CCNA Google Cloud Products Services And Solutions Questions

75 of 103 questions · Page 1/2 · Google Cloud Products Services And Solutions topic · Answers revealed

1
MCQmedium

A company uses Cloud CDN to deliver static content. They notice that some content is being served stale despite a TTL of 1 hour. What should they check to ensure content is always fresh?

A.Verify that the origin server sets appropriate Cache-Control headers (e.g., max-age=3600).
B.Enable cache invalidation for all objects daily.
C.Increase the TTL in the CDN configuration to 24 hours.
D.Use Cloud Storage as the origin and set caching to 'public'.
AnswerA

Cloud CDN respects the Cache-Control header from the origin; if it is missing or set to a lower value, content may become stale sooner.

Why this answer

Option A is correct because Cloud CDN relies on the Cache-Control: max-age directive from the origin server to determine how long content should be considered fresh. If the origin does not set max-age=3600 (or a comparable value), Cloud CDN may serve stale content even if the CDN TTL is configured to 1 hour, as the CDN respects the origin's cache headers by default. Ensuring the origin sets appropriate Cache-Control headers guarantees that Cloud CDN caches content for the intended duration.

Exam trap

Google Cloud often tests the misconception that CDN TTL settings alone control freshness, when in reality the origin's Cache-Control headers are authoritative unless overridden by explicit CDN policies like 'cache modes' or 'origin override'.

How to eliminate wrong answers

Option B is wrong because daily cache invalidation is a reactive, manual process that does not prevent stale content between invalidations; it also incurs cost and latency, and does not address the root cause of stale serving due to missing or incorrect Cache-Control headers. Option C is wrong because increasing the TTL to 24 hours would make the problem worse by extending the time stale content is served, rather than ensuring freshness. Option D is wrong because setting caching to 'public' in Cloud Storage only affects browser caching, not Cloud CDN's edge caching behavior; Cloud CDN still requires proper Cache-Control headers from the origin to honor freshness.

2
MCQmedium

An enterprise wants to give its business intelligence team a governed analytics platform where data models are defined centrally with version-controlled semantic definitions, and all reports are guaranteed to use the same business metric definitions. Which Google Cloud product is designed for this governed BI use case?

A.Looker Studio, Google's free self-service data visualization tool
B.Looker, with its LookML semantic layer for centrally governed, version-controlled metric definitions used consistently across all reports
C.BigQuery, where analysts write shared SQL queries stored in the project
D.Vertex AI, which provides a model registry for governing ML model definitions
AnswerB

Looker's LookML semantic layer is precisely designed for governed analytics. Data engineers define business logic (what 'revenue' means, how to join tables) in LookML, which is version-controlled in Git. All Looker reports query through this layer, ensuring consistent definitions. This is the differentiated capability versus Looker Studio.

Why this answer

Looker is the correct choice because it provides a governed analytics platform with its LookML semantic layer. LookML allows data models to be defined centrally with version control, ensuring that all reports and dashboards use the same business metric definitions consistently. This directly addresses the enterprise's need for a governed BI solution where semantic definitions are managed and versioned.

Exam trap

Google Cloud often tests the distinction between a governed semantic layer (Looker) and a simple visualization tool (Looker Studio) or a data warehouse (BigQuery), trapping candidates who confuse data storage with BI governance.

How to eliminate wrong answers

Option A is wrong because Looker Studio is a free self-service visualization tool that lacks a centralized, version-controlled semantic layer for governing metric definitions; it relies on direct data source connections without enforced consistency. Option C is wrong because BigQuery is a data warehouse for running SQL queries, not a BI platform with a semantic modeling layer; shared SQL queries in a project do not provide version-controlled, governed metric definitions across reports. Option D is wrong because Vertex AI is a machine learning platform with a model registry for governing ML models, not a BI tool for governing business metric definitions in analytics.

3
MCQhard

A company uses BigQuery for analytics and needs to enforce row-level security based on user department. Only users from the 'Sales' department should see rows where department = 'Sales'. Which BigQuery feature should they use?

A.Custom IAM roles with fine-grained permissions
B.Column-level security with classification tags
C.Authorized views with a WHERE clause
D.Row-level access policies using a filter on the department column
AnswerD

Row-level access policies restrict which rows users can see based on conditions.

Why this answer

Option B is correct because BigQuery row-level access policies allow filtering rows based on conditions. Option A is wrong because column-level security hides columns, not rows. Option C is wrong because authorized views are for sharing data across projects.

Option D is wrong because IAM roles are for access control at the table/dataset level, not row-level.

4
MCQmedium

A company runs many containerized microservices that need orchestration — automatic scheduling, scaling, self-healing, and rolling updates. They want a managed service so they don't maintain the control plane themselves. Which Google Cloud service is purpose-built for this?

A.Cloud Run
B.Google Kubernetes Engine (GKE)
C.Cloud Composer
D.Compute Engine with managed instance groups
AnswerB

GKE is Google's managed Kubernetes service. It handles the control plane (API server, scheduler, etcd) and optionally the node infrastructure (Autopilot mode) while providing full Kubernetes orchestration capabilities.

Why this answer

Google Kubernetes Engine (GKE) is a managed Kubernetes service that provides automatic orchestration, scaling, self-healing, and rolling updates for containerized microservices. It fully manages the Kubernetes control plane, including the API server, etcd, and scheduler, so the customer does not have to maintain them. This makes GKE the purpose-built solution for the described requirements.

Exam trap

Cisco often tests the distinction between serverless container platforms (Cloud Run) and full container orchestration (GKE), where candidates mistakenly choose Cloud Run because it also runs containers, but it lacks the orchestration features like manual scaling, self-healing, and rolling updates that GKE provides.

How to eliminate wrong answers

Option A is wrong because Cloud Run is a serverless compute platform for stateless containers that abstracts away the underlying infrastructure, but it does not provide the full orchestration capabilities (e.g., manual scaling, self-healing at the pod level, or rolling updates) that Kubernetes offers; it is designed for event-driven or request-based workloads, not for managing a fleet of microservices with complex scheduling. Option C is wrong because Cloud Composer is a managed Apache Airflow service for workflow orchestration and data pipeline scheduling, not for container orchestration; it manages DAGs and task dependencies, not container lifecycles. Option D is wrong because Compute Engine with managed instance groups provides auto-scaling and self-healing for VMs, but it lacks native container orchestration features like automatic scheduling, rolling updates, and service discovery; it requires additional tooling (e.g., Kubernetes or Nomad) to achieve the same level of container management.

5
MCQmedium

A startup needs to build a mobile application backend. They need user authentication, a real-time database that syncs to mobile clients automatically, and serverless functions for business logic — all managed with minimal backend engineering. Which Google Cloud platform provides this integrated mobile/web backend solution?

A.Google Kubernetes Engine (GKE), for containerized backend microservices
B.Firebase, which provides integrated authentication, auto-syncing Firestore database, serverless functions, and hosting — designed for mobile and web backends with minimal engineering overhead
C.BigQuery, for storing and analyzing mobile application user data
D.Cloud Spanner, for globally consistent transactional data storage in the mobile backend
AnswerB

Firebase is purpose-built for this scenario. Authentication, real-time data sync, serverless functions, and hosting are all pre-integrated. The SDK handles real-time data synchronization to mobile clients automatically. It minimizes backend complexity for mobile-first teams.

Why this answer

Firebase is the correct answer because it is a Google Cloud platform specifically designed to provide an integrated mobile/web backend with minimal engineering overhead. It bundles user authentication, a real-time NoSQL database (Firestore) that automatically syncs data to clients, and serverless Cloud Functions for business logic, all managed without requiring backend infrastructure provisioning.

Exam trap

The trap here is that candidates may confuse GKE's microservices capability with a 'managed backend,' but GKE still requires significant DevOps effort, whereas Firebase is purpose-built for zero-ops mobile/web backends with integrated services.

How to eliminate wrong answers

Option A is wrong because Google Kubernetes Engine (GKE) is a container orchestration service for deploying microservices, which requires significant backend engineering to set up and manage authentication, real-time sync, and serverless functions, contradicting the 'minimal backend engineering' requirement. Option C is wrong because BigQuery is a serverless data warehouse for analytical queries on large datasets, not a real-time database with automatic client sync or a platform for authentication and serverless functions. Option D is wrong because Cloud Spanner is a globally distributed, strongly consistent relational database service that requires schema design and backend management, and it does not provide built-in authentication or auto-syncing to mobile clients like Firebase does.

6
MCQmedium

A startup is building an application that sends daily promotional push notifications to millions of mobile users on both iOS and Android devices. Which Google Cloud or Google service most directly provides the infrastructure for sending these mobile push notifications?

A.Cloud Pub/Sub, which delivers messages to subscribed mobile application instances
B.Firebase Cloud Messaging (FCM), which delivers push notifications to iOS and Android devices through Google's mobile notification infrastructure
C.Cloud Storage, by writing notification content to buckets that mobile applications poll for new messages
D.Cloud Run, by exposing an API that mobile applications call to retrieve their pending notifications
AnswerB

FCM is the correct service. It provides the complete push notification pipeline: device token management, message composition, cross-platform delivery (Android via FCM protocol, iOS via APNs), delivery analytics, and topic-based message broadcasting for millions of subscribers. It's the standard Google/Firebase solution for mobile push notifications.

Why this answer

Firebase Cloud Messaging (FCM) is Google's dedicated, scalable infrastructure for delivering push notifications to both iOS and Android devices. It handles device registration, message routing, and platform-specific delivery through Apple Push Notification service (APNs) for iOS and Google's own push service for Android, making it the most direct and appropriate service for this use case.

Exam trap

The trap here is that candidates confuse Cloud Pub/Sub's generic message delivery with mobile push notification delivery, overlooking that FCM is the only service that integrates directly with mobile OS notification systems and handles device-specific routing and delivery guarantees.

How to eliminate wrong answers

Option A is wrong because Cloud Pub/Sub is a message-oriented middleware for asynchronous event ingestion and distribution between services, not designed to deliver push notifications directly to mobile device operating systems; it lacks the device registration and platform-specific delivery mechanisms (APNs, FCM SDK) required for mobile push. Option C is wrong because Cloud Storage is an object storage service for unstructured data; polling a bucket for new messages is inefficient, introduces latency, drains mobile battery, and does not provide the real-time push delivery or device targeting capabilities needed. Option D is wrong because Cloud Run is a serverless compute platform for running containerized applications; while it could host a custom notification API, it does not natively handle push notification delivery to mobile OS-level notification channels and would require building and maintaining the entire push infrastructure, including FCM integration, making it an indirect and incomplete solution.

7
MCQeasy

A developer needs to grant a service account the minimum permissions required to publish messages to a Pub/Sub topic. Which IAM role should they assign?

A.roles/editor
B.roles/pubsub.subscriber
C.roles/pubsub.publisher
D.roles/pubsub.admin
AnswerC

Grants only the permission to publish messages to the topic.

Why this answer

The correct answer is C because the `roles/pubsub.publisher` role grants the minimum permissions required to publish messages to a Pub/Sub topic. This role includes the `pubsub.topics.publish` permission, which allows a service account to send messages to a specific topic without granting any other unnecessary permissions like subscribing or managing the topic.

Exam trap

Google Cloud often tests the distinction between publisher and subscriber roles, and the trap here is that candidates may confuse `roles/pubsub.publisher` with `roles/pubsub.subscriber` or assume a broad role like `roles/editor` is acceptable, overlooking the principle of least privilege.

How to eliminate wrong answers

Option A is wrong because `roles/editor` is a broad, primitive role that grants extensive permissions across many Google Cloud services, far exceeding the minimum required for publishing to a Pub/Sub topic. Option B is wrong because `roles/pubsub.subscriber` grants permissions to pull or push messages from a subscription (e.g., `pubsub.subscriptions.consume`), not to publish messages to a topic. Option D is wrong because `roles/pubsub.admin` grants full administrative control over Pub/Sub resources, including creating, deleting, and modifying topics and subscriptions, which is far more permissive than needed for publishing only.

8
MCQeasy

A developer wants to deploy a containerized web application without managing servers, clusters, or Kubernetes configuration. The application should automatically scale to zero when not in use and handle bursts of traffic. Which Google Cloud service is the best fit?

A.Google Kubernetes Engine (GKE)
B.Cloud Run
C.Compute Engine
D.App Engine Standard
AnswerB

Cloud Run is fully managed serverless for containers. No Kubernetes, no cluster management — just deploy the container and Cloud Run handles scaling (including to zero), networking, and infrastructure.

Why this answer

Cloud Run is the best fit because it is a fully managed serverless container platform that automatically scales to zero when idle and scales up to handle traffic bursts, without requiring any server, cluster, or Kubernetes configuration. The developer simply deploys a container image, and Cloud Run handles all infrastructure management, including scaling and load balancing.

Exam trap

The trap here is that candidates often confuse Cloud Run with App Engine Standard, thinking both support containers, but App Engine Standard requires specific language runtimes and does not allow custom container images, while Cloud Run is purpose-built for containerized workloads with automatic zero-scaling.

How to eliminate wrong answers

Option A is wrong because Google Kubernetes Engine (GKE) requires managing a Kubernetes cluster, even with Autopilot mode, and does not automatically scale to zero — at least one node is always running. Option C is wrong because Compute Engine requires managing virtual machines, scaling configurations, and does not scale to zero; you pay for running instances even when idle. Option D is wrong because App Engine Standard does not support arbitrary containerized applications — it requires using specific runtimes and does not allow full container image deployment.

9
MCQeasy

A company wants to add location-based features to their mobile app: showing nearby stores, calculating driving routes, and embedding interactive maps. Which Google Cloud platform provides these mapping and location services?

A.Cloud Spanner — it stores geolocation data with ACID transactions.
B.Google Maps Platform
C.Cloud IoT Core — it tracks device locations in real time.
D.BigQuery Geo Viz — it visualizes geographic data on a map.
AnswerB

Google Maps Platform provides APIs for all described use cases: Maps (embed interactive maps), Directions/Routes (routing), Places (nearby stores), Geocoding (address lookup). Available via API key with usage-based pricing.

Why this answer

Google Maps Platform is the correct choice because it provides the specific APIs needed for location-based features: Places API for nearby stores, Directions API for driving routes, and Maps SDK for embedding interactive maps. Cloud Spanner, IoT Core, and BigQuery Geo Viz are not designed to deliver these front-end mapping and routing services.

Exam trap

Google Cloud often tests the misconception that any Google Cloud service that can store or visualize geographic data (like Cloud Spanner or BigQuery Geo Viz) is equivalent to a dedicated mapping platform, but the question specifically asks for the platform that *provides* mapping and location services, not just stores or displays data.

How to eliminate wrong answers

Option A is wrong because Cloud Spanner is a globally distributed relational database service for ACID transactions, not a mapping or location services platform; it can store geolocation data but does not provide APIs for showing nearby stores, calculating routes, or embedding maps. Option C is wrong because Cloud IoT Core is a service for connecting, managing, and ingesting data from IoT devices, and while it can track device locations via telemetry, it does not offer mapping APIs or interactive map embedding. Option D is wrong because BigQuery Geo Viz is a visualization tool for geographic data stored in BigQuery, not a platform that provides real-time location-based features like nearby store lookup or driving route calculation.

10
MCQeasy

A company wants to use pre-trained Google AI models to add vision capabilities to their application — specifically to detect objects in images and extract text from scanned documents — without training their own models. Which Google Cloud APIs provide these capabilities?

A.Cloud Vision API for object detection and OCR; Cloud Document AI for structured document extraction.
B.BigQuery ML for both use cases — it trains vision models on image data stored in BigQuery.
C.Vertex AI AutoML Vision — train a custom model on your own images.
D.Cloud Natural Language API for text extraction from images.
AnswerA

Vision API provides image analysis (object detection, OCR, label detection) using pre-trained models. Document AI specializes in extracting structured information from forms and documents. Both require zero ML training.

Why this answer

Option A is correct because Cloud Vision API provides pre-trained models for object detection and OCR (Optical Character Recognition) to extract text from images, while Cloud Document AI specializes in extracting structured data (e.g., fields, tables) from scanned documents. Both services require no custom training, aligning with the company's requirement to use pre-trained Google AI models.

Exam trap

The trap here is that candidates often confuse Cloud Natural Language API with OCR capabilities, or assume BigQuery ML can handle image data, when in fact Google Cloud separates vision and text analysis into distinct APIs with specific pre-trained models.

How to eliminate wrong answers

Option B is wrong because BigQuery ML is designed for creating and executing machine learning models using SQL queries on structured data in BigQuery, not for training vision models on image data; it lacks native support for image processing or object detection. Option C is wrong because Vertex AI AutoML Vision requires users to train custom models on their own labeled images, which contradicts the requirement to use pre-trained models without training. Option D is wrong because Cloud Natural Language API is for analyzing text (e.g., sentiment, entity extraction) and cannot extract text from images; that capability belongs to Cloud Vision API's OCR feature.

11
MCQmedium

A media company stores video files, images, and static website assets that must be served globally with low latency. They want an object storage solution that is highly durable, accessible via standard HTTPS, and can be configured to make specific assets publicly accessible. Which Google Cloud storage product is most appropriate?

A.Cloud Storage, Google Cloud's object storage for unstructured data accessible via HTTPS with configurable public access
B.Filestore, Google Cloud's managed NFS file storage service
C.Persistent Disk, Google Cloud's block storage for virtual machine instances
D.Cloud SQL, Google Cloud's managed relational database service
AnswerA

Cloud Storage is exactly right for this use case. It stores unstructured data (videos, images, static files) with 11 nines durability, serves objects via HTTPS, supports public/private access control at the bucket and object level, and integrates with Cloud CDN for global low-latency delivery.

Why this answer

Cloud Storage is Google Cloud's object storage service designed for unstructured data such as video files, images, and static website assets. It provides global accessibility via standard HTTPS, offers 99.999999999% (11 9's) durability, and supports granular access control through IAM and ACLs, allowing specific assets to be made publicly accessible. This directly matches all the requirements in the question.

Exam trap

Cisco often tests the distinction between object storage (Cloud Storage), file storage (Filestore), and block storage (Persistent Disk), and the trap here is assuming any storage service can serve content over HTTPS with public access, whereas only Cloud Storage is designed for that purpose.

How to eliminate wrong answers

Option B (Filestore) is wrong because it is a managed NFS file storage service for shared file systems, not object storage, and it does not natively serve content over HTTPS or support public access configuration for individual assets. Option C (Persistent Disk) is wrong because it is block storage attached to virtual machine instances, designed for use as VM disks, not for serving content globally over HTTPS with public access controls. Option D (Cloud SQL) is wrong because it is a managed relational database service for structured data, not an object storage solution, and cannot serve files or static assets over HTTPS.

12
MCQmedium

A data engineering team needs to orchestrate a complex data pipeline that involves multiple steps: extracting data from various sources, transforming it with Dataflow, loading it into BigQuery, and running validation jobs — all in a specific sequence with retry logic and scheduling. Which Google Cloud service manages this workflow orchestration?

A.Cloud Scheduler — cron-based job scheduling.
B.Cloud Composer (managed Apache Airflow)
C.Cloud Dataflow — stream and batch processing.
D.Cloud Functions — event-driven function execution.
AnswerB

Cloud Composer orchestrates complex multi-step workflows as DAGs. It handles scheduling, step dependencies, retries, and provides a Airflow UI for monitoring pipeline runs.

Why this answer

Cloud Composer is a managed Apache Airflow service that provides workflow orchestration, including dependency management, retry logic, and scheduling for complex pipelines. It allows you to define a DAG (Directed Acyclic Graph) that sequences tasks like Dataflow extraction, BigQuery loading, and validation jobs, with built-in retry and scheduling capabilities.

Exam trap

Google Cloud often tests the distinction between a scheduler (Cloud Scheduler) and a full orchestrator (Cloud Composer), where candidates mistakenly choose Cloud Scheduler because they see 'scheduling' in the question, ignoring the need for retry logic and multi-step dependency management.

How to eliminate wrong answers

Option A is wrong because Cloud Scheduler is a cron-based job scheduler that triggers individual tasks at specified times, but it lacks native support for complex workflow dependencies, retry logic, or multi-step orchestration. Option C is wrong because Cloud Dataflow is a data processing service for stream and batch transformations, not a workflow orchestrator; it cannot manage sequencing or retries across multiple services. Option D is wrong because Cloud Functions is an event-driven compute service for executing single-purpose functions, not designed to orchestrate multi-step pipelines with dependencies and retry logic.

13
MCQhard

A company wants to expose its internal backend services to external partners through a managed API layer that handles authentication, rate limiting, traffic management, and analytics — without modifying the underlying services. Which Google Cloud product is designed for this API management use case?

A.Cloud Load Balancing, which distributes API requests across backend instances
B.Cloud Endpoints, a lighter-weight API gateway for Google Cloud-hosted APIs
C.Apigee, Google Cloud's full-featured enterprise API management platform for authentication, rate limiting, analytics, and developer portal without modifying backend services
D.Cloud Armor, Google Cloud's web application firewall and DDoS protection service
AnswerC

Apigee is the complete API management solution. Its proxy architecture sits in front of any backend service and adds authentication (OAuth, API keys), rate limiting, quota enforcement, traffic transformation, analytics, and a developer portal — with zero changes required to the backend services.

Why this answer

Apigee is Google Cloud's full-featured enterprise API management platform designed to expose backend services to external partners without requiring modifications to those services. It provides built-in authentication, rate limiting, traffic management, and analytics, along with a developer portal for partner onboarding. This makes it the correct choice for the described use case.

Exam trap

The trap here is that candidates confuse Cloud Endpoints (a lightweight option for Google Cloud-native backends) with Apigee (the enterprise platform for exposing any backend to external partners), missing the requirement for a developer portal and no backend modifications.

How to eliminate wrong answers

Option A is wrong because Cloud Load Balancing is a traffic distribution layer (Layer 4/7) that does not provide API-level authentication, rate limiting, or analytics; it only distributes requests across backends. Option B is wrong because Cloud Endpoints is a lighter-weight API gateway that requires the backend to be hosted on Google Cloud (e.g., Cloud Run, App Engine) and does not offer a developer portal or enterprise-grade analytics and rate limiting without additional configuration. Option D is wrong because Cloud Armor is a web application firewall and DDoS protection service that operates at the network/edge layer and does not handle API authentication, rate limiting, or analytics.

14
MCQhard

Refer to the exhibit. A company configures a lifecycle policy on a Cloud Storage bucket. The bucket contains objects uploaded over the past year with custom time set on each object. After 60 days, what happens to the objects?

A.All objects older than 30 days from now are deleted.
B.Objects with custom time more than 30 days ago are deleted.
C.Objects are deleted after 30 days from the last access.
D.The lifecycle policy is invalid because custom time is not supported.
AnswerB

The condition uses daysSinceCustomTime, so objects are deleted when the time since custom time exceeds 30 days.

Why this answer

Option B is correct because the lifecycle policy uses the `customTime` attribute, and the rule is configured to delete objects when `customTime` is older than 30 days. After 60 days from upload, objects with a `customTime` set at upload will have had that timestamp for 60 days, so they are more than 30 days past their `customTime` and are deleted. The policy does not use object age or last access time.

Exam trap

Google Cloud often tests the distinction between object age (creation time) and custom time, trapping candidates who assume lifecycle policies always use the object's creation date instead of the user-defined `customTime` attribute.

How to eliminate wrong answers

Option A is wrong because the lifecycle policy does not use the object's creation or upload time; it uses the `customTime` attribute, so objects are not deleted based on being older than 30 days from now. Option C is wrong because lifecycle policies in Cloud Storage do not support deletion based on last access time; they use conditions like age, creation date, or custom time. Option D is wrong because `customTime` is a fully supported metadata field in Cloud Storage lifecycle policies, allowing users to set a user-defined timestamp for deletion rules.

15
MCQhard

An enterprise needs advanced business intelligence capabilities: governed semantic models that business users query with natural language, embedded analytics in their customer-facing application, and centralized data access controls. Which Google Cloud analytics product is purpose-built for these enterprise BI requirements?

A.Looker Studio (free BI dashboards)
B.Looker (enterprise BI platform with LookML semantic layer)
C.BigQuery — it provides natural language querying via BQML.
D.Vertex AI — it builds ML models that answer business questions.
AnswerB

Looker's LookML semantic model defines business metrics centrally. Business users explore data naturally; embedded analytics APIs allow customer-facing deployment; row/column-level security enforces data governance.

Why this answer

Looker is purpose-built for enterprise BI with its LookML semantic modeling layer, which governs data definitions and access controls. It supports natural language querying through Looker's 'Ask Looker' feature and enables embedded analytics via its API and SDK, directly matching the requirements for governed semantic models, natural language queries, and embedded analytics.

Exam trap

Cisco often tests the distinction between a BI platform with a semantic layer (Looker) and a data warehouse (BigQuery) or ML platform (Vertex AI), leading candidates to mistakenly choose BigQuery because it supports natural language queries, overlooking the need for governed semantic models and embedded analytics.

How to eliminate wrong answers

Option A is wrong because Looker Studio is a free, lightweight dashboarding tool that lacks a governed semantic layer (LookML), centralized data access controls, and native natural language querying—it is not designed for enterprise-grade BI governance. Option C is wrong because BigQuery is a data warehouse, not a BI platform; while it supports natural language queries via BigQuery ML (BQML) for ML model creation, it does not provide a semantic modeling layer or embedded analytics capabilities for customer-facing applications. Option D is wrong because Vertex AI is a machine learning platform for building and deploying ML models, not a BI tool; it does not offer semantic models, natural language querying for business users, or embedded analytics dashboards.

16
MCQmedium

A developer is building a mobile backend that receives thousands of events per second from IoT devices. The events must be processed in real time and then stored for analysis. Which set of services should they use?

A.Cloud Pub/Sub -> Cloud Dataflow -> BigQuery
B.Cloud IoT Core -> Cloud Storage -> Dataproc
C.Cloud Pub/Sub -> Cloud Storage -> BigQuery
D.Cloud Pub/Sub -> Cloud Functions -> Cloud SQL
AnswerA

Pub/Sub for ingestion, Dataflow for stream processing, BigQuery for storage and analysis.

Why this answer

Option A is correct because Cloud Pub/Sub provides a scalable, fully managed message ingestion service for high-throughput event streams, Cloud Dataflow (based on Apache Beam) enables real-time stream processing with exactly-once semantics and low latency, and BigQuery offers a serverless data warehouse for fast analytical queries on the processed data. This combination handles the requirements of real-time processing and subsequent storage for analysis without operational overhead.

Exam trap

The trap here is that candidates confuse Cloud Storage as a real-time processing service (it is not—it is a durable object store for batch data) and overlook the need for a stream processing engine like Dataflow to handle real-time transformations before analysis.

How to eliminate wrong answers

Option B is wrong because Cloud IoT Core is a device management service, not a real-time event ingestion pipeline; Cloud Storage is an object store for blobs, not a streaming data sink, and Dataproc is a managed Hadoop/Spark service for batch processing, not real-time stream processing. Option C is wrong because while Cloud Pub/Sub can ingest events and Cloud Storage can store them, this path lacks a real-time processing step (like Dataflow) to transform or analyze events before storage, and BigQuery would query raw stored data without stream processing. Option D is wrong because Cloud Functions has a maximum timeout of 9 minutes and is designed for short-lived, event-driven compute, not for continuous high-throughput stream processing; Cloud SQL is a relational database not optimized for real-time event ingestion or analytical queries at scale.

17
MCQeasy

A startup wants to deploy a containerized web application without managing the underlying infrastructure. They want to only focus on code. Which Google Cloud service is most suitable?

A.Google Kubernetes Engine
B.Compute Engine
C.App Engine
D.Cloud Run
AnswerD

Cloud Run is a fully managed serverless platform for containers, abstracting infrastructure completely.

Why this answer

Cloud Run is the correct choice because it is a fully managed serverless platform that executes stateless containers in a request-driven environment, abstracting all infrastructure management. This allows the startup to focus solely on code by deploying container images directly from Artifact Registry or Container Registry, with automatic scaling down to zero when not in use.

Exam trap

The trap here is that candidates often confuse App Engine's automatic scaling with container support, overlooking that App Engine Standard requires specific language runtimes and does not accept arbitrary containers, while Cloud Run provides true container portability without infrastructure management.

How to eliminate wrong answers

Option A is wrong because Google Kubernetes Engine (GKE) requires managing a Kubernetes cluster, including node pools, networking, and scaling policies, which contradicts the requirement to avoid infrastructure management. Option B is wrong because Compute Engine provides virtual machines that demand manual provisioning, patching, and capacity planning, directly opposing the goal of focusing only on code. Option C is wrong because App Engine, while serverless, is a platform-as-a-service that restricts the runtime environment to specific supported languages and runtimes, whereas the startup explicitly wants to deploy a containerized application without such constraints.

18
MCQmedium

A retail company wants to build a recommendation engine that suggests products to customers based on their browsing history. The team has ML expertise but wants to use Google's pre-built ML infrastructure to train and deploy models at scale without managing compute resources. Which Google Cloud service should they use?

A.BigQuery ML
B.Vertex AI
C.Cloud AI Platform Notebooks (now Vertex AI Workbench)
D.Cloud Dataflow
AnswerB

Vertex AI is Google's unified ML platform with managed training (GPU/TPU clusters), AutoML, model registry, feature store, and serving endpoints. Teams bring ML expertise; Vertex AI handles infrastructure.

Why this answer

Vertex AI is the correct choice because it provides a fully managed, unified ML platform that handles the entire ML workflow—from data preparation and training to deployment and monitoring—without requiring the team to manage underlying compute infrastructure. It integrates with Google Cloud's pre-built ML infrastructure, including distributed training, AutoML, and custom model serving, making it ideal for building and scaling a recommendation engine.

Exam trap

Cisco often tests the distinction between a managed ML platform (Vertex AI) and individual tools like BigQuery ML or Dataflow, trapping candidates who confuse data processing or SQL-based ML with end-to-end model deployment and infrastructure management.

How to eliminate wrong answers

Option A is wrong because BigQuery ML is designed for creating and executing machine learning models directly in BigQuery using SQL, which is suitable for simple, in-database ML but lacks the flexibility and infrastructure for custom model training, deployment, and scaling needed for a recommendation engine. Option C is wrong because Cloud AI Platform Notebooks (now Vertex AI Workbench) is a tool for creating and managing Jupyter notebooks for exploratory data analysis and model development, not a managed service for training and deploying models at scale without managing compute resources. Option D is wrong because Cloud Dataflow is a fully managed service for stream and batch data processing, not an ML platform; it can be used for data preprocessing but does not provide model training or deployment capabilities.

19
MCQmedium

A software team deploys microservices using containers and wants Google Cloud to automatically manage the scaling, self-healing, and rollout of their containerized applications. They don't want to provision or manage underlying virtual machines. Which Google Cloud service best meets this need?

A.Compute Engine, Google Cloud's virtual machine service
B.Google Kubernetes Engine (GKE), which manages containerized applications with automatic scaling, self-healing, and rolling updates
C.Cloud Storage, for storing container images and serving them to instances
D.Cloud CDN, which distributes containerized applications globally
AnswerB

GKE is the managed Kubernetes service that handles all container orchestration. Teams describe their desired application state, and GKE automatically handles scheduling, health monitoring, auto-scaling, and rolling updates across the container fleet.

