Google Professional Cloud Developer (PCD) — Questions 601675

980 questions total · 14pages · All types, answers revealed

Page 8

Page 9 of 14

Page 10
601
MCQmedium

A company uses Cloud Build for CI/CD. They need to deploy a containerized app to Cloud Run automatically on every push to the main branch. Which Cloud Build configuration step is necessary?

A.Add a step to build the container with Dockerfile.
B.Add a step to run 'gcloud run deploy' command.
C.Add a step to push the image to Artifact Registry only.
D.Add a step to run unit tests.
AnswerB

This step performs the deployment to Cloud Run.

Why this answer

Option B is correct because Cloud Build requires an explicit step to run the `gcloud run deploy` command in order to trigger a deployment to Cloud Run. While Cloud Build can build and push images, it does not automatically deploy to Cloud Run unless a deploy step is included in the build configuration. This step uses the built image (from Artifact Registry) and deploys it as a new revision to the specified Cloud Run service.

Exam trap

The PCD exam often tests the misconception that pushing an image to a registry automatically triggers a deployment, but in Cloud Build, each deployment must be explicitly commanded via a deploy step like `gcloud run deploy`.

How to eliminate wrong answers

Option A is wrong because building the container with a Dockerfile is necessary for creating the image, but it is not the step that deploys the app to Cloud Run; deployment requires an explicit deploy command. Option C is wrong because pushing the image to Artifact Registry only stores the image; it does not trigger a deployment to Cloud Run, which requires a separate deploy step. Option D is wrong because running unit tests is a quality assurance step that is optional and does not directly cause a deployment to Cloud Run.

602
MCQhard

A DevOps team is designing a CI/CD pipeline for a microservices application deployed on Google Kubernetes Engine (GKE). They want to automatically build and deploy each service when a new tag is pushed to its repository. They also need to run integration tests against a staging environment before promoting to production. Which service should they use to orchestrate the pipeline?

A.Deployment Manager with a template
B.Cloud Deploy with a delivery pipeline
C.Cloud Build with a build trigger on tag push
D.Cloud Run with continuous deployment
AnswerC

Cloud Build can be triggered by a tag push, build the container, and deploy to GKE. It also supports running tests.

Why this answer

Cloud Build with a build trigger on tag push is the correct choice because it natively supports event-driven pipelines triggered by Git tags, enabling automatic build and deployment of each microservice. Combined with Cloud Build's ability to run integration tests in a staging environment and then promote to production, it provides a complete CI/CD solution for GKE without additional orchestration services.

Exam trap

Google Cloud often tests the distinction between CI/CD orchestration (Cloud Build) and delivery/rollout management (Cloud Deploy), leading candidates to choose Cloud Deploy because it sounds like a pipeline orchestrator, but it requires an external CI trigger to start the process.

How to eliminate wrong answers

Option A is wrong because Deployment Manager is an infrastructure-as-code tool for provisioning GCP resources, not a CI/CD pipeline orchestrator; it cannot trigger builds or deployments based on Git tag pushes. Option B is wrong because Cloud Deploy is a continuous delivery service that manages rollout strategies (e.g., canary, blue/green) but relies on an external CI system like Cloud Build to trigger the pipeline; it does not natively handle build triggers on tag push. Option D is wrong because Cloud Run with continuous deployment is designed for serverless container deployments, not for orchestrating multi-service CI/CD pipelines on GKE, and it lacks native support for tag-based triggers and staging-to-production promotion workflows.

603
MCQmedium

A company wants to use BigQuery to query data stored in AWS S3 without copying it to Google Cloud. Which Google Cloud feature should they use?

A.Cloud Datastream
B.Cloud Storage FUSE
C.BigQuery Omni
D.BigQuery transfers
AnswerC

BigQuery Omni allows querying data directly in AWS S3 and Azure Blob.

Why this answer

BigQuery Omni enables querying data in S3 and Azure Blob Storage using a multi-cloud analytics approach.

604
MCQmedium

A developer runs the command shown in the exhibit. They need to ensure that the application running on instance-3 can be restored quickly if it fails. What should they do?

A.Add instance-3 to an unmanaged instance group.
B.Configure Cloud DNS with a health check pointing to instance-3.
C.Create a managed instance group using an instance template based on instance-3's boot disk.
D.Take a snapshot of instance-3's disk and use it to create a new instance manually.
AnswerC

Managed instance groups automatically recreate failed instances.

Why this answer

Option C is correct because a managed instance group (MIG) with an instance template based on instance-3's boot disk provides automated health checking, auto-healing, and managed instance replacement. If instance-3 fails, the MIG automatically recreates it from the template, ensuring rapid restoration without manual intervention. This aligns with the goal of designing highly available and reliable applications on Google Cloud.

Exam trap

The PCD exam often tests the distinction between health-check-based traffic routing (Cloud DNS) and health-check-based instance recovery (MIG auto-healing), leading candidates to confuse DNS failover with automated instance restoration.

How to eliminate wrong answers

Option A is wrong because an unmanaged instance group does not provide auto-healing or automated instance replacement; it is a static collection of instances that must be managed manually, so it cannot restore instance-3 quickly on failure. Option B is wrong because Cloud DNS with a health check only routes traffic away from an unhealthy instance but does not recreate or restore the instance itself; it is a traffic management solution, not a recovery mechanism. Option D is wrong because taking a snapshot and manually creating a new instance is a manual, slow process that does not meet the requirement for rapid, automated restoration; it lacks the automation and health-based recovery of a managed instance group.

605
Multi-Selectmedium

A company is migrating a 500 GB MySQL database to Cloud SQL for MySQL 8.0. They want to test the migration with minimal risk before the final cutover. Which TWO testing approaches should they use?

Select 2 answers
A.Set up shadow writes to dual-write to both source and target databases.
B.Perform load testing using synthetic data only.
C.Run comparison queries on a snapshot of data from both databases.
D.Use Database Migration Service to migrate only the schema first.
E.Create a rollback plan before starting migration.
AnswersA, C

Shadow writes allow real-time testing by writing to both databases and comparing results.

Why this answer

Shadow writes allow testing by writing to both old and new DBs. Comparison queries validate data integrity. Load testing and rollback plan are also important but not testing approaches per se.

606
MCQeasy

A company is deploying a static website on Cloud Storage with a custom domain. They want to serve the website over HTTPS. They have created a bucket with the same name as the domain and uploaded the files. They have verified the domain ownership in Search Console and added the bucket as a CNAME record in their DNS. Users report that when they navigate to the domain, they get a 404 error. The company has verified that the bucket's main page suffix is set to index.html. The team is confident the files are uploaded correctly. They need to resolve the 404 error and serve the site over HTTPS. What should they do?

A.Create a Cloud Load Balancer with the bucket as backend and update DNS.
B.Add a DNS A record pointing to the load balancer IP instead of a CNAME.
C.Enable Cloud CDN on the bucket.
D.Set the bucket's default object ACL to public read.
AnswerA

A Cloud Load Balancer provides SSL termination and a static IP for custom domains.

Why this answer

Option C is correct because to serve a static website on Cloud Storage with a custom domain and HTTPS, you must use a Cloud Load Balancer (HTTP(S) LB) with the bucket as the backend, and then point your DNS to the load balancer's IP address. Option A is incorrect because you cannot point an A record directly to a bucket; Cloud Storage does not provide a static IP. Option B is incorrect because Cloud CDN improves performance but does not enable HTTPS for a custom domain.

Option D is incorrect because setting public ACLs is not sufficient for HTTPS; you still need a load balancer for SSL termination.

607
MCQhard

You are configuring a Cloud SQL for PostgreSQL instance for high availability. The instance must have automatic failover in under 60 seconds and avoid any data loss. Which configuration meets these requirements?

A.Create a regional HA configuration with synchronous replication
B.Use Cloud Spanner instead
C.Create a zonal HA configuration with asynchronous replication
D.Add a cross-region read replica and promote it on failure
AnswerA

Regional HA uses synchronous replication and provides fast failover.

Why this answer

Regional HA configures a primary and a standby in different zones within the same region, using synchronous replication to ensure no data loss and failover in under 60 seconds.

608
MCQmedium

You are configuring a Cloud Monitoring alerting policy for a Cloud Run service. The service has a maximum of 10 concurrent requests per instance. You want to be alerted when the average number of concurrent requests per instance exceeds 8 for at least 1 minute. Which metric and condition type should you use?

A.Metric: run.googleapis.com/request_count, Condition type: Metric Threshold, Threshold: >8
B.Metric: run.googleapis.com/request_count, Condition type: Metric Absence, Duration: 1 min
C.Metric: resource/container/cpu/utilization, Condition type: Metric Threshold, Threshold: >80%
D.Metric: run.googleapis.com/request_count, Condition type: Change Rate, Threshold: >0.5
AnswerA

This metric measures active requests; threshold condition works for sustained high concurrency.

Why this answer

Option A is correct because the `run.googleapis.com/request_count` metric tracks the number of concurrent requests per instance, which directly matches the requirement. A Metric Threshold condition with a threshold of >8 triggers an alert when the average exceeds 8 for at least 1 minute, aligning with the specified criteria.

Exam trap

The PCD exam often tests the distinction between metric types and condition types, where candidates confuse Metric Threshold (for sustained high values) with Change Rate (for sudden spikes) or Metric Absence (for missing data), leading to incorrect selections.

How to eliminate wrong answers

Option B is wrong because Metric Absence triggers when data is missing, not when a value exceeds a threshold; it would alert if the metric stops reporting, not when concurrent requests are high. Option C is wrong because `resource/container/cpu/utilization` measures CPU usage, not concurrent requests, and the threshold of 80% is unrelated to the request count. Option D is wrong because Change Rate detects sudden increases or decreases in the metric value, not a sustained high level; it would alert on a spike of >0.5 requests per minute, not when the average exceeds 8.

609
Multi-Selecteasy

A company is designing a globally distributed application using Cloud Spanner. The application requires strong consistency and the ability to handle high read/write throughput. The team is concerned about inter-continental latency. Which two design choices would optimize performance while maintaining strong consistency? (Choose two.)

Select 2 answers
A.Enable leader-optimized routing to direct reads to the nearest leader region.
B.Use read-only replicas in each continent to serve reads locally.
C.Place a multi-region Spanner instance in geographic locations close to users.
D.Implement client-side caching with a short TTL for frequently accessed data.
E.Increase the number of nodes in the Spanner instance to improve throughput.
AnswersA, C

Leader-optimized routing reduces read latency while maintaining strong consistency.

