Google Professional Cloud Developer (PCD) — Questions 751825

980 questions total · 14pages · All types, answers revealed

Page 10

Page 11 of 14

Page 12
751
MCQeasy

A developer needs to deploy a Cloud Run service from a container image in Artifact Registry. What IAM role should be granted to the Cloud Run service account?

A.roles/storage.objectViewer
B.roles/cloudbuild.builds.builder
C.roles/artifactregistry.reader
D.roles/run.invoker
AnswerC

Required to read container images from Artifact Registry.

Why this answer

The Cloud Run service account needs permission to read the container image from Artifact Registry during deployment. The `roles/artifactregistry.reader` role grants the `artifactregistry.repositories.downloadArtifacts` permission, which is required to pull the image. Without this role, the deployment fails with an access denied error.

Exam trap

The PCD exam often tests the distinction between roles that grant access to the container image (Artifact Registry reader) versus roles that grant access to the running service (Cloud Run invoker), causing candidates to confuse deployment-time permissions with runtime permissions.

How to eliminate wrong answers

Option A is wrong because `roles/storage.objectViewer` grants read access to Cloud Storage buckets, not Artifact Registry repositories; Cloud Run does not pull container images from Cloud Storage. Option B is wrong because `roles/cloudbuild.builds.builder` is used for Cloud Build service accounts to execute builds, not for Cloud Run service accounts to pull images from Artifact Registry. Option D is wrong because `roles/run.invoker` only allows invoking the Cloud Run service (i.e., sending HTTP requests), not reading container images from Artifact Registry.

752
MCQeasy

A company needs to migrate an on-premises Cassandra database to Google Cloud. They want a managed NoSQL database with high availability and low latency. Which service should they choose?

A.Cloud SQL
B.Cloud Spanner
C.Cloud Bigtable
D.Firestore
AnswerC

Bigtable is a NoSQL wide-column database, similar to Cassandra, and fully managed.

Why this answer

Cloud Bigtable is a fully managed NoSQL wide-column database that is ideal for migrating from Cassandra. It provides high availability, low latency, and horizontal scalability.

753
MCQeasy

A startup is building a mobile application with real-time synchronization across user devices. They expect millions of users and need a NoSQL database with offline support and real-time listeners. Which database should they choose?

A.Firestore
B.Cloud Bigtable
C.BigQuery
D.Cloud SQL
AnswerA

Firestore provides real-time sync, offline persistence, and is designed for mobile/web apps.

Why this answer

Firestore is a flexible, scalable NoSQL database for mobile, web, and server development. It offers real-time synchronization, offline data persistence, and integrates with Firebase and Google Cloud. It is designed for this exact use case.

754
MCQmedium

An application deployed on Google Kubernetes Engine is experiencing intermittent latency spikes. The team has enabled Cloud Trace and sees that a specific gRPC call to a backend service occasionally takes >500ms. However, the backend service's logs show no errors. What is the most likely cause that the team should investigate further?

A.The Cloud Trace sampling rate is too low, causing statistical noise.
B.The gRPC client is not using connection pooling, causing frequent TLS handshakes.
C.The backend service is under-provisioned and experiencing resource contention only during peak traffic.
D.The network latency between the client and backend is high due to a misconfigured VPC firewall.
AnswerB

Correct: without connection pooling, each call may require a new handshake, adding latency especially during bursts.

Why this answer

Option B is correct because gRPC relies on HTTP/2, which multiplexes multiple requests over a single persistent connection. If the client does not reuse connections, each new request triggers a new TLS handshake, which can add significant latency (often 100-500ms) due to certificate exchange and cryptographic operations. This intermittent behavior occurs when the client creates a new channel per request rather than reusing a connection pool, leading to sporadic high-latency calls without backend errors.

Exam trap

The PCD exam often tests the distinction between client-side and server-side issues in microservices; the trap here is assuming that latency spikes must originate from the backend (resource contention or network problems) rather than considering client-side connection management, especially with gRPC's HTTP/2 multiplexing behavior.

How to eliminate wrong answers

Option A is wrong because a low sampling rate in Cloud Trace would cause missing or incomplete trace data, not intermittent latency spikes; statistical noise does not manifest as consistent >500ms delays on specific gRPC calls. Option C is wrong because resource contention under peak traffic would show errors or increased latency across all requests during those peaks, not isolated intermittent spikes on a single gRPC call, and the backend logs show no errors. Option D is wrong because a misconfigured VPC firewall would cause persistent connectivity issues or packet drops, not intermittent latency spikes; network latency from firewall misconfiguration is typically constant or results in timeouts, not sporadic high-latency gRPC calls.

755
MCQeasy

A company wants to deploy a stateless web application that needs to handle unpredictable traffic spikes with minimal operational overhead. Which Google Cloud compute service is most cost-effective and operationally simple?

A.App Engine Standard
B.Cloud Functions
C.Cloud Run
D.Google Kubernetes Engine (GKE)
E.Compute Engine with Managed Instance Group
AnswerC

Fully managed, autoscaling to zero, per-request pricing, ideal for stateless web apps.

Why this answer

Cloud Run is the most cost-effective and operationally simple choice for a stateless web application with unpredictable traffic spikes because it automatically scales from zero to thousands of containers based on request load, charges only for resources used during request processing (down to 100ms increments), and eliminates infrastructure management. It supports any language or framework via container images, making it ideal for stateless HTTP workloads without the cold-start latency concerns of Cloud Functions or the cluster management overhead of GKE.

Exam trap

The trap here is that candidates often choose App Engine Standard (A) thinking it is the only serverless option for web apps, but Cloud Run offers greater flexibility with containerized workloads and more granular scaling to zero, making it more cost-effective for unpredictable traffic patterns.

How to eliminate wrong answers

Option A is wrong because App Engine Standard, while serverless, restricts runtime environments to specific supported languages and versions, and its automatic scaling can incur higher costs for unpredictable spikes due to its instance-hour billing model and mandatory idle instances. Option B is wrong because Cloud Functions is designed for event-driven, short-lived functions (max 9 minutes timeout) and is not suitable for a full stateless web application that requires persistent HTTP connections or long-running request processing. Option D is wrong because Google Kubernetes Engine (GKE) introduces significant operational overhead for cluster management, node scaling, and networking configuration, making it less operationally simple than Cloud Run for a stateless web app.

Option E is wrong because Compute Engine with Managed Instance Group requires manual configuration of autoscaling policies, health checks, and instance templates, and incurs costs for idle VMs even when traffic is low, making it less cost-effective and operationally simple than Cloud Run.

756
MCQmedium

A team deploys a stateful application on GKE using StatefulSets. They need to test data persistence after pod rescheduling. Which test scenario best validates this?

A.Use a CronJob to regularly snapshot the data
B.Delete a pod and verify the new pod has the same data from PersistentVolumeClaim
C.Scale down the StatefulSet to 0 and scale up again, then check data
D.Delete the entire cluster and recreate it from backups
AnswerB

This directly tests the scenario of pod rescheduling and PVC data persistence.

Why this answer

Option B is correct because deleting a pod in a StatefulSet triggers Kubernetes to reschedule a new pod with the same identity and PersistentVolumeClaim (PVC). The PVC retains the data from the original pod, so verifying that the new pod has the same data directly confirms that the PersistentVolume (PV) is correctly bound and the data persists across pod rescheduling. This tests the core persistence guarantee of StatefulSets without altering the replica count or cluster state.

Exam trap

The PCD exam often tests the misconception that scaling down to 0 and up is equivalent to pod rescheduling, but the trap here is that scaling down releases PVCs (depending on the volumeClaimTemplate policy) and may not preserve data if the StatefulSet is configured with a non-default PVC retention policy, whereas deleting a single pod always reuses the same PVC.

How to eliminate wrong answers

Option A is wrong because using a CronJob to snapshot data tests backup mechanisms, not the inherent persistence of StatefulSet PVCs after pod rescheduling; it introduces an external process that could mask failures in PVC binding. Option C is wrong because scaling down to 0 and up again tests StatefulSet ordinal recreation and PVC reattachment, but it is a more disruptive test that may not isolate the specific behavior of pod rescheduling (e.g., node failure or manual deletion) and can trigger additional orchestration logic like headless service DNS updates. Option D is wrong because deleting the entire cluster and recreating from backups tests disaster recovery, not the immediate data persistence guarantee of StatefulSets after a pod is rescheduled within the same cluster.

757
Multi-Selecthard

You are designing a Cloud Bigtable schema for an AdTech platform. Queries often filter by campaign ID and date range. Which three row key design practices should you consider to avoid hotspots and optimize performance? (Choose three.)

Select 3 answers
A.Promote the campaign ID to the beginning of the row key
B.Prepend a hash of the campaign ID to the row key (salted keys)
C.Use a single table for all data
D.Separate frequently accessed columns into a different column family
E.Reverse the domain of the row key (e.g., com.example.campaign)
AnswersA, B, E

Field promotion distributes reads across nodes.

Why this answer

Field promotion (moving high-cardinality fields to the key), reversed domain, and salted keys are common patterns to avoid hotspots. Single table is not a key design practice. Column families affect storage, not key design.

758
MCQhard

An engineer needs to configure Firestore security rules for a mobile app where users can only read and write their own data. The user's UID is stored in the document field 'owner'. Which rule correctly restricts access?

A.allow read, write: if resource.data.owner == request.auth.name;
B.allow read, write: if resource.data.owner == request.auth.uid;
C.allow read, write: if resource.data.owner == request.auth.userId;
D.allow read, write: if resource.data.userId == request.auth.uid;
AnswerB

This is the correct rule: compares the document's 'owner' field to the authenticated user's UID.

Why this answer

The 'resource.data.owner' checks the document's 'owner' field, and 'request.auth.uid' is the authenticated user's UID. The condition ensures users can only access documents where they are the owner. Option A uses 'request.auth.uid' correctly.

Option B uses 'request.auth.userId' which is not valid. Option C incorrectly uses 'resource.data.userId'. Option D uses 'request.auth.name' which is not the UID.

759
Multi-Selectmedium

A company is deploying a global microservices application on Cloud Run. They need to design for high availability, scalability, and low latency. Which three practices should they implement? (Choose three.)

Select 3 answers
A.Use Cloud Scheduler to trigger services periodically.
B.Enable Cloud CDN for caching static assets.
C.Set a limit on the number of Cloud Run containers per revision to control costs.
D.Use a global HTTP(S) Load Balancer with serverless NEGs to route traffic.
E.Deploy Cloud Run services in multiple Google Cloud regions.
AnswersB, D, E

CDN caches content at edge locations, reducing latency.

Why this answer

Option B is correct because Cloud CDN caches static assets at Google's global edge locations, reducing latency for users worldwide and offloading requests from Cloud Run. This improves performance for static content like images, CSS, and JavaScript, which is essential for a global microservices application requiring low latency.

Exam trap

The PCD exam often tests the misconception that cost-control measures like container limits are compatible with high scalability, but in practice, capping containers throttles autoscaling and violates the scalability requirement.

760
MCQmedium

A company deploys a containerized web application to Cloud Run. The application needs to access a Cloud SQL instance but fails with a connection timeout. The VPC connector is configured and attached to the Cloud Run service. What is the most likely cause?