Why this answer

Google Kubernetes Engine (GKE) is the correct choice because it provides a managed Kubernetes environment that automates scaling, self-healing (e.g., automatic pod restarts and node repair), and rollout management (e.g., rolling updates and rollbacks) for containerized applications. This meets the requirement of not provisioning or managing underlying virtual machines, as GKE abstracts the node infrastructure.

Exam trap

The trap here is that candidates may confuse Compute Engine (IaaS) with a managed container service, or assume Cloud Storage or Cloud CDN can orchestrate containers, when only GKE provides the automated lifecycle management described.

How to eliminate wrong answers

Option A is wrong because Compute Engine is an Infrastructure-as-a-Service (IaaS) offering that requires manual provisioning and management of virtual machines, not automatic scaling, self-healing, or rollout of containers. Option C is wrong because Cloud Storage is an object storage service for storing container images (e.g., via Artifact Registry integration), but it does not manage scaling, self-healing, or rollout of applications. Option D is wrong because Cloud CDN is a content delivery network that caches and distributes content globally, not a compute or orchestration service for managing containerized workloads.

20
MCQmedium

A business intelligence team wants to create interactive dashboards and reports from their BigQuery data without writing code. They need to share reports with stakeholders who don't have GCP accounts. Which Google Cloud tool is most appropriate?

A.Vertex AI Workbench
B.Looker Studio (formerly Data Studio)
C.Cloud Dataprep by Trifacta
D.BigQuery Studio
AnswerB

Looker Studio is Google's free BI dashboarding tool with native BigQuery integration. Reports can be shared via link with stakeholders who have no GCP accounts.

Why this answer

Looker Studio (formerly Data Studio) is the correct choice because it is a no-code, drag-and-drop business intelligence tool that connects directly to BigQuery, enabling the creation of interactive dashboards and reports. It also supports sharing reports via public links or embedded views, allowing stakeholders without GCP accounts to access them without needing IAM permissions.

Exam trap

Cisco often tests the distinction between data preparation tools (Cloud Dataprep), ML development environments (Vertex AI Workbench), and BI/reporting tools (Looker Studio), trapping candidates who confuse 'no-code dashboards' with SQL-focused interfaces like BigQuery Studio.

How to eliminate wrong answers

Option A is wrong because Vertex AI Workbench is a Jupyter-based environment for building and deploying machine learning models, not for creating no-code dashboards or sharing reports with external stakeholders. Option C is wrong because Cloud Dataprep by Trifacta is a data preparation and cleaning tool, not a dashboarding or reporting solution; it focuses on transforming raw data rather than visualizing it interactively. Option D is wrong because BigQuery Studio is a unified interface for writing SQL queries and exploring data within BigQuery, but it does not provide native no-code dashboard creation or the ability to share reports with users who lack GCP accounts.

21
MCQhard

A company needs to run containerized workloads but wants to avoid managing Kubernetes cluster infrastructure (node pools, cluster upgrades, node autoscaling) entirely. They want to simply deploy container images and have Google Cloud manage all underlying infrastructure automatically. Which Google Cloud product best fits this fully managed container execution requirement?

A.Google Kubernetes Engine (GKE) Standard mode, where the team manages node pools and cluster configuration
B.Cloud Run, which executes container images on fully managed serverless infrastructure with automatic scaling and no cluster or node management
C.Compute Engine with a startup script that pulls and runs the container image from Artifact Registry
D.App Engine Flexible, which runs containers on managed virtual machines
AnswerB

Cloud Run is the answer. Developers provide a container image; Cloud Run handles all infrastructure: no node pools, no cluster upgrades, no capacity planning. It scales automatically from zero to thousands of instances based on request traffic. It's the most infrastructure-free container execution option on Google Cloud.

Why this answer

Cloud Run is the correct choice because it provides a fully managed serverless platform that executes container images without any cluster or node management. It automatically handles scaling, infrastructure provisioning, and maintenance, aligning perfectly with the requirement to avoid managing Kubernetes cluster infrastructure entirely.

Exam trap

The trap here is that candidates may confuse App Engine Flexible with a fully managed container service, but it still requires managing VM instances and does not provide the same serverless abstraction as Cloud Run.

How to eliminate wrong answers

Option A is wrong because GKE Standard mode requires the team to manage node pools, cluster upgrades, and node autoscaling, which contradicts the requirement to avoid managing Kubernetes cluster infrastructure. Option C is wrong because Compute Engine with a startup script still requires managing virtual machine instances, including patching, scaling, and lifecycle, which is not fully managed container execution. Option D is wrong because App Engine Flexible runs containers on managed virtual machines but still requires managing the underlying VM instances and does not provide the same level of automatic scaling and infrastructure abstraction as Cloud Run.

22
Multi-Selectmedium

A company is designing a disaster recovery plan for its critical application running on Google Kubernetes Engine (GKE) in us-central1. The application uses Cloud SQL (MySQL) as its database. Which TWO actions should the company take to achieve a Recovery Point Objective (RPO) of less than 5 minutes and a Recovery Time Objective (RTO) of less than 1 hour in the event of a regional outage? (Choose two.)

Select 2 answers
A.Use Cloud SQL's automated backups with a backup schedule every 4 hours.
B.Store container images in a regional registry in the same region.
C.Configure Cloud SQL for cross-region replication using a read replica in a different region.
D.Deploy a GKE cluster in a different region and use Multi-cluster Ingress to route traffic.
E.Use Cloud CDN to cache static content.
AnswersC, D

Provides near real-time replication for RPO <5 minutes.

Why this answer

Option C is correct because Cloud SQL cross-region replication using a read replica in a different region provides asynchronous replication with a typical lag of under 5 minutes, enabling an RPO of less than 5 minutes. In a regional outage, you can promote the read replica to a primary instance in the other region, achieving an RTO of under 1 hour by failing over the application's database connection.

Exam trap

Google Cloud often tests the distinction between backup-based recovery (which has higher RPO due to fixed intervals) and continuous replication (which can achieve near-zero RPO), leading candidates to mistakenly choose automated backups for low RPO requirements.

23
Multi-Selectmedium

A company wants to connect its on-premises network to Google Cloud for consistent low-latency access to resources. They also need to use the same network policies across multiple projects. Which two Google Cloud products should they use?

Select 2 answers
A.Cloud Interconnect
B.Shared VPC
C.Cloud NAT
D.Cloud VPN
E.VPC Network Peering
AnswersA, B

Cloud Interconnect provides a dedicated, high-bandwidth connection with lower latency than VPN.

Why this answer

Cloud Interconnect provides dedicated, low-latency, and consistent connectivity between an on-premises network and Google Cloud, bypassing the public internet. Shared VPC allows the company to centrally define and apply network policies (e.g., firewall rules, routes) across multiple projects from a single host project, ensuring uniform policy enforcement.

Exam trap

Google Cloud often tests the distinction between connectivity products (Cloud Interconnect vs. Cloud VPN) and policy-sharing mechanisms (Shared VPC vs. VPC Network Peering), where candidates mistakenly choose VPC Network Peering for cross-project policy management, not realizing it only connects VPCs without centralizing policies.

24
MCQeasy

A company is building a new application that needs to send transactional emails (order confirmations, password resets, account notifications) to customers. Google Cloud does not provide a native SMTP email service. Which approach is standard for sending transactional emails from Google Cloud applications?

A.Using Cloud Storage to store email templates and delivering them directly to customers' inboxes
B.Integrating a third-party transactional email service (such as SendGrid, Mailgun, or Postmark) via API from the Cloud Run or Cloud Functions application
C.Running a self-managed SMTP server on a Compute Engine VM and configuring MX records to deliver email
D.Using Gmail directly by authenticating the application with a corporate Gmail account and sending through Gmail SMTP
AnswerB

This is the standard pattern. Applications hosted on Cloud Run or Cloud Functions call third-party email service APIs to send transactional emails. These services provide the SMTP infrastructure, deliverability management, and analytics that transactional email requires.

Why this answer

Option B is correct because Google Cloud does not offer a native SMTP service for sending transactional emails. The standard approach is to integrate a third-party transactional email service (e.g., SendGrid, Mailgun, Postmark) via API from serverless compute services like Cloud Run or Cloud Functions. These services handle deliverability, reputation, and compliance with email standards (SPF, DKIM, DMARC) that are critical for transactional email.

Exam trap

The trap here is that candidates may assume Google Cloud provides a native SMTP service (like AWS SES) or that Gmail SMTP can be repurposed for application use, but Google Cloud explicitly lacks this service, and Gmail's SMTP is restricted to personal use and low-volume sending.

How to eliminate wrong answers

Option A is wrong because Cloud Storage is an object storage service for storing files, not an email delivery mechanism; it cannot send emails or interact with SMTP/MX protocols. Option C is wrong because running a self-managed SMTP server on Compute Engine is complex, requires managing IP reputation, reverse DNS, and SMTP authentication, and is not a standard or recommended approach for transactional email in Google Cloud. Option D is wrong because using Gmail SMTP from an application violates Gmail's Terms of Service (which prohibit automated bulk or transactional email) and has strict sending limits (e.g., 500 recipients per day for a free account), making it unsuitable for production transactional email.

25
MCQmedium

A logistics company needs to send millions of shipment status updates per day from IoT tracking devices to backend systems for processing and storage. The solution must decouple the tracking devices from the backend and handle traffic spikes without losing messages. Which Google Cloud product best fits this asynchronous messaging requirement?

A.Cloud SQL, to store each tracking update as a row in a relational database as it arrives
B.Cloud Pub/Sub, Google's fully managed messaging service that decouples producers from consumers and handles massive message volumes reliably
C.Cloud Storage, to have each device upload a file containing its status update
D.Cloud Load Balancing, to distribute incoming tracking requests evenly across backend servers
AnswerB

Pub/Sub is purpose-built for this pattern. IoT devices publish messages to a Pub/Sub topic; backend systems subscribe and process at their own rate. Pub/Sub buffers messages during spikes, guarantees at-least-once delivery, and scales to millions of messages per second without configuration changes.

Why this answer

Cloud Pub/Sub is the correct choice because it is a fully managed, asynchronous messaging service designed to decouple producers (IoT devices) from consumers (backend systems). It can handle millions of messages per second, provides at-least-once delivery, and buffers messages during traffic spikes, ensuring no data loss without requiring the backend to be always available.

Exam trap

Cisco often tests the distinction between decoupling (asynchronous messaging) and load distribution (synchronous traffic management), so the trap here is confusing Cloud Load Balancing's ability to distribute requests with Pub/Sub's ability to buffer and decouple, leading candidates to pick D when they see 'traffic spikes' and 'distribute' in the question.

How to eliminate wrong answers

Option A is wrong because Cloud SQL is a relational database that requires synchronous writes and cannot decouple producers from consumers; it would become a bottleneck under high throughput and cannot buffer messages during spikes. Option C is wrong because Cloud Storage is an object storage service, not a messaging system; having each device upload a file introduces latency, lacks real-time streaming, and does not provide the decoupling or ordered message delivery needed for status updates. Option D is wrong because Cloud Load Balancing distributes incoming traffic across backend instances but does not decouple producers from consumers or provide message buffering; it operates at the network layer and cannot handle asynchronous, event-driven messaging.

26
MCQmedium

A company wants to build an application that can understand and respond to natural language queries from customers (e.g., a customer support chatbot). Which Google Cloud capability should they use?

A.Cloud Vision API
B.Dialogflow CX or Vertex AI Conversation
C.BigQuery ML
D.Cloud Translation API
AnswerB

Dialogflow CX is Google's advanced conversational AI platform for building NLU-powered chatbots and virtual agents. It understands customer intent and manages multi-turn conversations across channels.

Why this answer

Dialogflow CX and Vertex AI Conversation are Google Cloud's purpose-built services for building conversational interfaces, including chatbots that understand natural language. They leverage natural language understanding (NLU) models to parse user intents and entities, enabling the application to respond appropriately to customer queries. This makes them the correct choice for a customer support chatbot.

Exam trap

Cisco often tests the distinction between general-purpose ML services (like Vision API or Translation API) and specialized conversational AI services (like Dialogflow), leading candidates to pick a service that sounds related but is actually for a different modality.

How to eliminate wrong answers

Option A is wrong because Cloud Vision API is designed for image and video analysis (e.g., object detection, OCR), not for processing natural language text or speech. Option C is wrong because BigQuery ML is used for running machine learning models on structured data stored in BigQuery, not for building conversational agents or understanding natural language queries. Option D is wrong because Cloud Translation API only translates text between languages; it does not provide intent recognition, entity extraction, or dialogue management needed for a chatbot.

27
MCQmedium

A healthcare company needs to run a large batch processing job that analyzes patient records using Apache Spark, transforming data from Cloud Storage and writing results to BigQuery. The job runs once daily and requires a large cluster that should exist only during the job. Which Google Cloud product best handles this ephemeral large-batch Spark workload?

A.Cloud Dataflow, for running the Apache Spark code as a streaming pipeline
B.Cloud Dataproc, which runs managed Apache Spark clusters that can be created for the job and deleted on completion — paying only during the processing window
C.Compute Engine VMs, by manually installing Apache Spark on a cluster of VMs each day before the job
D.BigQuery, by running the Spark transformation directly within BigQuery's execution engine
AnswerB

Dataproc is the correct choice for managed Apache Spark. The ephemeral cluster pattern (create cluster → run Spark job → delete cluster) is the recommended cost-optimization approach for batch jobs. The cluster exists only while needed, minimizing cost.

Why this answer

Cloud Dataproc is the correct choice because it provides managed Apache Spark clusters that can be created on demand for the batch job and automatically deleted upon completion, ensuring you only pay for the processing time. This ephemeral cluster model perfectly matches the requirement of a large cluster that exists only during the daily job, without manual infrastructure management.

Exam trap

Cisco often tests the distinction between managed services that run native Spark (Dataproc) versus those that use different execution engines (Dataflow, BigQuery), leading candidates to confuse Dataflow's ability to run batch pipelines with running Spark code directly.

How to eliminate wrong answers

Option A is wrong because Cloud Dataflow is designed for Apache Beam pipelines, not native Apache Spark code; it cannot directly run Spark transformations and is optimized for streaming, not ephemeral batch clusters. Option C is wrong because manually installing Apache Spark on Compute Engine VMs each day is operationally complex, error-prone, and contradicts the managed, ephemeral requirement; it also incurs costs for idle VMs if not carefully managed. Option D is wrong because BigQuery does not run Apache Spark transformations; it uses SQL-based queries and its own execution engine, not Spark, so it cannot execute Spark code directly.

28
MCQeasy

A startup's web application is being targeted by a denial-of-service attack that is flooding its servers with millions of fake requests per second. Which Google Cloud product provides automatic DDoS protection for the application?

A.Cloud Storage, by distributing the static content of the application across multiple storage regions
B.Cloud Armor, which provides DDoS protection and WAF capabilities to detect and mitigate volumetric attacks against the application
C.Cloud IAM, by revoking permissions for the IP addresses generating attack traffic
D.Cloud Monitoring, by alerting the team so they can manually scale up servers to absorb the attack
AnswerB

Cloud Armor is Google Cloud's DDoS mitigation and WAF service. It integrates with Google's global load balancers to absorb volumetric attacks at the edge before they reach backend servers. Its Adaptive Protection feature automatically detects and responds to DDoS patterns in real time.

Why this answer

Cloud Armor is the correct answer because it is Google Cloud's managed DDoS protection and Web Application Firewall (WAF) service. It uses Google's global infrastructure to absorb and filter volumetric attacks (e.g., SYN floods, UDP reflection attacks) at the edge, before traffic reaches the application. It integrates with Cloud Load Balancing to inspect and drop malicious requests based on pre-configured or adaptive rules.

