google Cloud Organisation for DevOps questions

Other PCDE exam domains

Building and Implementing CI/CD Pipelines for a ServiceApplying Site Reliability Engineering Practices to a ServiceImplementing Service Monitoring StrategiesOptimising Service PerformancePlan and manage database infrastructureDefine data structures and implement SQL for Business IntelligenceDesign and implement database schemasMonitor and optimize database performance

Frequently asked questions

What does the Bootstrapping a Google Cloud Organisation for DevOps domain cover on the PCDE exam?

The Bootstrapping a Google Cloud Organisation for DevOps domain covers the key concepts tested in this area of the PCDE exam blueprint published by Google Cloud. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCDE domains — no account required.

How many Bootstrapping a Google Cloud Organisation for DevOps questions are in the PCDE question bank?

The Courseiva PCDE question bank contains 84 questions in the Bootstrapping a Google Cloud Organisation for DevOps domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Bootstrapping a Google Cloud Organisation for DevOps for PCDE?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Bootstrapping a Google Cloud Organisation for DevOps questions for PCDE?

Yes — the session launcher on this page draws questions exclusively from the Bootstrapping a Google Cloud Organisation for DevOps domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your PCDE domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide