







































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This Google Cloud certification exam measures competence in building cloud-native applications. Topics include application design, APIs, cloud storage, monitoring, CI/CD pipelines, security, debugging, and integration with GCP services. Candidates must demonstrate ability to develop and optimize applications for scalable cloud environments.
Typology: Exams
1 / 79
This page cannot be seen from the preview
Don't miss anything!








































































Question 1. Which Google Cloud service is purpose-built for running containerized workloads without managing servers and automatically scales to zero when idle? A) Google Kubernetes Engine (GKE) B) Cloud Run C) App Engine Flexible D) Cloud Functions Answer: B Explanation: Cloud Run is a fully managed Knative-based service that runs containers, handling all server management and scaling to zero when there is no traffic. Question 2. When choosing a database for a globally distributed, strongly consistent transactional application, which service is the optimal choice? A) Cloud SQL B) Cloud Spanner C) Firestore in Datastore mode D) Bigtable Answer: B Explanation: Cloud Spanner provides horizontal scalability, global distribution, and external consistency, making it ideal for strongly consistent transactional workloads. Question 3. In a microservices architecture, which protocol typically offers lower latency and higher throughput than REST over HTTP? A) SOAP B) gRPC C) GraphQL D) WebSockets
Answer: B Explanation: gRPC uses HTTP/2 and binary Protobuf messages, delivering lower latency and higher throughput compared to traditional REST/JSON. Question 4. What is the recommended strategy for evolving a public API without breaking existing clients? A) Delete old endpoints after a month. B) Introduce a new version prefix (e.g., /v2/) while keeping the old version. C) Change response fields in place. D) Require all clients to upgrade immediately. Answer: B Explanation: Versioning the API (e.g., /v1/, /v2/) allows new functionality while preserving backward compatibility for existing consumers. Question 5. Which Google Cloud product provides a managed API gateway with policies, analytics, and developer portal capabilities? A) Cloud Endpoints B) Apigee X C) Cloud Armor D) Cloud CDN Answer: B Explanation: Apigee X is a full-featured API management platform offering security policies, traffic analytics, and a developer portal. Question 6. For a read-heavy analytics workload requiring sub-millisecond latency and massive rows, which storage is most appropriate? A) Cloud SQL B) Cloud Firestore C) Cloud Bigtable
B) VPC Service Controls C) Serverless VPC Access connector with ingress settings D) Cloud Armor Answer: C Explanation: A Serverless VPC Access connector can be configured with restricted ingress, allowing the Cloud Run service to accept traffic only from the designated VPC. Question 10. Which Google Cloud product provides a managed, fully integrated IDE for developers, eliminating the need to configure local toolchains? A) Cloud Shell B) Cloud Workstations C) Cloud Code D) Cloud Build Answer: B Explanation: Cloud Workstations delivers a cloud-hosted, managed IDE environment with pre-installed tools and secure access. Question 11. To authenticate a workload running on GKE without embedding service-account keys, which mechanism should be used? A) JSON key file mounted as a secret B) Workload Identity C) OAuth 2.0 client ID D) gcloud auth login Answer: B Explanation: Workload Identity maps Kubernetes service accounts to Google service accounts, providing short-lived tokens without static keys.