Why this answer

A is correct because leader-optimized routing directs read requests to the nearest region that contains the leader replica for the requested data, reducing inter-continental latency while still reading from the leader to ensure strong consistency. C is correct because placing a multi-region Spanner instance in geographic locations close to users minimizes network round-trip time, and Spanner's synchronous replication across regions maintains strong consistency even with high read/write throughput.

Exam trap

The PCD exam often tests the misconception that read-only replicas or caching can provide strong consistency, but in Spanner, only leader replicas guarantee strong consistency, and any form of caching or stale replica reads breaks that guarantee.

610
Multi-Selectmedium

A company uses Cloud Bigtable for a time-series application. They need to create a backup that can be restored to a different cluster in a different region for disaster recovery. Which THREE statements about Bigtable backups are correct?

Select 3 answers
A.The target cluster for restore must exist before the restore operation.
B.Backups can be used to migrate data across projects.
C.Backups are performed at the cluster level and include all tables in the cluster.
D.A backup can be restored to a different cluster in a different region.
E.Backups are incremental, capturing only changes since the last backup.
AnswersA, C, D

You must create the target cluster before initiating a restore.

Why this answer

Option A is correct because when restoring a Cloud Bigtable backup, the target cluster must already exist in the specified region. The restore operation does not create a new cluster; it populates an existing cluster with the backed-up data. This ensures the cluster's configuration (e.g., node count, storage type) is predefined and meets the recovery requirements.

Exam trap

Cisco often tests the misconception that Bigtable backups are incremental or can be used across projects, when in fact they are full snapshots restricted to the same project.

611
Multi-Selecthard

A company runs a global e-commerce site on Cloud Spanner. They notice that some queries on the Orders table by customer_id are slow because customer_id is not part of the primary key (order_id). They want to avoid full table scans. Which TWO actions will improve query performance? (Choose two)

Select 2 answers
A.Create a secondary index on customer_id
B.Increase the number of nodes to improve scan speed
C.Re-create the table with customer_id as the first part of the primary key
D.Use interleaved tables to store customer data with orders
E.Use the STORING clause to include frequently accessed columns in the index
AnswersA, E

A secondary index allows fast lookup by customer_id.

Why this answer

A secondary index on customer_id will speed up queries. The STORING clause can include additional columns to avoid index joins. A global index is needed because customer_id is not in the primary key.

Interleaving would require a specific parent-child relationship.

612
MCQmedium

A company is migrating a legacy monolithic application to Google Cloud. They want to minimize code changes and operational overhead while improving scalability. The application currently uses a relational database and stores user-uploaded images on a local filesystem. Which combination of Google Cloud services should they use?

A.Cloud Spanner for the database and Cloud Storage for images
B.Cloud Firestore for the database and Cloud Storage with Cloud CDN for images
C.Cloud SQL for the database and Cloud Storage with Cloud CDN for images
D.Compute Engine with attached SSD persistent disks for both database and images
AnswerC

Cloud SQL provides a managed relational database with minimal changes, and Cloud Storage with CDN serves images efficiently at scale.

Why this answer

Option C is correct because Cloud SQL provides a fully managed relational database that requires minimal code changes when migrating from an existing relational database, while Cloud Storage with Cloud CDN handles user-uploaded images with scalable object storage and low-latency content delivery. This combination minimizes operational overhead by eliminating the need to manage database servers or file servers, and improves scalability through automatic replication and global edge caching.

Exam trap

Google Cloud often tests the misconception that any fully managed database (like Spanner or Firestore) is suitable for a legacy relational migration, but the trap here is that candidates overlook the requirement to minimize code changes and choose a NoSQL or globally distributed database that forces significant application rewrites.

How to eliminate wrong answers

Option A is wrong because Cloud Spanner is a globally distributed, horizontally scalable database designed for high-availability and strong consistency across regions, which introduces unnecessary complexity and cost for a legacy application that likely does not require global scale; it also requires significant code changes to adapt to Spanner's specific SQL dialect and consistency model. Option B is wrong because Cloud Firestore is a NoSQL document database that does not support relational queries, joins, or ACID transactions in the same way as a traditional relational database, forcing major application rewrites. Option D is wrong because Compute Engine with attached SSD persistent disks requires manual management of database software, backups, and failover, and does not provide the scalability or operational simplicity of managed services; it also lacks a CDN for image delivery, leading to higher latency and operational overhead.

613
Multi-Selecteasy

A company needs to synchronize sales transactions from an on-premises Oracle database to BigQuery for near-real-time analytics. They want a serverless solution that requires minimal operational overhead. Which TWO services should they consider?

Select 2 answers
A.Pub/Sub
B.Dataflow
C.Datastream
D.Cloud Scheduler
E.Cloud Functions
AnswersA, C

Datastream can publish to Pub/Sub, which can then be streamed into BigQuery via subscriptions, though direct streaming is also possible.

Why this answer

Pub/Sub is correct because it provides a serverless, highly scalable ingestion service that can receive change data capture (CDC) events from an on-premises Oracle database via a connector like Debezium or Oracle GoldenGate, and stream them into BigQuery for near-real-time analytics without managing servers. Datastream is correct because it is a serverless CDC service specifically designed to replicate data from sources like Oracle directly to BigQuery, handling schema mapping and minimal operational overhead.

Exam trap

Cisco often tests the distinction between services that are serverless ingestion sources (Pub/Sub, Datastream) versus processing or compute services (Dataflow, Cloud Functions), leading candidates to pick Dataflow because it is associated with streaming, despite it not being the minimal-overhead solution for simple CDC ingestion.

614
Multi-Selectmedium

An organization is migrating a MySQL 5.7 database to Cloud SQL for MySQL 8.0. They must ensure compatibility of character sets and collations. Which THREE aspects should they review?

Select 3 answers
A.Review deprecated collations (e.g., utf8mb4_unicode_ci) that may be removed in future versions.
B.Ensure that all tables use the InnoDB storage engine.
C.Check if any tables use utf8 character set; consider converting to utf8mb4 to avoid truncation of 4-byte characters.
D.Update the caching SHA-2 password plugin to ensure compatibility.
E.Verify that the default collation is compatible; MySQL 8.0 changed default to utf8mb4_0900_ai_ci.
AnswersA, C, E

Some collations are deprecated; it's good to update to current ones.

Why this answer

MySQL 8.0 has changed default character set to utf8mb4 and default collation to utf8mb4_0900_ai_ci. They should check: 1) Usage of utf8 vs utf8mb4 (utf8 is now an alias for utf8mb3). 2) The default collation change. 3) Any collation that is deprecated or removed in 8.0.

615
MCQhard

A media company uses Cloud SQL for MySQL for its user data and needs to export daily snapshots to BigQuery for reporting. The reporting must reflect data as of midnight UTC. Which approach is most cost-effective and efficient?

A.Export Cloud SQL data to Cloud Storage using a daily Cloud Scheduler job, then load into BigQuery.
B.Use Cloud SQL managed backups and read from the backup files directly.
C.Use Datastream to continuously replicate data to BigQuery and query BigQuery tables.
D.Use BigQuery federated queries to connect directly to Cloud SQL.
AnswerA

This is cost-effective and meets the daily snapshot requirement.

Why this answer

Using Cloud SQL export to Cloud Storage (SQL dump) and then loading into BigQuery is simple and cost-effective for daily snapshots. Using Datastream would be overkill and more expensive for a daily batch. Federated queries would incur repeated query costs and may not be as fresh.

616
MCQeasy

You need to perform a one-time historical data migration from an on-premises MySQL database to Cloud SQL for MySQL. The database is 500 GB, and you can afford several hours of downtime. Which migration method is most straightforward?

A.Use mysqldump to create a SQL dump, then import into Cloud SQL.
B.Use Database Migration Service with continuous migration.
C.Create a Cloud SQL clone of the on-premises database using mysqldump.
D.Use Dataflow to read from MySQL and write to Cloud SQL.
AnswerA

This is straightforward and sufficient for offline migration.

Why this answer

Using mysqldump to export the database and then importing it via mysql client is the simplest approach for a one-time migration where downtime is acceptable. DMS is more suitable for continuous migrations with minimal downtime.

617
Multi-Selecteasy

You need to set up disaster recovery for a Cloud SQL for PostgreSQL instance that is currently configured with a HA instance in us-central1. You want a standby in a different region (us-west1) with automated failover. Which two steps should you take? (Choose TWO.)

Select 2 answers
A.Promote the read replica to become the primary if us-central1 fails
B.Use a load balancer to automatically route traffic to the replica during failover
C.Enable cross-region HA in the Cloud SQL instance settings
D.Configure synchronous replication between the two regions
E.Create a cross-region read replica in us-west1
AnswersA, E

Promoting the replica makes it the new primary; this is the failover step.

Why this answer

Option A is correct because promoting a cross-region read replica to primary is the standard method for manual or automated failover in Cloud SQL for PostgreSQL when the primary region fails. Cloud SQL does not support automatic cross-region failover; you must use a read replica and promote it to take over as the new primary instance.

Exam trap

Cisco often tests the misconception that Cloud SQL supports cross-region HA or synchronous replication, but the only viable cross-region DR strategy is promoting a read replica, which requires manual or automated intervention.

618
MCQeasy

A developer needs to view detailed performance profiles of a Java application running on Compute Engine to identify CPU hotspots. Which Google Cloud service should they use?

A.Cloud Monitoring
B.Cloud Trace
C.Cloud Profiler
D.Cloud Logging
AnswerC

Correct: Cloud Profiler is designed to capture and analyze performance profiles.

Why this answer

Cloud Profiler is the correct service because it provides continuous, low-overhead CPU and heap profiling for Java applications running on Compute Engine. It uses statistical sampling to identify which methods consume the most CPU time, enabling developers to pinpoint hotspots without requiring code changes or redeployment.

Exam trap

The trap here is that candidates confuse Cloud Trace (distributed tracing for latency) with Cloud Profiler (CPU/memory profiling), because both deal with 'performance' but at different granularities—Trace shows request paths, while Profiler shows method-level CPU consumption.