A.Cloud SQL instance does not have a public IP address.
B.The VPC connector is not configured to route to the Cloud SQL private IP range.
C.The application is not using the Cloud SQL Auth Proxy.
D.The VPC firewall rules block traffic to Cloud SQL.
AnswerB

The VPC connector must have appropriate routes to the Cloud SQL private IP range.

Why this answer

The VPC connector is attached to the Cloud Run service, but for it to route traffic to the Cloud SQL private IP address, the connector must be configured with a subnet that has a route to the Cloud SQL private IP range (e.g., 10.0.0.0/8 or a specific allocated range). Without this route, packets destined for the Cloud SQL instance's private IP are dropped, causing a connection timeout. The VPC connector itself does not automatically know how to reach Cloud SQL; the subnet must be peered or have appropriate routes.

Exam trap

The trap here is that candidates often assume a VPC connector alone is sufficient for private IP connectivity, but they overlook the requirement for proper routing from the connector's subnet to the Cloud SQL private IP range.

How to eliminate wrong answers

Option A is wrong because Cloud SQL instances with only a private IP address are reachable from Cloud Run via a VPC connector; a public IP is not required. Option C is wrong because the Cloud SQL Auth Proxy is not mandatory for private IP connections; it is only needed for public IP connections or to enforce IAM-based authentication. Option D is wrong because VPC firewall rules are not the primary cause here—firewall rules are evaluated after routing, and the timeout indicates a routing failure, not a firewall block.

761
MCQmedium

A company needs to analyze terabytes of log data for business intelligence. The queries are complex SQL aggregations and run periodically. The data is read-only after ingestion. Which Google Cloud database is most suitable?

A.Cloud SQL
B.Cloud Spanner
C.BigQuery
D.Cloud Bigtable
AnswerC

BigQuery excels at running complex SQL analytics on large read-only datasets.

Why this answer

BigQuery is the correct choice because it is a serverless, highly scalable data warehouse designed for petabyte-scale analytics using SQL. It excels at complex aggregations over terabytes of read-only log data, with automatic partitioning and columnar storage that optimize query performance for periodic analytical workloads.

Exam trap

Cisco often tests the distinction between transactional (OLTP) and analytical (OLAP) databases, and the trap here is that candidates confuse Cloud SQL or Cloud Spanner (both OLTP) with BigQuery (OLAP), failing to recognize that complex SQL aggregations over large read-only datasets require a data warehouse, not a transactional database.

How to eliminate wrong answers

Option A is wrong because Cloud SQL is a relational database for transactional (OLTP) workloads, not for analytical queries over terabytes of data; it lacks the distributed storage and compute separation needed for large-scale aggregations. Option B is wrong because Cloud Spanner is a globally distributed, strongly consistent database optimized for high-throughput transactions, not for complex analytical queries on read-only log data; it is overkill and not cost-effective for this use case. Option D is wrong because Cloud Bigtable is a NoSQL wide-column database designed for real-time, low-latency access to large volumes of time-series or operational data, but it does not support SQL aggregations or complex analytical queries natively.

762
MCQeasy

A team deploys a containerized web application on Cloud Run. The deployment fails with error 'Container failed to start. Failed to start and then listen on the port defined by the PORT environment variable.' The container image runs fine locally on port 8080. The team has not set any environment variables in the Cloud Run service configuration. What is the most likely issue and solution?

A.Set the PORT environment variable to 8080 in the Cloud Run service configuration.
B.Configure a health check for the container.
C.Increase the container concurrency setting.
D.Set min instances to 1 to keep the container warm.
AnswerA

This ensures the container listens on the expected port. Cloud Run injects PORT but the container must use it.

Why this answer

Cloud Run expects the container to listen on the port specified by the PORT environment variable, which defaults to 8080. Since the team did not set any environment variables, Cloud Run assigns PORT=8080 automatically. The container runs fine locally on port 8080, but the error indicates it is not listening on the port defined by PORT.

The most likely issue is that the container is hardcoded to listen on port 8080 but does not respect the PORT environment variable, or the application is binding to a different interface (e.g., localhost) that Cloud Run cannot reach. Setting the PORT environment variable explicitly to 8080 in the Cloud Run service configuration ensures the container listens on the expected port.

Exam trap

The PCD exam often tests the misconception that the PORT environment variable is optional or that Cloud Run will automatically map a hardcoded port; the trap here is that candidates assume the container's hardcoded port 8080 will work without explicitly setting the PORT variable, but Cloud Run strictly requires the container to listen on the port specified by the PORT environment variable, which defaults to 8080 only if the container respects it.

How to eliminate wrong answers

Option B is wrong because configuring a health check does not resolve a port mismatch; health checks only verify that the container is responding after it starts, but they cannot fix a failure to bind to the correct port. Option C is wrong because increasing container concurrency affects how many requests the container can handle simultaneously, not which port it listens on. Option D is wrong because setting min instances to 1 keeps the container warm but does not address the port binding issue; the container would still fail to start if it does not listen on the correct port.

763
MCQhard

A team is using Cloud Trace to analyze performance of a microservices application. They notice that some spans are missing from the trace. What is the most likely cause?

A.The application is not sending traces for all services
B.There is a network latency issue
C.The Cloud Trace API is disabled for some projects
D.The trace sampling rate is set too low
AnswerD

Low sampling rate means only a subset of requests are traced, leading to missing spans.

Why this answer

The most likely cause of missing spans in Cloud Trace is that the trace sampling rate is set too low. Cloud Trace uses a configurable sampling rate to control how many requests are traced; if the rate is low, many requests are not sampled, resulting in incomplete traces. This is a common configuration issue, not a failure to send traces or a network problem.

Exam trap

The PCD exam often tests the misconception that missing spans are due to network issues or API failures, when in fact the root cause is a misconfigured sampling rate that drops spans before they are sent.

How to eliminate wrong answers

Option A is wrong because the application may be sending traces for all services, but if the sampling rate is low, spans from those services will still be missing due to not being sampled. Option B is wrong because network latency would cause delays or timeouts, not the complete absence of spans; missing spans indicate a sampling or configuration issue, not a performance problem. Option C is wrong because if the Cloud Trace API were disabled for some projects, the entire trace would fail or no spans would be reported at all, not just some spans missing within a trace.

764
MCQhard

A company is migrating a 5 TB SQL Server database to Cloud SQL for SQL Server using Database Migration Service (DMS). After the full dump phase, the continuous replication (CDC) phase starts. The team notices that the source database transaction log is growing rapidly and the CDC phase is failing intermittently with 'log space' errors. What should they do?

A.Reduce the retention period for the source transaction log backups
B.Shrink the source transaction log to free up space
C.Switch the source database to simple recovery model to reduce logging
D.Increase the size of the source transaction log and ensure it is not limited
AnswerD

A larger transaction log prevents 'log full' errors during CDC replication.

Why this answer

Option D is correct because the intermittent 'log space' errors during CDC indicate that the source transaction log is running out of space to record changes for replication. Database Migration Service (DMS) requires sufficient log space to capture ongoing changes; increasing the log size and removing any size limits ensures the log can grow to accommodate the replication lag without failing.

Exam trap

The trap here is that candidates confuse 'log space errors' with a need to reduce logging or shrink the log, when in fact the solution is to provide more space for the log to grow during the CDC phase.

How to eliminate wrong answers

Option A is wrong because reducing the retention period for transaction log backups does not free up active log space; it only affects backup retention, not the log file's ability to grow. Option B is wrong because shrinking the transaction log is a temporary fix that can cause fragmentation and does not address the root cause of insufficient space for CDC; it may also truncate uncommitted transactions. Option C is wrong because switching to simple recovery model would break CDC entirely, as it disables log-based replication by automatically truncating the log after each checkpoint, preventing DMS from reading changes.

765
MCQeasy

A developer is writing a Cloud Function that throws an exception when processing invalid input. They want to ensure the function returns an appropriate HTTP error response. What should they do?

A.Log the error and return a success response
B.Return a response with a status code and error message from the function
C.Use a global error handler in the function framework
D.Throw an exception and let the platform handle it automatically
AnswerB

This gives the client a clear error and allows custom status codes.

Why this answer

Option B is correct because in Cloud Functions (and serverless platforms like Google Cloud Functions), the function code itself is responsible for constructing and returning an HTTP response, including setting the appropriate status code and error message. Throwing an exception alone does not automatically map to an HTTP error response; the platform will typically return a generic 500 error, which is not appropriate for invalid input (e.g., 400 Bad Request). By explicitly returning a response object with a status code (e.g., 400) and a descriptive error message, the developer ensures the client receives a meaningful and correct HTTP error response.

Exam trap

The PCD exam often tests the misconception that throwing an exception in a serverless function automatically results in a proper HTTP error response, when in reality the platform returns a generic 500 error, and the developer must explicitly return the response with the correct status code and message.

How to eliminate wrong answers

Option A is wrong because logging the error and returning a success response (e.g., 200 OK) violates HTTP semantics — the client would incorrectly believe the request succeeded, masking the invalid input issue. Option C is wrong because while some function frameworks (e.g., Express.js) support global error handlers, Cloud Functions (especially in a serverless context like Google Cloud Functions) do not have a built-in global error handler that automatically converts exceptions to structured HTTP responses; the developer must explicitly return the response. Option D is wrong because throwing an exception and letting the platform handle it automatically results in a generic 500 Internal Server Error response, which is not appropriate for invalid input (which should be a 4xx error) and does not provide a custom error message.

766
Multi-Selecthard

A company uses Firestore for a mobile app. They want to implement security rules that allow users to create documents only if they are authenticated and the document's 'owner' field matches their UID. Additionally, they want to allow reads of any document where the 'visibility' field is 'public'. Which TWO conditions should the rules include?

Select 2 answers
A.allow create: if resource.data.owner == request.auth.uid;
B.allow read: if request.resource.data.visibility == 'public';
C.allow write: if request.auth.uid != null;
D.allow read: if resource.data.visibility == 'public';
E.allow create: if request.auth.uid != null && request.resource.data.owner == request.auth.uid;
AnswersD, E

This allows reads of documents where visibility is public.

Why this answer

The create rule should check authentication and that the incoming document's owner matches the UID. The read rule should allow if visibility is public. Using get() for the existing document is not needed for create because request.resource refers to the new document.

For read, resource.data refers to the existing document.

767
MCQmedium

A financial services company requires a relational database that can handle hybrid transactional/analytical processing (HTAP) workloads with sub-millisecond transactional latency and real-time analytics without ETL. Which Google Cloud database is BEST suited?

A.Cloud SQL for PostgreSQL
B.Cloud Spanner
C.AlloyDB for PostgreSQL
D.BigQuery
AnswerC

AlloyDB includes a columnar engine that accelerates analytical queries, enabling HTAP with up to 4x faster OLTP than Cloud SQL PostgreSQL.

Why this answer

AlloyDB is PostgreSQL-compatible and includes a columnar engine for in-database ML inference and HTAP workloads. It is optimized for OLTP and real-time analytics without ETL.

768
Multi-Selecthard

A DevOps team is deploying a critical application on GKE. To ensure application performance monitoring and reliability, which three actions should they take? (Choose three.)

