PCDOE · topic practice

Building and implementing CI/CD pipelines practice questions

Practise Google Professional Cloud DevOps Engineer Building and implementing CI/CD pipelines practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Building and implementing CI/CD pipelines

What the exam tests

What to know about Building and implementing CI/CD pipelines

Building and implementing CI/CD pipelines questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Building and implementing CI/CD pipelines exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Building and implementing CI/CD pipelines questions

20 questions · select your answer, then reveal the explanation

A development team wants to automatically run unit tests and static code analysis on every push to a Cloud Source Repository, but only run integration tests on merges to the main branch. Which Cloud Build trigger configuration should they use?

Question 2mediummultiple choice
Read the full NAT/PAT explanation →

A team uses Cloud Build with a Kaniko builder to containerize their application. The build fails with the error: 'failed to push to destination: failed to get credentials: failed to get credential from metadata service: failed to fetch metadata...' What is the most likely cause?

A company uses Spinnaker for continuous delivery across multiple GKE clusters. After a recent infrastructure change, the 'Canary' deployment strategy fails during the 'disable' phase of the old version. The error log shows: 'Unable to disable server group: Not authorized to perform compute.instanceGroups.update.' What is the most likely root cause?

A team uses Cloud Build to deploy a Cloud Run service. The build fails with: 'ERROR: (gcloud.run.services.update) PERMISSION_DENIED: Permission 'run.services.update' denied on resource.' The Cloud Build service account has the Cloud Run Admin role. What is missing?

An organization uses Cloud Build with a private pool to build container images that require access to on-premises Artifactory. After moving to a new VPC, builds fail with 'Connection refused' when fetching dependencies. What is the best step to troubleshoot?

A team uses Cloud Build with a cloudbuild.yaml that deploys to multiple environments. They want to ensure that the production deployment step only runs when the build is triggered by a tag matching 'v*.*.*'. Which TWO configurations achieve this? (Choose two.)

A company uses Cloud Deploy to manage rollouts to GKE. They need to implement a deployment strategy where a new version receives 10% of traffic for 30 minutes, then automatically rolls forward to 100% if no issues are detected. Which THREE Cloud Deploy features are required? (Choose three.)

A Cloud Build pipeline uses the above cloudbuild.yaml. When triggered, the deploy step fails with: 'ERROR: (gcloud.run.deploy) PERMISSION_DENIED: Permission 'run.services.update' denied on resource.' The Cloud Build service account has the 'Cloud Run Admin' role. What is the most likely cause?

Network Topology
gcloud builds submitconfig=deploy.yamlsubstitutions=_ENV=${_ENV}gcloud run deploy my-serviceimage gcr.io/my-project/my-imageregion us-central1Refer to the exhibit.```steps:- name: 'gcr.io/cloud-builders/gcloud'entrypoint: 'bash'args:- '-c'- |substitutions:_ENV: staging

A Cloud Deploy pipeline fails during a rollout with: 'FAILED_PRECONDITION: The release is not in a state that can be promoted.' The Cloud Build service account has the IAM roles shown in the exhibit. What is the missing role or permission?

Exhibit

Refer to the exhibit.

```
{
  "bindings": [
    {
      "role": "roles/cloudbuild.builds.builder",
      "members": [
        "serviceAccount:my-project@cloudbuild.gserviceaccount.com"
      ]
    },
    {
      "role": "roles/clouddeploy.jobRunner",
      "members": [
        "serviceAccount:my-project@cloudbuild.gserviceaccount.com"
      ]
    },
    {
      "role": "roles/clouddeploy.operator",
      "members": [
        "serviceAccount:my-project@cloudbuild.gserviceaccount.com"
      ]
    }
  ]
}
```

A company is implementing CI/CD for a microservices application on Google Kubernetes Engine (GKE). The team wants to ensure that each service can be built and deployed independently without affecting other services. They also need to enforce that only successfully tested builds are deployed to production. Which CI/CD approach should they use?