How to eliminate wrong answers

Option A is wrong because Cloud Monitoring collects metrics, uptime checks, and alerting policies but does not provide method-level CPU profiling or flame graphs to identify code hotspots. Option B is wrong because Cloud Trace focuses on latency analysis of request paths and distributed tracing, not on CPU usage per method or function. Option D is wrong because Cloud Logging aggregates and stores log entries for debugging and auditing, but it lacks the profiling agent and sampling engine needed to capture CPU call stacks.

619
MCQhard

A company uses Cloud Logging to centralize logs from multiple projects. They want to create a log-based metric for tracking 404 errors. However, the metric shows zero data even though 404 errors are occurring. What is the most likely reason?

A.The metric filter uses the wrong resource type
B.The metric is sampled and not all logs are considered
C.The logs are not being exported to Cloud Logging
D.The logs are being excluded by an exclusion filter before the metric is applied
AnswerD

Exclusion filters remove logs before metric ingestion.

Why this answer

Option D is correct because log-based metrics are computed from logs that have passed through all exclusion filters. If an exclusion filter is configured to discard logs matching certain criteria (e.g., all HTTP 4xx responses), those logs are never evaluated by the metric filter, causing the metric to show zero data even though 404 errors are occurring. Exclusion filters are applied before log-based metric evaluation in Cloud Logging.

Exam trap

The PCD exam often tests the order of operations in the Cloud Logging pipeline, specifically that exclusion filters are applied before log-based metrics, leading candidates to mistakenly blame export or sampling issues instead.

How to eliminate wrong answers

Option A is wrong because the resource type in the metric filter only affects how logs are grouped or labeled, not whether they are included in the metric; a mismatched resource type would not cause zero data if the logs themselves are present. Option B is wrong because Cloud Logging does not sample logs for log-based metrics; all ingested logs are evaluated against metric filters unless excluded. Option C is wrong because the question states the company uses Cloud Logging to centralize logs, meaning logs are already being sent to Cloud Logging; the issue is not about export but about processing within the logging pipeline.

620
MCQeasy

Which Google Cloud service would you use to cache session data for a web application to reduce database load? The cache must support pub/sub messaging and have sub-millisecond latency.

A.Memorystore for Memcached
B.Bigtable
C.Memorystore for Redis
D.Firestore
AnswerC

Correct: in-memory cache, supports pub/sub, sub-millisecond latency.

Why this answer

Memorystore for Redis is ideal for caching, session storage, and pub/sub messaging with sub-millisecond latency. Memorystore for Memcached is also for caching but does not support pub/sub. Firestore and Bigtable are not caching solutions.

621
Multi-Selectmedium

A retail company uses Cloud SQL for transactional data, Cloud Bigtable for real-time inventory updates, and BigQuery for analytics. They want to build a real-time dashboard that shows current inventory levels across all stores, updated within seconds of a transaction. The dashboard will query Bigtable for the latest inventory count. Which TWO services should they use to stream transactions from Cloud SQL to Bigtable?

Select 2 answers
A.Cloud Composer
B.Datastream
C.BigQuery Omni
D.Cloud Functions
E.Dataflow
AnswersB, E

Datastream captures CDC from Cloud SQL and can publish to Pub/Sub for real-time streaming.

Why this answer

Datastream is a serverless change data capture (CDC) and replication service that can continuously stream changes from Cloud SQL (including transactional data) to Bigtable. It captures inserts, updates, and deletes in near real-time, enabling the dashboard to reflect current inventory levels within seconds of a transaction.

Exam trap

Cisco often tests the distinction between batch orchestration (Cloud Composer) and real-time streaming (Datastream/Dataflow), leading candidates to incorrectly choose Composer for a CDC requirement.

622
Multi-Selectmedium

A company is deploying a Cloud Spanner instance for a global application. They need to minimize write latency for users in Asia, Europe, and North America while maintaining strong consistency. Which two configurations should they choose? (Choose two.)

Select 2 answers
A.Use nodes for compute capacity
B.Deploy a multi-region instance configuration
C.Use a regional instance configuration
D.Use processing units for compute capacity
E.Enable auto-scaling with a high-priority CPU target
AnswersA, B

Nodes provide dedicated resources for predictable low latency.

Why this answer

Option A is correct because nodes provide dedicated compute and storage resources in Cloud Spanner, which are necessary to achieve low write latency and high throughput for a global application. Nodes scale linearly with performance, ensuring that write operations are processed quickly across multiple regions. For a multi-region instance, nodes are the only supported compute capacity option, as processing units are limited to regional instances.

Exam trap

The trap here is that candidates often confuse regional and multi-region configurations, assuming a regional instance can serve global users with acceptable latency, or they mistakenly think processing units or auto-scaling can substitute for nodes in a multi-region setup.

623
MCQmedium

A company wants to query data residing in Amazon S3 using BigQuery without copying the data. They also need to join this data with other tables in BigQuery. Which BigQuery feature should they use?

A.BigQuery federated queries (external tables on S3)
B.Cloud Storage transfer service to copy S3 data to GCS, then query
C.BigQuery Data Transfer Service for S3
D.BigQuery Omni
AnswerD

BigQuery Omni enables cross-cloud queries on data in AWS S3 and Azure Blob Storage.

Why this answer

BigQuery Omni allows querying data across clouds (including AWS S3) using BigQuery SQL. It supports federated queries of data in S3 without movement. BigQuery federated queries (standard) only work with GCP sources.

624
MCQhard

You are designing a Cloud Spanner schema for a global user profile table with primary key UserId (UUID). Users frequently access their own profiles. Which index design minimizes read latency and avoids hotspotting?

A.Use UUID as primary key and create a global index on UserId
B.Use UUID as primary key and rely on interleaved tables
C.Use a monotonically increasing integer as primary key
D.Use a composite primary key with a hash prefix (e.g., INT64 hash of UserId) and UserId, and create a global secondary index on UserId with STORING clause
AnswerD

The hash prefix distributes writes evenly, and the global secondary index on UserId with STORING clause allows efficient lookups without extra join.

Why this answer

Using UUIDs as primary keys can cause hotspotting on the leading key. A better approach is to use a composite key with a sharding prefix (e.g., hash prefix) to distribute writes, and local indexes for single-region queries are not applicable. Global indexes with STORING clause avoid index joins and reduce read latency.

625
MCQmedium

You are a Cloud Developer at a fintech company. Your team has developed a Node.js application that processes real-time financial transactions. The application is deployed on Cloud Run and uses Cloud Pub/Sub to receive transaction messages. The application must have high availability and low latency. Recently, the team noticed that during peak hours, the application experiences increased latency and some messages are not processed within the required 10-minute SLA. The team has configured Cloud Run with a minimum of 5 instances and a maximum of 50, with a concurrency setting of 80. The CPU usage per instance rarely exceeds 40% during peak times. The team also uses Cloud Monitoring and Logging for observability. After analyzing the logs, you find that the message processing time increases due to a database call that often takes 2-3 seconds. The Pub/Sub subscription is configured with a delivery deadline of 10 minutes. What should you recommend to reduce latency and ensure messages are processed within SLA?

A.Increase the concurrency setting to 200 to allow each instance to handle more requests simultaneously, reducing queuing.
B.Migrate the application to GKE with Horizontal Pod Autoscaler to scale based on custom metrics.
C.Increase the CPU limit per container to 2 CPUs to speed up database call.
D.Increase the minimum number of instances to 50 to ensure capacity during peak hours.
AnswerA

Higher concurrency fully utilizes instance capacity.

Why this answer

Increasing the concurrency setting to 200 allows each Cloud Run instance to handle more requests simultaneously, which reduces the queuing delay caused by the 2-3 second database call. Since CPU usage is only 40%, the instances have headroom to process additional concurrent requests without being CPU-bound, directly addressing the latency issue within the 10-minute SLA.

Exam trap

The trap here is that candidates assume low CPU usage means the application is not busy, when in fact the bottleneck is I/O wait from the database call, and increasing concurrency allows the instance to handle more work during those I/O waits.

How to eliminate wrong answers

Option B is wrong because migrating to GKE adds operational complexity and is unnecessary; Cloud Run already scales automatically and the issue is concurrency, not scaling logic. Option C is wrong because increasing CPU limits does not speed up the database call itself—the bottleneck is the external database latency, not local CPU processing. Option D is wrong because increasing the minimum instances to 50 would waste resources and increase cost; the current minimum of 5 is sufficient since CPU usage is low, and the real problem is that each instance is underutilized due to low concurrency.

626
MCQmedium

A Cloud Run service is experiencing intermittent high latency. The team has enabled Cloud Trace. They want to identify the root cause by analyzing traces. What should they look for in the Trace viewer?

A.High container CPU usage
B.Large number of concurrent requests
C.Frequent log entries with 'WARNING'
D.Spans with high latency and error status
AnswerD

High-latency spans pinpoint bottlenecks; errors indicate failures.

Why this answer

In Cloud Trace, the root cause of intermittent high latency is identified by examining spans—the fundamental units representing work in a distributed system. Spans with high latency directly indicate where time is being spent, and an error status (e.g., HTTP 5xx or gRPC error codes) pinpoints a failure that could be causing retries or blocking, leading to the observed latency. This combination is the most direct signal for root cause analysis in trace data.

Exam trap

The PCD exam often tests the distinction between metrics (like CPU usage) and trace data (like spans), leading candidates to confuse operational monitoring signals with the specific diagnostic tools available in Cloud Trace.

How to eliminate wrong answers

Option A is wrong because container CPU usage is a metric, not a trace attribute; Cloud Trace analyzes request-level spans, not resource utilization, which is monitored via Cloud Monitoring. Option B is wrong because a large number of concurrent requests is a symptom or contributing factor, not a root cause identifiable from a single trace; traces show individual request paths, not aggregate concurrency. Option C is wrong because frequent log entries with 'WARNING' are log-based signals, not trace data; Cloud Trace focuses on span timing and status, and warnings may correlate with but do not directly indicate the root cause of latency in a trace.

627
MCQeasy

Which Google Cloud database service provides a fully managed, in-memory caching solution compatible with the Redis protocol?

A.Firestore
B.Bigtable
C.Memorystore for Redis
D.Cloud SQL
AnswerC

Memorystore for Redis is the correct service.

Why this answer

Memorystore for Redis provides a managed Redis service for caching, session stores, and pub/sub messaging.

