Back to Google Professional Cloud Architect questions

Scenario-based practice

Hard Difficulty Questions

Practise Google Professional Cloud Architect practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
PCA
exam code
Google Cloud
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related PCA topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmulti select
Full question →

Which THREE factors should be considered when choosing a Google Cloud region for deploying a low-latency application serving global users? (Choose three.)

Question 2hardmulti select
Full question →

A financial services company is designing a multi-tier application on Google Cloud. The application must meet PCI DSS compliance, with data encrypted at rest and in transit. They plan to use Cloud SQL for PostgreSQL for transactional data and Cloud Storage for archival data. Which TWO actions should the architect take to meet compliance requirements?

Question 3hardmulti select
Full question →

A company wants to optimize their cloud spending on Google Cloud. They have a mix of workloads including batch processing, real-time analytics, and web serving. Which TWO strategies should they implement to reduce costs without significant architectural changes? (Choose two.)

Question 4hardmultiple choice
Full question →

An organization wants to enforce that all Compute Engine VMs are created with specific disk encryption keys. Which policy mechanism should they use?

Question 5hardmulti select
Full question →

A company is designing a highly available architecture for a stateful application on Compute Engine. They need to protect against zonal failures. Which THREE steps should they take?

Question 6hardmultiple choice
Full question →

A global e-commerce platform is experiencing intermittent latency spikes during flash sales. The application is deployed on Google Kubernetes Engine (GKE) with a regional cluster. The architecture includes a frontend service, a product catalog service using Cloud Spanner, and an order processing service using Cloud Pub/Sub. During high load, the catalog service shows increased query latency, and some requests time out. What should the architect prioritize to address the issue?

Question 7hardmultiple choice
Full question →

A financial services company is designing a multi-region disaster recovery architecture for a critical application. The application runs on Compute Engine with a stateful backend using Cloud Spanner. The Recovery Time Objective (RTO) is 1 hour, and the Recovery Point Objective (RPO) is 15 minutes. What architecture meets these requirements cost-effectively?

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation operates in multiple regions and must comply with GDPR. They use Cloud Load Balancing to distribute traffic across regional backends. Their security team wants to block traffic from specific countries (e.g., non-EU countries) at the edge. What should they use?

Question 9hardmulti select
Full question →

Which THREE are valid methods to protect sensitive data in BigQuery?

Question 10hardmulti select
Full question →

Which THREE options are valid strategies for disaster recovery (DR) in Google Cloud?

Question 11hardmultiple choice
Review the full subnetting walkthrough →

An organization has a VPC with two subnets: subnet-a (10.0.1.0/24) and subnet-b (10.0.2.0/24). They launched a Compute Engine instance in subnet-a with an internal IP 10.0.1.2 and a public IP. They want the instance to only allow HTTPS traffic from the internet. Which firewall rule should they create?

Question 12hardmultiple choice
Full question →

An organization uses Cloud SQL for MySQL in a production environment. They need to ensure high availability with automatic failover in case of a zonal failure. Which configuration should they use?

Question 13hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare organization uses Cloud Storage to store protected health information (PHI). They have a compliance requirement to ensure that all objects in the bucket are encrypted with a customer-managed key (CMK) that is rotated every 90 days. They also need to log all access to the bucket and detect anomalous access patterns. Which combination of Google Cloud services should they use?

Question 14hardmultiple choice
Review the full subnetting walkthrough →

A company uses a Shared VPC hosted in a common project (host project) to centralize network management. A service project team needs to create a Compute Engine instance with a specific static internal IP address from the Shared VPC subnet. What IAM permissions should be granted to the service project's Compute Engine default service account?

Question 15hardmultiple choice
Full question →

An organization wants to enforce a policy that prohibits the creation of Cloud Storage buckets with uniform bucket-level access disabled. What should they use?

Question 16hardmultiple choice
Full question →

An administrator creates a GKE cluster with the command above. After deployment, the cluster has 3 nodes, but the node pool autoscaler never scales up even under load. What is the most likely reason?

Exhibit

Refer to the exhibit.

gcloud container clusters create my-cluster \
    --zone us-central1-a \
    --num-nodes 3 \
    --machine-type e2-medium \
    --disk-size 100 \
    --image-type cos_containerd \
    --enable-autoscaling \
    --min-nodes 1 \
    --max-nodes 5 \
    --node-locations us-central1-a,us-central1-b,us-central1-f
Question 17hardmultiple choice
Full question →

A company runs a critical application on Compute Engine instances in a managed instance group (MIG) across three zones in us-central1. The application uses a Cloud Spanner database. Recently, the application experienced increased latency and timeouts during peak hours. The operations team noticed that the MIG's CPU utilization is consistently above 80% during peak hours, and the autoscaler is configured to scale based on CPU utilization with a target of 60%. However, the autoscaler is not adding new instances quickly enough, causing performance degradation. The team also observed that new instances take over 5 minutes to become healthy and serve traffic. The health check is a simple TCP check on port 8080. The application startup script downloads large configuration files from Cloud Storage. What should the team do to improve the autoscaling response time and reduce latency?

Question 18hardmulti select
Full question →

An organization is implementing a data loss prevention (DLP) strategy for sensitive data stored in Cloud Storage. They want to automatically detect and redact credit card numbers in CSV files uploaded to a specific bucket. Which TWO Google Cloud services should they combine to achieve this?

Question 19hardmulti select
Full question →

A company has a Cloud SQL for PostgreSQL instance that is experiencing high latency. They suspect a connection pooling issue. Which TWO configurations should be checked? (Choose two.)

Question 20hardmultiple choice
Full question →

An organization is migrating a legacy monolithic application to Google Cloud. The application currently runs on a single server with an on-premises database. The application is stateful and requires low-latency access to the database. The migration must minimize downtime and ensure high availability. Which architecture should the company adopt?

These PCA practice questions are part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style PCA questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.