Select 3 answers
A.Enable Cloud Monitoring to collect container metrics
B.Enable Cloud Debugger in production to debug code
C.Configure readiness probes to send traffic only to ready pods
D.Use Cloud Profiler to continuously profile CPU usage
E.Configure liveness probes to restart unhealthy containers
AnswersA, C, E

Cloud Monitoring provides visibility into resource usage and enables alerting on performance issues.

Why this answer

A is correct because Cloud Monitoring (formerly Stackdriver) integrates natively with GKE to collect container metrics such as CPU, memory, disk, and network usage, as well as custom metrics via the Monitoring agent. This provides the visibility needed for performance monitoring and reliability without additional configuration overhead.

Exam trap

The PCD exam often tests the distinction between monitoring (Cloud Monitoring), health checks (readiness/liveness probes), and profiling (Cloud Profiler) — the trap is that candidates may select Cloud Profiler as a monitoring action, but it is a continuous profiling tool for optimization, not a reliability or monitoring action.

769
MCQeasy

An e-commerce platform uses Cloud SQL MySQL for orders and Bigtable for session history. To provide a unified customer view, they need to join order data with recent session activity. Which approach minimises data movement while achieving low-latency queries?

A.Use Dataflow to continuously join the data and write results to BigQuery, then query BigQuery.
B.Use Memorystore as a cache to store denormalised customer views, updated from both databases.
C.Use Cloud Functions to query both databases and return combined results.
D.Export both databases to Cloud Storage and use BigQuery federated queries.
AnswerB

Memorystore provides sub-millisecond latency and can be used to cache pre-joined data, minimising direct queries to source databases.

Why this answer

Memorystore (Redis) can cache frequently accessed session data from Bigtable and order data from Cloud SQL, enabling low-latency reads without moving data permanently. Dataflow is batch-oriented, Cloud Functions is not for queries, and exporting to BigQuery adds latency.

770
MCQhard

You are using Cloud Spanner and need to read data that is consistent as of a specific point in time, but you can tolerate staleness up to 10 seconds. Which read type should you use to achieve the best performance?

A.Partitioned read
B.Read with a timestamp bound exactly 10 seconds in the past
C.Strong read
D.Stale read with a staleness bound of 10 seconds
AnswerD

Correct: allows reading from any replica, improving performance while guaranteeing data is at most 10 seconds old.

Why this answer

Option D is correct because a stale read with a staleness bound of 10 seconds allows Cloud Spanner to serve the read from any replica that has data within that staleness window, avoiding the latency of a strong read that must contact the leader. This provides the best performance while still guaranteeing consistency as of a point in time up to 10 seconds ago, meeting the requirement of tolerating staleness up to 10 seconds.

Exam trap

Cisco often tests the distinction between an exact timestamp bound and a staleness bound, where candidates mistakenly choose the exact timestamp bound thinking it provides more precise control, but the staleness bound actually offers better performance by allowing Cloud Spanner to select the most convenient replica within the allowed window.

How to eliminate wrong answers

Option A is wrong because a partitioned read is designed for bulk reads across large datasets, not for controlling consistency or staleness; it does not provide a specific timestamp bound and can still incur leader overhead. Option B is wrong because specifying a timestamp bound exactly 10 seconds in the past forces Cloud Spanner to execute a stale read at that exact time, which may require more coordination than a staleness bound that allows the system to choose the most recent replica within the window, thus not achieving the best performance. Option C is wrong because a strong read always reads from the leader replica, guaranteeing the latest data but incurring higher latency and lower throughput compared to a stale read that can use any replica within the staleness bound.

771
Multi-Selecthard

A global gaming company uses Cloud Spanner for player profiles and leaderboards. They want to replicate leaderboard changes to a secondary Cloud Spanner instance in another region for disaster recovery, with minimal latency. They need to ensure that all writes are eventually consistent across instances. Which THREE approaches should they consider?

Select 3 answers
A.Use Cloud Spanner's built-in global replication by creating a multi-region instance spanning both regions.
B.Write application code that writes to both Spanner instances in each transaction (dual-writes).
C.Export Spanner data to BigQuery and use federated queries in the secondary region.
D.Configure Cloud Spanner multi-region instance with a read-only replica in the secondary region.
E.Use Cloud Spanner change streams to capture changes and replicate them to the secondary instance using Dataflow.
AnswersA, D, E

A multi-region Spanner instance automatically replicates data across regions with strong consistency.

Why this answer

Spanner change streams can capture mutations and replicate to another instance via Pub/Sub and Dataflow. Spanner's built-in replication across regions provides strong consistency but not active-active across different instances. Using application dual-writes is error-prone.

BigQuery is not suitable for operational replication.

772
MCQhard

A financial trading application on Compute Engine requires an RPO of 5 seconds and RTO of 1 minute for zone failures. Which architecture should they use?

A.Persistent disk with periodic snapshots to a different zone
B.Managed instance group with autoscaling and health checks
C.Regional persistent disk attached to a single instance
D.Two instances in different zones with data replicated via rsync
AnswerC

Regional persistent disk synchronously replicates data across zones, allowing fast failover within RPO and RTO.

Why this answer

Regional persistent disks provide synchronous replication of data between two zones within a region, ensuring an RPO of effectively zero (typically under 5 seconds) and enabling rapid failover to a secondary zone. By attaching the regional disk to a single Compute Engine instance, the application can quickly resume operations in the other zone upon failure, meeting the 1-minute RTO without data loss or complex replication overhead.

Exam trap

The PCD exam often tests the misconception that asynchronous replication methods (like snapshots or rsync) can meet strict RPO requirements, but only synchronous replication (as with regional persistent disks) guarantees sub-second data consistency across zones.

How to eliminate wrong answers

Option A is wrong because periodic snapshots to a different zone have an RPO equal to the snapshot interval (e.g., minutes or hours), which cannot guarantee 5 seconds, and restoring from snapshots takes longer than 1 minute. Option B is wrong because a managed instance group with autoscaling and health checks handles instance-level failures but does not provide synchronous data replication across zones, so it cannot achieve an RPO of 5 seconds for persistent data. Option D is wrong because rsync-based replication is asynchronous and introduces latency that can exceed 5 seconds, and it requires manual or custom failover logic, making it unreliable for the required RTO of 1 minute.

773
MCQeasy

A developer is using Cloud Functions and wants to ensure that their testing environment mirrors production as closely as possible. Which approach should they take?

A.Use Cloud Build to run tests before deployment
B.Run all tests in Cloud Shell
C.Deploy to a staging Cloud Function and run tests against it
D.Use the Functions Framework with a simulated production event
AnswerD

The Functions Framework provides the same runtime and event format, enabling near-identical local testing.

Why this answer

The Functions Framework is a local emulator that allows developers to run Cloud Functions locally with the same invocation context and event triggers as in production. By using the Functions Framework with a simulated production event, you can test your function's behavior, including event data parsing and response handling, without deploying to any cloud environment, ensuring the testing environment mirrors production as closely as possible.

Exam trap

The PCD exam often tests the misconception that deploying to a staging environment is the best way to mirror production, but the Functions Framework provides a more accurate and efficient local simulation without the overhead of cloud deployment.

How to eliminate wrong answers

Option A is wrong because Cloud Build runs tests in a build pipeline environment that does not replicate the Cloud Functions runtime, event triggers, or execution context, so it cannot mirror production behavior. Option B is wrong because Cloud Shell provides a generic Linux environment without the Cloud Functions runtime or event simulation, and tests run there do not reflect production execution conditions. Option C is wrong because deploying to a staging Cloud Function introduces network latency, cold starts, and potential differences in resource quotas or IAM permissions compared to local testing, and it does not guarantee the same event simulation as the Functions Framework.

774
MCQhard

A team uses Cloud Tasks to process orders asynchronously. Each order is enqueued after payment verification. Processing involves calling an external shipping API that occasionally returns 503 (Service Unavailable). The Cloud Tasks queue is configured with default retry parameters: max retries = 100, max retry duration = 1 hour. The team notices that some orders are never processed; they remain in the queue until the max retry duration expires and then are discarded. What is the most likely cause and solution?

A.Increase the max retry duration to 24 hours.
B.Set a custom retry deadline of 2 hours.
C.Use exponential backoff in the task handler instead of relying on Cloud Tasks.
D.Check the task queue rate limits and increase max dispatches per second.
AnswerA

A longer retry duration allows tasks to survive extended outages and eventually succeed.

Why this answer

The default Cloud Tasks retry parameters include a max retry duration of 1 hour. If an order repeatedly fails due to 503 errors from the external shipping API, the task will be retried up to 100 times within that hour. However, if the API remains unavailable for longer than the max retry duration, the task will be discarded even if the retry count hasn't been exhausted.

Increasing the max retry duration to 24 hours gives the external API more time to recover, ensuring that orders are not prematurely discarded.

Exam trap

The PCD exam often tests the distinction between retry count and retry duration — candidates mistakenly think increasing the number of retries or adjusting backoff will solve the problem, but the real issue is that the default max retry duration is too short to cover extended outages.

How to eliminate wrong answers

Option B is wrong because setting a custom retry deadline (e.g., 2 hours) does not address the root cause — the 1-hour max retry duration is too short; a 2-hour deadline would still be insufficient if the API is down for longer. Option C is wrong because implementing exponential backoff in the task handler is redundant; Cloud Tasks already supports exponential backoff by default, and the issue is the max retry duration, not the backoff strategy. Option D is wrong because increasing max dispatches per second would only increase the rate at which tasks are sent to the handler, but the problem is that tasks are being discarded after the max retry duration expires, not that they are being throttled.

775
MCQmedium

A DevOps engineer is automating deployments to Compute Engine using a CI/CD pipeline. They want to minimize downtime and ensure that if a new VM fails health checks, the old VM continues serving. Which deployment strategy should they implement?

A.Redeploy the old version manually if the new version fails
B.Rolling update with a readiness probe
C.Blue/green deployment with health checks and a managed instance group
D.Canary deployment with a small percentage of traffic
AnswerC

Blue/green allows keeping the old version (blue) serving while the new version (green) is tested; if health checks fail, traffic remains on blue.

Why this answer

Blue/green deployment with health checks and a managed instance group is correct because it allows the new version (green) to be fully deployed and validated against health checks before any traffic is switched from the old version (blue). If the new VM fails health checks, the managed instance group automatically keeps the old version serving, ensuring zero downtime and immediate rollback without manual intervention.

Exam trap

The PCD exam often tests the distinction between deployment strategies by making candidates confuse 'rolling update with readiness probe' (which still risks partial downtime during rollback) with 'blue/green deployment' (which isolates the new version entirely until health checks pass).

How to eliminate wrong answers

Option A is wrong because manually redeploying the old version defeats the purpose of automation and introduces significant downtime during the manual rollback process. Option B is wrong because a rolling update with a readiness probe gradually replaces instances, which can still cause partial downtime if the new version fails health checks across multiple instances, and rollback requires additional pipeline steps. Option D is wrong because a canary deployment routes a small percentage of traffic to the new version, which can still cause service degradation for that subset of users if the new version fails, and it does not guarantee that the old VM continues serving all traffic seamlessly.

776
MCQhard

Refer to the exhibit. A team has created this alerting policy for a Cloud Run service. However, the alert never fires even though the error rate sometimes exceeds 1%. What is the most likely issue?