628
MCQeasy

Refer to the exhibit. The Cloud Build fails with an error that the image name is invalid. What is the most likely cause?

A.The push step should be after the deploy step.
B.The substitution variable $MY_PROJECT is not a valid substitution because it is not prefixed with underscore.
C.The Docker build step fails because the Dockerfile is missing.
D.The image name contains uppercase letters that are not allowed.
AnswerB

User-defined substitutions must start with underscore; $MY_PROJECT is not valid.

Why this answer

Option B is correct because in Cloud Build, user-defined substitution variables must be prefixed with an underscore. The variable `$MY_PROJECT` lacks the required underscore prefix, making it invalid. This causes the image name to be malformed, leading to the 'invalid image name' error.

Exam trap

Cisco often tests the subtle distinction between default substitutions (like `$PROJECT_ID`) and user-defined substitutions (which require an underscore prefix), leading candidates to assume all variables follow the same syntax.

How to eliminate wrong answers

Option A is wrong because the push step must occur after the build step, not after the deploy step; the deploy step typically comes after the push. Option C is wrong because the error message specifically states the image name is invalid, not that the Dockerfile is missing; a missing Dockerfile would produce a different error. Option D is wrong because image names in Cloud Build can contain uppercase letters; the error is due to the substitution variable syntax, not the case of the characters.

629
MCQhard

A team is migrating a 500 GB Snowflake data warehouse to BigQuery. They have a tight deadline and need to minimize manual SQL rewriting. Which approach is most efficient?

A.Use Cloud Data Fusion to transform Snowflake data into BigQuery-compatible format.
B.Manually rewrite all SQL queries to BigQuery syntax using a text editor.
C.Use the BigQuery Data Transfer Service with Snowflake connector.
D.Export Snowflake data to Cloud Storage as Parquet, create external tables, and use BigQuery's SQL translation for queries.
AnswerD

This approach minimizes manual rewriting by using external tables and BigQuery's SQL translation capabilities for common Snowflake patterns.

Why this answer

BigQuery SQL dialect is similar to standard SQL, but Snowflake-specific functions need to be converted. Using a converter tool or manual rewrite with testing is typical. There is no automated full conversion tool that guarantees correctness without review.

630
Multi-Selecteasy

A startup is building a mobile app with user-generated content (text and images). They need a database that provides offline support, real-time synchronization, and flexible security rules. Which TWO Google Cloud services should they consider? (Choose two)

Select 2 answers
A.Firestore
B.Cloud SQL
C.Bigtable
D.Cloud Spanner
E.Cloud Storage
AnswersA, E

Firestore offers offline support, real-time listeners, and security rules for mobile apps.

Why this answer

Firestore provides offline sync and real-time updates. Cloud Storage can store images and other large files with security rules. Cloud SQL and Bigtable are not suited for mobile offline sync.

631
MCQhard

A Cloud Bigtable instance has a single cluster. To improve availability and read throughput, the team decides to add a second cluster in a different zone. What is the effect on write performance?

A.Write performance remains unchanged
B.Write latency increases due to replication across clusters
C.Write throughput doubles
D.Write latency decreases because of parallel replication
AnswerB

Writes must be replicated to all clusters, so they take longer to complete.

Why this answer

In Cloud Bigtable, adding a second cluster in a different zone enables replication across clusters. Writes must be replicated to all clusters to maintain consistency, which introduces additional network round-trips and acknowledgment overhead. This increases write latency because each write must be committed to both clusters before the client receives a success response.

Exam trap

The trap here is that candidates may assume adding a second cluster improves all performance metrics, but they overlook that synchronous replication inherently increases write latency while improving read throughput and availability.

How to eliminate wrong answers

Option A is wrong because write performance does not remain unchanged; replication adds latency due to cross-zone data transfer. Option C is wrong because write throughput does not double; throughput is limited by the replication pipeline and the bottleneck of the slowest cluster. Option D is wrong because write latency increases, not decreases, due to the need for synchronous replication across clusters.

632
MCQmedium

An e-commerce platform uses Cloud Spanner for order processing and BigQuery for analytics. The team needs to capture all changes in the Spanner 'Orders' table and stream them to Pub/Sub for downstream processing. Which Spanner feature should be used?

A.Export to GCS using the console
B.Use Spanner Interleaved tables
C.Create a Cloud Function triggered by Spanner
D.Configure Spanner change streams
AnswerD

Change streams capture row-level changes and can be streamed to Pub/Sub via Dataflow or client libraries.

Why this answer

Cloud Spanner change streams capture all data changes in a database or table and can be read via Pub/Sub or Dataflow. This is the native way to stream changes from Spanner.

633
MCQmedium

A financial services company needs a globally distributed relational database with strong ACID transactions and high availability across regions. They anticipate unpredictable traffic spikes and need to pay only for the resources they use. Which Google Cloud database and scaling approach is most suitable?

A.Cloud SQL for PostgreSQL with cross-region replication
B.Bigtable with replication
C.Cloud Spanner with node-based scaling and manual resizing
D.Cloud Spanner with processing units and auto-scaling
AnswerD

Processing units allow fine-grained capacity, and auto-scaling adjusts to traffic automatically.

Why this answer

Cloud Spanner provides global distribution, strong consistency, and ACID transactions. With fine-grained scaling using processing units and auto-scaling, it can automatically adjust capacity based on demand, optimizing cost.

634
MCQhard

Refer to the exhibit. A team is deploying a Cloud Function that needs to connect to a Cloud SQL instance in a VPC. They have set up a VPC connector. After deployment, the function fails to connect to the database. What is the most likely cause?

A.The VPC connector is in a different region than the function
B.The function's service account does not have permissions to use the VPC connector
C.The environment variable DB_HOST is misspelled
D.The database firewall rules do not allow traffic from the VPC connector's subnet
AnswerA

The VPC connector and Cloud Function must be in the same region.

Why this answer

Option A is correct because the VPC connector must be in the same region as the Cloud Function. If they are in different regions, the function cannot use the connector. Option B is less likely because Cloud SQL private IP uses VPC peering, not firewall rules.

Option C is possible but usually the default service account has the necessary permissions. Option D is a possible typo but less likely given the exhibit shows 'DB_HOST'.

635
Multi-Selecthard

Which THREE are valid methods to create custom metrics in Cloud Monitoring?

Select 3 answers
A.Using the Cloud Monitoring API to write metric points.
B.Using the OpenTelemetry Collector to export metrics.
C.Using Cloud Console's Metrics Explorer to manually enter data.
D.Creating a log-based metric from Cloud Logging.
E.Using Cloud Functions to emit metrics via Stackdriver Monitoring API.
AnswersA, B, D

The monitoring API allows programmatic ingestion of custom metric data points, a standard approach for custom metrics.

Why this answer

Option A is correct because the Cloud Monitoring API allows you to write custom metric points directly using the `projects.timeSeries.create` method. This enables you to define your own metric descriptors and send time-series data to Cloud Monitoring, which is a fundamental way to create custom metrics.

Exam trap

The trap here is that candidates may think Metrics Explorer (option C) can create custom metrics because it allows you to chart data, but it is purely a query interface and cannot ingest new data.

636
MCQhard

A company has a multi-region deployment of their application on GKE. They need to monitor service-level indicators (SLIs) like availability and latency across regions. They want a single pane of glass to view SLO compliance. What should they use?

A.Cloud Logging with log-based metrics
B.Cloud Profiler cross-region profiles
C.Cloud Monitoring SLO monitoring
D.Cloud Trace multi-region traces
AnswerC

SLO monitoring is specifically designed for tracking compliance with service-level objectives.

Why this answer

Cloud Monitoring SLO monitoring is the correct choice because it provides a unified dashboard (single pane of glass) to define, track, and visualize service-level indicators (SLIs) such as availability and latency across multiple GKE regions. It allows you to set SLO targets, monitor compliance over time, and receive alerts when the error budget is depleted, all within a single monitoring view.

Exam trap

The PCD exam often tests the distinction between monitoring tools (Cloud Monitoring) and debugging tools (Cloud Trace, Cloud Profiler), so the trap here is that candidates may confuse Cloud Trace's latency traces with the ability to monitor SLO compliance, or think Cloud Logging's log-based metrics can replace the dedicated SLO dashboard.

How to eliminate wrong answers

Option A is wrong because Cloud Logging with log-based metrics is used to extract metrics from log entries (e.g., count of errors), but it does not natively provide SLO compliance dashboards or a cross-region aggregated view of SLIs; it lacks the built-in SLO tracking and error budget management. Option B is wrong because Cloud Profiler is a continuous profiling tool that identifies performance bottlenecks (CPU, memory) in code, not a monitoring tool for SLIs like availability or latency across regions; it does not offer SLO compliance dashboards. Option D is wrong because Cloud Trace is a distributed tracing system that captures latency data for individual requests, but it does not aggregate SLIs or provide SLO compliance views; it focuses on request-level traces, not high-level SLO dashboards.

637
MCQmedium

A team is using Cloud Spanner for a global application. They notice that read latency is high for queries that filter on a non-key column. The table has a primary key of (CustomerID, OrderDate) and there are millions of rows. The query uses a WHERE clause on the 'Status' column. The team wants to reduce latency without significantly increasing storage costs. What is the most effective action?

A.Create an interleaved table for 'Status' values.
B.Create a secondary index on the 'Status' column.
C.Increase the number of nodes in the Spanner instance.
D.Use stale reads with a 15-second staleness.
AnswerB

A secondary index enables index scans on 'Status', drastically reducing read latency.

Why this answer

Creating a secondary index on the 'Status' column (Option B) allows Cloud Spanner to directly locate rows matching the filter without scanning the entire table. This reduces read latency because Spanner can use the index to perform a point lookup or small range scan instead of a full table scan. Indexes in Spanner are stored as separate tables, but they add minimal storage overhead compared to the latency improvement they provide.

Exam trap

The PCD exam often tests the misconception that scaling nodes or using stale reads can fix query performance issues caused by missing indexes, but the correct solution is always to optimize the data access pattern with an appropriate index.

How to eliminate wrong answers

Option A is wrong because an interleaved table is designed to store child rows physically co-located with a parent row, which helps for hierarchical queries but does not help with filtering on a non-key column like 'Status'; it would increase storage costs without addressing the query pattern. Option C is wrong because increasing the number of nodes improves throughput and capacity but does not directly reduce latency for a specific query that requires scanning many rows; it is a costly scaling measure that does not fix the root cause. Option D is wrong because stale reads reduce latency by reading from replicas with slightly outdated data, but they do not eliminate the need to scan the entire table; the query still suffers from high latency due to the full scan, and staleness introduces data freshness trade-offs.

