Back to Google Professional Cloud DevOps Engineer

Google Cloud exam questions

Google Professional Cloud DevOps Engineer PCDOE practice test

Practise PCDOE NAT and PAT questions covering address translation types, inside/outside interface roles, static vs dynamic vs PAT, and troubleshooting missing or incorrect translations.

500
practice questions
6
topics covered
PCDOE
exam code
Google Cloud
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 500 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 500 PCDOE questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

7 pages · 75 questions per page · 500 total

Related practice questions

Study PCDOE by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Google Professional Cloud DevOps Engineer practice questions

Start practice test

Order the steps to set up a CI/CD pipeline using Cloud Build and Cloud Deploy for a Cloud Run service.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Order the steps to configure a VPC Network Peering between two projects.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Order the steps to respond to a Google Cloud security incident involving a compromised service account key.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Refer to the exhibit. The Cloud Build fails with a permission error. The Cloud Build service account has roles/cloudbuild.builds.builder and roles/cloudfunctions.developer on the project. What is the missing permission?

Exhibit

steps:
- name: 'gcr.io/cloud-builders/gcloud'
  entrypoint: 'bash'
  args:
    - '-c'
    - |
      gcloud functions deploy my-function \
        --runtime nodejs18 \
        --trigger-http \
        --allow-unauthenticated

A company is setting up a new Google Cloud organization. They want to ensure that all projects inherit common IAM policies. What is the best practice?

A DevOps team is bootstrapping CI/CD pipelines that need access to API keys stored in Secret Manager. The pipelines run on Cloud Build. What is the best practice for granting access to secrets?

A DevOps team is bootstrapping their Google Cloud organization and wants to enable Infrastructure as Code (IaC) using Terraform. They need a service account that Terraform can use to create and manage resources across multiple projects. What is the best practice for creating and managing this service account?

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is bootstrapping a Google Cloud organization with multiple subsidiaries. Each subsidiary needs its own folder with IAM policies that are managed locally, but the parent company wants to enforce a global policy that restricts the use of certain machine types (e.g., N2D) for cost control. However, one subsidiary has a legitimate need for those machine types in a specific project. What is the best way to handle this exception while maintaining the global policy?

To securely manage secrets (e.g., API keys) used in Cloud Build pipelines, which service should be used?

A DevOps engineer needs to set up a centralized logging solution for multiple projects. They want to store logs in a BigQuery dataset for analysis. What is the best approach?

An organization is using Cloud Source Repositories and wants to enforce that all commits are signed with a verified GPG key. How can they enforce this?

A DevOps engineer notices that developers are accidentally deleting Cloud Storage buckets. The organization wants to prevent accidental deletion while still allowing developers to manage bucket objects. What is the best practice?

A DevOps engineer is designing a CI/CD pipeline using Cloud Build. Which TWO configurations are necessary to ensure secure and reliable deployments? (Choose two.)

A startup is bootstrapping their Google Cloud organization with the following constraints: they have a small team of 10 developers, each with varying levels of expertise. They want a simple setup that allows developers to experiment in their own projects but prevents them from deleting production resources. They also want to enforce a budget limit on each project to avoid unexpected costs. The team has no prior Google Cloud experience and wants minimal operational overhead. Which of the following approaches best meets their needs?

You are designing alerting policies for a microservice architecture. Which TWO metrics are most suitable for triggering a page to the on-call engineer?

Question 16hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company runs an application on Google Cloud with an SLO of 99.99% monthly availability. They use a multi-region deployment with Cloud Load Balancing and Cloud Spanner. During a regional outage in us-central1, traffic fails over to us-east1. However, the incident response team is not alerted because the error budget burn rate remained below the alert threshold. What should the team change to ensure timely alerting for such regional failures?

An organization has a service that must meet a 99.99% SLO. The service runs on GKE and uses Cloud SQL. The team notices that during a major incident, the error budget is consumed rapidly. They want to implement a mechanism to automatically rollback deployments that cause sustained error budget consumption above a threshold. What is the best approach?

During a post-incident review, the team discovers that a misconfiguration in Cloud Armor caused legitimate traffic to be blocked, leading to a outage. The misconfiguration was introduced by a junior engineer who had overly permissive IAM roles. What is the best way to prevent similar incidents in the future?

During a canary deployment of a new version of a microservice, the engineer notices increased error rates in the canary instances. What is the best immediate action?

An SRE team created the above logs-based metric. They expect it to count the number of HTTP 500 errors per instance. However, the metric shows no data. What is the most likely cause?

Exhibit

```
"logsBasedMetric": {
  "filter": "resource.type=\"gce_instance\" AND jsonPayload.status=\"500\"",
  "metricDescriptor": {
    "metricKind": "DELTA",
    "valueType": "INT64",
    "name": "custom.googleapis.com/errors/5xx"
  },
  "labelExtractors": {
    "instance_id": "EXTRACT(jsonPayload.instance_id)"
  },
  "description": "Count of 500 errors per instance"
}
```

A team wants to implement multi-cluster monitoring for GKE using Managed Service for Prometheus. Which configuration is required?

A DevOps engineer needs to verify if a load balancer's health check is behaving normally by examining historical trends. Where should they look?

A team is using Cloud Monitoring to track the performance of a microservices application. They set up an uptime check for each service, but they notice that some checks are failing intermittently without actual service degradation. What is the most likely cause?

A DevSecOps team is configuring Cloud Monitoring alerts for proactive incident response. Which two practices are recommended for effective alerting? (Choose two.)

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these PCDOE questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Exhibit-style questions test whether you can read a topology, command output, diagram or table before choosing the best answer.

How to extract the relevant detail from an exhibit.

How topology, command output or routing information affects the answer.

How to avoid answering from memory before reading the evidence.

How to map the exhibit back to the exam objective.

These PCDOE practice questions are part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style PCDOE questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.