A.The threshold is set via conditionMonitoringQuery but thresholdValue is null, causing conflict.
B.The group_by [] aggregates across all revisions, but errors might be per revision.
C.The filter is using response_code_class > 500, missing 500 errors.
D.The duration is 0s, so the alert should fire immediately; it's not causing the issue.
AnswerC

Correct: '>500' does not include 500, so most server errors are not counted.

Why this answer

Option C is correct because the filter `response_code_class > 500` uses a strict greater-than operator, which excludes HTTP 500 errors (the class value is exactly 500). In Cloud Monitoring, `response_code_class` for a 500 error is 500, so the condition `> 500` only matches classes like 501, 502, etc., missing the most common server errors. To capture all 5xx errors, the filter should be `response_code_class >= 500` or `response_code_class = 500`.

Exam trap

The PCD exam often tests the subtle difference between `>` and `>=` in metric filters, exploiting the fact that candidates assume `> 500` captures all 5xx errors without realizing the class value is exactly 500.

How to eliminate wrong answers

Option A is wrong because `conditionMonitoringQuery` with a null `thresholdValue` is not a conflict; the threshold is defined within the Monitoring Query Language (MQL) itself, not as a separate parameter, so this setup is valid. Option B is wrong because `group_by []` aggregates across all revisions, which is appropriate for a service-level alert; per-revision errors are still included in the total, so this would not prevent the alert from firing. Option D is wrong because a duration of 0s means the alert fires immediately when the condition is met, so it is not causing the alert to fail; the issue lies in the filter logic, not the evaluation window.

777
Multi-Selecteasy

Which TWO statements about Cloud Run for Anthos are correct? (Choose 2)

Select 2 answers
A.Cloud Run for Anthos allows users to autoscale their containerized applications without worrying about underlying GKE nodes.
B.Cloud Run for Anthos is a multi-region service by default.
C.Cloud Run for Anthos supports only HTTP requests, not gRPC.
D.Cloud Run for Anthos runs on GKE clusters and uses Knative Serving.
E.Cloud Run for Anthos requires you to bring your own load balancer.
AnswersA, D

Correct: The service handles scaling of the containers, though nodes need separate management.

Why this answer

Option A is correct because Cloud Run for Anthos leverages the Knative Serving autoscaler to automatically scale container instances up or down based on incoming request traffic, including scaling to zero when idle. This autoscaling operates at the pod level within the GKE cluster, abstracting away the underlying node management from the user.

Exam trap

The PCD exam often tests the misconception that Cloud Run for Anthos is a fully managed serverless service like Cloud Run on Google Cloud, when in fact it requires a GKE cluster and provides more control over the underlying infrastructure, including support for gRPC and custom load balancing.

778
Multi-Selectmedium

An organization needs to secure their Cloud SQL for MySQL instance. They require that all connections use IAM for authentication and that the database is not accessible from the public internet. Which THREE actions should they take? (Choose 3.)

Select 3 answers
A.Enable IAM database authentication on the Cloud SQL instance.
B.Assign a private IP only, with no public IP.
C.Configure the Cloud SQL Auth Proxy for all connections.
D.Require SSL for all connections using the 'require_ssl' flag.
E.Assign a public IP and configure authorized networks.
AnswersA, B, D

This links IAM principals to database users, replacing database passwords.

Why this answer

IAM database authentication links IAM users to database logins. Private IP and no public IP ensure no internet access. Cloud SQL Auth Proxy uses IAM for authentication but does not directly enforce IAM DB auth; it provides a secure tunnel.

SSL encryption is separate from IAM authentication. Authorized networks are not needed with private IP.

779
MCQeasy

Which Google Cloud database service is serverless, supports mobile and web apps with offline data synchronization, and provides document-level security rules?

A.Firestore
B.Memorystore
C.Cloud Bigtable
D.Cloud Spanner
AnswerA

Firestore is serverless, supports offline sync, and has security rules.

Why this answer

Firestore is a serverless, NoSQL document database that automatically scales, supports mobile and web clients with offline data persistence and synchronization via its SDKs, and enforces document-level security rules through Firebase Security Rules. This combination of serverless scaling, offline sync, and granular security makes it the correct choice for the described requirements.

Exam trap

The trap here is that candidates may confuse Cloud Spanner's global distribution and strong consistency with serverless capabilities, but Spanner requires manual node provisioning and lacks offline sync and document-level security rules.

How to eliminate wrong answers

Option B (Memorystore) is wrong because it is a fully managed in-memory cache service for Redis and Memcached, not a serverless database with offline data synchronization or document-level security rules. Option C (Cloud Bigtable) is wrong because it is a wide-column NoSQL database designed for large analytical and operational workloads, not for mobile/web apps with offline sync, and it lacks document-level security rules. Option D (Cloud Spanner) is wrong because it is a globally distributed, strongly consistent relational database service that is not serverless (requires provisioning of nodes) and does not provide offline data synchronization or document-level security rules.

780
MCQmedium

An engineer is monitoring Cloud Bigtable performance and notices high read latency. They suspect a hot spot issue. Which tool should they use to identify the hot spot?

A.The cbt command-line tool
B.Key Visualiser
C.Bigtable Studio
D.Cloud Monitoring (formerly Stackdriver)
AnswerB

Key Visualiser is purpose-built for identifying hot spots in Bigtable.

Why this answer

Cloud Bigtable's Key Visualiser is a tool specifically designed to detect and visualize hot spots (uneven distribution of read/write load across row keys). It helps identify row key patterns causing performance issues. Stackdriver is the legacy name for Cloud Monitoring; Cloud Monitoring can show overall metrics but not hot spot analysis.

Bigtable Studio does not exist. cbt is the CLI tool.

781
MCQeasy

A mobile app startup needs a serverless, scalable NoSQL database that supports offline sync and real-time updates. Which database should they choose?

A.Bigtable
B.Firestore in Native mode
C.Cloud SQL
D.Memorystore
AnswerB

Firestore Native mode offers offline sync, real-time updates, and serverless scaling, perfect for mobile apps.

Why this answer

Firestore (Native mode) provides serverless NoSQL document storage, offline sync for mobile clients, and real-time listeners for updates. It is the ideal choice for mobile and web apps.

782
MCQmedium

A company runs a microservices application on Google Kubernetes Engine (GKE). Users report intermittent slow responses. Developers suspect a specific service is causing latency. Which Google Cloud tool should they use to trace requests across services and identify the root cause?

A.Cloud Debugger
B.Cloud Trace
C.Cloud Monitoring
D.Cloud Logging
AnswerB

Cloud Trace provides distributed tracing to identify latency bottlenecks across microservices.

Why this answer

Cloud Trace is the correct tool because it provides distributed tracing capabilities that capture end-to-end latency data as requests propagate through microservices. By analyzing trace spans and their timing, developers can pinpoint which specific service is introducing delay, directly addressing the intermittent slow responses described.

Exam trap

The trap here is that candidates confuse Cloud Monitoring's alerting and dashboard capabilities with the distributed tracing needed to follow a single request across multiple services, leading them to pick Cloud Monitoring instead of Cloud Trace.

How to eliminate wrong answers

Option A is wrong because Cloud Debugger is designed for inspecting live application state and code execution without stopping the app, not for tracing request latency across services. Option C is wrong because Cloud Monitoring aggregates metrics and alerts on system health but does not provide the per-request distributed tracing needed to identify latency root causes across microservices. Option D is wrong because Cloud Logging centralizes log data but lacks the trace context and span-level timing required to correlate request paths and measure service-level delays.

783
MCQmedium

You need to create a custom dashboard in Cloud Monitoring that shows the number of 500 errors from your application, along with the average latency. What is the correct way to create this?

A.Create two separate dashboards and export to a single view.
B.Use Cloud Logging's metrics explorer.
C.Use Log Analytics to query logs and chart the error count, then use Cloud Monitoring metrics for latency.
D.Use the Cloud Monitoring Metrics Explorer to add two charts from different metric types.
AnswerD

Metrics Explorer allows you to create a dashboard with multiple charts, each configured with a different metric source, such as log-based metrics and latency metrics.

Why this answer

Option D is correct because Cloud Monitoring's Metrics Explorer allows you to add multiple charts from different metric types (e.g., a custom log-based metric for 500 error count and a built-in metric for average latency) within a single custom dashboard. This approach keeps all relevant data in one view without needing separate dashboards or switching between services.

Exam trap

The PCD exam often tests the misconception that you must use separate services (Logging vs. Monitoring) for different data types, when in fact Cloud Monitoring's Metrics Explorer can ingest and chart log-based metrics alongside system metrics in a single dashboard.

How to eliminate wrong answers

Option A is wrong because creating two separate dashboards and exporting to a single view is not a supported feature in Cloud Monitoring; dashboards cannot be merged, and this approach adds unnecessary complexity. Option B is wrong because Cloud Logging's metrics explorer is used for analyzing log data, not for creating dashboards that combine log-based metrics with latency metrics from Cloud Monitoring. Option C is wrong because Log Analytics can query logs for error counts, but latency metrics are already available in Cloud Monitoring; mixing Log Analytics charts with Cloud Monitoring charts in a single dashboard is not the standard or recommended method, and Metrics Explorer directly supports combining different metric types.

784
MCQhard

A developer is deploying a microservice on GKE that needs to be accessible only from within the same VPC network. The microservice must have a stable, internal IP address that does not change when pods are updated. Which options should be used?

A.Use a Service of type NodePort with a static reservation.
B.Use a Service of type ClusterIP with a static IP.
C.Use a Service of type LoadBalancer with the annotation 'cloud.google.com/load-balancer-type: Internal'.
D.Use a Service of type ExternalName pointing to the pods' internal IPs.
AnswerC

This creates an internal TCP/UDP load balancer with a stable internal IP.

Why this answer

Option C is correct because deploying a Service of type LoadBalancer with the annotation 'cloud.google.com/load-balancer-type: Internal' creates an internal TCP/UDP load balancer within the VPC network. This provides a stable, internal IP address that persists across pod updates, as the load balancer's IP is independent of the underlying pods and is managed by Google Cloud's networking layer.

Exam trap

The PCD exam often tests the misconception that ClusterIP provides a static IP, but in GKE, ClusterIP is ephemeral unless explicitly reserved via a custom IP range, whereas the internal LoadBalancer type guarantees a stable, reserved IP within the VPC.

How to eliminate wrong answers

Option A is wrong because a NodePort service exposes the microservice on a static port on each node's IP, but the node IPs are ephemeral and not guaranteed to be stable within the VPC; also, NodePort does not provide a dedicated internal IP address. Option B is wrong because a ClusterIP service assigns a stable internal IP, but this IP is not static by default and can change if the service is deleted and recreated; ClusterIP also does not support static IP reservation without additional configuration (e.g., using a custom IP range), and it is not designed for external access patterns. Option D is wrong because an ExternalName service maps to an external DNS name (e.g., a CNAME record) and cannot point to pods' internal IPs; it is used for external service discovery, not for providing a stable internal IP within the VPC.

785
MCQhard

A Cloud Spanner table uses a UUID as the primary key. The application is experiencing high write latency and hotspotting. Which design change would BEST resolve the issue?