Exam trap

Cisco often tests the misconception that any 'cloud' service (like Cloud Storage or Cloud Monitoring) can handle DDoS by distributing or alerting, when in fact only a dedicated WAF/edge security service like Cloud Armor provides automatic, inline mitigation at the network perimeter.

How to eliminate wrong answers

Option A is wrong because Cloud Storage is an object storage service for static content, not a DDoS protection mechanism; distributing content across regions does not mitigate the flood of fake requests hitting the application servers. Option C is wrong because Cloud IAM manages identity and access permissions for users and service accounts, not network-layer traffic filtering; revoking IP permissions is not designed for real-time DDoS mitigation and cannot handle millions of spoofed source IPs. Option D is wrong because Cloud Monitoring provides observability and alerting, not automated mitigation; manually scaling servers is ineffective against a massive volumetric attack and contradicts the need for automatic protection.

29
MCQeasy

A development team builds a mobile app using Firebase. They need a real-time database that syncs data across all connected clients instantly (e.g., a collaborative to-do app where all users see updates in real-time). Which Firebase/Google Cloud service provides this?

A.Cloud SQL with read replicas to distribute updates to clients.
B.Cloud Firestore or Firebase Realtime Database for real-time data sync across all connected clients.
C.BigQuery streaming inserts for real-time data delivery to mobile clients.
D.Cloud Pub/Sub subscriptions on the mobile clients.
AnswerB

Firestore provides real-time listeners — when data changes, the SDK automatically delivers updates to all subscribed clients. This enables truly real-time collaborative apps without polling.

Why this answer

Cloud Firestore and Firebase Realtime Database are the only Firebase/Google Cloud services that provide real-time data synchronization across all connected clients. They use persistent WebSocket connections or HTTP long-polling to push updates instantly to every subscribed client, making them ideal for collaborative apps like a shared to-do list.

Exam trap

Cisco often tests the misconception that any 'real-time' or 'streaming' service (like BigQuery streaming inserts or Pub/Sub) can serve as a real-time database for mobile clients, ignoring the need for persistent client connections and built-in data synchronization.

How to eliminate wrong answers

Option A is wrong because Cloud SQL is a relational database that does not natively support real-time client sync; read replicas distribute read traffic but do not push updates to mobile clients. Option C is wrong because BigQuery streaming inserts are designed for ingesting large volumes of data for analytics, not for delivering real-time updates to individual mobile clients. Option D is wrong because Cloud Pub/Sub is a message-oriented middleware for decoupling services, not a database; mobile clients would need a separate backend to subscribe and persist state, adding latency and complexity.

30
MCQeasy

A company wants to enable its developers to write and run code in various programming languages (Python, Node.js, Go) without provisioning or managing any servers. The code should execute in response to HTTP requests. Which Google Cloud product is designed for this serverless, function-level execution model?

A.Cloud Functions, which executes code functions in response to events or HTTP requests with no server management required
B.Compute Engine, which provides virtual machines for running code in any language
C.Cloud SQL, which runs SQL queries in response to HTTP requests
D.Persistent Disk, which stores code that can be executed on demand
AnswerA

Cloud Functions is exactly the right fit: serverless, supports multiple languages, triggered by HTTP requests, billed per invocation, scales from zero automatically. Developers focus on writing function code with no infrastructure concerns.

Why this answer

Cloud Functions is the correct choice because it is Google Cloud's event-driven, serverless compute platform that allows developers to write and deploy single-purpose functions in languages like Python, Node.js, and Go. These functions automatically scale and execute in response to HTTP triggers (e.g., HTTP requests) without any server provisioning or management, directly matching the requirement for a function-level execution model.

Exam trap

Google Cloud often tests the distinction between serverless compute (Cloud Functions) and managed services that still require server management (Compute Engine) or are not compute services at all (Cloud SQL, Persistent Disk), leading candidates to confuse database or storage services with code execution platforms.

How to eliminate wrong answers

Option B is wrong because Compute Engine provides virtual machines (VMs) that require manual provisioning, scaling, and management of servers, which contradicts the 'no server management' requirement. Option C is wrong because Cloud SQL is a fully managed relational database service (MySQL, PostgreSQL, SQL Server) that executes SQL queries, not arbitrary code in response to HTTP requests. Option D is wrong because Persistent Disk is a block storage service for attaching durable storage to Compute Engine instances; it cannot execute code or respond to HTTP requests on its own.

31
Matchingmedium

Match each Google Cloud migration term to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Move workloads without modification

Tool to migrate VMs to GCP

Physical device for large offline data transfers

Online data transfer from other cloud or on-prem

Automated data import into BigQuery

Why these pairings

These are common migration approaches and tools in GCP.

32
MCQmedium

A company uses Cloud Storage to store backup files. The files are accessed on average once per year. To minimize storage costs while complying with a 365-day retention policy, which storage class should they use?

A.Coldline
B.Archive
C.Nearline
D.Standard
AnswerB

Archive storage is the cheapest for long-term archival, with a 365-day minimum storage duration, aligning perfectly with the retention policy and access pattern.

Why this answer

Archive storage class is the correct choice because it offers the lowest storage cost for data that is accessed less than once per year, while still meeting the 365-day retention policy. Archive has a 365-day minimum storage duration, which aligns perfectly with the retention requirement, and its retrieval costs are acceptable given the infrequent access pattern.

Exam trap

Google Cloud often tests the misconception that Archive is only for data that is never accessed, but it actually allows retrieval with higher latency and costs, making it suitable for data accessed as infrequently as once per year with a 365-day retention policy.

How to eliminate wrong answers

Option A (Coldline) is wrong because Coldline has a 90-day minimum storage duration and higher storage cost than Archive, making it less cost-effective for data accessed once per year. Option C (Nearline) is wrong because Nearline has a 30-day minimum storage duration and higher storage cost than Archive, and is designed for data accessed less than once per month, not once per year. Option D (Standard) is wrong because Standard has no minimum storage duration but has the highest storage cost, making it the most expensive option for long-term, rarely accessed data.

33
MCQeasy

A data engineering team needs to build a pipeline that reads event data from Pub/Sub in real time, applies transformations and aggregations, and writes results to BigQuery — all without managing any infrastructure. Which Google Cloud product is designed for this serverless stream and batch data processing use case?

A.Cloud Dataflow, Google Cloud's serverless stream and batch data processing service built on Apache Beam
B.Cloud Composer, Google Cloud's managed Apache Airflow service for workflow orchestration
C.Cloud Dataproc, Google Cloud's managed Spark and Hadoop service
D.BigQuery directly, using streaming inserts to load Pub/Sub data in real time
AnswerA

Dataflow is exactly right: serverless (no infrastructure management), supports both streaming (from Pub/Sub) and batch, applies transformations and aggregations, and writes natively to BigQuery. The Pub/Sub → Dataflow → BigQuery pattern is one of the most common data engineering pipelines on Google Cloud.

Why this answer

Cloud Dataflow is Google Cloud's fully managed, serverless service for both stream and batch data processing, built on Apache Beam. It directly reads from Pub/Sub, applies transformations and aggregations using the Beam SDK, and writes the results to BigQuery without requiring any infrastructure management, making it the correct choice for this use case.

Exam trap

Google Cloud often tests the distinction between a data processing service (Dataflow) and a data ingestion or orchestration service, leading candidates to mistakenly choose BigQuery streaming inserts or Cloud Composer for real-time transformations.

How to eliminate wrong answers

Option B is wrong because Cloud Composer is a workflow orchestration service (managed Apache Airflow) designed to schedule and coordinate tasks, not to perform real-time stream processing or data transformations. Option C is wrong because Cloud Dataproc is a managed Spark and Hadoop service that requires cluster management and is not serverless; it is better suited for batch processing and big data analytics on existing clusters, not for serverless stream processing. Option D is wrong because BigQuery streaming inserts can load data from Pub/Sub but do not provide built-in transformations or aggregations; they are a data ingestion method, not a full data processing pipeline, and lack the serverless stream processing capabilities of Dataflow.

34
MCQeasy

A marketing team wants to create interactive dashboards and reports for business stakeholders using data stored in BigQuery, without writing code. Which Google Cloud product is most appropriate for this self-service business intelligence requirement?

A.Looker Studio, Google's self-service data visualization tool with native BigQuery connectivity and a no-code interface
B.Cloud Dataflow, Google Cloud's stream and batch data processing service
C.BigQuery itself, where the marketing team writes SQL queries to generate reports
D.Vertex AI, Google Cloud's unified machine learning platform
AnswerA

Looker Studio is exactly designed for this use case: non-technical marketing teams creating interactive dashboards from BigQuery data through a visual interface, with no SQL or coding required. It has native BigQuery connectivity and is free to use.

Why this answer

Looker Studio (formerly Google Data Studio) is the correct choice because it is Google Cloud's self-service business intelligence tool that provides a no-code, drag-and-drop interface for creating interactive dashboards and reports. It has native, built-in connectivity to BigQuery, allowing the marketing team to visualize data without writing any code or SQL queries.

Exam trap

The trap here is that candidates may confuse BigQuery's ability to run SQL queries and generate results with a no-code self-service BI tool, overlooking that Looker Studio is the dedicated product for interactive, code-free visualization.

How to eliminate wrong answers

Option B is wrong because Cloud Dataflow is a data processing service for building stream and batch pipelines, not a self-service BI or visualization tool; it requires writing code to define data transformations. Option C is wrong because while BigQuery can generate reports via SQL queries, this requires writing code (SQL) and does not provide a no-code, interactive dashboard interface for self-service business intelligence. Option D is wrong because Vertex AI is a machine learning platform for building, deploying, and managing ML models, not a data visualization or reporting tool.

35
MCQeasy

A software team wants to host their container images securely within Google Cloud and integrate with Cloud Build for CI/CD pipelines and GKE for deployments. Which Google Cloud product serves as the managed repository for storing and managing container images?

A.Cloud Storage, by storing container images as objects in a bucket
B.Artifact Registry, Google Cloud's managed repository for container images and build artifacts with native CI/CD integration
C.Container Registry (gcr.io), the legacy Google container image service
D.Cloud Source Repositories, for storing source code and container build files
AnswerB

Artifact Registry is the intended service for hosting container images in Google Cloud. It supports Docker, Maven, npm, PyPI, and other formats, integrates natively with Cloud Build and GKE, and provides IAM-based access control and automatic vulnerability scanning.

Why this answer

Artifact Registry is Google Cloud's fully managed, next-generation repository for storing, managing, and securing container images and build artifacts. It natively integrates with Cloud Build for CI/CD pipelines and GKE for deployments, providing features like vulnerability scanning, access control via IAM, and support for multiple formats (Docker, Maven, npm, etc.). This makes it the correct choice for the team's requirements.

Exam trap

Cisco often tests the distinction between legacy and current services, so the trap here is that candidates may pick Container Registry (gcr.io) because it is familiar and historically used for container images, but they must recognize that Artifact Registry is the modern, recommended service with broader capabilities and deeper integration.

How to eliminate wrong answers

Option A is wrong because Cloud Storage is an object storage service for arbitrary data (e.g., backups, media files), not a managed container image repository; while you could manually store a container image as a blob, it lacks native container registry features like manifest management, vulnerability scanning, and seamless integration with Cloud Build and GKE. Option C is wrong because Container Registry (gcr.io) is the legacy service that has been superseded by Artifact Registry; it lacks the multi-format support, regional repository options, and advanced security features (e.g., on-demand scanning) that Artifact Registry provides, and Google recommends migrating to Artifact Registry. Option D is wrong because Cloud Source Repositories is a Git-based source code hosting service for version control and collaboration, not a repository for storing container images or build artifacts.

36
MCQhard

A company migrated a microservices application to Google Kubernetes Engine (GKE). They set up an internal HTTP(S) load balancer to route traffic to the services. However, some pods are not receiving traffic. What is the most likely cause?

A.The service type is NodePort instead of LoadBalancer.
B.The pods have failing readiness probes that are preventing them from being added to the load balancer's backend endpoints.
C.The cluster does not have enough nodes to schedule the pods.
D.The firewall rules are not allowing traffic from the load balancer to the nodes.
AnswerB

Readiness probes determine whether a pod is ready to serve traffic. If they fail, the pod is removed from the endpoint list, causing no traffic.

Why this answer

Readiness probes determine whether a pod is ready to serve traffic. If they fail, the pod is removed from the endpoint list, causing no traffic. Firewall rules for internal load balancers are typically auto-configured.

37
MCQmedium

A developer needs to store application secrets (database passwords, API keys, OAuth tokens) securely so that they are not hardcoded in source code or environment variables. The secrets should be automatically versioned and rotatable. Which Google Cloud product is designed for this secure secrets management requirement?

A.Cloud Storage, by storing secrets in an encrypted bucket with restricted IAM access
B.Secret Manager, which stores secrets encrypted at rest with automatic versioning, rotation support, and fine-grained IAM access control
C.Cloud KMS, which generates encryption keys for encrypting application data
D.Cloud SQL, by storing secrets in an encrypted database table with restricted access
AnswerB

Secret Manager is the correct answer. It provides: encrypted storage for secret values, automatic versioning (each update creates a new numbered version), rotation support via Cloud Functions, per-secret IAM bindings, and audit logs for every secret access. It directly solves the hardcoded secrets problem.

Why this answer

Option B is correct because Secret Manager is Google Cloud's dedicated service for storing application secrets such as database passwords, API keys, and OAuth tokens. It provides encryption at rest using AES-256, automatic versioning (each new secret version is immutable and timestamped), and built-in rotation support via scheduled rotation policies. Fine-grained IAM roles (e.g., roles/secretmanager.secretAccessor) ensure least-privilege access without exposing secrets in source code or environment variables.

Exam trap

The trap here is that candidates confuse Cloud KMS (key management) with Secret Manager (secret storage), or assume that any encrypted storage service (like Cloud Storage or Cloud SQL) can substitute for a purpose-built secrets manager, ignoring the need for automatic versioning, rotation, and fine-grained per-secret access control.

How to eliminate wrong answers

Option A is wrong because Cloud Storage is an object storage service, not a secrets manager; while you can encrypt a bucket and restrict IAM, it lacks automatic versioning (object versioning is optional and not secret-aware), rotation policies, and fine-grained access control at the secret level (e.g., per-secret IAM). Option C is wrong because Cloud KMS is a key management service for creating and managing encryption keys used to encrypt data elsewhere; it does not store secrets directly, does not provide versioning of secret values, and does not support rotation of the secret itself (only key rotation). Option D is wrong because Cloud SQL is a managed relational database service; storing secrets in a database table requires custom application logic for encryption, versioning, and rotation, and it introduces additional attack surface (e.g., SQL injection) and operational overhead, making it unsuitable for secure secrets management.

38
MCQmedium

Refer to the exhibit. A user receives this error when trying to SSH into a Compute Engine instance. Which IAM role should be granted to the user?

A.roles/compute.osLogin
B.roles/compute.instanceAdmin.v1
C.roles/iam.serviceAccountUser
D.roles/compute.admin
AnswerB

This role includes compute.instances.get and compute.instances.setMetadata, which are needed for SSH access.

Why this answer

The error indicates the user lacks SSH access to the Compute Engine instance. The `roles/compute.instanceAdmin.v1` role includes the `compute.instances.setMetadata` permission, which allows the user to add their SSH public key to the instance's metadata, enabling SSH access. This role also provides broader instance management capabilities, making it the correct choice for resolving SSH connectivity issues.

Exam trap

Google Cloud often tests the misconception that `roles/compute.osLogin` is required for SSH access, but the trap here is that OS Login is an alternative method that must be explicitly enabled on the instance and project, whereas the default SSH access relies on metadata-based keys, which require `roles/compute.instanceAdmin.v1` to modify.

