Back to Google Professional Cloud Developer questions

Scenario-based practice

Hard Difficulty Questions

Practise Google Professional Cloud Developer practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
PCD
exam code
Google Cloud
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related PCD topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

A company is deploying a microservices architecture on GKE. They need to expose a set of related microservices under a single external IP address with path-based routing. Which Kubernetes resource should they use?

Question 2hardmultiple choice
Full question →

A company uses Cloud Logging to centralize logs from multiple projects. They want to create a log-based metric for tracking 404 errors. However, the metric shows zero data even though 404 errors are occurring. What is the most likely reason?

Question 3hardmultiple choice
Full question →

A company running a high-traffic e-commerce platform on Google Cloud experiences occasional data loss in their Cloud SQL database during failover events. The database is configured with a failover replica in a different zone. What is the most likely cause of the data loss?

Question 4hardmulti select
Full question →

A team is designing a globally distributed application on Google Cloud that requires strong consistency for writes but can tolerate eventual consistency for reads. The application expects millions of concurrent users. Which two strategies should they implement? (Choose two.)

Question 5hardmultiple choice
Full question →

A developer finds the JSON key shown in the exhibit in a Cloud Storage bucket that is publicly accessible. Which security best practice was violated?

Network Topology
"private_key": "BEGIN PRIVATE KEYEND PRIVATE KEYRefer to the exhibit."type": "service_account","project_id": "my-project","private_key_id": "abc123",...","client_email": "sa@my-project.iam.gserviceaccount.com","client_id": "123456789","auth_uri": "https://accounts.google.com/o/oauth2/auth","token_uri": "https://oauth2.googleapis.com/token","auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/sa@my-project.iam.gserviceaccount.com"
Question 6hardmultiple choice
Full question →

A company runs a stateful application on Compute Engine instances with local SSDs. They need to perform maintenance that requires stopping the instances. What is the best approach to ensure data durability and minimal downtime?

Question 7hardmultiple choice
Full question →

You are troubleshooting a web application deployed on Compute Engine instances behind a target pool. Users report intermittent timeouts when accessing the application via the forwarding rule's IP address. Based on the exhibit, what is the most likely cause of the issue?

Network Topology
gcloud compute forwarding-rules listformat jsonRefer to the exhibit."name": "web-frontend","region": "us-central1","IPAddress": "34.123.45.67","IPProtocol": "TCP","portRange": "80-80","target": "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/targetPools/web-pool"
Question 8hardmultiple choice
Full question →

Refer to the exhibit. A developer deployed a Cloud Run service as shown. Authenticated requests from another service in the same project using a service account receive 403 Forbidden. What is the most likely cause?

Network Topology
gcloud builds submittag gcr.io/my-project/my-image .gcloud run deploy my-serviceimage gcr.io/my-project/my-imageregion us-central1no-allow-unauthenticatedRefer to the exhibit.Then:
Question 9hardmulti select
Full question →

Which THREE steps are required to set up a CI/CD pipeline for Cloud Run using Cloud Build and GitHub? (Choose THREE.)

Question 10hardmultiple choice
Full question →

A developer runs the above command and cloudbuild.yaml. The build fails at the deploy step with a permission error. The developer has the Cloud Build Editor role on the project. What is the likely cause?

Network Topology
gcloud builds submitconfig cloudbuild.yamlargs: ['run'image'region'Refer to the exhibit.# cloudbuild.yamlsteps:- name: 'gcr.io/cloud-builders/docker'args: ['build', '-t', 'gcr.io/myproject/myimage', '.']args: ['push', 'gcr.io/myproject/myimage']- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'entrypoint: 'gcloud'
Question 11hardmultiple choice
Full question →

A developer is designing a CI/CD pipeline for a Node.js application hosted on Cloud Run using Cloud Build. The pipeline should run unit tests, build the container, push to Artifact Registry, and deploy to Cloud Run. The developer wants to minimize build time by caching dependencies. What is the recommended approach?

Question 12hardmulti select
Full question →

A team is deploying a critical application on Google Kubernetes Engine (GKE) and needs to ensure high availability and disaster recovery. Which THREE actions should they take?

Question 13hardmultiple choice
Full question →

A company deploys a Java application on Compute Engine with a preemptible VM instance group managed by an instance template. The application writes critical state to local SSD. After a preemption event, the new instance starts fresh and loses state. What is the best practice to ensure state persistence?

Question 14hardmultiple choice
Full question →

An administrator runs the above command to create a Compute Engine instance. However, the nginx service does not start. What is the most likely cause?

Exhibit

Refer to the exhibit.

gcloud compute instances create my-instance \
    --zone=us-central1-a \
    --machine-type=e2-medium \
    --image-family=debian-11 \
    --image-project=debian-cloud \
    --boot-disk-size=10GB \
    --boot-disk-type=pd-standard \
    --metadata=startup-script='#!/bin/bash
    apt-get update
    apt-get install -y nginx
    systemctl enable nginx
    systemctl start nginx'
Question 15hardmulti select
Full question →

Which TWO actions should a developer take to ensure that a Cloud Run service can access a Cloud SQL instance securely?

Question 16hardmulti select
Full question →

A team is building a serverless event-driven application using Cloud Functions and Cloud Pub/Sub. The function processes messages from a Pub/Sub subscription and writes results to Firestore. During peak hours, the function experiences high latency and some messages are being retried multiple times. Which three steps should the team take to improve reliability and scalability? (Choose three.)

A DevOps team wants to set up custom metrics for a serverless application running on Cloud Run. The application emits metrics using OpenTelemetry. They need to collect these metrics and create an alerting policy that triggers when the 99th percentile latency exceeds 500ms for 5 minutes. Which TWO actions must they take? (Choose two.)

Question 18hardmulti select
Full question →

You are designing a serverless application using Cloud Functions that processes events from Cloud Storage and Cloud Pub/Sub. The function must be idempotent and handle duplicate events. Which three best practices should you implement? (Choose THREE.)

Question 19hardmultiple choice
Full question →

You are designing a monitoring strategy for a microservices architecture running on GKE. Each service emits custom business metrics (e.g., order processing time). You want to create a dashboard that shows the 99th percentile latency for each service over the last 7 days. Which approach should you take?

Question 20hardmultiple choice
Full question →

A team is migrating a monolithic .NET application to Cloud Run. The application uses .NET Framework 4.8 and depends on Windows-specific libraries. What is the recommended approach to containerize and deploy this application?

These PCD practice questions are part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style PCD questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.