A.Switch to a monotonically increasing integer key
B.Use a composite primary key with a shard prefix (e.g., hash of UUID)
C.Add a secondary index on the UUID column
D.Enable interleaved tables
AnswerB

Correct: salting with a hash prefix distributes writes evenly across splits.

Why this answer

Option B is correct because adding a shard prefix (e.g., a hash of the UUID) as the first part of a composite primary key distributes writes evenly across Cloud Spanner's splits, eliminating hotspotting. UUIDs alone cause hotspotting because they are randomly distributed but still lead to a single split being overwhelmed if the table is small or the UUIDs are inserted in order; a hash prefix ensures that consecutive writes target different splits, reducing write latency.

Exam trap

The trap here is that candidates confuse UUIDs as inherently good for distribution, but in Cloud Spanner, random UUIDs still cause hotspotting because they are inserted into a single split until the table grows large enough to split, whereas a hash prefix proactively distributes writes.

How to eliminate wrong answers

Option A is wrong because monotonically increasing integer keys cause severe hotspotting in Cloud Spanner, as all new writes go to the last split, creating a single point of contention. Option C is wrong because adding a secondary index on the UUID column does not affect the primary key's distribution; writes still hotspot on the primary key, and the index itself may also become a hotspot. Option D is wrong because interleaved tables are designed for hierarchical relationships and strong consistency between parent and child rows, not for resolving primary key hotspotting; they do not change the distribution of writes across splits.

786
MCQmedium

A company has a monolithic application that needs to be migrated to Cloud Run. The application currently writes logs to a local file. What is the best practice for handling logs in Cloud Run?

A.Use a third-party logging agent installed in the container image.
B.Write logs to stdout and stderr; Cloud Run automatically sends them to Cloud Logging.
C.Use a sidecar container to ship logs to Stackdriver.
D.Continue writing to a local file; Cloud Run will persist it.
AnswerB

Cloud Run collects stdout and stderr and sends them to Cloud Logging.

Why this answer

Cloud Run is a serverless compute platform that automatically integrates with Cloud Logging. The best practice is to write logs to stdout and stderr because Cloud Run's runtime captures these streams and forwards them to Cloud Logging without any additional agents or sidecars. This approach aligns with the 12-factor app methodology and ensures logs are available for monitoring and troubleshooting.

Exam trap

The trap here is that candidates may overcomplicate the solution by thinking a logging agent or sidecar is needed, when Cloud Run's serverless model already provides automatic log ingestion from stdout/stderr, and they may forget that the local filesystem is ephemeral and not suitable for persistent log storage.

How to eliminate wrong answers

Option A is wrong because installing a third-party logging agent in the container image adds unnecessary complexity and overhead; Cloud Run natively handles log collection from stdout/stderr, making agents redundant. Option C is wrong because sidecar containers are not supported in Cloud Run (it runs a single container per revision) and would violate the serverless architecture; log shipping should rely on the built-in stdout/stderr mechanism. Option D is wrong because Cloud Run provides ephemeral filesystem storage that is not persisted across instances or after the container stops; writing to a local file would cause logs to be lost and not be available in Cloud Logging.

787
MCQhard

Refer to the exhibit. A developer configured a Pub/Sub push subscription to a Cloud Run service. Messages are not being delivered to the Cloud Run service. The developer verified that the service is running and the IAM permissions are correct. What is the most likely issue?

A.The service account does not have the pubsub.publisher role
B.The OIDC token audience does not match the Cloud Run service's URL
C.The push endpoint URL is not a valid HTTPS endpoint
D.The ackDeadlineSeconds is too short for the Cloud Run service to process messages
AnswerB

The audience must match the exact URL of the service for authentication to succeed.

Why this answer

Option B is correct because the OIDC token audience must exactly match the URL of the Cloud Run service. In the exhibit, the audience is 'https://my-service.run.app/' which should be the same as the push endpoint, but if the Cloud Run service has a different URL (e.g., with a generated hash), the authentication will fail. Option A is possible but less likely because messages would still be delivered and then acknowledged if processing time is less than 10 seconds.

Option C is incorrect because the endpoint is HTTPS. Option D is incorrect because the service account needs the token creator role, not publisher.

788
MCQmedium

Your team is building a Node.js application for Google App Engine Standard Environment. The application uses a custom runtime and must run background tasks. However, you notice that background tasks are being terminated after a few seconds. What is the most likely reason?

A.The application should use Cloud Tasks instead of background threads
B.The application is not configured with max_concurrent_requests set to 1
C.You are using an automatic scaling instance class that does not support background threads
D.App Engine Standard Environment does not support background threads; use App Engine Flexible or Cloud Run instead
AnswerD

The standard environment terminates any thread not serving a request.

Why this answer

In Google App Engine Standard Environment, background threads are not supported because the runtime can terminate idle instances or scale down to zero, killing any background tasks. The correct solution is to use App Engine Flexible Environment or Cloud Run, which support long-running background processes, or to offload tasks to a service like Cloud Tasks or Cloud Pub/Sub. Option D correctly identifies this fundamental limitation of the Standard Environment.

Exam trap

The PCD exam often tests the misconception that background threads can be enabled by adjusting scaling settings or instance classes, when in reality the Standard Environment's sandbox prohibits them entirely, and the correct answer is to switch to a different compute environment.

How to eliminate wrong answers

Option A is wrong because Cloud Tasks is a service for managing task queues and retries, but it does not solve the underlying issue of background thread termination in the Standard Environment; the application still cannot run background threads locally. Option B is wrong because max_concurrent_requests is a scaling setting that controls how many requests a single instance can handle concurrently, not a setting that enables or disables background threads. Option C is wrong because automatic scaling instance classes in App Engine Standard Environment do not support background threads regardless of the class; this is a platform-level restriction, not a scaling configuration issue.

789
Multi-Selecteasy

Which TWO are benefits of using Cloud Build? (Choose two.)

Select 2 answers
A.It allows using custom build steps with community or private images
B.It offers a fully managed CI/CD platform for building, testing, and deploying
C.It only supports Java and Go runtimes
D.It requires a trigger to start any build
E.It provides a source code repository for version control
AnswersA, B

Custom build steps provide flexibility.

Why this answer

Option A is correct because Cloud Build allows you to use custom build steps with community or private container images, enabling you to run arbitrary tools and scripts as part of your build pipeline. This flexibility means you are not limited to Google-provided build steps and can integrate any software that runs in a container.

Exam trap

The PCD exam often tests the misconception that Cloud Build is a full CI/CD platform with built-in version control, but it is actually a build service that relies on external repositories for source code management.

790
MCQmedium

You are designing a CI/CD pipeline for a microservices application deployed on GKE. Your team requires that each service have independent release cycles and canary deployments. Which combination of Google Cloud services should you use?

A.Cloud Source Repositories, Cloud Build, and App Engine
B.Cloud Source Repositories, Cloud Build, and Cloud Run
C.Cloud Source Repositories, Cloud Build, and Cloud Deploy with GKE target
D.Cloud Source Repositories, Cloud Build, and Spinnaker
AnswerC

Cloud Deploy supports GKE and canary deployments.

Why this answer

Option C is correct because Cloud Deploy provides native support for canary deployments and progressive delivery strategies to GKE targets, enabling independent release cycles per microservice. Cloud Source Repositories hosts the code, Cloud Build compiles and tests it, and Cloud Deploy manages the rollout with Skaffold-based pipelines, allowing fine-grained traffic splitting and automated promotion or rollback.

Exam trap

The trap here is that candidates may confuse Cloud Run's traffic splitting with full canary deployment orchestration, or assume App Engine's flexible environment can target GKE, when in fact Cloud Deploy is the only Google Cloud service designed specifically for progressive delivery to GKE targets.

How to eliminate wrong answers

Option A is wrong because App Engine is a fully managed platform that does not support GKE as a deployment target and lacks native canary deployment capabilities for microservices with independent release cycles. Option B is wrong because Cloud Run is a serverless container platform that does not target GKE clusters, and while it supports traffic splitting, it cannot orchestrate canary deployments across multiple microservices on GKE. Option D is wrong because Spinnaker is a third-party CD tool that requires significant operational overhead to integrate with GKE, and the question asks for a combination of Google Cloud services, not a third-party solution.

791
MCQmedium

A company uses Cloud SQL for MySQL with a single zone. They need high availability with automatic failover in under 60 seconds. What configuration should they use?

A.Enable regional HA by adding a standby in a different zone
B.Configure zonal HA with a standby in the same zone
C.Use AlloyDB with cross-region replication
D.Create a read replica in a different region
AnswerA

Regional HA uses a synchronous standby in a different zone within the same region, providing automatic failover in under 60 seconds.

Why this answer

Cloud SQL HA configuration creates a primary and a standby instance in different zones within the same region, using synchronous replication. Automatic failover occurs in under 60 seconds. Zonal HA is not a valid concept, and cross-region failover is not automatic.

792
Multi-Selecthard

Which two design patterns help decouple microservices?

Select 2 answers
A.Service mesh
B.Event-driven architecture
C.Database per service
D.API gateway
E.Circuit breaker
AnswersB, D

Events allow services to communicate without direct dependencies, achieving loose coupling.

Why this answer

Event-driven architecture (B) decouples microservices by allowing them to communicate asynchronously through events, eliminating direct dependencies between services. This pattern uses a message broker (e.g., Kafka, RabbitMQ) to publish and consume events, enabling services to evolve independently without blocking each other.

Exam trap

The PCD exam often tests the distinction between patterns that manage coupling (like service mesh or circuit breaker) versus patterns that fundamentally eliminate coupling (like event-driven architecture), leading candidates to select service mesh as a decoupling solution when it actually operates within existing coupled communication.

793
MCQmedium

A company wants to migrate an on-premises Oracle database to Cloud SQL for PostgreSQL with minimal downtime. They plan to use Database Migration Service (DMS) with continuous migration. What must be configured on the source Oracle database to enable change data capture (CDC)?

A.Set the database to force logging
B.Enable archive log mode
C.Configure Oracle GoldenGate
D.Enable supplemental logging
AnswerD

Supplemental logging captures the before-and-after values of changed rows, which DMS uses for CDC.

Why this answer

Database Migration Service for Oracle to PostgreSQL requires supplemental logging at the database level to capture all changes for CDC. Without supplemental logging, DMS cannot replicate ongoing changes.

794
MCQeasy

A data engineer needs to perform complex transformations on streaming data as it moves from Cloud Pub/Sub to Cloud Bigtable. Which service should they use for this purpose?

A.Cloud Dataflow
B.Dataproc
C.Cloud Run
D.Cloud Functions
AnswerA

Dataflow supports stream processing with complex transformations using Apache Beam.

Why this answer

Dataflow (Apache Beam) is the recommended service for stream processing with complex transformations. It can read from Pub/Sub, apply transformations, and write to Bigtable. Cloud Functions are simpler and not suited for complex ETL.

795
MCQmedium

A company runs a stateful application on Compute Engine with local SSDs. They want high durability. Which approach should they use?

A.Replicate data to another zone using synchronous replication
B.Use a RAID 1 array across multiple local SSDs
C.Take regular snapshots of local SSDs
D.Use persistent disks instead of local SSDs for automatic replication
AnswerD

Persistent disks are automatically replicated within the same zone and can be configured for regional replication, offering high durability.