638
Multi-Selectmedium

Which two strategies should be implemented to ensure high availability for a Compute Engine instance group running a stateless web application?

Select 2 answers
A.Use preemptible VMs
B.Use regional managed instance group
C.Use global load balancing
D.Use instance templates
E.Use multi-zone deployment
AnswersB, E

Regional MIG distributes instances across zones for automatic failover.

Why this answer

Regional managed instance groups (MIGs) distribute instances across multiple zones within a region, providing automatic healing and high availability by recovering from zone failures. Combined with a global load balancer, they ensure traffic is routed only to healthy instances, making them ideal for stateless web applications that require resilience against zonal outages.

Exam trap

The PCD exam often tests the misconception that global load balancing alone provides high availability, but it only distributes traffic; the underlying compute resources must be resilient, which requires a regional MIG or multi-zone deployment to survive zone failures.

639
MCQhard

A company uses Cloud Spanner for a financial application. They need to ensure strong global consistency but also minimize latency for writes. What schema design should they use?

A.Use secondary indexes
B.Use commit timestamps
C.Use parent-child table relationships with interleaved tables
D.Use a single table with interleaved indexes
AnswerC

Interleaving allows co-location of related rows, reducing write latency.

Why this answer

Option C is correct because interleaved tables in Cloud Spanner physically co-locate parent and child rows on the same split, reducing cross-node coordination for strongly consistent reads and writes. This minimizes write latency by ensuring that related data is stored together, avoiding distributed transaction overhead for operations that span parent-child relationships.

Exam trap

The trap here is that candidates confuse interleaved tables with secondary indexes or commit timestamps, thinking those features directly reduce write latency, when in fact only physical co-location through interleaved tables achieves that goal in a globally consistent system.

How to eliminate wrong answers

Option A is wrong because secondary indexes do not affect write latency or consistency; they are used for query performance and can actually increase write latency due to index maintenance. Option B is wrong because commit timestamps are a feature for ordering and tracking writes, not a schema design that reduces latency or ensures global consistency. Option D is wrong because a single table with interleaved indexes is not a valid schema design; interleaved indexes are not a concept in Cloud Spanner—the correct term is interleaved tables, and a single table cannot leverage co-location benefits.

640
MCQmedium

A company is migrating a MySQL 5.7 database to Cloud SQL for MySQL 8.0. They have many queries using GROUP BY that return different results in 8.0. What is the most likely cause?

A.The character set changed from utf8 to utf8mb4.
B.The authentication plugin changed from mysql_native_password to caching_sha2_password.
C.The storage engine changed from MyISAM to InnoDB.
D.The sql_mode is different between MySQL 5.7 and 8.0.
AnswerD

MySQL 8.0 enables ONLY_FULL_GROUP_BY by default, causing queries to fail if they select nonaggregated columns not in GROUP BY.

Why this answer

MySQL 8.0 defaults to strict SQL mode, which disables the MySQL 5.7 non-standard GROUP BY behavior (GROUP BY can select nonaggregated columns not in GROUP BY). In 8.0, this causes errors or different results unless the sql_mode includes ONLY_FULL_GROUP_BY.

641
MCQmedium

A developer is using Cloud Logging and wants to export logs from a specific project to BigQuery for long-term analysis. They have created a log sink and given the appropriate permissions, but logs are not appearing in BigQuery. What is the most likely cause?

A.The sink's filter is too restrictive and no logs match.
B.The sink's destination BigQuery dataset is in a different region than the logs.
C.The log entries are not in JSON format.
D.The service account used for the sink does not have the 'bigquery.dataEditor' role.
AnswerD

Correct: the sink's writer identity must have write access to the BigQuery dataset.

Why this answer

Option D is correct because the log sink uses a service account to write logs to BigQuery. Even if the sink is configured correctly, the service account must have the 'bigquery.dataEditor' role on the destination dataset to insert log entries. Without this role, the sink will fail silently, and logs will not appear in BigQuery.

Exam trap

The PCD exam often tests the misconception that simply creating a sink and granting project-level permissions is sufficient, when in fact the service account needs explicit dataset-level 'bigquery.dataEditor' role.

How to eliminate wrong answers

Option A is wrong because if the filter were too restrictive, no logs would match, but the question states logs are not appearing, not that no logs are generated; a restrictive filter would still show matching logs if any exist. Option B is wrong because BigQuery datasets can receive logs from any region; cross-region log exports are supported, though they may incur additional costs, but they do not prevent logs from appearing. Option C is wrong because Cloud Logging automatically converts log entries to JSON format when exporting to BigQuery; the original log format does not affect the export.

642
MCQhard

A developer is debugging a Cloud Function that fails with a timeout. The function makes multiple synchronous external API calls. What is the best way to improve performance and avoid timeouts?

A.Increase the timeout of the Cloud Function to the maximum of 9 minutes.
B.Use Firestore transactions to batch API calls.
C.Use Pub/Sub to trigger another function for each API call.
D.Use Cloud Tasks to offload the API calls asynchronously.
AnswerD

Cloud Tasks allows the function to return quickly and processes requests later.

Why this answer

Cloud Tasks is the best choice because it allows you to offload synchronous external API calls to be executed asynchronously, decoupling the Cloud Function from the slow external services. This prevents the function from timing out while waiting for responses, and Cloud Tasks handles retries and scheduling automatically, improving overall reliability and performance.

Exam trap

The PCD exam often tests the misconception that increasing timeout or using Pub/Sub is the correct solution for synchronous blocking operations, but the key is to use a dedicated task queue service like Cloud Tasks that provides asynchronous execution with built-in retry and decoupling.

How to eliminate wrong answers

Option A is wrong because simply increasing the timeout to the maximum of 9 minutes does not address the root cause—the function is still blocking on synchronous API calls, which could still exceed even the maximum timeout and waste resources. Option B is wrong because Firestore transactions are designed for atomic database operations, not for batching external API calls; they cannot make HTTP requests or improve the performance of external API calls. Option C is wrong because using Pub/Sub to trigger another function for each API call introduces unnecessary complexity and latency; Pub/Sub is a message queue for event-driven architectures, not designed for offloading synchronous tasks with retry logic like Cloud Tasks.

643
Multi-Selectmedium

A company needs to synchronise data from an on-premises Oracle database to BigQuery in near real-time. They also need to perform complex transformations on the data before loading into BigQuery. Which two services should they use together? (Choose two.)

Select 3 answers
A.Datastream
B.Cloud Pub/Sub
C.Dataflow
D.Cloud Scheduler
E.Cloud Functions
AnswersA, B, C

Datastream captures CDC from Oracle and streams to Pub/Sub.

Why this answer

Datastream is correct because it provides serverless change data capture (CDC) from Oracle databases, enabling near real-time synchronization to BigQuery. Dataflow is correct because it can consume the Datastream output and perform complex transformations (e.g., joins, aggregations, schema mapping) using Apache Beam before writing to BigQuery.

Exam trap

Cisco often tests the misconception that Cloud Pub/Sub alone can perform transformations, but Pub/Sub is a messaging bus and cannot execute complex data processing logic; Dataflow is required for that purpose.

644
MCQeasy

A company needs a globally distributed, strongly consistent relational database with horizontal scaling and a 99.999% SLA for a financial application. Which Google Cloud database should they choose?

A.Cloud Spanner
B.Cloud SQL
C.Cloud Bigtable
D.Firestore
AnswerA

Spanner is the only option with global distribution, strong consistency, horizontal scaling, and 99.999% SLA.

Why this answer

Cloud Spanner is the correct choice because it provides a globally distributed, strongly consistent relational database with horizontal scaling and a 99.999% SLA. It combines the benefits of relational database structure (ACID transactions and SQL queries) with horizontal scalability across regions, making it ideal for financial applications that require strict consistency and high availability.

Exam trap

The trap here is that candidates often confuse Cloud Spanner's strong consistency with Cloud Bigtable's eventual consistency, or assume Cloud SQL can be horizontally scaled by adding read replicas, but Cloud SQL does not support automatic sharding or global distribution with strong consistency.

How to eliminate wrong answers

Option B (Cloud SQL) is wrong because it is a traditional relational database that does not support horizontal scaling; it scales vertically by increasing machine size and offers a 99.95% SLA, not 99.999%. Option C (Cloud Bigtable) is wrong because it is a NoSQL wide-column database that provides only eventual consistency, not strong consistency, and does not support relational queries or ACID transactions required for financial applications. Option D (Firestore) is wrong because it is a NoSQL document database that offers strong consistency only within a single region and does not provide the 99.999% SLA or horizontal scaling across multiple regions required for a globally distributed financial application.

645
MCQmedium

A team needs to replicate changes from an on-premises Oracle database to BigQuery in near real-time. They want to use Google's serverless CDC solution. Which service should they use?

A.Datastream
B.Dataflow with JDBC connector
C.Database Migration Service
D.Cloud Functions with Oracle trigger
AnswerA

Datastream is a serverless CDC service that can stream from Oracle, MySQL, PostgreSQL to BigQuery or GCS in near real-time.

646
MCQeasy

A company uses Cloud Monitoring to set up an alerting policy for CPU utilization on Compute Engine instances. They want to be notified when average CPU usage exceeds 80% for 5 minutes. Which threshold type should they use?

A.Forecast
B.Change rate
C.Threshold
D.Metric absence
AnswerC

Threshold alert fires when metric crosses a set value for a duration.

Why this answer

Option C is correct because a Threshold alerting policy in Cloud Monitoring triggers when a metric's value crosses a defined static boundary. For this use case, setting a threshold of 80% with a duration of 5 minutes directly matches the requirement to alert when average CPU usage exceeds 80% for that period.

Exam trap

Google Cloud often tests the distinction between alerting on a sustained level (Threshold) versus alerting on a change (Change rate) or a prediction (Forecast), and candidates confuse 'average over time' with 'rate of change'.

