PCA · topic practice

Manage and provision cloud infrastructure practice questions

Practise Google Professional Cloud Architect Manage and provision cloud infrastructure practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Manage and provision cloud infrastructure

What the exam tests

What to know about Manage and provision cloud infrastructure

Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.

IaaS, PaaS and SaaS responsibilities and examples.

Public, private, hybrid and community cloud deployment models.

On-premises vs cloud trade-offs: cost, control, scalability.

How cloud connectivity options (VPN, Direct Connect, ExpressRoute) work.

Watch out for

Common Manage and provision cloud infrastructure exam traps

  • IaaS gives you infrastructure control; SaaS gives you only the application.
  • Hybrid cloud combines on-premises and public cloud — not two public clouds.
  • Cloud does not automatically mean cheaper or more secure.
  • Management responsibility shifts with each service model (IaaSPaaSSaaS).

Practice set

Manage and provision cloud infrastructure questions

20 questions · select your answer, then reveal the explanation

A company is deploying a new application on Compute Engine. They need to ensure that the application can automatically recover from a zone failure. What is the best approach?

An organization has multiple projects in Google Cloud and wants to centralize logging and monitoring for all projects. They need to aggregate logs from all projects into a single project for analysis. Which approach should they use?

A developer needs to deploy a containerized application on Google Kubernetes Engine (GKE) with minimal operational overhead. They want to automatically scale the number of pods based on CPU utilization. Which GKE feature should they use?

A company is deploying a web application on Compute Engine behind a global HTTP(S) load balancer. They want to restrict access to only traffic from specific IP ranges. Which load balancer feature should they use?

A company has a production database running on Cloud SQL. They need to ensure high availability with automatic failover in the event of a zone outage. What should they do?

A developer wants to store and retrieve non-relational data with flexible schema and automatic scaling. Which Google Cloud service should they use?

A company wants to migrate on-premises workloads to Google Cloud. They need to assess the existing infrastructure, plan the migration, and track progress. Which tool should they use?

A company is using Cloud Storage to store sensitive data. They need to enforce that objects are deleted exactly 30 days after creation. Which object lifecycle rule should they configure?

Which TWO options are valid ways to connect an on-premises network to a VPC in Google Cloud? (Choose two.)

Question 10hardmulti select
Read the full VPN explanation →

Which THREE components are required to set up a private connection between an on-premises network and a VPC using Cloud VPN? (Choose three.)

Which TWO statements about Google Cloud VPC networks are true? (Choose two.)

A developer runs the command above. The instance is created successfully, but cannot be reached via HTTP from the internet. What is the most likely cause?

Exhibit

Refer to the exhibit.

gcloud compute instances create my-instance \
    --zone=us-central1-a \
    --machine-type=n1-standard-2 \
    --image-family=debian-10 \
    --image-project=debian-cloud \
    --boot-disk-size=50GB \
    --boot-disk-type=pd-standard \
    --tags=http-server,https-server

An administrator creates a GKE cluster with the command above. After deployment, the cluster has 3 nodes, but the node pool autoscaler never scales up even under load. What is the most likely reason?

Exhibit

Refer to the exhibit.

gcloud container clusters create my-cluster \
    --zone us-central1-a \
    --num-nodes 3 \
    --machine-type e2-medium \
    --disk-size 100 \
    --image-type cos_containerd \
    --enable-autoscaling \
    --min-nodes 1 \
    --max-nodes 5 \
    --node-locations us-central1-a,us-central1-b,us-central1-f

A company runs a critical application on Compute Engine instances in a managed instance group (MIG) across three zones in us-central1. The application uses a Cloud Spanner database. Recently, the application experienced increased latency and timeouts during peak hours. The operations team noticed that the MIG's CPU utilization is consistently above 80% during peak hours, and the autoscaler is configured to scale based on CPU utilization with a target of 60%. However, the autoscaler is not adding new instances quickly enough, causing performance degradation. The team also observed that new instances take over 5 minutes to become healthy and serve traffic. The health check is a simple TCP check on port 8080. The application startup script downloads large configuration files from Cloud Storage. What should the team do to improve the autoscaling response time and reduce latency?

Question 15mediummultiple choice
Read the full NAT/PAT explanation →

A startup is deploying a microservices application on Google Kubernetes Engine (GKE) with a regional cluster. They have services that need to communicate with each other and also with external APIs. The cluster uses VPC-native routing. They have enabled Cloud NAT to allow outbound internet access for nodes without external IPs. However, the development team reports that some pods cannot reach the external APIs, while others can. All pods are in the same namespace and are not using any network policies. The pods that fail have the annotation 'cloud.google.com/gke-nat-ips' set to a list of static IP addresses. The pods that work do not have this annotation. What is the most likely cause of the failure?

A company is migrating its on-premises application to Google Cloud. The application requires low-latency access to a shared filesystem that can be mounted by multiple Compute Engine instances across different zones. Which storage solution should they use?

Question 17hardmultiple choice
Review the full subnetting walkthrough →

An organization has a VPC with two subnets: subnet-a (10.0.1.0/24) and subnet-b (10.0.2.0/24). They launched a Compute Engine instance in subnet-a with an internal IP 10.0.1.2 and a public IP. They want the instance to only allow HTTPS traffic from the internet. Which firewall rule should they create?

A developer needs to programmatically create and manage Compute Engine instances. Which Google Cloud service should they use to authenticate and authorize service accounts?

A company deploys a web application on Compute Engine behind a Global HTTPS Load Balancer. They need to restrict access to the application based on the client's IP address. Which Google Cloud service should they use?

An organization uses Cloud SQL for MySQL in a production environment. They need to ensure high availability with automatic failover in case of a zonal failure. Which configuration should they use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Manage and provision cloud infrastructure sessions

Start a Manage and provision cloud infrastructure only practice session

Every question in these sessions is drawn from the Manage and provision cloud infrastructure domain — nothing else.

Related practice questions

Related PCA topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PCA exam test about Manage and provision cloud infrastructure?
Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Manage and provision cloud infrastructure questions in a focused session?
Yes — the session launcher on this page draws every question from the Manage and provision cloud infrastructure domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCA topics?
Use the topic links above to move to related areas, or go back to the PCA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCA exam covers. They are not copied from any real exam or dump site.