Why this answer

Local SSDs are ephemeral and data is lost when the VM is stopped or terminated. Persistent disks, by contrast, automatically replicate data within the same zone (or across zones if using regional persistent disks), providing high durability. Option D correctly identifies that switching to persistent disks is the appropriate approach for durability, as local SSDs lack built-in redundancy.

Exam trap

The PCD exam often tests the misconception that local SSDs can be made durable through RAID or snapshots, but the core trap is that local SSDs are inherently ephemeral and cannot be used for durable storage regardless of redundancy techniques.

How to eliminate wrong answers

Option A is wrong because synchronous replication to another zone is not natively supported by local SSDs; implementing it would require custom application-level logic and adds complexity without addressing the fundamental ephemeral nature of local SSDs. Option B is wrong because RAID 1 across multiple local SSDs only protects against a single SSD failure within the same VM, not against VM termination or zone failures, and local SSDs still lose data on VM stop/delete. Option C is wrong because snapshots of local SSDs are not supported; the gcloud compute disks snapshot command fails for local SSDs, and even if possible, snapshots are point-in-time backups, not a durability solution for ongoing writes.

796
Multi-Selecthard

A company is designing a cross-database solution with eventual consistency. They need to update data in Cloud SQL (orders) and Bigtable (inventory) as part of a single business transaction. Which two patterns can help maintain eventual consistency? (Choose two.)

Select 2 answers
A.Use two-phase commit (2PC) across both databases.
B.Implement a saga pattern with compensating transactions in case of failure.
C.Design for strong consistency by using global transactions.
D.Use idempotent receivers and retry logic to handle duplicate events.
E.Write directly to both databases in a single synchronous call.
AnswersB, D

Saga pattern coordinates distributed transactions with rollback steps.

Why this answer

Option B is correct because the saga pattern breaks a distributed transaction into a series of local transactions, each with a compensating action that can undo its effects if a subsequent step fails. This pattern is ideal for maintaining eventual consistency across Cloud SQL and Bigtable without requiring a global coordinator or locking resources. Option D is correct because idempotent receivers ensure that duplicate events (e.g., from retries or network failures) do not cause unintended side effects, and retry logic allows the system to recover from transient failures, both of which are essential for achieving eventual consistency in a cross-database solution.

Exam trap

Cisco often tests the distinction between strong consistency patterns (like 2PC and global transactions) and eventual consistency patterns (like sagas and idempotent retries), trapping candidates who assume that any transaction pattern can be adapted to eventual consistency without understanding the fundamental trade-offs.

797
MCQmedium

A company is deploying a microservices-based application on Google Kubernetes Engine (GKE). The application consists of several stateless services that experience unpredictable traffic spikes. The team wants to ensure high availability and scalability while minimizing costs. Which design should they implement?

A.Deploy a Regional GKE cluster with node auto-provisioning and a fixed number of replicas per service.
B.Use a Regional GKE cluster with preemptible VMs and static pod counts.
C.Deploy a Regional GKE cluster with cluster autoscaling and Horizontal Pod Autoscaler for each deployment.
D.Use a single-zone GKE cluster with a large fixed node pool to handle peak load.
AnswerC

Regional for high availability, cluster autoscaler for node scaling, HPA for pod scaling based on load.

Why this answer

Option C is correct because a Regional GKE cluster provides multi-zone high availability, cluster autoscaling dynamically adjusts node pool size to handle unpredictable traffic spikes, and Horizontal Pod Autoscaler (HPA) scales individual pod replicas based on CPU/memory or custom metrics. This combination ensures both scalability and cost efficiency by only provisioning resources when needed.

Exam trap

The PCD exam often tests the distinction between scaling pods (HPA) and scaling nodes (cluster autoscaler), and the trap here is that candidates may think preemptible VMs or fixed replicas are sufficient for high availability and cost optimization, ignoring the need for dynamic scaling and multi-zone redundancy.

How to eliminate wrong answers

Option A is wrong because a fixed number of replicas per service cannot adapt to unpredictable traffic spikes, leading to either over-provisioning (waste) or under-provisioning (performance degradation). Option B is wrong because preemptible VMs can be terminated at any time (up to 24 hours) and static pod counts cannot scale with demand, risking availability during spikes. Option D is wrong because a single-zone cluster creates a single point of failure, and a large fixed node pool wastes cost during low traffic periods.

798
MCQeasy

A startup is building an application that requires strong consistency and horizontal scalability across multiple regions. They need a fully managed relational database that supports both SQL queries and ACID transactions. Which database service should they choose?

A.Cloud SQL
B.Cloud Spanner
C.Firestore
D.Bigtable
AnswerB

Spanner provides global scale, strong consistency, and ACID transactions.

Why this answer

Cloud Spanner is the only fully managed relational database on GCP that offers strong consistency and horizontal scalability across regions. It supports SQL and ACID transactions. Cloud SQL is regionally limited and does not auto-scale horizontally.

799
MCQhard

A company runs a microservices architecture on Cloud Run. They want to measure the error budget for a critical service using a custom SLI based on the ratio of successful requests (HTTP 200-499) to total requests. They have set an SLO of 99.9% over a 30-day window. Which Cloud Monitoring feature should they use to track this?

A.Service Level Objectives (SLOs) with a custom SLI metric.
B.Cloud Trace spans to calculate latency-based SLIs.
C.Uptime checks with a custom status code classifier.
D.Log-based metrics to count requests and errors, then create a custom dashboard.
AnswerA

Correct: Cloud Monitoring SLOs natively support custom SLIs and error budget tracking.

Why this answer

Option A is correct because Cloud Monitoring's Service Level Objectives (SLOs) feature natively supports custom SLI metrics, allowing you to define a ratio of successful requests (HTTP 200-499) to total requests as a custom SLI. This directly enables tracking the error budget against the 99.9% SLO over a 30-day window, without needing to build external dashboards or rely on latency or uptime checks.

Exam trap

The PCD exam often tests the distinction between building a custom dashboard (Option D) versus using the native SLO feature (Option A), trapping candidates who think any custom metric setup is sufficient, when the SLO feature is specifically designed to track error budgets and alert on SLO compliance.

How to eliminate wrong answers

Option B is wrong because Cloud Trace spans calculate latency-based SLIs (e.g., request duration), not the ratio of successful HTTP status codes to total requests; it cannot directly measure error budget based on status codes. Option C is wrong because Uptime checks with a custom status code classifier only monitor external availability from specific locations, not the internal request success ratio of a microservice running on Cloud Run; they lack the granularity to count all requests and errors. Option D is wrong because while log-based metrics can count requests and errors, they require building a custom dashboard manually and do not natively provide SLO tracking or error budget calculations; Cloud Monitoring SLOs with custom SLI metrics are the intended feature for this purpose.

800
MCQeasy

An organization is migrating from on-premises Microsoft SQL Server to Cloud SQL for SQL Server. They want to use a lift-and-shift approach to minimize application changes. Which migration method is most appropriate?

A.Use Database Migration Service with continuous migration.
B.Use Cloud Dataflow to stream data from SQL Server to Cloud SQL.
C.Export the database as a .bacpac file and import it into Cloud SQL.
D.Create a dump file using SQL Server Management Studio and restore it in Cloud SQL using the gcloud command.
AnswerC

This is a straightforward lift-and-shift method that preserves the schema and data.

Why this answer

Lift-and-shift means moving the database as-is to the cloud with minimal changes. Cloud SQL for SQL Server is compatible with on-premises SQL Server. The easiest method is to export a .bacpac file from the source and import it into Cloud SQL via the console or import/export feature.

801
MCQhard

You need to migrate a large on-premises PostgreSQL database to AlloyDB with minimal downtime. The database is 2 TB. Which migration strategy should you use?

A.Use BigQuery Data Transfer Service
B.Use Database Migration Service to migrate with continuous replication
C.Export the database as SQL files and import into AlloyDB using pg_restore
D.Use gsutil to copy data files and restore
AnswerB

DMS supports ongoing replication, minimizing downtime for large databases.

Why this answer

Database Migration Service (DMS) supports continuous replication from PostgreSQL to AlloyDB, enabling minimal downtime migrations.

802
MCQmedium

An organization is migrating a MySQL database to Cloud SQL for MySQL. The source database uses the 'utf8' character set. To support emoji characters, what should they do before migration?

A.Change the character set to 'utf8mb4' on the source database before migration.
B.No change needed; 'utf8' supports emoji in Cloud SQL.
C.Use 'latin1' character set instead for better performance.
D.Enable the 'character_set_emoji' flag in Cloud SQL.
AnswerA

This ensures that emoji and other 4-byte characters are supported in Cloud SQL.

Why this answer

MySQL's 'utf8' character set does not support 4-byte Unicode characters like emojis. Cloud SQL for MySQL supports 'utf8mb4', which is the correct charset for full Unicode support.

803
MCQmedium

An application on Cloud Run needs to handle traffic spikes. Which configuration setting should be adjusted?

A.Enable HTTP/2
B.Set min and max instances
C.Increase CPU allocation
D.Increase memory
AnswerB

Min instances pre-warm containers, max instances limit scaling; both control how many instances can serve traffic.

Why this answer

Cloud Run automatically scales the number of container instances based on incoming traffic. By setting min and max instances, you control the scaling range: a minimum ensures a baseline of warm instances to absorb sudden spikes, while a maximum caps costs and prevents resource exhaustion. This is the primary lever for handling traffic spikes in a serverless environment.

Exam trap

The PCD exam often tests the misconception that increasing per-instance resources (CPU/memory) or enabling performance features (HTTP/2) is the solution for handling traffic spikes, when the correct answer is always about scaling the number of instances via min/max instance settings.

How to eliminate wrong answers

Option A is wrong because enabling HTTP/2 improves connection multiplexing and reduces latency but does not directly affect the ability to handle traffic spikes; scaling is controlled by instance count, not protocol version. Option C is wrong because increasing CPU allocation per instance can improve request processing speed but does not increase the number of concurrent requests the service can handle; without adjusting instance count, a single instance remains a bottleneck. Option D is wrong because increasing memory per instance allows larger payloads or more in-memory caching but does not increase the number of concurrent requests; scaling out (more instances) is required for traffic spikes.

804
MCQhard

A company runs a microservices application on Cloud Run. One service, `order-processor`, is invoked asynchronously via a Cloud Tasks queue. The Cloud Tasks queue is configured with an HTTP target pointing to the `order-processor` service URL. The service requires authentication (no unauthenticated invocations). The service account used by Cloud Tasks to invoke the service is `cloud-tasks-system@project.iam.gserviceaccount.com`. After deploying a new revision of `order-processor` using Cloud Build and Cloud Deploy, the team notices that tasks are failing with a 403 status. The Cloud Run service logs show the requests are reaching the service but returning 403. The previous revision worked fine. What is the most likely cause?

A.The IAM policy binding granting the Cloud Tasks service account the Cloud Run Invoker role was removed during the deployment.
B.The new revision has a bug causing a permission denied error when processing tasks.
C.The Cloud Tasks queue needs to be configured with an OIDC token and audience for the new revision.
D.The Cloud Tasks queue's HTTP target URL needs to be updated to point to the new revision's specific URL.
AnswerA

If the deployment pipeline modifies IAM policies, the binding for the Cloud Tasks service account may have been removed, causing 403 errors.

