Back to Google Professional Cloud DevOps Engineer questions

Scenario-based practice

Hard Difficulty Questions

Practise Google Professional Cloud DevOps Engineer practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
PCDOE
exam code
Google Cloud
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related PCDOE topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is bootstrapping a Google Cloud organization with multiple subsidiaries. Each subsidiary needs its own folder with IAM policies that are managed locally, but the parent company wants to enforce a global policy that restricts the use of certain machine types (e.g., N2D) for cost control. However, one subsidiary has a legitimate need for those machine types in a specific project. What is the best way to handle this exception while maintaining the global policy?

Question 2hardmultiple choice
Full question →

An organization is using Cloud Source Repositories and wants to enforce that all commits are signed with a verified GPG key. How can they enforce this?

Question 3hardmultiple choice
Full question →

A DevOps engineer notices that developers are accidentally deleting Cloud Storage buckets. The organization wants to prevent accidental deletion while still allowing developers to manage bucket objects. What is the best practice?

Question 4hardmulti select
Full question →

A DevOps engineer is designing a CI/CD pipeline using Cloud Build. Which TWO configurations are necessary to ensure secure and reliable deployments? (Choose two.)

Question 5hardmulti select
Full question →

You are designing alerting policies for a microservice architecture. Which TWO metrics are most suitable for triggering a page to the on-call engineer?

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company runs an application on Google Cloud with an SLO of 99.99% monthly availability. They use a multi-region deployment with Cloud Load Balancing and Cloud Spanner. During a regional outage in us-central1, traffic fails over to us-east1. However, the incident response team is not alerted because the error budget burn rate remained below the alert threshold. What should the team change to ensure timely alerting for such regional failures?

Question 7hardmultiple choice
Full question →

An organization has a service that must meet a 99.99% SLO. The service runs on GKE and uses Cloud SQL. The team notices that during a major incident, the error budget is consumed rapidly. They want to implement a mechanism to automatically rollback deployments that cause sustained error budget consumption above a threshold. What is the best approach?

Question 8hardmultiple choice
Full question →

During a post-incident review, the team discovers that a misconfiguration in Cloud Armor caused legitimate traffic to be blocked, leading to a outage. The misconfiguration was introduced by a junior engineer who had overly permissive IAM roles. What is the best way to prevent similar incidents in the future?

Question 9hardmultiple choice
Full question →

A team wants to implement multi-cluster monitoring for GKE using Managed Service for Prometheus. Which configuration is required?

Question 10hardmultiple choice
Full question →

A financial services company uses Spanner for their core database. They notice that some transactions are taking longer than expected, especially during cross-region writes. They have set up Spanner with regional configuration. What is the most likely cause?

Question 11hardmultiple choice
Full question →

Refer to the exhibit. After applying the shown firewall rule, users report increased latency to a web application. What is the most likely cause?

Exhibit

Firewall rule JSON:
{
  "name": "deny-high-latency",
  "network": "default",
  "priority": 1000,
  "direction": "INGRESS",
  "sourceRanges": ["0.0.0.0/0"],
  "allow": [{"protocol": "tcp", "ports": ["80","443"]}],
  "deny": [{"protocol": "tcp", "ports": ["80","443"]}],
  "logConfig": {"metadata": "INCLUDE_ALL_METADATA"}
}
Question 12hardmultiple choice
Full question →

You are designing a globally distributed application using Cloud Spanner. The application has a write-heavy workload. You notice that write latency increases as the number of nodes increases. What is the most likely cause?

Question 13hardmulti select
Read the full NAT/PAT explanation →

Which THREE factors should you consider when designing a Cloud Run service for optimal performance under unpredictable traffic patterns? (Choose 3)

Question 14hardmultiple choice
Review the full routing breakdown →

An e-commerce platform is using Cloud Load Balancing with a backend service that has a custom health check. The health check is failing intermittently, causing traffic to be routed away from healthy instances. The team has enabled Cloud Logging and wants to diagnose the issue. Which log view should they examine to see the health check probe results?

Question 15hardmulti select
Full question →

Which TWO are valid methods to manage service account keys securely? (Select exactly 2)

Question 16hardmulti select
Full question →

Which THREE steps are typically part of a formal incident postmortem according to Google SRE best practices?

Question 17hardmultiple choice
Full question →

A company wants to reduce costs associated with Cloud Monitoring. They have many custom metrics and high ingestion rates. Which cost optimization strategy is most effective?

Question 18hardmultiple choice
Full question →

Refer to the exhibit. What is the effect of the metricRelabelings section in this ServiceMonitor?

Exhibit

Refer to the exhibit.
```yaml
apiVersion: monitoring.googleapis.com/v1
kind: ServiceMonitor
metadata:
  name: my-service-monitor
  namespace: default
spec:
  selector:
    matchLabels:
      app: my-app
  endpoints:
  - port: http
    interval: 30s
  namespaceSelector:
    matchNames:
    - production
  sampleLimit: 1000
  targetLabels:
  - instance
  metricRelabelings:
  - sourceLabels: [__name__]
    regex: 'container_.*'
    action: drop
```
Question 19hardmulti select
Full question →

A team is designing a dashboard for their production environment using Cloud Monitoring. Which three types of information should be included on the dashboard to support incident response? (Choose three.)

Question 20hardmultiple choice
Full question →

An organization is implementing SLO-based alerting for a critical service. They want to alert when the service has consumed 50% of its error budget over a 30-day window. Considering best practices for alert sensitivity and noise reduction, which alerting approach should they use?

These PCDOE practice questions are part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style PCDOE questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.