Question 12. Which client library pattern is recommended for handling paginated results from the Cloud Storage List API? A) Manually constructing URLs for each page B) Using the auto-page iterator provided by the library C) Increasing maxResults to a very high number D) Ignoring pagination and retrieving only the first page Answer: B Explanation: The client libraries expose iterators that automatically handle pagination, simplifying code and preventing missed results. Question 13. When writing unit tests for a Cloud Function that interacts with Pub/Sub, which technique best isolates the function logic? A. Deploy the function and invoke it via HTTP B. Use the Pub/Sub emulator and publish real messages C. Mock the Pub/Sub client with a testing framework D. Run the test against the production Pub/Sub topic Answer: C Explanation: Mocking the Pub/Sub client allows the function’s business logic to be tested without external dependencies, keeping tests fast and deterministic. Question 14. Which local emulator enables developers to test Firestore security rules without contacting the cloud? A) Cloud SQL emulator B) Cloud Spanner emulator C) Firestore emulator D) Pub/Sub emulator Answer: C
C) Target D) Build Answer: C Explanation: A Target in Cloud Deploy specifies the destination environment, such as a GKE cluster and namespace. Question 18. Which feature of Binary Authorization validates container images before they are deployed to GKE or Cloud Run? A) Image signing with TUF B) Admission controller policies C) Container scanning in Cloud Build D) IAM roles on Artifact Registry Answer: B Explanation: Binary Authorization uses admission controller policies to enforce that only images meeting defined criteria (e.g., signed, scanned) are allowed to run. Question 19. To store a secret such as a database password and retrieve it securely at runtime in Cloud Run, which service should be used? A) Cloud KMS B) Secret Manager C) Cloud SQL IAM authentication D) Cloud Storage bucket with ACL Answer: B Explanation: Secret Manager provides versioned, access-controlled secret storage that can be accessed via the Secret Manager API or mounted as environment variables.
Question 20. Which Google Cloud service enables orchestration of multi-step, long-running workflows that can invoke Cloud Run, Cloud Functions, and GKE jobs? A) Cloud Composer B) Cloud Tasks C) Workflows D) Cloud Scheduler Answer: C Explanation: Workflows allows you to define stateful, serverless orchestration across many GCP services. Question 21. An application needs to receive real-time notifications whenever a new object is uploaded to a Cloud Storage bucket. Which service should be used to trigger the processing logic? A) Cloud Scheduler B) Eventarc C) Cloud Pub/Sub directly from the bucket D) Cloud Functions with a storage trigger Answer: D Explanation: Cloud Functions can be configured with a Cloud Storage trigger that fires on object creation events, providing immediate processing. Question 22. Which IAM principle is demonstrated by granting a service account the role roles/pubsub.publisher only on a specific Pub/Sub topic? A) Least privilege B) Separation of duties C) Role hierarchy D) Service perimeter Answer: A
Answer: B Explanation: Service Directory provides a managed registry for services, enabling discovery and lookup of service endpoints. Question 26. Which Cloud Logging feature allows you to create a metric based on the number of 5xx responses from a Cloud Run service? A) Log-based metric B) Log sink C) Log viewer filter D) Log export to BigQuery Answer: A Explanation: Log-based metrics can be defined using a filter (e.g., resource.type="cloud_run_revision" severity>=ERROR) to count specific log entries. Question 27. In Cloud Monitoring, an SLO is defined as 99.9% of requests completing within 200 ms. Which metric type would you use to evaluate compliance? A) Uptime percentage B) Latency percentile (p95) C) Distribution of request latency D) Error count Answer: C Explanation: A latency distribution metric provides percentile data, enabling calculation of the proportion of requests under 200 ms. Question 28. Which tool helps you identify the exact line of code causing high CPU usage in a running GKE pod without stopping the container? A) Cloud Trace B) Cloud Profiler
C) Cloud Debugger D) Cloud Scheduler Answer: B Explanation: Cloud Profiler continuously samples CPU and memory usage and maps it back to source lines, allowing hot-spot identification in production. Question 29. A Cloud Run service is returning HTTP 503 errors under high load. Which setting should you adjust first to improve availability? A) Increase the maximum request timeout. B) Increase the concurrency limit. C) Set the minimum number of instances. D) Disable Cloud Run Autoscaling. Answer: C Explanation: Setting a minimum number of instances ensures warm containers are always available, reducing cold-start latency that can cause 503s. Question 30. Which of the following best describes the difference between Cloud SQL and Cloud Spanner regarding horizontal scalability? A) Both scale automatically without limits. B) Cloud SQL can scale horizontally across zones, while Cloud Spanner cannot. C) Cloud SQL scales vertically; Cloud Spanner scales horizontally across regions. D) Cloud SQL provides global replication; Cloud Spanner is single-region only. Answer: C Explanation: Cloud SQL primarily scales by increasing instance size (vertical), whereas Cloud Spanner is designed for horizontal scaling across regions. Question 31. When using Pub/Sub with exactly-once delivery semantics, which configuration must be enabled?