Why this answer

Option B is correct. When Cloud Run requires authentication, the invoker's service account must be granted the roles/run.invoker role on the Cloud Run service. Although the IAM policy is set on the service, deploying a new revision with Cloud Build and Cloud Deploy may use a different service account or the IAM bindings might be overwritten if the deployment pipeline includes IAM policy updates.

In this scenario, the IAM binding for the Cloud Tasks service account was likely removed or not applied to the new revision, causing the 403 error. Option A is incorrect because the Cloud Tasks queue configuration does not change with revisions; the URL remains the same. Option C is incorrect because the OIDC token is configured on the queue and is independent of the revision.

Option D is incorrect because a permission denied error inside the service would result in a 500 or 503, not 403, and the logs show requests are reaching the service.

805
MCQmedium

A company uses Cloud Build to build multiple microservices. They want to reuse a set of build steps across all services. What is the most maintainable approach?

A.Copy the steps into each service's cloudbuild.yaml
B.Use Cloud Build substitutions
C.Create a custom builder image with the steps
D.Use Cloud Build triggers with a common config file
AnswerB

Substitutions allow you to define a single build configuration with variables that change per service, promoting reuse.

Why this answer

Cloud Build substitutions allow you to define reusable variables in a central configuration, enabling you to parameterize build steps across multiple microservices without duplicating code. By referencing substitution variables (e.g., $_SERVICE_NAME) in a single cloudbuild.yaml, you can maintain one source of truth for common steps, making updates easier and reducing errors. This approach is more maintainable than copying steps because changes propagate automatically to all services.

Exam trap

The PCD exam often tests the misconception that a custom builder image is the best way to reuse build steps, but the trap is that a custom builder only encapsulates the runtime environment, not the step definitions themselves, whereas substitutions allow you to reuse the exact same step definitions across services with different parameters.

How to eliminate wrong answers

Option A is wrong because copying steps into each service's cloudbuild.yaml violates the DRY principle and creates maintenance overhead—any change must be manually replicated across all services, increasing the risk of inconsistencies. Option C is wrong because creating a custom builder image encapsulates the build tools but does not directly reuse the build step definitions; you would still need to invoke the builder in each service's config, and updating the steps requires rebuilding and redeploying the image, which is less flexible than using substitutions. Option D is wrong because Cloud Build triggers with a common config file still require each trigger to reference that file, but the config file itself cannot be dynamically parameterized per service without substitutions; triggers alone do not solve the reuse of steps across different services with varying parameters.

806
MCQmedium

A company is migrating a PostgreSQL application to Cloud SQL. They require automatic failover in under 60 seconds if the primary instance fails, and they want to minimize write latency. Which configuration should they choose?

A.Create a zonal Cloud SQL instance and set up a read replica in a different zone.
B.Create a Cloud SQL for PostgreSQL instance with high availability (HA) configuration.
C.Create a Cloud SQL for PostgreSQL instance with cross-region replication.
D.Configure a Cloud Spanner regional instance with multi-zone nodes.
AnswerB

HA uses a synchronous standby in a different zone, providing automatic failover in under 60 seconds with no data loss.

Why this answer

Cloud SQL HA uses a synchronous standby in a different zone within the same region, providing automatic failover in under 60 seconds and no data loss. Cross-region replicas are asynchronous and do not meet the failover time requirement. Zonal instances lack HA.

Regional clusters are for Spanner.

807
MCQhard

A company uses Cloud Spanner with an instance configured with 1000 processing units. They notice that high-priority CPU utilization consistently exceeds 65% during peak hours, causing increased latency. They want to auto-scale based on this metric. Which scaling configuration should they use?

A.Use autoscaling with a minimum of 1000 processing units, a maximum of 2000 processing units, and a target CPU utilization of 65%
B.Use autoscaling with a minimum of 1000 processing units, a maximum of 2000 processing units, and a target high-priority CPU utilization of 65%
C.Use autoscaling with a minimum of 1 node, a maximum of 2 nodes, and a target CPU utilization of 65%
D.Manually increase processing units to 2000
AnswerB

This configuration allows the instance to scale up from 1000 to 2000 processing units when high-priority CPU exceeds the target.

Why this answer

Cloud Spanner autoscaling uses processing units (not nodes) and allows setting a target for high-priority CPU utilization. Setting a minimum of 1000 processing units ensures a baseline, and a maximum of 2000 allows scaling up. The target high-priority CPU utilization (e.g., 65%) triggers scaling.

Node-based options are not used with processing units.

808
MCQeasy

Which of the following is NOT a valid use case for Cloud Bigtable?

A.Serving as a transaction processing database for an e-commerce website
B.Analyzing ad-tech clickstream data
C.Storing time-series data from IoT sensors
D.Powering a financial market data feed with millisecond latency
AnswerA

Bigtable is not designed for transaction processing; it lacks ACID transactions and secondary indexes for complex queries.

Why this answer

Cloud Bigtable is a NoSQL, wide-column database optimized for high-throughput, low-latency analytical and operational workloads, but it does not support multi-row transactions or ACID guarantees. Therefore, it is not suitable as a transaction processing database for an e-commerce website, which requires strong consistency and transactional integrity for order management and inventory updates.

Exam trap

Cisco often tests the misconception that any high-performance database can serve as a transaction processing system, but the trap here is that Bigtable's lack of ACID transactions and multi-row atomicity disqualifies it from e-commerce use cases, even though it excels at high-throughput, low-latency analytical workloads.

How to eliminate wrong answers

Option B is wrong because analyzing ad-tech clickstream data is a valid use case for Bigtable, as it excels at ingesting and querying high-volume, low-latency streaming data with simple key-based access patterns. Option C is wrong because storing time-series data from IoT sensors is a core strength of Bigtable, leveraging its high write throughput and efficient row-key design for timestamp-based queries. Option D is wrong because powering a financial market data feed with millisecond latency is a classic Bigtable use case, given its ability to serve real-time data with consistent sub-10ms latency for point lookups.

809
Multi-Selecteasy

Which three of the following are managed database services offered by Google Cloud that support SQL or SQL-like query languages? (Choose 3)

Select 3 answers
A.AlloyDB
B.Memorystore
C.Cloud SQL
D.Cloud Spanner
E.Cloud Bigtable
AnswersA, C, D

AlloyDB is PostgreSQL-compatible and supports SQL.

Why this answer

Cloud SQL, Cloud Spanner, and AlloyDB all support SQL. Bigtable uses HBase API, not SQL. Memorystore is a cache, not a database with SQL.

810
MCQeasy

A developer wants to view real-time latency metrics for their App Engine application. Where can they find this data?

A.Cloud Monitoring - Metrics Explorer
B.Cloud Profiler
C.Cloud Logging
D.Cloud Trace
AnswerA

Metrics Explorer allows you to view and query real-time metrics.

Why this answer

Cloud Monitoring's Metrics Explorer allows you to view real-time latency metrics for App Engine by querying the `appengine.googleapis.com/http/server/response_latencies` metric. This provides a time-series view of request latency distributions, enabling immediate observation of performance changes as they occur.

Exam trap

The trap here is that candidates confuse Cloud Trace's tracing capabilities with real-time metric monitoring, assuming that because Trace shows latency data per request, it provides the same aggregated real-time view as Metrics Explorer.

How to eliminate wrong answers

Option B is wrong because Cloud Profiler is designed for continuous profiling of CPU and memory usage to identify performance bottlenecks in code, not for viewing real-time latency metrics. Option C is wrong because Cloud Logging captures and stores log entries, not metrics; while logs can contain latency data, they are not optimized for real-time metric visualization. Option D is wrong because Cloud Trace is a distributed tracing system that analyzes end-to-end request latency but focuses on trace data and latency breakdowns per service, not real-time aggregated latency metrics in a dashboard view.

811
MCQhard

During a MySQL 5.7 to Cloud SQL for MySQL 8.0 migration, the team notices that some queries that worked before are now failing with 'ERROR 1055 (42000): Expression #1 of SELECT list is not in GROUP BY clause'. What is the cause and solution?

A.The error is due to the removal of the GROUP BY implicit grouping in MySQL 8.0. Upgrade the application to include all non-aggregated columns in GROUP BY.
B.The GROUP BY behavior change is due to the new caching SHA-2 password plugin. Disable it.
C.The queries are using JSON functions that are incompatible with MySQL 8.0. Rewrite them.
D.The default SQL mode in MySQL 8.0 includes ONLY_FULL_GROUP_BY, which was not enabled in 5.7. Set sql_mode to exclude ONLY_FULL_GROUP_BY in Cloud SQL.
AnswerA

MySQL 8.0 enforces ONLY_FULL_GROUP_BY by default; queries must be fixed to include all non-aggregated columns.

Why this answer

MySQL 8.0 defaults to strict SQL mode, which changes GROUP BY behavior. MySQL 5.7 may have had sql_mode with ONLY_FULL_GROUP_BY disabled. The solution is to either enable ONLY_FULL_GROUP_BY in the source or adjust queries to comply, or set the sql_mode in Cloud SQL to include ONLY_FULL_GROUP_BY if not already set, and fix the queries.

812
Multi-Selectmedium

A company is designing a polyglot persistence architecture for an e-commerce platform. They need to store product catalog (relational), session data (low-latency key-value), and analytics data (large-scale SQL queries). Which TWO Google Cloud databases should they use? (Choose two.)

Select 2 answers
A.BigQuery
B.Memorystore
C.Firestore
D.Cloud Spanner
E.Cloud SQL
AnswersB, E

For low-latency key-value session data.

Why this answer

Memorystore is correct because it provides a managed in-memory data store (Redis or Memcached) that delivers sub-millisecond latency for session data, which is a key-value workload requiring fast reads and writes. This directly satisfies the low-latency key-value requirement for session management in the polyglot persistence architecture.

Exam trap

Cisco often tests the distinction between 'low-latency key-value' and 'relational' requirements, leading candidates to incorrectly choose Cloud Spanner for session data because it is a database, or Firestore because it is a key-value store, without recognizing that Memorystore is the only option purpose-built for in-memory, sub-millisecond key-value access.

813
MCQeasy

Which service provides serverless change data capture (CDC) from MySQL and PostgreSQL to BigQuery or Cloud Storage without writing code?

A.BigQuery Data Transfer Service
B.Cloud Functions
C.Datastream
D.Dataflow
AnswerC

Datastream is purpose-built for serverless CDC.

Why this answer

Datastream is a serverless CDC service that can stream changes to BigQuery, Cloud Storage, or Pub/Sub.

814
MCQeasy

A developer wants to automatically capture CPU and memory profiles from a production application running on Compute Engine to identify performance bottlenecks. Which Google Cloud tool should they use?

A.Cloud Logging
B.Cloud Monitoring
C.Cloud Trace
D.Cloud Profiler
AnswerD

Captures CPU and memory profiles for analysis.

Why this answer

Cloud Profiler is the correct tool because it continuously gathers CPU and memory usage data from production applications with minimal overhead, using statistical sampling to identify which functions or methods consume the most resources. This allows developers to pinpoint performance bottlenecks without adding significant latency or requiring code changes.