How to eliminate wrong answers

Option A is wrong because Forecast alerting uses machine learning to predict future metric values and alert when the forecast crosses a threshold, not for monitoring current or historical average CPU usage. Option B is wrong because Change rate alerting detects sudden increases or decreases in a metric's value over a window, not a sustained level above a fixed percentage. Option D is wrong because Metric absence alerts fire when a metric stops reporting data, which is unrelated to monitoring CPU usage exceeding a threshold.

647
MCQeasy

A developer is deploying a 2nd gen Cloud Function that needs to connect to a Cloud SQL MySQL instance. The Cloud SQL instance is configured with a private IP only. The Cloud Function is deployed with a VPC connector that is connected to the same VPC network as the Cloud SQL instance. The developer has granted the Cloud Function's service account the Cloud SQL Client role. However, when the function is invoked, connection attempts to the Cloud SQL instance time out. The Cloud Function code uses the MySQL connector with the private IP address of the Cloud SQL instance. The developer has verified that the VPC connector is healthy and that the Cloud SQL instance is running. Which additional configuration is most likely required?

A.Modify the connection string to require SSL/TLS.
B.Deploy the Cloud SQL Auth proxy as an additional container in the Cloud Function.
C.Configure Private Services Access to establish a VPC peering between the VPC network and the Cloud SQL service network.
D.Assign a public IP to the Cloud SQL instance and configure the function to use it.
AnswerC

Private Services Access creates the necessary route for the VPC connector to reach the Cloud SQL private IP range.

Why this answer

Option A is correct. Even though the VPC connector is on the same VPC network as Cloud SQL, the Cloud SQL private IP address is allocated from a private services access range that is not automatically routed. You must set up Private Services Access to create a route from the VPC to the Cloud SQL private IP range.

Without this, traffic from the VPC connector cannot reach the Cloud SQL instance. Option B is incorrect because the Cloud Function is using a VPC connector, so it does not need or use a public IP. Option C is incorrect because the Cloud SQL Auth proxy is not needed for private IP connections.

Option D is incorrect because SSL/TLS configuration would cause a TLS handshake error, not a timeout.

648
MCQmedium

A financial services company uses Cloud SQL for MySQL for transactional data. They need to analyze this data in BigQuery without moving data or impacting transactional performance. Which approach should they use?

A.Create a BigQuery federated query to Cloud SQL MySQL using an external table
B.Set up Cloud SQL replication to a read replica and connect BigQuery to it
C.Export Cloud SQL data to GCS as CSV and load into BigQuery daily
D.Use Datastream to replicate Cloud SQL data to BigQuery in real-time
AnswerA

BigQuery federated queries allow querying Cloud SQL directly without data movement, preserving transactional performance.

649
MCQhard

A Cloud Function (background function, event-driven) consistently logs this timeout error. The function processes messages from Pub/Sub. After increasing the max instances from 10 to 100, the error rate increases. What is the most likely cause of the timeouts?

A.The function depends on an external service that is rate-limited; scaling up causes more calls and timeouts
B.Increase memory allocation to speed up processing
C.Use a larger instance type (Cloud Functions does not have instance types)
D.Migrate the function to Cloud Run for longer timeouts
E.The function timeout is set too low; increase it to 9 minutes
AnswerA

With more instances, more concurrent calls to the external service may exceed its rate limit, causing timeouts.

Why this answer

Option A is correct because increasing the max instances from 10 to 100 amplifies the number of concurrent function invocations. If the function depends on an external service (e.g., a third-party API or database) that enforces rate limits, the higher concurrency causes more requests to be throttled or rejected, leading to increased timeouts. This is a classic scaling anti-pattern where horizontal scaling exacerbates a bottleneck instead of relieving it.

Exam trap

The PCD exam often tests the misconception that scaling up instances always improves performance, when in reality it can worsen timeouts if the bottleneck is an external dependency with fixed capacity or rate limits.

How to eliminate wrong answers

Option B is wrong because increasing memory allocation primarily improves CPU performance and reduces cold starts, but does not address timeouts caused by external rate limiting or downstream dependencies. Option C is wrong because Cloud Functions does not support selecting instance types; it uses a serverless model where resources are allocated automatically based on memory setting. Option D is wrong because migrating to Cloud Run does not inherently resolve timeouts caused by external rate limiting; Cloud Run also has a default request timeout of 300 seconds (configurable up to 60 minutes), but the core issue is downstream throttling, not the platform's timeout limit.

Option E is wrong because increasing the function timeout (max 9 minutes for Cloud Functions 1st gen) would only delay the timeout error; if the external service is rate-limiting requests, the function will still fail after waiting longer, and the error rate will remain high or worsen.

650
Multi-Selectmedium

Which THREE metrics are commonly used to create a Service Level Indicator (SLI) for availability of an HTTP-based service?

Select 3 answers
A.Uptime check success rate
B.CPU utilization
C.Error rate (5xx responses)
D.Request latency
E.Request count
AnswersA, C, D

Uptime checks measure whether the service is reachable and responding.

Why this answer

Uptime check success rate directly measures whether the service is reachable and responding, typically via periodic HTTP probes (e.g., GET /health). A successful response (e.g., HTTP 200) indicates availability, while failures (timeouts, connection errors) indicate unavailability. This is a standard SLI for availability in HTTP-based services.

Exam trap

The PCD exam often tests the distinction between availability SLIs (uptime, error rate) and performance SLIs (latency, throughput), so candidates mistakenly include CPU utilization or request count as availability metrics.

651
MCQeasy

Which Google Cloud database service provides automatic failover with synchronous replication and 0 RPO within a single region?

A.Cloud SQL (HA configuration)
B.Cloud Spanner
C.Cloud Bigtable
D.Firestore
AnswerA

Cloud SQL HA provides synchronous replication to a standby instance and automatic failover with zero data loss.

Why this answer

Cloud SQL with HA configuration provides synchronous replication to a standby instance in the same zone (or different zone) and automatic failover with 0 RPO. Spanner replicates across regions, Firestore multi-region replication is not synchronous, Bigtable cluster replication is asynchronous.

652
Multi-Selectmedium

A company is using Cloud Bigtable for real-time analytics. They want to ensure high availability and the ability to perform maintenance without downtime. They also want to reduce read latency for users in Asia. Which TWO actions should they take?

Select 2 answers
A.Add a secondary cluster in an Asian region.
B.Switch to HDD storage to reduce costs.
C.Increase the number of nodes in the existing cluster.
D.Configure an application profile to route read requests to the nearest cluster.
E.Convert to a multi-region instance.
AnswersA, D

This provides HA and lower read latency for Asian users.

Why this answer

Adding a secondary cluster in an Asian region provides regional redundancy (HA) and reduces read latency for Asian users. Application profile routing sends reads to the nearest cluster. Adding nodes to the existing cluster improves throughput but not HA or latency in Asia.

HDD storage is slower. Multi-region is not a Bigtable concept.

653
MCQeasy

Which Google Cloud database service is designed as a fully managed, in-memory data store for caching, session management, and pub/sub messaging?

A.Cloud SQL
B.Memorystore
C.Firestore
D.Bigtable
AnswerB

Memorystore offers managed Redis and Memcached, ideal for caching and session management.

Why this answer

Memorystore provides managed Redis and Memcached for caching, session storage, and pub/sub. It is the correct service for these use cases.

654
Multi-Selectmedium

An engineer is designing a Cloud Spanner instance for a global e-commerce application. They need strong consistency across continents and the ability to automatically scale compute capacity. Which THREE configurations should they choose?

Select 3 answers
A.Enable autoscaling with processing units and set min and max
B.Set a target high-priority CPU utilization for autoscaling
C.Use nodes with a fixed number
D.Use a multi-region configuration (e.g., nam3)
E.Use a regional configuration
AnswersA, B, D

Autoscaling with processing units allows automatic capacity adjustment.

Why this answer

For global strong consistency, a multi-region configuration is required (e.g., nam3, eur3). To auto-scale, you use processing units with a min and max, and set a target high-priority CPU utilization. Nodes are not used with autoscaling.

Regional configurations only cover one region. Single-region does not provide global consistency.

655
MCQmedium

A company wants to use Firestore security rules to allow users to read documents only if they are the owner (user ID matches the 'owner' field in the document). Which rule is correct?

A.allow read: if resource.data.uid == request.auth.token.email;
B.allow read: if request.auth.token.owner == resource.data.uid;
C.allow read: if request.auth.uid == 'owner';
D.allow read: if resource.data.owner == request.auth.uid;
AnswerD

This checks the authenticated user's UID against the document's owner field.

Why this answer

The correct rule uses request.auth.uid to get the authenticated user's ID and resource.data.owner to compare against the document's owner field. The 'owner' field must exist and match the user ID.

656
Multi-Selectmedium

A company is using Cloud Spanner for a global inventory system. They need to ensure that queries for an order and its line items are fast. Which THREE design choices will help achieve this? (Choose three)

Select 3 answers
A.Store orders and line items in separate regions
B.Use interleaved tables for orders and line items
C.Define a primary key on orders as (order_id) and line items as (order_id, line_item_id)
D.Use local secondary indexes on line items
E.Use global secondary indexes on line items
AnswersB, C, D

Interleaving stores line items with their parent order for faster joins.

Why this answer

Interleaved tables in Cloud Spanner physically co-locate parent and child rows on the same split, so a query joining orders and line items by the parent key (order_id) can be served from a single split without distributed reads. This eliminates cross-node network hops, dramatically reducing latency for the inventory system's order+line-item queries.

Exam trap

Cisco often tests the misconception that global secondary indexes are always faster than local ones, but in Spanner, local secondary indexes are optimized for parent-child queries because they are co-located with the base table rows, while global indexes may require cross-split lookups.

657
Multi-Selectmedium

A team is migrating a Redshift data warehouse to BigQuery using BigQuery Data Transfer Service. They need to ensure the transfer is secure and cost-effective. Which THREE considerations are important?

Select 3 answers
A.Configure private VPC peering between Redshift and BigQuery.
B.Use Amazon S3 as intermediate staging for unloaded data.
C.Encrypt data in transit using SSL/TLS.
D.Set up automatic refresh schedule for incremental data loads.
E.Enable Cloud NAT for the transfer service to access Redshift.
AnswersB, C, D

Redshift unloads to S3, then transfer service loads from S3 to GCS/BigQuery.

Why this answer

Intermediate staging in S3, encrypting data in transit, and enabling automatic refresh are typical considerations for Redshift to BigQuery transfers using Data Transfer Service.