How to eliminate wrong answers

Option A is wrong because `roles/compute.osLogin` enables OS Login, which uses IAM permissions to manage SSH keys centrally, but the error suggests the user is not using OS Login or lacks the necessary metadata configuration. Option C is wrong because `roles/iam.serviceAccountUser` allows a user to impersonate a service account, but it does not grant any permissions to access Compute Engine instances or modify SSH keys. Option D is wrong because `roles/compute.admin` is a highly privileged role that includes all Compute Engine permissions, but it is overly broad for simply granting SSH access; the more specific `roles/compute.instanceAdmin.v1` is sufficient and follows the principle of least privilege.

39
MCQhard

A financial services company is migrating a legacy monolithic application to Google Cloud. The application uses a SQL Server database and has compliance requirements to encrypt data at rest and in transit. The migration must minimize code changes. The application runs on Windows Server and currently uses Active Directory for authentication. The company wants to use Google Cloud's managed services where possible. Which approach best meets these requirements?

A.Migrate the application to Compute Engine with SQL Server on Windows VMs. Use Cloud SQL for SQL Server but keep the database on-premises for compliance.
B.Lift and shift the application to Compute Engine with SQL Server on Windows VMs. Use Cloud SQL for SQL Server with encryption enabled, and configure Active Directory via Managed Microsoft AD.
C.Containerize the application and deploy on GKE with SQL Server in a container. Use Cloud SQL for SQL Server with encryption.
D.Migrate the application to Compute Engine instances with SQL Server on Windows VMs. Use Cloud VPN for connectivity. Enable encryption on the VMs and use SSL for SQL connections.
AnswerB

Minimizes code changes, uses managed database and AD, and provides encryption.

Why this answer

Option B is correct because it uses Compute Engine (minimal code changes) with Cloud SQL for SQL Server (managed encryption at rest and in transit) and Managed Microsoft AD (integrates with existing AD). Option A is incorrect because it uses SQL Server on VMs (more operational overhead) and does not fully leverage managed services; Cloud VPN is for connectivity, not encryption. Option C is incorrect because containerizing SQL Server is complex and requires code changes.

Option D is incorrect because keeping the database on-premises does not meet the goal of using managed services.

40
Multi-Selectmedium

A company is deploying a global web application with static content (images, CSS, JS) and dynamic API calls. They want to reduce latency for users worldwide. Which TWO services should they combine? (Choose 2)

Select 2 answers
A.Cloud VPN
B.Cloud CDN
C.External HTTP(S) Load Balancer
D.Cloud Armor
E.Cloud DNS
AnswersB, C

Caches static content at edge locations, reducing latency.

Why this answer

Cloud CDN (option B) caches static content (images, CSS, JS) at Google's globally distributed edge points of presence (PoPs), reducing latency for users by serving content from a location closer to them. The External HTTP(S) Load Balancer (option C) is required to front the application and integrate with Cloud CDN, providing global anycast IP, SSL termination, and traffic distribution to backend instances. Together, they enable low-latency delivery of both static and dynamic content by combining edge caching with intelligent load balancing.

Exam trap

The trap here is that candidates often confuse Cloud CDN with Cloud Armor or Cloud DNS, thinking security or DNS services can reduce latency, but only CDN combined with a global load balancer provides edge caching and anycast routing for static and dynamic content.

41
MCQeasy

A global e-commerce company wants to build a product recommendation engine that suggests items to customers based on their real-time browsing behavior and purchase history. They want a pre-built solution that doesn't require building an ML recommendation model from scratch. Which Google Cloud product is purpose-built for retail recommendations?

A.BigQuery ML — build a collaborative filtering model using SQL.
B.Recommendations AI (Vertex AI Search for Retail)
C.Cloud SQL — query purchase history to find commonly bought-together products.
D.Cloud Dataflow — stream user clickstream data to build recommendations in real time.
AnswerB

Recommendations AI is purpose-built for e-commerce personalization. Pre-built models trained on retail patterns are fine-tuned with the retailer's event data and serve real-time recommendations via API.

Why this answer

Recommendations AI (now part of Vertex AI Search for Retail) is Google Cloud's purpose-built, pre-built solution for retail product recommendations. It uses deep learning models trained on retail-specific data (e.g., clickstream, purchase history) to generate personalized suggestions without requiring the user to build or train an ML model from scratch.

Exam trap

The trap here is that candidates may confuse a general-purpose data/ML tool (like BigQuery ML, Cloud Dataflow, or Cloud SQL) with a purpose-built, pre-built solution for a specific domain (retail recommendations), leading them to choose an option that requires significant custom development instead of the turnkey service.

How to eliminate wrong answers

Option A is wrong because BigQuery ML requires you to write SQL to build and train a collaborative filtering model yourself, which is not a pre-built solution. Option C is wrong because Cloud SQL is a managed relational database service, not a recommendation engine; querying purchase history for co-purchased products would require custom application logic and does not provide real-time, ML-based recommendations. Option D is wrong because Cloud Dataflow is a stream processing service for data pipelines, not a pre-built recommendation engine; it can process clickstream data but cannot generate recommendations without additional custom ML model deployment.

42
MCQhard

A company wants to use Google Cloud's Generative AI capabilities to build an internal assistant that can answer questions about company policies using documents stored in Google Drive. Which Google Cloud product provides pre-built infrastructure for building this type of AI application?

A.BigQuery ML — train a custom language model on company policy documents.
B.Vertex AI Agent Builder with Gemini and document-grounded search (RAG).
C.Cloud Natural Language API — it reads and summarizes documents automatically.
D.Cloud Translation API — it translates policy documents into the user's language.
AnswerB

Vertex AI Agent Builder provides pre-built RAG pipelines: ingest documents (from Drive, GCS, etc.), index them for retrieval, and ground Gemini responses in those documents. No ML expertise needed.

Why this answer

Vertex AI Agent Builder with Gemini and document-grounded search (RAG) is correct because it provides pre-built infrastructure for building a generative AI assistant that retrieves information from enterprise documents. It combines Gemini's large language model with Retrieval-Augmented Generation (RAG) to ground answers in company policy documents stored in Google Drive, without requiring custom model training or manual infrastructure setup.

Exam trap

Cisco often tests the distinction between pre-built AI application infrastructure (Vertex AI Agent Builder) and individual AI/ML services (like BigQuery ML, Natural Language API, or Translation API) that require custom integration to build a complete assistant.

How to eliminate wrong answers

Option A is wrong because BigQuery ML is designed for training custom machine learning models using SQL queries on structured data in BigQuery, not for building a pre-built generative AI assistant with document retrieval from Google Drive. Option C is wrong because Cloud Natural Language API provides pre-trained models for entity extraction, sentiment analysis, and syntax analysis, but it does not offer a pre-built infrastructure for building a conversational AI assistant with RAG-based document grounding. Option D is wrong because Cloud Translation API is a service for translating text between languages, not for building a question-answering assistant that retrieves and reasons over company policy documents.

43
MCQmedium

A company wants to create a customer-facing conversational AI assistant that understands natural language and can answer questions about its products, integrated into their website and mobile app. Which Google Cloud AI product is the most appropriate starting point?

A.BigQuery ML, for building machine learning models on customer data to predict product recommendations
B.Dialogflow CX, Google Cloud's managed conversational AI platform for building natural language understanding chatbots integrated into web and mobile apps
C.Cloud Vision API, for analyzing images to understand customer product photos
D.Cloud Natural Language API, for analyzing the sentiment of customer product reviews
AnswerB

Dialogflow CX is purpose-built for conversational AI: it handles NLU (natural language understanding), dialog flow management, intent detection, entity extraction, and integrations with multiple channels (web widget, mobile, messaging apps). It requires no ML expertise to build effective conversational agents.

Why this answer

Dialogflow CX is the correct choice because it is Google Cloud's managed conversational AI platform specifically designed for building natural language understanding (NLU) chatbots that can be integrated into websites and mobile apps. It provides advanced state management, flow-based conversation design, and seamless integration with web and mobile channels, making it the most appropriate starting point for a customer-facing conversational AI assistant.

Exam trap

Google Cloud often tests the distinction between a full conversational AI platform (Dialogflow CX) and individual AI APIs (like Cloud Natural Language API or Cloud Vision API) that perform only a single task, leading candidates to mistakenly choose a component API instead of the integrated platform.

How to eliminate wrong answers

Option A is wrong because BigQuery ML is a tool for building and deploying machine learning models using SQL on data stored in BigQuery, not for building conversational AI or natural language understanding chatbots. Option C is wrong because Cloud Vision API is an image analysis service that extracts information from images, such as labels, text, and faces, and has no capability for natural language understanding or conversational interactions. Option D is wrong because Cloud Natural Language API provides pre-trained models for sentiment analysis, entity recognition, and syntax analysis, but it is not a conversational AI platform and cannot manage multi-turn dialogues, state, or integrate directly as a chatbot.

44
MCQhard

A financial services company runs a multi-tier application on Google Kubernetes Engine (GKE). The application consists of a frontend service, a backend service, and a database on Cloud SQL. Recently, they noticed that the backend service experiences high latency during peak trading hours, causing the frontend to time out. The backend service is CPU-intensive and currently runs with a single replica. The team wants to reduce latency and ensure high availability without over-provisioning resources. They have enabled Horizontal Pod Autoscaling (HPA) based on CPU utilization with a target of 80% and default stabilization windows. However, during sudden traffic spikes, the HPA takes over 5 minutes to scale up because of the scale-up stabilization window and the time to trigger. The company cannot tolerate latency spikes during scaling. Which course of action should they take to minimize latency during traffic spikes?

A.Increase the HPA scale-up stabilization window to 10 minutes to prevent thrashing.
B.Enable session affinity on the backend service to keep users on the same pod.
C.Set the HPA target CPU utilization to 70% and remove the scale-up stabilization window (set to 0 seconds).
D.Use a CronJob to proactively scale the backend service before expected peak hours.
AnswerC

Lower target triggers scaling earlier, and removing the stabilization window allows immediate scale-up when CPU exceeds the target, reducing latency spikes.

Why this answer

Option C is correct because reducing the HPA target CPU utilization to 70% provides a larger buffer before the threshold is crossed, allowing earlier scaling initiation. Removing the scale-up stabilization window (setting it to 0 seconds) eliminates the default 5-minute delay, enabling the HPA to react immediately to CPU spikes. This directly addresses the latency issue during sudden traffic spikes by reducing the time to add replicas.

Exam trap

Google Cloud often tests the misconception that increasing stabilization windows or using proactive scheduling (CronJob) is the best way to handle sudden spikes, when in fact reducing or removing the scale-up delay and lowering the target utilization is the correct approach for minimizing latency under bursty traffic.

How to eliminate wrong answers

Option A is wrong because increasing the scale-up stabilization window to 10 minutes would make the latency problem worse by further delaying the addition of replicas during spikes. Option B is wrong because session affinity (sticky sessions) does not reduce latency or improve scaling speed; it only ensures requests from the same client go to the same pod, which can actually cause uneven load distribution and worsen latency. Option D is wrong because a CronJob for proactive scaling is a manual, predictive approach that cannot react to sudden, unexpected traffic spikes; it also risks over-provisioning or under-provisioning if the schedule does not match actual demand.

45
MCQmedium

A retail company needs to process financial transactions requiring strict ACID compliance, serve global customers with consistent low-latency reads and writes, and scale horizontally without downtime for maintenance. Which Google Cloud database service is uniquely designed to meet all three requirements simultaneously?

A.Cloud SQL with read replicas in multiple regions
B.Cloud Spanner, Google's globally distributed relational database with ACID transactions and horizontal scalability
C.Firestore in Datastore mode with multi-region replication
D.BigQuery with streaming inserts for real-time transaction processing
AnswerB

Cloud Spanner uniquely satisfies all three requirements: full ACID compliance for financial transactions, global distribution with strong consistency for low-latency global reads and writes, and horizontal scaling without downtime. It was purpose-built by Google for exactly this class of globally consistent, highly available transactional workloads.

Why this answer

Cloud Spanner is the only Google Cloud database service that simultaneously provides ACID compliance across global transactions, consistent low-latency reads and writes via TrueTime and synchronous replication, and horizontal scaling without downtime through automatic sharding and resharding. It uniquely combines relational database semantics with global distribution, making it the correct choice for the given requirements.

Exam trap

Google Cloud often tests the misconception that a globally distributed NoSQL database like Firestore can provide ACID compliance, but Firestore only supports single-entity transactions and lacks the strict consistency needed for financial transactions.

How to eliminate wrong answers

Option A is wrong because Cloud SQL with read replicas does not support horizontal scaling for writes (it is a single-writer, multi-reader architecture) and cannot achieve consistent low-latency writes across global regions without downtime for maintenance. Option C is wrong because Firestore in Datastore mode is a NoSQL database that does not support ACID transactions across multiple entities (only single-entity transactions are atomic) and cannot provide strict ACID compliance for financial transactions. Option D is wrong because BigQuery is an analytical data warehouse designed for large-scale queries, not for transactional processing with ACID guarantees, and its streaming inserts are eventually consistent and not suitable for real-time transaction processing.

46
MCQmedium

A team uses multiple cloud services and wants to deploy all resources — VPCs, Cloud SQL databases, GKE clusters, and IAM roles — using a declarative, open-source infrastructure-as-code tool that works across multiple cloud providers. Which tool integrates natively with Google Cloud for this purpose?

A.Cloud Deployment Manager — Google's native IaC service.
B.Terraform
C.Cloud Build — it builds and deploys application code.
D.Ansible — it automates server configuration management.
AnswerB

Terraform's Google Cloud provider covers all GCP resources. Open-source, multi-cloud, declarative HCL configuration, state tracking — the standard IaC tool for managing GCP alongside other clouds.

Why this answer

Terraform is the correct choice because it is a declarative, open-source infrastructure-as-code tool that supports multiple cloud providers, including Google Cloud, through its provider plugin architecture. It allows you to manage VPCs, Cloud SQL databases, GKE clusters, and IAM roles using HashiCorp Configuration Language (HCL) and integrates natively with Google Cloud via the google provider.

Exam trap

The trap here is that candidates often confuse Cloud Deployment Manager (a Google-native, proprietary tool) with a multi-cloud solution, or mistake Cloud Build (a CI/CD tool) for an IaC tool, when the question explicitly requires an open-source, multi-cloud declarative IaC tool.

How to eliminate wrong answers

Option A is wrong because Cloud Deployment Manager is Google's native IaC service, but it is not open-source and only works within Google Cloud, not across multiple cloud providers. Option C is wrong because Cloud Build is a CI/CD service for building and deploying application code, not a declarative IaC tool for managing cloud resources like VPCs or databases. Option D is wrong because Ansible is a configuration management and automation tool focused on server provisioning and application deployment, not a declarative IaC tool for managing cloud infrastructure across providers.

47
MCQhard

A company is running a PostgreSQL database on Cloud SQL and needs to ensure high availability with automatic failover in the event of a zone failure. Which configuration should they use?

A.Enable regional persistent disk and configure a standby instance in a different zone.
B.Use point-in-time recovery.
C.Configure connection pooling.
D.Set up a cross-region read replica.
AnswerA

Cloud SQL provides regional persistent disk storage that replicates data across zones, and a standby instance automatically fails over if the primary zone fails.

Why this answer

Option A is correct because enabling regional persistent disk allows the primary and standby Cloud SQL instances to share the same underlying storage across zones. When a zone failure occurs, the standby instance in a different zone automatically takes over with no data loss, providing high availability with automatic failover.

Exam trap

Google Cloud often tests the distinction between high availability (automatic failover within a region) and disaster recovery (manual or cross-region failover), leading candidates to mistakenly choose cross-region read replicas for HA scenarios.