Exam trap

The trap here is that candidates confuse Cloud Profiler with Cloud Monitoring or Cloud Trace, mistakenly thinking that metrics or tracing alone can identify CPU/memory bottlenecks, but only Profiler provides code-level profiling data.

How to eliminate wrong answers

Option A is wrong because Cloud Logging is designed for collecting and storing log data (e.g., application logs, error messages), not for capturing CPU and memory profiles. Option B is wrong because Cloud Monitoring focuses on metrics, uptime checks, and alerting for infrastructure and services, not on profiling application code execution. Option C is wrong because Cloud Trace is used for latency analysis of request-driven applications (distributed tracing), not for CPU or memory profiling of code paths.

815
Multi-Selecthard

A team is migrating a Teradata data warehouse to BigQuery. They need to assess the migration complexity. Which TWO factors are most critical in determining the level of effort for SQL translation?

Select 2 answers
A.Volume of BTEQ scripts and stored procedures that must be rewritten.
B.Use of Teradata-specific features like QUALIFY, MACROS, and SET tables.
C.Number of users and concurrent queries.
D.Number of tables and rows in the database.
E.Availability of network bandwidth between on-premises and GCP.
AnswersA, B

BTEQ scripts and stored procedures require manual conversion, which drives effort.

Why this answer

Teradata uses BTEQ scripts and has specific SQL syntax (e.g., QUALIFY, MACROS). The two critical factors are: 1) The volume of BTEQ scripts and stored procedures that need conversion. 2) The use of Teradata-specific functions and query constructs (like QUALIFY, MACROS, SET tables) that have no direct BigQuery equivalent.

816
MCQeasy

A company is designing a global e-commerce application that needs low-latency access for users worldwide. The application serves static content (images, CSS) and dynamic API responses. Which Google Cloud service should they use to cache both types of content at the edge?

A.Cloud Armor
B.Cloud CDN
C.Cloud Storage
D.HTTP(S) Load Balancing
AnswerB

Cloud CDN uses Google's global edge network to cache both static and dynamic content, reducing latency for users worldwide.

Why this answer

Cloud CDN is the correct choice because it uses Google's global edge cache to deliver both static content (e.g., images, CSS) and dynamic API responses (via cacheable dynamic content or cache-fill from origin). It integrates with HTTP(S) Load Balancing to cache responses at edge locations, reducing latency for users worldwide.

Exam trap

The PCD exam often tests the misconception that HTTP(S) Load Balancing alone provides caching, but it only distributes traffic; Cloud CDN is the explicit caching layer required for edge content delivery.

How to eliminate wrong answers

Option A is wrong because Cloud Armor is a web application firewall (WAF) and DDoS protection service, not a content cache; it filters traffic but does not store or serve cached content at the edge. Option C is wrong because Cloud Storage is an object storage service that can serve static content but lacks built-in edge caching for dynamic API responses; it would require an additional CDN layer to cache both types globally. Option D is wrong because HTTP(S) Load Balancing distributes traffic across backends but does not cache content itself; it is the traffic director, not the cache, and must be paired with Cloud CDN to provide edge caching.

817
Multi-Selecteasy

A data engineering team wants to implement version-controlled schema migrations for their PostgreSQL database on Cloud SQL. They need to integrate with their CI/CD pipeline. Which TWO tools should they consider? (Choose 2 options.)

Select 2 answers
A.Cloud Build
B.Liquibase
C.Dataform
D.Flyway
E.Terraform
AnswersB, D

Liquibase supports version-controlled schema migrations with rollback and CI/CD integration.

Why this answer

Liquibase and Flyway are the two most popular database schema migration tools that support versioning, rollback, and CI/CD integration. Dataform is for data transformation in BigQuery, not schema migration. Cloud Build is a CI/CD service but not a schema migration tool.

Terraform is for infrastructure provisioning, not schema migration.

818
MCQhard

A company uses Cloud Spanner for a globally distributed application. They need to capture all data changes from a critical Spanner table and stream them to Pub/Sub in real-time for downstream processing. Which approach meets this requirement?

A.Enable Spanner change streams on the table, then create a Pub/Sub subscription to consume changes directly.
B.Configure Spanner to export change logs to GCS and set up a Cloud Function to publish them to Pub/Sub.
C.Use Spanner change streams with a Dataflow pipeline that reads the change stream and publishes each change to a Pub/Sub topic.
D.Use Spanner commit timestamps and Cloud Scheduler to periodically query recent changes and publish to Pub/Sub.
AnswerC

This is the recommended pattern: Spanner change streams -> Dataflow -> Pub/Sub for real-time downstream consumption.

819
MCQeasy

A mobile app needs to synchronize user data across devices with offline support. The data is structured as documents with hierarchical relationships. Which Google Cloud database is best suited for this use case?

A.Cloud Bigtable
B.Cloud SQL
C.Firestore
D.Memorystore
AnswerC

Firestore offers offline support, real-time sync, and a document model.

Why this answer

Firestore provides offline persistence, real-time sync, and document data model, making it ideal for mobile apps. Cloud SQL does not offer offline sync, Bigtable is not document-oriented, and Memorystore is a cache.

820
Multi-Selectmedium

A team wants to monitor a web application's uptime from multiple locations. Which THREE Google Cloud monitoring features should they use?

Select 3 answers
A.Log-based metrics
B.Uptime checks
C.Error Reporting
D.Dashboards
E.Alerting policies
AnswersB, D, E

Uptime checks verify availability from multiple locations.

Why this answer

Uptime checks are the correct service for monitoring web application availability from multiple locations. They allow you to configure HTTP, HTTPS, or TCP checks from Google Cloud's global vantage points, verifying that the application responds correctly and within specified timeouts. This directly addresses the requirement to monitor uptime from multiple geographic locations.

Exam trap

The PCD exam often tests the distinction between reactive monitoring (Error Reporting, log-based metrics) and proactive monitoring (Uptime checks), leading candidates to select log-based metrics or Error Reporting because they associate 'monitoring' with logs and errors rather than active probing.

821
Matchingmedium

Match each Firebase feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

NoSQL document database with real-time sync

Backend service for user sign-in

Send push notifications across platforms

Change app behavior without publishing updates

Measure app performance from the user's perspective

Why these pairings

Firebase provides backend services for mobile and web apps.

822
MCQmedium

You deployed a microservice on Cloud Run. Users report intermittent 503 errors. The service uses Cloud SQL with connection pooling. What is the most likely cause?

A.The service is not using a VPC connector for Cloud SQL access.
B.The connection pool is drained due to CPU throttling on Cloud Run.
C.The Cloud SQL auth proxy is not configured.
D.The Cloud Run service name is not resolvable via Cloud DNS.
AnswerB

When no requests, CPU is throttled, causing idle connections to be dropped by the database.

Why this answer

When Cloud Run CPU throttling occurs (e.g., during cold starts or when the instance is processing requests beyond its allocated CPU), the connection pool can become drained because existing connections are held open while new requests cannot be processed. This leads to intermittent 503 errors as the service cannot establish new database connections or respond to incoming requests in time. Connection pooling does not protect against CPU throttling; it only manages database connections efficiently.

Exam trap

The PCD exam often tests the misconception that 503 errors from Cloud Run are always due to database connectivity issues (like missing auth proxy or VPC), when in fact CPU throttling and connection pool exhaustion are the primary causes in serverless environments.

How to eliminate wrong answers

Option A is wrong because a VPC connector is not required for Cloud SQL access when using the Cloud SQL proxy or private IP; 503 errors are not typically caused by missing VPC connectors. Option C is wrong because the Cloud SQL auth proxy is a recommended method for secure access but its absence would cause persistent connection failures, not intermittent 503 errors. Option D is wrong because Cloud Run service names are resolved internally by Google Cloud's DNS and are not related to Cloud SQL connectivity or 503 errors.

823
Multi-Selectmedium

An engineer is designing a disaster recovery strategy for a Cloud SQL for SQL Server instance. They need to be able to fail over to a different region with minimal data loss. Which TWO actions should they take? (Choose two.)

Select 2 answers
A.Create a cross-region read replica.
B.Configure point-in-time recovery (PITR) with a backup window.
C.Export the database daily to Cloud Storage.
D.Use an external replica in another region.
E.Enable high availability (regional) on the primary instance.
AnswersA, B

A cross-region replica can be promoted to primary in another region, providing DR.

Why this answer

Cross-region replicas provide asynchronous replication to another region, allowing promotion for DR. Point-in-time recovery can be used to restore to the latest state before a disaster, minimizing data loss. HA is zone-level, not cross-region.

Export/import is not real-time. Backup is point-in-time but not continuous replication.

824
Multi-Selecthard

Which TWO statements about deploying applications on Google Kubernetes Engine (GKE) are correct?

Select 2 answers
A.HorizontalPodAutoscaler can use custom metrics from Cloud Monitoring.
B.Kubernetes Secrets are encrypted at rest by default.
C.A zonal GKE cluster automatically uses regional persistent disks for high availability.
D.PodDisruptionBudget can be used to ensure a minimum number of pods are available during node repair.
E.To expose a Deployment externally, you must create an Ingress resource.
AnswersA, D

HPA supports custom metrics via the custom.metrics.k8s.io API.

Why this answer

HorizontalPodAutoscaler (HPA) in GKE can scale pods based on custom metrics from Cloud Monitoring (formerly Stackdriver). This is achieved by using the custom.metrics.k8s.io API, which allows HPA to query metrics like custom application latency or queue depth, not just default CPU/memory. This enables fine-grained, application-specific autoscaling.

Exam trap

The PCD exam often tests the misconception that Secrets are encrypted by default, but the trap here is that base64 encoding is not encryption, and candidates overlook the need for explicit encryption configuration.

825
MCQhard

Your company runs a multi-tier application on GKE. The frontend is a Deployment with 5 replicas, backend is a StatefulSet with 3 replicas, and a database runs on Cloud SQL. Recently, after a cluster upgrade, the frontend pods are failing with 'Connection refused' errors when trying to reach the backend service. The backend pods are running and healthy. You have verified that the Service and Endpoints objects exist. The backend service is of type ClusterIP on port 8080, and the frontend uses the service name 'backend-svc'. The frontend pods are in a different namespace 'frontend-ns', while the backend is in 'backend-ns'. What is the most likely cause of the error?

A.The backend Service is not exposed via an Ingress, so it is not reachable from other namespaces.
B.The StatefulSet pods are not part of the backend Service's selector.
C.A NetworkPolicy is blocking traffic between the namespaces.
D.The frontend pods are not using the correct DNS name that includes the namespace.
AnswerD

Cross-namespace access requires the full DNS name.

Why this answer

Option C is correct because the frontend is in a different namespace and not using the fully qualified DNS name (backend-svc.backend-ns.svc.cluster.local) or the namespace is not properly configured for DNS resolution. Option A is wrong because the service type ClusterIP does not require a firewall rule. Option B is wrong because the StatefulSet is backed by a Service that provides DNS.

Option D is wrong because network policy would cause timeout not connection refused.

Page 10

Page 11 of 14

Page 12
Google Professional Cloud Developer PCD Questions 751–825 | Page 11/14 | Courseiva