658
Multi-Selectmedium

A company needs to query data across Cloud SQL (MySQL) and Bigtable using BigQuery without moving the data. Which TWO configurations are required?

Select 2 answers
A.Enable BigQuery Omni for cross-cloud querying.
B.Use Dataflow to replicate Cloud SQL and Bigtable data to BigQuery.
C.Create an external table in BigQuery that references the Bigtable table using a Bigtable URI.
D.Create an external table in BigQuery that references the Cloud SQL database using a federated connection.
E.Create a BigQuery dataset in the same region as Cloud SQL and Bigtable.
AnswersC, D

BigQuery supports external tables for Bigtable using the Bigtable URI.

659
MCQmedium

A company is using Cloud SQL for MySQL and wants to offload read traffic to a replica for better performance. They also need the replica to be available for disaster recovery in a different region. What should they do?

A.Enable high availability on the primary instance.
B.Create a cross-region read replica in another region.
C.Create a same-region read replica and use failover.
D.Use an external replica in another region via MySQL replication.
AnswerB

A cross-region read replica provides read offloading and can be promoted for DR in another region.

Why this answer

Cross-region read replicas serve both read scaling and disaster recovery. They can be promoted to primary in a different region. Same-region replicas do not protect against regional failures.

External replicas are not necessary; Cloud SQL supports cross-region replicas natively.

660
MCQmedium

A Cloud Bigtable instance is experiencing high latency for reads of recent data. The row keys start with a timestamp. What is the MOST likely cause?

A.Too many column families
B.Garbage collection policy too aggressive
C.Insufficient number of nodes
D.Row key design leading to hotspotting
AnswerD

Timestamp-first row keys cause a hotspot on the latest tablet server, increasing latency.

Why this answer

Using timestamp as the leading part of the row key causes all recent writes to go to a single tablet server, creating a hotspot.

661
MCQeasy

A company uses Memorystore for Redis as a cache in front of Cloud Spanner. They want to ensure cache updates happen asynchronously when Spanner data changes. Which pattern is most appropriate?

A.Implement a saga pattern
B.Use a two-phase commit between Spanner and Memorystore
C.Implement a cache-aside pattern with TTL
D.Use Spanner change streams to invalidate cache entries via Pub/Sub
AnswerC

Cache-aside with TTL is a standard pattern for maintaining eventual consistency.

Why this answer

The cache-aside pattern involves the application checking the cache first, and if not found, loading from the database and updating the cache. Eventual consistency is acceptable for cache. The saga pattern is for distributed transactions, not caching.

662
Multi-Selectmedium

Which TWO are best practices for setting up Cloud Monitoring alerting policies to minimize alert fatigue? (Select exactly 2.)

Select 2 answers
A.Aggregate metrics across all projects before alerting.
B.Use condition thresholds with an 'AND' combination of multiple metrics.
C.Use log-based metrics for all alerts instead of metric-based alerts.
D.Create a separate alerting policy for each possible symptom.
E.Set the 'for' parameter to a duration longer than typical transient spikes.
AnswersB, E

Requires both conditions to be true reduces noise.

Why this answer

Using multiple conditions with AND logic reduces false positives. Setting 'for' duration prevents transient spikes from alerting. Aggregating across projects first is not best practice; it's better to alert per project.

Using log-based metrics for everything is not always appropriate. Synthetic monitors are for availability, not general alerting.

663
MCQeasy

A company wants to migrate their MySQL 5.7 database to Cloud SQL for MySQL. They are concerned about performance after migration. Which step is essential for ensuring optimal performance on Cloud SQL?

A.Use Cloud SQL Auth Proxy to connect to the source.
B.Enable binary logging on the source database before migration.
C.Convert all MyISAM tables to InnoDB.
D.Set the character set to utf8mb4 on the source.
AnswerC

MyISAM is deprecated in MySQL 8.0 and not supported; converting to InnoDB is necessary for compatibility and performance.

Why this answer

MyISAM tables are not supported on Cloud SQL for MySQL 8.0; they must be converted to InnoDB. InnoDB is the default engine and provides better performance, crash recovery, and concurrency.

664
MCQhard

A company uses GKE with cluster autoscaling and node auto-upgrade. During a traffic spike, new pods are unschedulable even though the cluster autoscaler adds nodes. What is the most likely cause?

A.The pods have resource requests that exceed available node capacity
B.The cluster autoscaler is disabled
C.The node pool has reached its maximum size limit
D.The pods have tolerations that don't match node taints
E.The nodes are in unhealthy status
AnswerD

Newly added nodes may have taints (e.g., from node auto-upgrade) that the pods do not tolerate, preventing scheduling.

Why this answer

Option D is correct because if pods have tolerations that do not match the taints on the nodes, the scheduler will not place them on those nodes, even if the cluster autoscaler has added new nodes. This mismatch prevents scheduling, leading to unschedulable pods despite sufficient node capacity.

Exam trap

The PCD exam often tests the distinction between resource-based scheduling failures (like insufficient capacity) and policy-based scheduling failures (like taint/toleration mismatches), where candidates mistakenly assume that adding nodes always solves unschedulable pods.

How to eliminate wrong answers

Option A is wrong because resource requests exceeding node capacity would cause the cluster autoscaler to add more nodes, but the question states new nodes are added; the issue is scheduling, not capacity. Option B is wrong because the cluster autoscaler is explicitly stated to be adding nodes, so it is not disabled. Option C is wrong because if the node pool had reached its maximum size limit, the autoscaler would not add nodes, but the question says it does add nodes.

Option E is wrong because unhealthy nodes would be cordoned or drained by GKE's node auto-repair, but the autoscaler adds new nodes; the problem is pod scheduling, not node health.

665
MCQmedium

An e-commerce application uses Cloud SQL for transactional data and Cloud Bigtable for user session logs. A new requirement demands real-time analytics that joins order data with session behavior. The team wants to avoid moving data into a separate data warehouse. Which approach should they take?

A.Use BigQuery federated queries with external tables for both Cloud SQL and Bigtable
B.Use Dataflow to continuously stream both Cloud SQL and Bigtable data into a single BigQuery dataset
C.Use Cloud Spanner as a unified database for both transactional and session data
D.Use Datastream to replicate Cloud SQL data to BigQuery, then join with Bigtable data using BigQuery's Bigtable external table
AnswerA

Federated queries allow querying Cloud SQL and Bigtable in-place, no data movement.

Why this answer

BigQuery federated queries allow you to query data in Cloud SQL and Cloud Bigtable directly using external tables, without moving the data. This approach meets the real-time analytics requirement by joining order data (Cloud SQL) with session logs (Cloud Bigtable) in a single SQL query, avoiding the need for a separate data warehouse or data movement.

Exam trap

Cisco often tests the distinction between 'avoid moving data' and 'acceptable data replication' — candidates may incorrectly choose options that involve streaming or replication (like B or D) because they seem efficient, but the question explicitly prohibits moving data into a separate data warehouse.

How to eliminate wrong answers

Option B is wrong because continuously streaming both Cloud SQL and Bigtable data into a single BigQuery dataset involves moving data, which the requirement explicitly wants to avoid, and adds latency and cost. Option C is wrong because Cloud Spanner is a globally distributed relational database designed for strong consistency and high availability, not for real-time analytics on heterogeneous data sources; it would require migrating all data and does not natively support joining with Bigtable. Option D is wrong because Datastream replicates Cloud SQL data to BigQuery, but this still involves moving data (Cloud SQL to BigQuery), and the join with Bigtable's external table is then performed in BigQuery, which is a valid pattern but violates the 'avoid moving data' constraint for the Cloud SQL side.

666
Multi-Selectmedium

A company uses Cloud SQL for MySQL and wants to set up cross-region disaster recovery with automated failover. Which two steps are required? (Choose 2)

Select 2 answers
A.Create a cross-region read replica with failover enabled.
B.Use Database Migration Service to continuously replicate to another region.
C.Deploy Cloud SQL in HA configuration within the same region.
D.Set up point-in-time recovery (PITR) with 7-day retention.
E.Enable automated backups and configure cross-region backup copies.
AnswersA, E

A cross-region replica can be promoted to primary in a disaster.

Why this answer

Enabling automated backups and cross-region copies ensures data is available in another region. Configuring a cross-region read replica with failover capability provides a DR instance that can be promoted in a disaster. Point-in-time recovery is for granular restore, not failover.

667
MCQmedium

A company runs a high-traffic web application that reads session data frequently. They want to reduce latency and offload database load. Which Google Cloud service should they use as a caching layer?

A.Memorystore for Redis
B.Cloud SQL
C.Firestore
D.Cloud Bigtable
AnswerA

Memorystore provides low-latency caching, perfect for session data.

Why this answer

Memorystore (Redis) is the managed caching service on GCP, ideal for session stores and reducing database load. Cloud SQL, Bigtable, and Firestore are not suitable as low-latency caches.

668
MCQeasy

An application needs a low-latency in-memory cache to reduce database load and improve response times. The cache must support pub/sub messaging and rate limiting. Which GCP service should be used?

A.Firestore
B.Memorystore for Redis
C.Cloud SQL
D.Memorystore for Memcached
AnswerB

Redis supports caching, pub/sub, and rate limiting (using commands like INCR and EXPIRE).

Why this answer

Memorystore for Redis provides in-memory caching, pub/sub, and rate limiting capabilities. Memcached does not support pub/sub.

669
MCQeasy

Which Google Cloud database is serverless, supports offline data synchronization for mobile applications, and provides real-time updates via listeners?

A.Cloud SQL
B.Cloud Spanner
C.Bigtable
D.Firestore
AnswerD

Correct: serverless NoSQL document database with offline sync and real-time listeners.

Why this answer

Firestore is a serverless NoSQL document database designed for mobile and web apps. It provides offline persistence, real-time listeners, and Security Rules for access control. Cloud SQL and Spanner are not serverless; Bigtable requires cluster management.

670
MCQmedium

A development team is implementing a CI/CD pipeline using Cloud Build. They need to ensure that sensitive data, such as API keys, are never exposed in build logs. What is the best practice?

A.Use Cloud Build's encrypted variables or Secret Manager to pass secrets at build time.
B.Store the API keys in a separate file in the source repository and reference it in the build.
C.Use custom substitutions with default values and rely on Cloud Build's encryption.
D.Store the API keys as plain text in cloudbuild.yaml and restrict access to the file.
AnswerA

Secrets can be passed at runtime and are not logged.