How to eliminate wrong answers

Option B is wrong because point-in-time recovery (PITR) is a backup and restore feature that allows recovering to a specific timestamp, not a mechanism for automatic failover or high availability. Option C is wrong because connection pooling manages database connections to improve performance and reduce overhead, but it does not provide failover or zone redundancy. Option D is wrong because a cross-region read replica is designed for read scaling and disaster recovery across regions, not for automatic failover within the same region; it requires manual promotion and does not provide automatic failover for the primary instance.

48
MCQhard

A multinational corporation needs to establish a private, low-latency connection between their on-premises data center and Google Cloud. The connection must be consistent, reliable, and support at least 10 Gbps throughput. Which solution should they use?

A.Cloud NAT with static IP addresses
B.Dedicated Interconnect
C.Partner Interconnect via a service provider
D.Cloud VPN using IPsec tunnels over the public internet
AnswerB

Dedicated Interconnect provides a direct, private connection with high throughput and low latency.

Why this answer

Dedicated Interconnect provides a direct, private physical connection between an on-premises network and Google Cloud, offering consistent, reliable, low-latency connectivity with throughput options of 10 Gbps or 100 Gbps per link. This meets the requirement for a private, low-latency connection with at least 10 Gbps throughput, as it bypasses the public internet entirely and provides a Service Level Agreement (SLA) for uptime and performance.

Exam trap

Google Cloud often tests the distinction between Dedicated and Partner Interconnect, where candidates mistakenly choose Partner Interconnect for higher throughput, but Dedicated Interconnect is the only option that provides direct, private physical links at 10 Gbps or 100 Gbps without a service provider intermediary.

How to eliminate wrong answers

Option A is wrong because Cloud NAT is used for outbound internet access from private instances and does not provide a private, low-latency connection between on-premises and Google Cloud; it is a network address translation service, not a connectivity solution. Option C is wrong because Partner Interconnect relies on a supported service provider and typically offers lower throughput options (e.g., 50 Mbps to 10 Gbps) and may introduce additional latency or dependency on the provider's network, whereas the requirement specifies a direct, private connection with at least 10 Gbps throughput, which Dedicated Interconnect fulfills without a third-party intermediary. Option D is wrong because Cloud VPN uses IPsec tunnels over the public internet, which introduces variable latency, potential packet loss, and lower throughput (typically up to 3 Gbps per tunnel), and does not provide the consistent, reliable, low-latency performance required for a 10 Gbps connection.

49
MCQeasy

A retail company wants to migrate its on-premises e-commerce platform to Google Cloud. The application is stateless and runs on virtual machines. The company wants to minimize operational overhead and allow the application to automatically scale based on CPU utilization. Which Google Cloud service should they use?

A.Google Kubernetes Engine (GKE)
B.Cloud Run
C.Compute Engine with managed instance groups and autoscaling
D.App Engine Standard Environment
AnswerC

Allows automatic scaling based on CPU utilization with low operational overhead.

Why this answer

Option C is correct because the application runs on virtual machines and is stateless, making Compute Engine with managed instance groups and autoscaling the most direct fit. Managed instance groups automatically handle scaling based on CPU utilization without requiring containerization or code changes, minimizing operational overhead while preserving the existing VM-based architecture.

Exam trap

The trap here is that candidates often choose GKE or Cloud Run because they associate 'autoscaling' with Kubernetes or serverless, but the question specifies 'virtual machines' and 'minimize operational overhead,' which points to a VM-native solution like Compute Engine with MIGs, not containerization or serverless platforms.

How to eliminate wrong answers

Option A is wrong because Google Kubernetes Engine (GKE) requires containerizing the application, which adds operational overhead for managing clusters and containers, contradicting the goal of minimizing overhead. Option B is wrong because Cloud Run is a serverless platform for containerized applications that scales based on HTTP requests, not CPU utilization, and does not support virtual machines. Option D is wrong because App Engine Standard Environment is a fully managed platform for specific runtimes (e.g., Python, Java) and does not support custom virtual machines or CPU-based autoscaling for arbitrary VM images.

50
MCQmedium

An enterprise wants employees to access internal web applications securely from any location (including remote work from home) without using a VPN. Employees should only access apps they're authorized for, based on their identity and device context. Which Google Cloud service enables this zero-trust access model?

A.Cloud VPN with split tunneling for internal application access.
B.Cloud Identity-Aware Proxy (IAP)
C.Cloud Armor IP allowlist to restrict access to corporate office IP ranges.
D.Cloud Load Balancing with SSL termination.
AnswerB

IAP implements BeyondCorp zero-trust: users authenticate with their Google identity, device context is checked, and only authorized users access specific applications — no VPN or network-level access required.

Why this answer

Cloud Identity-Aware Proxy (IAP) is the correct service because it enforces zero-trust access by verifying a user's identity and device context before granting access to internal web applications, without requiring a VPN. It uses Google's BeyondCorp model to authenticate and authorize each request based on identity and context, allowing secure access from any location.

Exam trap

The trap here is that candidates often confuse network-level security (like VPNs or IP allowlists) with identity-aware access control, assuming that any encrypted tunnel or IP restriction satisfies zero-trust requirements, but zero-trust fundamentally requires per-request identity and context verification, not just network perimeter controls.

How to eliminate wrong answers

Option A is wrong because Cloud VPN with split tunneling still requires a VPN tunnel and does not provide identity- or device-context-based authorization; it only encrypts traffic and routes it to the internal network. Option C is wrong because Cloud Armor IP allowlisting restricts access based on source IP addresses, which fails for remote workers with dynamic IPs and does not verify user identity or device context. Option D is wrong because Cloud Load Balancing with SSL termination only handles traffic distribution and decryption, not authentication or authorization based on user identity and device posture.

51
Multi-Selecthard

A company is planning to migrate a legacy monolithic Linux application to Google Cloud. They want to minimize changes initially but have the flexibility to modernize later. Which three approaches should they consider?

Select 3 answers
A.Use Cloud Run for stateless containers
B.Replatform to App Engine Flexible Environment
C.Use Migrate for Anthos
D.Refactor to microservices on GKE
E.Rehost on Compute Engine using a custom image
AnswersA, C, E

If the application can be containerized, Cloud Run allows running containers without managing infrastructure, with minimal changes, and offers scalability.

Why this answer

Option A is correct because Cloud Run allows you to deploy stateless containers without modifying the application code, minimizing initial changes while providing serverless scalability and the flexibility to modernize later by refactoring into microservices. This approach supports containerized workloads from a legacy monolithic app with minimal lift-and-shift effort.

Exam trap

Google Cloud often tests the distinction between 'minimal changes' (rehosting or container lift-and-shift) and 'modernization' (refactoring or replatforming), leading candidates to incorrectly select options that require significant code or architecture changes.

52
MCQmedium

A company uses Cloud SQL for PostgreSQL and needs to run complex analytical queries on the same dataset without affecting the performance of the transactional database. What should they do?

A.Schedule periodic exports to Cloud Storage and query with BigQuery
B.Create read replicas of the Cloud SQL instance and run queries on the replicas
C.Upgrade the Cloud SQL instance to a higher machine type
D.Use BigQuery to directly query Cloud SQL via federated queries
AnswerB

Read replicas offload reads without affecting primary instance performance.

Why this answer

Option D is correct because using Cloud SQL read replicas offloads read-only queries from the primary instance. Option A is wrong because BigQuery is for data warehousing, not real-time replication. Option B is wrong because exporting to Cloud Storage is not for live queries.

Option C is wrong because increasing machine type may not isolate analytical loads.

53
MCQhard

A data team has an IAM policy on a BigQuery dataset as shown. Alice needs to run a query that joins across multiple datasets. She receives a permission error. What is the most likely cause?

A.The policy denies all users except Bob
B.Alice lacks the jobUser role to run queries
C.Alice does not have permission to read the dataset
D.Bob’s dataOwner role prevents others from querying
AnswerB

Query execution requires jobUser role in addition to data access.

Why this answer

Option B is correct because the BigQuery `jobUser` role is required to run query jobs, including those that join across datasets. The IAM policy shown only grants dataset-level permissions (like `dataViewer` or `dataOwner`), but Alice lacks the `jobUser` role at the project level, which is necessary to submit a query job. Without this role, she receives a permission error even if she has read access to the datasets.

Exam trap

The trap here is that candidates assume dataset-level read permissions (like `dataViewer`) are sufficient to run queries, but BigQuery requires the separate `jobUser` role at the project level to execute query jobs.

How to eliminate wrong answers

Option A is wrong because the policy does not deny all users except Bob; it only grants specific roles to Bob and others, and does not include an explicit deny statement. Option C is wrong because the error occurs when joining across datasets, which requires the `jobUser` role to run the query job, not just read permission on the dataset. Option D is wrong because Bob's `dataOwner` role does not prevent others from querying; it grants full control over the dataset but does not block other users' permissions.

54
MCQmedium

A media company has a web application that serves video content globally. The application is deployed on Compute Engine instances behind a TCP load balancer in a single region. Users in distant regions experience high latency. The company wants to improve performance for all users while keeping operational overhead low. They also need to handle sudden spikes in traffic during live events. What should they do?

A.Deploy additional instances in multiple regions and use a global HTTP(S) load balancer with Cloud CDN.
B.Use Cloud Run for the application and enable automatic scaling globally.
C.Move the application to Google Kubernetes Engine and use horizontal pod autoscaling.
D.Increase the machine type of existing instances and add more instances in the same region.
AnswerA

Reduces latency and handles traffic spikes globally.

Why this answer

Option A is correct because deploying instances in multiple regions and using a global HTTP(S) load balancer with Cloud CDN reduces latency by serving content from edge locations close to users. Cloud CDN caches video content at Google's global edge points of presence (PoPs), while the global HTTP(S) load balancer provides anycast IP-based traffic distribution across regions, handling traffic spikes through automatic scaling and distributed capacity.

Exam trap

The trap here is that candidates may think Cloud Run or GKE with autoscaling alone can solve global latency, but they overlook the need for multi-region deployment and edge caching, which are essential for reducing geographic latency and handling global traffic spikes with low operational overhead.

How to eliminate wrong answers

Option B is wrong because Cloud Run does not support automatic scaling globally across multiple regions; it is a regional service and would require manual multi-region setup or additional services like a multi-cluster ingress, increasing operational overhead. Option C is wrong because moving to Google Kubernetes Engine with horizontal pod autoscaling only addresses scaling within a single cluster and does not solve global latency or provide multi-region load balancing without additional complex configuration. Option D is wrong because increasing machine types and adding instances in the same region does not reduce latency for distant users; it only improves capacity within that single region, failing to address geographic distance.

55
MCQmedium

A company's PostgreSQL database has grown to 50 TB and their application requires near-zero downtime, automatic failover, and the ability to scale reads horizontally without the migration complexity of switching to Spanner. Which Google Cloud database product is specifically designed as a fully managed, highly scalable PostgreSQL-compatible database?

A.Cloud SQL (PostgreSQL)
B.AlloyDB for PostgreSQL
C.Cloud Spanner
D.Bare metal PostgreSQL on Compute Engine
AnswerB

AlloyDB provides full PostgreSQL compatibility with enterprise-grade performance (4× faster OLTP, 100× faster analytics), 99.99% HA, and horizontal read scaling — without changing application code.

Why this answer

AlloyDB for PostgreSQL is a fully managed, PostgreSQL-compatible database service designed for high scalability, near-zero downtime, and automatic failover. It separates compute and storage to enable horizontal read scaling with read pools, and it uses a columnar engine for analytical acceleration, making it ideal for large workloads like 50 TB without the migration complexity of Spanner.

Exam trap

The trap here is that candidates confuse Cloud SQL's PostgreSQL offering with AlloyDB's PostgreSQL compatibility, overlooking Cloud SQL's storage and scaling limitations for large, high-availability workloads.

How to eliminate wrong answers

Option A is wrong because Cloud SQL for PostgreSQL is limited to 30 TB of storage and does not support automatic horizontal read scaling or near-zero downtime failover at the scale of 50 TB. Option C is wrong because Cloud Spanner is a globally distributed, strongly consistent database that is not PostgreSQL-compatible and requires significant application migration to change from PostgreSQL semantics. Option D is wrong because bare metal PostgreSQL on Compute Engine is not a fully managed service; it requires manual configuration for failover, scaling, and maintenance, and does not provide the automatic, near-zero downtime capabilities specified.

56
MCQhard

A machine learning team wants to train, evaluate, deploy, and monitor ML models in a unified platform without managing infrastructure, and with built-in support for experiment tracking, model versioning, and A/B testing between model versions. Which Google Cloud product provides this end-to-end managed ML platform?

A.BigQuery ML, for training and deploying ML models using SQL within BigQuery
B.Vertex AI, Google Cloud's unified ML platform covering training, experiment tracking, model registry, deployment, and monitoring in a single managed service
C.Cloud Dataproc, for running distributed Spark ML jobs on managed Hadoop clusters
D.Cloud Functions, for deploying ML inference code as serverless functions
AnswerB

Vertex AI is the complete answer. It provides: managed training (custom containers or AutoML), Vertex AI Experiments (experiment tracking and comparison), Vertex AI Model Registry (version management), Vertex AI Endpoints (serving with traffic splitting for A/B testing), and Model Monitoring (data drift and skew detection). This is Google Cloud's end-to-end ML platform.

Why this answer

Vertex AI is Google Cloud's unified ML platform that provides an end-to-end managed service for training, evaluating, deploying, and monitoring ML models without requiring infrastructure management. It includes built-in experiment tracking, a model registry for versioning, and supports A/B testing between model versions, directly matching the question's requirements.

Exam trap

The trap here is that candidates may confuse BigQuery ML's SQL-based model training with a full ML platform, overlooking its lack of experiment tracking, model versioning, and A/B testing capabilities that Vertex AI provides.

How to eliminate wrong answers

Option A is wrong because BigQuery ML is limited to training and deploying models using SQL within BigQuery, lacking built-in experiment tracking, model versioning, and A/B testing capabilities for custom ML workflows. Option C is wrong because Cloud Dataproc is a managed Spark and Hadoop service for distributed data processing, not a unified ML platform with experiment tracking, model registry, or A/B testing features. Option D is wrong because Cloud Functions is a serverless compute service for event-driven code execution, not designed for ML model training, experiment tracking, or A/B testing between model versions.

57
MCQmedium

A company wants to migrate its existing on-premises virtual machines (VMware VMs) to Google Cloud with minimal changes to the operating system and applications. Which Google Cloud product is specifically designed for migrating on-premises VMs to Google Cloud with minimal modification?

A.Migrate to Virtual Machines (formerly Velostrata), which migrates on-premises VMware VMs to Compute Engine with minimal modification and downtime
B.Cloud Dataflow, by streaming data from on-premises VMs to Google Cloud storage
C.Anthos, by registering on-premises Kubernetes clusters with Google Cloud's management plane
D.Cloud Storage Transfer Service, by copying VM disk images from on-premises storage to Cloud Storage
AnswerA

Migrate to Virtual Machines is the purpose-built service for this. It performs VM migrations from VMware (and other sources) to Compute Engine, handling the OS and application translation automatically. The 'minimal changes' requirement is the defining characteristic — it's a lift-and-shift migration tool.

Why this answer

Migrate to Virtual Machines (formerly Velostrata) is the correct choice because it is specifically designed to migrate on-premises VMware VMs to Compute Engine with minimal modification to the OS and applications. It uses a streaming migration approach that moves the VM's disk state incrementally while keeping the VM running, resulting in minimal downtime and no need to re-architect the workloads.

Exam trap

Google Cloud often tests the distinction between general-purpose data transfer or processing services (like Dataflow or Storage Transfer Service) and specialized migration tools, tempting candidates to pick a familiar service that sounds plausible but lacks the specific VM migration capability.