A DevOps team is troubleshooting a Cloud Build pipeline that fails intermittently when building a container image. The build step uses a custom build step that runs a vulnerability scan. The error log shows: 'Step #1: Error: failed to scan image: context deadline exceeded'. The build configuration includes 'timeout: 600s'. Which is the most likely cause and solution?

An organization wants to implement a CI/CD pipeline that automatically deploys to a staging environment on every push to the main branch, and deploys to production only after a manual approval. They use Cloud Build and Cloud Deploy. What is the best way to configure this?

Which TWO practices are recommended for implementing CI/CD pipelines on Google Cloud?

Question 14hardmultiple choice
Read the full NAT/PAT explanation →

You are a DevOps engineer for a large e-commerce platform running on Google Kubernetes Engine (GKE). The platform consists of 15 microservices, each with its own code repository. Your team uses Cloud Build for CI and Cloud Deploy for CD. Recently, the deployment to production has been failing intermittently because the new version of the 'payment' service is not compatible with the current version of the 'order' service. This causes a production outage every few weeks. The team wants to implement a strategy to catch such incompatibilities before promoting to production, without slowing down development velocity. Currently, the pipeline builds each service independently, runs unit tests, deploys to a shared staging environment, runs integration tests, and then promotes to production after manual approval. What should you do?

Which TWO are benefits of using Cloud Build triggers to implement CI/CD pipelines?

Refer to the exhibit. A team uses this cloudbuild.yaml to deploy a service to Cloud Run. They notice that the deployment fails intermittently with a 'permission denied' error. Which is the most likely cause?

Network Topology
args: ['run'image'region'Refer to the exhibit.```yaml# cloudbuild.yamlsteps:- name: 'gcr.io/cloud-builders/docker'args: ['build', '-t', 'us-central1-docker.pkg.dev/my-project/my-repo/my-image:$SHORT_SHA', '.']args: ['push', 'us-central1-docker.pkg.dev/my-project/my-repo/my-image:$SHORT_SHA']- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'entrypoint: 'gcloud'images:- 'us-central1-docker.pkg.dev/my-project/my-repo/my-image:$SHORT_SHA'```

Your team manages a CI/CD pipeline for a microservices application deployed on Google Kubernetes Engine (GKE). The pipeline uses Cloud Build to build container images and push them to Artifact Registry, then uses a Cloud Build step with kubectl to apply Kubernetes manifests stored in a separate 'manifests' repository. Recently, the team has experienced issues: sometimes a new image is deployed to production even though the corresponding pull request (PR) has not been merged into the main branch of the manifests repository. Also, rollbacks are slow because the previous image tag is overwritten. The team wants to ensure that only code that passes all tests and is merged to main is deployed, and that each deployment uses a unique immutable image tag. What should the team do?

Arrange the steps to recover a Google Cloud SQL instance from a point-in-time backup.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each Google Cloud deployment strategy to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Two identical environments; switch traffic

Gradually replace instances with new version

Route small traffic percentage to new version

Compare two versions based on user metrics

New version receives mirrored traffic without impact

A team is using Cloud Build to build a Docker image and push to Artifact Registry. After each build, they want to automatically trigger a deployment to Cloud Run. What is the best way to achieve this?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Building and implementing CI/CD pipelines sessions

Start a Building and implementing CI/CD pipelines only practice session

Every question in these sessions is drawn from the Building and implementing CI/CD pipelines domain — nothing else.

Related practice questions

Related PCDOE topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PCDOE exam test about Building and implementing CI/CD pipelines?
Building and implementing CI/CD pipelines questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Building and implementing CI/CD pipelines questions in a focused session?
Yes — the session launcher on this page draws every question from the Building and implementing CI/CD pipelines domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCDOE topics?
Use the topic links above to move to related areas, or go back to the PCDOE question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCDOE exam covers. They are not copied from any real exam or dump site.