Why this answer

Option A is correct because Cloud Build's encrypted variables and Secret Manager are designed to securely inject sensitive data like API keys at build time without exposing them in logs. Encrypted variables are stored in Cloud KMS and decrypted only during the build, while Secret Manager provides versioned secrets with fine-grained access control. This ensures secrets never appear in plaintext in the build configuration or output logs.

Exam trap

The PCD exam often tests the misconception that storing secrets in a separate file in the source repository or using file permissions is sufficient, when in fact any plaintext storage in version control or build configuration risks exposure in logs or repository history.

How to eliminate wrong answers

Option B is wrong because storing API keys in a separate file in the source repository still commits them to version control, which can be exposed via branch history, forks, or accidental public access. Option C is wrong because custom substitutions with default values are not inherently encrypted; they are plaintext in the build configuration and can appear in logs if not carefully managed, and Cloud Build does not automatically encrypt substitutions. Option D is wrong because storing API keys as plaintext in cloudbuild.yaml, even with restricted file access, leaves them visible in the build configuration and logs, and file permissions do not prevent exposure during build execution or in stored artifacts.

671
MCQhard

A developer deploys a Cloud Function (2nd gen) that processes messages from Pub/Sub. The function sometimes fails with 'Deadline Exceeded' for messages that take longer than 9 minutes. What should the developer do to handle these long-running messages without losing them?

A.Configure the function to retry on failure and set a maximum retry count.
B.Increase the Cloud Function timeout to 60 minutes.
C.Set the Pub/Sub subscription acknowledgment deadline to 10 minutes and implement a push endpoint that acknowledges after processing.
D.Use Cloud Tasks instead of Pub/Sub for asynchronous invocation.
AnswerC

Extending the ack deadline prevents the message from being redelivered before processing completes.

Why this answer

Option C is correct because Cloud Functions (2nd gen) have a maximum timeout of 60 minutes, but Pub/Sub push subscriptions have a default acknowledgment deadline of 10 seconds. By setting the acknowledgment deadline to 10 minutes and implementing a push endpoint that acknowledges after processing, the developer ensures the message is not redelivered prematurely while allowing the function up to 10 minutes to complete. This prevents 'Deadline Exceeded' errors for messages that take longer than 9 minutes without losing messages, as the subscription will wait for the acknowledgment before considering the message as failed.

Exam trap

The PCD exam often tests the misconception that increasing the Cloud Function timeout alone solves Pub/Sub push subscription issues, but the trap here is that the Pub/Sub subscription's acknowledgment deadline is independent of the function timeout and must be configured separately to prevent premature redelivery.

How to eliminate wrong answers

Option A is wrong because configuring retry on failure with a maximum retry count does not address the root cause of the timeout; it only retries the same failing invocation, which will still exceed the 9-minute limit and continue to fail. Option B is wrong because increasing the Cloud Function timeout to 60 minutes does not change the Pub/Sub push subscription's acknowledgment deadline (default 10 seconds), so the subscription will still consider the message as undelivered and redeliver it, causing duplicate processing and potential 'Deadline Exceeded' errors. Option D is wrong because Cloud Tasks is an alternative service for asynchronous invocation, but it does not solve the specific issue of Pub/Sub's acknowledgment deadline; the developer would still need to configure timeouts and retries appropriately, and the question explicitly asks for handling long-running messages without losing them within the Pub/Sub context.

672
MCQeasy

Refer to the exhibit. A developer is deploying a container to Cloud Run and receives the error shown. What is the most likely cause?

A.The container's health check is failing because the startup command is incorrect.
B.The PORT environment variable is not set correctly in the Cloud Run service configuration.
C.The container image does not exist in the specified registry.
D.The container is trying to listen on a privileged port (e.g., 80) instead of the expected port 8080.
AnswerD

Correct: The 'Permission denied' error when binding to port 8080 is misleading; the application likely attempts to bind to a lower port (like 80) that requires root, but Cloud Run runs as non-root.

Why this answer

Cloud Run requires containers to listen on the port specified by the PORT environment variable, which defaults to 8080. The error indicates the container is trying to bind to port 80, a privileged port, which is not allowed by the Cloud Run runtime sandbox. This mismatch causes the container to fail health checks and deployment.

Exam trap

The PCD exam often tests the misconception that the error is due to a missing image or incorrect health check, when in fact the container is failing to bind to the correct port because it ignores the PORT environment variable.

How to eliminate wrong answers

Option A is wrong because the error message explicitly states 'listen tcp :80: bind: permission denied', not a startup command failure; the command may be correct but the port is wrong. Option B is wrong because the PORT environment variable is set correctly by Cloud Run (default 8080), but the container is ignoring it and trying to use port 80 instead. Option C is wrong because the error is about port binding, not image retrieval; if the image were missing, the error would be 'Image not found' or 'Unauthorized'.

673
MCQmedium

A team uses Cloud Build to automatically deploy a Cloud Function on push to a repository. The build fails intermittently with 'PERMISSION_DENIED' when executing gcloud functions deploy. What is the most likely cause?

A.The region specified in the build configuration does not match the function's region.
B.The build configuration file has a syntax error.
C.The Cloud Source Repository does not have the correct triggers.
D.The Cloud Build service account lacks the necessary IAM permissions on the Cloud Functions API.
AnswerD

Cloud Build requires roles/cloudfunctions.developer to deploy functions.

Why this answer

The intermittent 'PERMISSION_DENIED' error when Cloud Build runs `gcloud functions deploy` indicates that the Cloud Build service account does not have the required IAM roles (e.g., Cloud Functions Developer or Cloud Functions Admin) on the Cloud Functions API. Cloud Build uses its default compute engine service account (or a user-specified service account) to execute build steps; if this account lacks the `cloudfunctions.functions.create` or `cloudfunctions.functions.update` permission, the deployment will fail, and the intermittent nature may be due to eventual consistency or race conditions in IAM propagation.

Exam trap

Cisco often tests the distinction between build trigger configuration errors and runtime permission errors, leading candidates to incorrectly select trigger-related options when the error occurs during the deployment step itself.

How to eliminate wrong answers

Option A is wrong because a region mismatch would cause a different error (e.g., 'INVALID_ARGUMENT' or 'NOT_FOUND'), not a 'PERMISSION_DENIED' error, and the error would be consistent, not intermittent. Option B is wrong because a syntax error in the build configuration file would cause the build to fail at the parsing stage with a YAML or JSON parse error, not with a 'PERMISSION_DENIED' error during the `gcloud functions deploy` step. Option C is wrong because Cloud Source Repository triggers are responsible for initiating the build, not for the permissions required during the deployment step; incorrect triggers would prevent the build from starting at all, not cause an intermittent permission error during execution.

674
MCQhard

A multinational corporation runs a web application on Google Kubernetes Engine (GKE) with multiple microservices. They use Cloud Service Mesh (Anthos) for observability and security. The application uses gRPC for inter-service communication. Recently, they have observed increased latency and occasional timeouts between services in different regional clusters connected via Cloud VPN. The team wants to diagnose the issue and improve reliability. They suspect network round-trip time (RTT) is causing the latency, but they are not sure if the problem is at the application or network layer. Which tool should they use to pinpoint the exact cause?

A.Use Cloud Monitoring to view gRPC latency distributions and break down by service and method.
B.Use Cloud Trace to analyze distributed traces and identify bottlenecks in request paths.
C.Use VPC Flow Logs to examine network throughput and packet loss.
D.Use Cloud Logging to search for error logs in the application containers.
AnswerB

Cloud Trace captures end-to-end latency for each request.

Why this answer

Cloud Trace is the correct tool because it provides end-to-end distributed tracing, which can capture the exact latency contribution of each gRPC call across microservices and regional clusters. By analyzing trace spans, the team can determine whether the increased latency is due to network round-trip time (RTT) between clusters or due to application-level processing delays within a service.

Exam trap

The trap here is that candidates confuse aggregated metrics (Cloud Monitoring) with distributed tracing (Cloud Trace), failing to recognize that only tracing can break down latency per request hop across services and clusters.

How to eliminate wrong answers

Option A is wrong because Cloud Monitoring can show aggregated gRPC latency distributions but cannot break down latency into individual request hops or pinpoint whether the delay occurs at the network layer versus application layer. Option C is wrong because VPC Flow Logs capture network metadata (e.g., throughput, packet loss) but do not provide per-request application-level tracing or gRPC method-level insights needed to isolate the exact cause of latency in inter-service communication. Option D is wrong because Cloud Logging only surfaces error logs and does not provide latency breakdowns or distributed trace context to identify where time is spent across service boundaries.

675
MCQmedium

A company is deploying a microservices application on Google Kubernetes Engine (GKE) and needs to ensure that services can discover each other without hardcoding IP addresses. Which approach should they use?

A.Use environment variables injected into each pod
B.Use a ConfigMap to store service endpoints
C.Use Cloud DNS with Kubernetes Services of type ClusterIP
D.Use Cloud Load Balancing to route traffic between services
AnswerC

GKE automatically creates DNS records for Services.

Why this answer

Option C is correct because Kubernetes Services of type ClusterIP provide a stable virtual IP and DNS name (via Cloud DNS) that resolves to the service's ClusterIP, enabling pods to discover each other without hardcoding IP addresses. GKE integrates with Cloud DNS to automatically register service DNS names in the format <service>.<namespace>.svc.cluster.local, allowing microservices to communicate reliably even if pods are rescheduled or IPs change.

Exam trap

The trap here is that candidates often confuse static configuration methods (environment variables or ConfigMaps) with dynamic service discovery, overlooking that Kubernetes' built-in DNS for ClusterIP services is the standard, automated solution for internal pod-to-pod communication.

How to eliminate wrong answers

Option A is wrong because environment variables injected into each pod are static and only set at pod creation time; they do not update dynamically when services are added, removed, or rescheduled, leading to stale references. Option B is wrong because a ConfigMap is a static key-value store for configuration data, not a dynamic service discovery mechanism; it cannot automatically update endpoints when pods scale or fail. Option D is wrong because Cloud Load Balancing is designed for external traffic distribution and does not provide internal service discovery or DNS-based resolution between microservices within the cluster.

Page 8

Page 9 of 14

Page 10