How to eliminate wrong answers

Option B is wrong because Cloud Dataflow is a stream and batch data processing service, not a VM migration tool; it cannot migrate entire VMs with their OS and applications intact. Option C is wrong because Anthos focuses on managing Kubernetes clusters across environments, not on migrating individual VMware VMs with minimal modification. Option D is wrong because Cloud Storage Transfer Service is designed for bulk data transfers to Cloud Storage, not for live VM migration; it would require manual disk image creation and does not handle OS/application state or minimize downtime.

58
Matchingmedium

Match each Google Cloud AI/ML term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Unified ML platform for building and deploying models

Train custom models with minimal code

Natural language understanding for chatbots

Image recognition and analysis

Text analysis and entity extraction

Why these pairings

These are key AI/ML offerings in Google Cloud.

59
MCQmedium

A healthcare organization wants to build an application that ingests FHIR-formatted patient records from multiple hospital systems, normalizes them, and makes them queryable by clinical researchers. Which Google Cloud service is purpose-built for healthcare data interoperability?

A.BigQuery — store FHIR JSON records and query them with SQL.
B.Cloud Healthcare API with FHIR store support.
C.Cloud SQL — store patient records in a relational schema.
D.Google Forms — collect patient data directly from hospitals via web forms.
AnswerB

Cloud Healthcare API natively supports FHIR R4, HL7v2, and DICOM. It provides a standards-compliant API layer for clinical data ingestion, normalization, and research access with built-in de-identification.

Why this answer

The Cloud Healthcare API with FHIR store support is purpose-built for healthcare data interoperability because it natively handles FHIR (Fast Healthcare Interoperability Resources) standards, including resource validation, versioning, and search. It provides a managed service that ingests, normalizes, and stores FHIR-formatted patient records from multiple hospital systems, enabling secure querying by clinical researchers without requiring custom ETL pipelines.

Exam trap

Cisco often tests the misconception that any database (like BigQuery or Cloud SQL) can serve as a healthcare interoperability solution, but the trap here is that only the Cloud Healthcare API with FHIR store provides the native FHIR protocol support, validation, and compliance features required for healthcare data exchange.

How to eliminate wrong answers

Option A is wrong because BigQuery is a data warehouse for analytical queries, not a purpose-built healthcare interoperability service; it lacks native FHIR resource validation, versioning, and search capabilities, and storing raw FHIR JSON there would require custom parsing and normalization. Option C is wrong because Cloud SQL is a managed relational database service that does not support FHIR standards natively; storing patient records in a relational schema would require extensive schema design and mapping, defeating the purpose of interoperability. Option D is wrong because Google Forms is a survey tool for collecting user input via web forms, not designed for ingesting structured FHIR data from hospital systems; it cannot handle FHIR resource validation, API-based ingestion, or secure healthcare data exchange.

60
MCQmedium

A company currently uses Hadoop and Spark for batch data processing on a large on-premises cluster. They want to migrate these workloads to Google Cloud with minimal rewriting of existing Spark and Hadoop jobs. Which Google Cloud service is the best fit?

A.Cloud Dataflow — it runs all Spark and Hadoop jobs natively.
B.Cloud Dataproc — managed Apache Spark and Hadoop with minimal code changes.
C.BigQuery — it runs Spark SQL queries via BigQuery Spark stored procedures.
D.Google Kubernetes Engine — deploy Spark clusters on Kubernetes.
AnswerB

Dataproc runs native Spark, Hadoop, Hive, and Pig workloads. Existing jobs can be migrated with minimal changes by pointing them at Dataproc clusters and Cloud Storage instead of HDFS.

Why this answer

Cloud Dataproc is a managed service for running Apache Spark and Hadoop clusters on Google Cloud. It supports the same open-source versions of Spark and Hadoop that the company currently uses, allowing them to migrate their existing batch processing workloads with minimal code changes. This makes it the best fit for the stated requirement of minimal rewriting.

Exam trap

Cisco often tests the misconception that Cloud Dataflow can run Spark/Hadoop jobs natively, when in fact it requires rewriting into Apache Beam, while Dataproc is the direct managed equivalent for these frameworks.

How to eliminate wrong answers

Option A is wrong because Cloud Dataflow does not run Spark or Hadoop jobs natively; it uses the Apache Beam SDK, which requires rewriting jobs into Beam pipelines. Option C is wrong because BigQuery is a serverless data warehouse for SQL analytics, not a platform for running Spark or Hadoop jobs; BigQuery Spark stored procedures are for executing Spark code within BigQuery, not for migrating existing Spark/Hadoop workloads. Option D is wrong because Google Kubernetes Engine (GKE) can run Spark on Kubernetes, but this requires containerizing the jobs and managing the Kubernetes infrastructure, which involves more rewriting and operational overhead than using Dataproc's native Spark/Hadoop support.

61
MCQeasy

A development team needs a managed relational database (MySQL or PostgreSQL) for their web application. They want automatic backups, patching, and high availability without managing a database server. Which Google Cloud service provides this?

A.Compute Engine with a self-managed MySQL installation.
B.Cloud SQL
C.Cloud Bigtable
D.Cloud Storage
AnswerB

Cloud SQL is a fully managed MySQL/PostgreSQL/SQL Server service. Google handles all infrastructure: patching, backups, HA with automatic failover, and monitoring.

Why this answer

Cloud SQL is a fully managed relational database service for MySQL, PostgreSQL, and SQL Server. It handles automated backups, patching, and high availability (via regional failover replicas) without requiring the user to manage the underlying database server, directly matching the team's requirements.

Exam trap

Google Cloud often tests the distinction between managed and unmanaged services, and the trap here is that candidates may confuse Cloud SQL with Compute Engine self-managed setups, overlooking the 'without managing a database server' requirement.

How to eliminate wrong answers

Option A is wrong because Compute Engine with a self-managed MySQL installation requires the team to manually handle backups, patching, and high availability, contradicting the requirement to avoid managing a database server. Option C is wrong because Cloud Bigtable is a NoSQL, wide-column database service, not a managed relational database (MySQL or PostgreSQL). Option D is wrong because Cloud Storage is an object storage service, not a relational database, and does not provide SQL query capabilities or automatic database patching.

62
MCQeasy

A project manager wants a cost-effective way to run batch processing jobs that run for a few hours each night. The jobs are fault-tolerant and can be interrupted. Which Compute Engine option is most suitable?

A.N2 high-CPU VMs
B.Regular VMs with committed use discounts
C.Sole-tenant nodes
D.Preemptible VMs
AnswerD

Preemptible VMs are significantly cheaper and can be terminated at any time, but suitable for fault-tolerant batch jobs.

Why this answer

Preemptible VMs are Compute Engine instances that last up to 24 hours and can be terminated at any time by Google Cloud, making them ideal for fault-tolerant, interruptible batch jobs that run for a few hours each night. They offer up to 80% cost savings compared to regular VMs, which aligns perfectly with the project manager's requirement for a cost-effective solution.

Exam trap

Google Cloud often tests the misconception that preemptible VMs are only for short-lived tasks, but the trap here is that candidates overlook the 'fault-tolerant and can be interrupted' requirement and choose committed use discounts, failing to recognize that preemptible VMs are the most cost-effective option for nightly batch jobs that can handle interruptions.

How to eliminate wrong answers

Option A is wrong because N2 high-CPU VMs are general-purpose instances optimized for compute-intensive workloads, but they do not provide the cost savings needed for interruptible batch jobs; they are billed at standard on-demand rates. Option B is wrong because regular VMs with committed use discounts require a 1- or 3-year commitment, which is not cost-effective for jobs that run only a few hours each night and do not guarantee 24/7 usage. Option C is wrong because sole-tenant nodes are dedicated physical servers for compliance or licensing needs, which incur higher costs and are unnecessary for fault-tolerant batch processing that can run on shared infrastructure.

63
MCQeasy

A company needs to analyze streaming data from IoT devices in real time. Which Google Cloud service should they use as the primary ingestion and analysis pipeline?

A.BigQuery
B.Cloud Storage
C.Dataflow
D.Cloud Pub/Sub
AnswerC

Dataflow provides stream and batch processing, ideal for real-time streaming pipelines with low latency.

Why this answer

Dataflow is the correct choice because it provides a unified stream and batch processing model based on Apache Beam, enabling real-time ingestion and analysis of streaming IoT data with exactly-once processing semantics and automatic scaling. BigQuery is a data warehouse for analytics on stored data, not a real-time ingestion pipeline. Cloud Storage is an object store for static data, not a streaming pipeline.

Cloud Pub/Sub is a messaging service for ingestion but lacks built-in analysis capabilities.

Exam trap

Google Cloud often tests the misconception that Cloud Pub/Sub alone is sufficient for real-time analysis, but the trap is that Pub/Sub is only a messaging layer and lacks built-in processing capabilities, so candidates must recognize that Dataflow is required for the analysis pipeline.

How to eliminate wrong answers

Option A is wrong because BigQuery is a serverless data warehouse designed for analytical queries on large datasets, not for real-time streaming ingestion and processing; it can ingest streaming data via the Storage Write API but requires a separate pipeline service like Dataflow for transformation and analysis. Option B is wrong because Cloud Storage is an object storage service for storing immutable blobs, not a streaming data pipeline; it cannot process or analyze data in real time. Option D is wrong because Cloud Pub/Sub is a scalable messaging middleware for ingesting and delivering event streams, but it does not perform data transformation, aggregation, or analysis; it must be paired with a processing service like Dataflow to build a complete pipeline.

64
MCQhard

A company runs workloads across Google Cloud and on-premises environments. They want a single management plane to deploy and manage containerized applications consistently across both environments using the same tooling and policies. Which Google Cloud product provides this unified hybrid/multi-cloud management?

A.Cloud Interconnect — it connects on-premises to Google Cloud.
B.Anthos — Google's hybrid and multi-cloud application management platform.
C.Google Distributed Cloud — runs Google Cloud services inside the customer's data center.
D.Cloud Deployment Manager — deploys resources via infrastructure-as-code templates.
AnswerB

Anthos extends GKE management to on-premises and other clouds. A single Anthos control plane manages containerized workloads everywhere with consistent policies, service mesh, and observability.

Why this answer

Anthos is Google Cloud's hybrid and multi-cloud application management platform that provides a single control plane for deploying and managing containerized applications consistently across on-premises and cloud environments. It uses GKE on-prem and Anthos Config Management to enforce uniform policies, service mesh, and CI/CD pipelines, enabling the unified management described in the scenario.

Exam trap

The trap here is that candidates confuse network connectivity (Cloud Interconnect) or edge-specific solutions (Google Distributed Cloud) with a unified management plane, overlooking Anthos's role as the integrated platform for consistent container orchestration and policy enforcement across hybrid environments.

How to eliminate wrong answers

Option A is wrong because Cloud Interconnect is a dedicated network connectivity service (using VLAN attachments or partner interconnects) that links on-premises to Google Cloud, but it does not provide any application management or container orchestration plane. Option C is wrong because Google Distributed Cloud (formerly GDC) runs Google Cloud services inside the customer's data center but is focused on air-gapped or edge scenarios with a separate control plane, not a unified hybrid management plane for containerized applications across both environments. Option D is wrong because Cloud Deployment Manager is an infrastructure-as-code tool that uses YAML templates to deploy Google Cloud resources, but it does not manage containerized applications consistently across hybrid environments or provide a unified control plane.

65
MCQmedium

A company's operations team needs visibility into network traffic patterns, latency between services, and potential network bottlenecks across their Google Cloud deployment. Which Google Cloud product provides network performance monitoring, connectivity testing, and traffic analysis?

A.Cloud Armor, which provides DDoS protection and traffic filtering
B.Network Intelligence Center, which provides network topology visualization, connectivity testing, firewall analysis, and performance monitoring
C.Cloud DNS, which translates domain names to IP addresses
D.Cloud VPN, which creates encrypted tunnels between cloud and on-premises networks
AnswerB

Network Intelligence Center is the correct answer. It includes: Topology module (visualizes network connections), Connectivity Tests (tests reachability between endpoints), Firewall Insights (analyzes firewall rule usage), and Performance Dashboard (shows latency and packet loss). This directly addresses the network visibility requirement.

Why this answer

The Network Intelligence Center is the correct choice because it is a Google Cloud-native product specifically designed to provide network performance monitoring (latency, packet loss, throughput), connectivity testing (Connectivity Tests), and traffic analysis (Flow Tracer, Firewall Insights). It offers a unified dashboard for visualizing network topology, analyzing firewall rules, and diagnosing connectivity issues across VPCs, hybrid clouds, and on-premises environments, directly addressing the need for visibility into traffic patterns and bottlenecks.

Exam trap

The trap here is that candidates may confuse Cloud Armor's traffic filtering with network performance monitoring, or assume that Cloud VPN's encrypted tunnels inherently provide visibility into traffic patterns, when in fact neither product offers the diagnostic and monitoring capabilities of Network Intelligence Center.

How to eliminate wrong answers

Option A is wrong because Cloud Armor is a web application firewall (WAF) and DDoS protection service that filters incoming traffic based on security rules; it does not provide network performance monitoring, latency analysis, or connectivity testing. Option C is wrong because Cloud DNS is a managed DNS service that resolves domain names to IP addresses; it has no capability for network traffic analysis, latency monitoring, or bottleneck detection. Option D is wrong because Cloud VPN creates encrypted IPsec tunnels for secure connectivity between cloud and on-premises networks; it does not offer performance monitoring, traffic analysis, or connectivity testing features.

66
MCQmedium

Given the Cloud Run service configuration above, what happens when a new revision is created after deploying a change to the container image?

A.Traffic is split evenly between the old and new revision.
B.The service becomes unavailable until the new revision is ready.
C.Cloud Run automatically creates a new revision and routes traffic to it.
D.The new revision receives all traffic automatically.
E.Traffic continues to go to the old revision until the traffic section is updated.
AnswerE

The configuration explicitly routes traffic to a specific revision, so new revisions are not served until the traffic section is modified.

Why this answer

Option E is correct because Cloud Run, by default, does not automatically shift traffic to a new revision. When you deploy a change, a new revision is created, but it receives 0% of traffic until you explicitly update the traffic configuration (e.g., via the console, gcloud run deploy --no-traffic, or the traffic section). This allows you to test the new revision before directing any live requests to it.

Exam trap

Google Cloud often tests the misconception that Cloud Run automatically routes all traffic to the latest revision, but the default behavior actually depends on how you deploy—using --no-traffic leaves the new revision at 0% traffic, and even without that flag, the traffic update is part of the same deployment operation, not an automatic background process.

How to eliminate wrong answers

Option A is wrong because Cloud Run does not automatically split traffic evenly; traffic splitting is a manual configuration and defaults to 100% on the latest revision only if you use the default deployment behavior (which actually sends all traffic to the new revision, but only if you don't use --no-traffic). Option B is wrong because Cloud Run supports zero-downtime deployments; the service remains available on the old revision while the new revision is being created and warmed up. Option C is wrong because while Cloud Run does create a new revision automatically, it does not automatically route traffic to it; traffic routing is a separate, manual step.

Option D is wrong because the new revision does not receive all traffic automatically; by default, it receives 0% traffic unless you explicitly configure it to receive traffic or use the default deployment without --no-traffic (which actually does send all traffic, but the question's context implies a scenario where traffic is not automatically routed, as per the correct answer).

67
MCQmedium

A company's web application faces DDoS attacks and SQL injection attempts from the internet. They need a service that sits in front of their load balancer to block malicious traffic before it reaches their application servers. Which Google Cloud service provides this protection?

A.Cloud Firewall (VPC firewall rules)
B.Cloud Armor
C.Cloud VPN
D.Cloud Identity-Aware Proxy (IAP)
AnswerB

Cloud Armor provides DDoS protection and WAF capabilities at the load balancer edge. It can block volumetric DDoS attacks and inspect HTTP content for SQL injection, XSS, and other OWASP threats before they reach application servers.

Why this answer

Cloud Armor is Google Cloud's web application firewall (WAF) and DDoS mitigation service that operates at the edge of Google's network, in front of the load balancer. It can filter incoming traffic based on Layer 7 rules (e.g., SQL injection patterns, cross-site scripting) and Layer 3/4 conditions (e.g., IP reputation, rate limiting), blocking malicious requests before they reach the load balancer or application servers. This makes it the correct choice for protecting against both DDoS attacks and SQL injection attempts at the network perimeter.

Exam trap

The trap here is that candidates confuse Cloud Armor (a WAF/DDoS protection service) with VPC firewall rules (Cloud Firewall), which only provide stateful packet filtering at the network layer and cannot inspect application-layer attacks like SQL injection.

How to eliminate wrong answers

Option A is wrong because Cloud Firewall (VPC firewall rules) operates at Layer 3/4 within the VPC network, not in front of the load balancer, and cannot inspect application-layer payloads like SQL injection patterns. Option C is wrong because Cloud VPN is a secure tunnel for connecting on-premises networks to Google Cloud, not a security service for filtering internet traffic or blocking web attacks. Option D is wrong because Cloud Identity-Aware Proxy (IAP) controls access to applications based on user identity and context (e.g., OAuth, SSO), not by inspecting traffic for malicious payloads or volumetric DDoS attacks.

68
MCQeasy

A company runs a data processing pipeline on a single Compute Engine instance in us-west1-a. The instance reads data from Cloud Storage, processes it, and writes results back to Cloud Storage. The pipeline runs once per day and takes about 6 hours. Recently, the instance has been experiencing out-of-memory errors, causing the pipeline to fail. The operations team wants a cost-effective solution that can handle varying data volumes without manual intervention. They also want to ensure the pipeline completes within the daily window. What should they do?

A.Use a managed instance group with autoscaling based on CPU utilization.
B.Redesign the pipeline to run on Cloud Dataflow and use batch mode with autoscaling.
C.Redesign the pipeline to run on Cloud Dataflow and use streaming mode.
D.Increase the memory of the existing instance to a larger machine type.
AnswerB

Batch mode with autoscaling handles variable volumes and is cost-effective.

Why this answer

Option C is correct because redesigning the pipeline to use Cloud Dataflow batch mode with autoscaling automatically handles varying data volumes and scales resources as needed, ensuring completion within the daily window and being cost-effective (only paying for resources used). Option A is incorrect because increasing memory does not address scalability across variable data volumes and may not be cost-effective. Option B is incorrect because managed instance groups with CPU autoscaling are not designed for batch jobs; they would not scale properly for a single long-running job.

Option D is incorrect because Dataflow streaming mode is for continuous processing, not daily batch.

69
MCQeasy

A company wants to send transactional emails (receipts, password resets) and marketing emails at scale from their application. Which approach is recommended when using Google Cloud?

A.Use Gmail to manually send all transactional emails.
B.Integrate a third-party email delivery service (e.g., SendGrid, Mailgun) with the GCP application.
C.Use BigQuery to store and send emails directly to customers.
D.Deploy an SMTP server on Compute Engine and send emails directly from GCP IP addresses.
AnswerB

Third-party email services provide the deliverability, API access, bounce handling, and analytics needed for transactional email at scale. Google Cloud doesn't include a native email sending service.

Why this answer

Option B is correct because Google Cloud does not provide a native transactional email service, so integrating a dedicated third-party email delivery service like SendGrid or Mailgun is the recommended approach. These services handle deliverability, reputation management, and compliance with email standards (e.g., SPF, DKIM, DMARC), which are critical for high-volume transactional and marketing emails. Using GCP's native services like Cloud Functions or App Engine to send emails directly would rely on SMTP relays that often have strict sending limits and poor deliverability.

Exam trap

Cisco often tests the misconception that GCP provides a built-in email sending service (like AWS SES) or that a self-managed SMTP server on Compute Engine is a viable solution, ignoring the critical importance of IP reputation and deliverability at scale.

How to eliminate wrong answers

Option A is wrong because Gmail is designed for personal or small-scale use, not for programmatic, high-volume transactional email; it has strict sending limits (e.g., 500 recipients per day for free accounts) and lacks APIs for automated bulk sending. Option C is wrong because BigQuery is a data warehouse for analytics, not an email delivery service; it has no SMTP or API capabilities to send emails directly to customers. Option D is wrong because sending emails directly from GCP IP addresses via a self-managed SMTP server on Compute Engine leads to poor deliverability, as GCP IP ranges are often blacklisted by major email providers (e.g., Gmail, Outlook) due to past abuse, and managing reputation, SPF/DKIM/DMARC, and bounce handling is complex and unreliable at scale.

70
MCQhard

A global fintech company needs a database that can handle financial transactions across 50+ countries with consistent, ACID-compliant operations, SQL queries, and automatic global replication with no downtime for maintenance. Which Google Cloud database service meets all these requirements?

A.Cloud SQL (PostgreSQL)
B.Cloud Spanner
C.Cloud Bigtable
D.Firestore
AnswerB

Cloud Spanner provides ACID transactions, SQL support, and automatic global replication across multiple regions with 99.999% availability. It's designed for exactly this global financial transaction use case.

Why this answer

Cloud Spanner is the only Google Cloud database that provides ACID-compliant transactions, full SQL support, and automatic synchronous global replication with no downtime for maintenance. It is designed for horizontally scalable, globally distributed applications that require strong consistency across regions, making it the ideal choice for a fintech company operating in 50+ countries.

Exam trap

Cisco often tests the misconception that Cloud SQL can be made globally consistent with replication, but Cloud SQL replicas are read-only and asynchronous, so they cannot provide the strong ACID writes across regions that Cloud Spanner offers.

How to eliminate wrong answers

Option A is wrong because Cloud SQL (PostgreSQL) is a single-region, single-write database that does not support automatic global replication or horizontal scaling across multiple regions; it requires manual failover and downtime for major maintenance. Option C is wrong because Cloud Bigtable is a NoSQL, wide-column database that does not support SQL queries or ACID transactions across rows; it is designed for high-throughput analytical workloads, not transactional financial operations. Option D is wrong because Firestore is a NoSQL document database that does not support SQL queries and provides only eventual consistency in multi-region mode, not the strong ACID consistency required for financial transactions.

71
MCQhard

A healthcare provider wants to use AI to analyze unstructured medical records — scanned documents with handwritten notes and printed text — to extract diagnosis codes for billing. Which combination of Google Cloud AI products most directly addresses this document understanding use case?

A.BigQuery ML and Looker Studio, to analyze and visualize the extracted diagnosis codes
B.Document AI and Vision API, which together handle OCR, layout understanding, and information extraction from scanned documents with handwritten and printed text
C.Vertex AI Pipelines and Cloud Dataflow, to orchestrate machine learning training jobs on document data
D.Cloud Translation API and Natural Language API, to translate and analyze the text content of medical records
AnswerB

Document AI is Google's specialized service for intelligent document processing — it handles complex documents with mixed handwritten and printed content, extracts structured fields, and has specialized healthcare parsers. Vision API provides foundational OCR capabilities. Together they address the document understanding pipeline from raw scan to extracted structured data.

Why this answer

Option B is correct because Document AI is purpose-built for extracting structured information (like diagnosis codes) from unstructured documents, including both handwritten and printed text, using OCR and layout understanding. The Vision API complements this by providing advanced OCR capabilities for scanned images, together forming a direct solution for the healthcare provider's document understanding use case.

Exam trap

The trap here is that candidates may confuse general-purpose AI services (like Translation API or Natural Language API) with specialized document understanding tools, or assume that any ML pipeline tool (like Vertex AI Pipelines) can directly extract data from scanned documents without OCR and layout analysis.

How to eliminate wrong answers

Option A is wrong because BigQuery ML and Looker Studio are analytics and visualization tools, not designed for OCR or information extraction from scanned documents; they would require already-extracted data. Option C is wrong because Vertex AI Pipelines and Cloud Dataflow orchestrate ML training and data processing pipelines, not direct document understanding or extraction from scanned medical records. Option D is wrong because Cloud Translation API and Natural Language API handle translation and text analysis, but they lack OCR capabilities for handwritten notes and cannot extract structured diagnosis codes from scanned documents.

72
MCQmedium

A developer deploys a Cloud Function with the command shown. The function needs to process a file upload that typically takes 2 minutes. What is the most likely issue?

A.The memory allocation might be too low if the file is large
B.The runtime python39 is not available
C.The function cannot be triggered by HTTP
D.The timeout is too short for processing a 2-minute upload
AnswerA

256 MB may not be enough for file processing; consider increasing memory.

Why this answer

Option A is correct because the command shown does not specify a memory allocation, so the Cloud Function defaults to 256 MB. If the file being uploaded is large, this low memory can cause the function to run out of memory and fail, even if the timeout is sufficient. Processing a file upload often requires loading the file into memory, making memory a critical resource.

Exam trap

Google Cloud often tests the distinction between explicit and default configurations; the trap here is that candidates see '2-minute upload' and immediately assume timeout is the issue, overlooking that memory is a more subtle and common bottleneck when no memory flag is set.

How to eliminate wrong answers

Option B is wrong because python39 is a valid runtime in Google Cloud Functions, so it is available. Option C is wrong because Cloud Functions can be triggered by HTTP requests, and the command shown deploys an HTTP-triggered function (the default trigger type). Option D is wrong because the default timeout for Cloud Functions is 60 seconds, but it can be set up to 540 seconds (9 minutes) via the --timeout flag; the command does not set a custom timeout, so the default 60 seconds would be too short for a 2-minute upload, but the question asks for the 'most likely' issue, and memory is a more common and subtle problem than timeout, which is explicitly configurable and would cause a clear timeout error.

73
MCQhard

A multinational retail company has an on-premises infrastructure with a mix of Windows and Linux servers. They are planning to migrate their e-commerce platform to Google Cloud to take advantage of scalability and reduce latency. The platform consists of a web frontend (Apache), a backend API (Node.js), and a MySQL database. They want to minimize downtime during the migration. They have a limited budget and need a solution that is cost-effective and quick to implement. The IT team has experience with containers but prefers to avoid managing Kubernetes. Which approach should they take?

A.Use Compute Engine for the web frontend, Cloud Functions for the backend API, and Cloud Spanner for the database.
B.Lift and shift all components to Compute Engine with an autoscaling managed instance group, and migrate the database to Cloud SQL.
C.Containerize all components using GKE, use Cloud SQL for the database, and deploy using a CI/CD pipeline.
D.Migrate the frontend to App Engine Standard, the backend to Cloud Run, and the database to Cloud SQL with read replicas.
AnswerD

App Engine and Cloud Run are serverless, reducing operational overhead. Cloud SQL provides a managed MySQL database with read replicas. This minimizes changes and downtime, fits container experience, and avoids Kubernetes.

Why this answer

Option D is correct because it combines fully managed, serverless services (App Engine Standard for the web frontend and Cloud Run for the backend API) with Cloud SQL for the database, which meets the requirements of minimizing downtime, being cost-effective, and avoiding Kubernetes management. App Engine Standard and Cloud Run automatically scale to zero when not in use, reducing costs, and Cloud SQL with read replicas provides high availability and low-latency reads without complex orchestration. This approach also allows for a gradual migration with minimal disruption, as the existing code can be adapted with minimal changes.

Exam trap

The trap here is that candidates often assume containerization (GKE) is always the best path for modernizing applications, but the question explicitly states the team prefers to avoid managing Kubernetes, making serverless options like App Engine and Cloud Run the correct choice despite their perceived limitations.

How to eliminate wrong answers

Option A is wrong because Cloud Functions is designed for event-driven, short-lived workloads and is not suitable for a persistent backend API that handles synchronous HTTP requests, leading to cold start latency and potential timeouts; Cloud Spanner is a globally distributed, strongly consistent database that is overkill and expensive for a single-region e-commerce platform, especially given the limited budget. Option B is wrong because a lift-and-shift to Compute Engine with managed instance groups does not fully leverage Google Cloud's managed services, resulting in higher operational overhead for patching, scaling, and maintenance, and it does not minimize downtime as effectively as serverless options; it also fails to address the preference to avoid managing Kubernetes. Option C is wrong because GKE requires managing a Kubernetes cluster, which the team explicitly wants to avoid, and while it offers container orchestration, it introduces complexity and cost that are not justified given the limited budget and the simpler serverless alternatives available.

74
MCQmedium

A development team uses Cloud Build to automatically build, test, and create container images whenever code is pushed to their repository. The resulting Docker images need to be stored securely and made available to their GKE deployment pipelines. Which Google Cloud service stores and manages these container images?

A.Cloud Storage bucket with a `containers/` folder.
B.Artifact Registry
C.Cloud SQL — storing build artifacts in a relational database.
D.Cloud Source Repositories — the code repository stores both source code and container images.
AnswerB

Artifact Registry stores Docker images, Helm charts, and other build artifacts. Cloud Build pushes images here; GKE and Cloud Run pull from here during deployment. It also performs vulnerability scanning.

Why this answer

Artifact Registry is the correct service because it is a fully managed, private container registry designed to store, manage, and secure Docker images and other artifacts. It integrates natively with Cloud Build for pushing images and with GKE for pulling them, supporting vulnerability scanning and IAM-based access control.

Exam trap

The trap here is that candidates confuse Cloud Storage (a generic object store) with a container registry, not realizing that container images require a registry API and metadata management that Artifact Registry provides.

How to eliminate wrong answers

Option A is wrong because Cloud Storage is an object store for arbitrary files, not a container registry; it lacks native Docker Registry API v2 support, image layer deduplication, and vulnerability scanning. Option C is wrong because Cloud SQL is a relational database service for structured data, not designed to store binary container images or serve them via the Docker protocol. Option D is wrong because Cloud Source Repositories is a Git repository hosting service for source code only; it cannot store or serve container images, which require a registry API.

75
MCQeasy

A company needs to send messages between different microservices in a decoupled way. When one service publishes an event, multiple downstream services should receive and process it independently. Which Google Cloud service enables this publish-subscribe messaging pattern?

A.Cloud Tasks
B.Cloud Pub/Sub
C.Cloud Scheduler
D.Eventarc
AnswerB

Pub/Sub supports multiple subscriptions per topic, allowing many services to independently receive every published message. It's the GCP-native pub-sub messaging backbone for event-driven architectures.

Why this answer

Cloud Pub/Sub is the correct choice because it is Google Cloud's fully managed, asynchronous messaging service designed specifically for the publish-subscribe pattern. It allows a publisher service to emit events to a topic, and multiple subscriber services can independently pull or push those messages from that topic, ensuring decoupled and reliable communication.

Exam trap

The trap here is that candidates may confuse Eventarc (which handles event ingestion from Google sources) with Cloud Pub/Sub (the core messaging backbone), or mistakenly think Cloud Tasks or Cloud Scheduler can serve as a general pub/sub system when they are designed for different use cases like task queuing and scheduled jobs.

How to eliminate wrong answers

Option A is wrong because Cloud Tasks is a task queue service for managing the execution of discrete tasks (like HTTP requests) with retry logic, not a pub/sub messaging system for broadcasting events to multiple independent subscribers. Option C is wrong because Cloud Scheduler is a cron job service for scheduling single, recurring tasks or HTTP calls at specified times, not for real-time event-driven messaging between services. Option D is wrong because Eventarc is a service for routing events from Google Cloud sources (e.g., Cloud Storage, BigQuery) to targets via CloudEvents, but it relies on Cloud Pub/Sub as its underlying transport and is not the core pub/sub messaging service itself.

Page 1 of 2 · 103 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Google Cloud Products Services And Solutions questions.