Question 34. In a GKE cluster, which Kubernetes object is used to enforce that all pods in a namespace must use a specific service account? A) NetworkPolicy B) PodSecurityPolicy C) Admission controller webhook D) ServiceAccount token projection Answer: C Explanation: An admission controller webhook can reject pod creation if the pod does not specify the required service account, enforcing the policy. Question 35. Which Cloud Build feature allows you to reuse a previously built image as a cache for subsequent builds, reducing build time? A) --cache-from flag in docker build step B) Cloud Build’s built-in cache field in cloudbuild.yaml C) Artifact Registry’s image versioning D) Cloud Build triggers Answer: B Explanation: The cache field in cloudbuild.yaml enables Cloud Build to store intermediate layers and reuse them across builds. Question 36. When configuring a Cloud Scheduler job to invoke a Cloud Run service, which authentication method is recommended? A) API key passed as query parameter B) OAuth 2.0 access token using a service account C) No authentication (public endpoint) D) Basic Auth header Answer: B
Explanation: Cloud Scheduler can generate an OAuth 2.0 token using a service account, providing secure, short-lived authentication to the Cloud Run endpoint. Question 37. Which of the following statements about Cloud Tasks is true? A) It guarantees exactly-once execution of tasks. B) It can only schedule tasks for Cloud Functions. C) It provides at-least-once delivery with configurable retry policies. D) It stores tasks in Cloud Firestore automatically. Answer: C Explanation: Cloud Tasks delivers tasks at least once and lets you define exponential backoff and max attempts for retries. Question 38. A developer wants to run a Python script locally that interacts with Cloud Vision API, but without exposing the service account key. Which approach should be used? A) Embed the JSON key in the script. B) Use gcloud auth application-default login. C) Set environment variable GOOGLE_APPLICATION_CREDENTIALS to a dummy path. D) Enable anonymous access on Vision API. Answer: B Explanation: gcloud auth application-default login obtains user credentials that the client library can use, avoiding static key files. Question 39. Which Cloud Run setting controls the maximum number of concurrent requests a single container instance can handle? A) CPU allocation B) Concurrency C) Memory limit
A) Strong consistency across all regions B) Eventual consistency for all reads C) Strong consistency for single-document reads, eventual for queries D) No consistency guarantees Answer: C Explanation: Firestore guarantees strong consistency for individual document reads, while queries may return eventually consistent results. Question 43. Which GCP service is best suited for storing large binary assets (e.g., video files) that need to be served globally with low latency? A) Cloud Filestore B) Cloud Storage with a multi-regional bucket and Cloud CDN C) Cloud SQL BLOB column D) Cloud Bigtable Answer: B Explanation: Cloud Storage provides durable object storage, and when paired with Cloud CDN, it delivers large assets efficiently worldwide. Question 44. To enforce that only containers signed with a specific Attestor can be deployed to GKE, which feature must be enabled? A) Binary Authorization with an Attestor policy B) Container Analysis scanning only C) Artifact Registry IAM role artifactregistry.writer D) GKE node pool image verification Answer: A Explanation: Binary Authorization uses Attestors to verify container image signatures before allowing deployment.
Question 45. Which of the following Cloud Operations Suite components provides distributed tracing across services running on Cloud Run, GKE, and Cloud Functions? A) Cloud Logging B) Cloud Trace C) Cloud Monitoring D) Cloud Profiler Answer: B Explanation: Cloud Trace collects latency data across multiple services, enabling end-to-end request tracing. Question 46. An application experiences increasing latency due to high CPU usage. Which GCP tool can automatically suggest optimal CPU allocation for the Cloud Run service? A) Cloud Profiler B) Cloud Scheduler C) Cloud Build D) Cloud Deploy Answer: A Explanation: Cloud Profiler identifies CPU hotspots and can guide developers to adjust resource limits. Question 47. Which of the following best describes the purpose of a dead-letter topic in Pub/Sub? A) To store messages that could not be delivered after max retry attempts. B) To archive all successfully processed messages. C) To provide a backup of the primary topic’s data. D) To enable exactly-once delivery.
C) Fixed instance size only D) No support for custom Dockerfiles Answer: A Explanation: Cloud Run automatically scales down to zero instances when idle, whereas App Engine Flexible maintains at least one instance. Question 51. In GKE, which feature enables pods to automatically receive a fresh access token for a Google service account without manual key rotation? A) Service Account Key file mounted as a secret B) Workload Identity C) Node-level IAM binding D) GKE metadata server Answer: B Explanation: Workload Identity provides short-lived tokens to pods, eliminating static key management. Question 52. A developer wants to test a Cloud Function that reads from Firestore without incurring network latency. Which approach should be taken? A) Deploy the function to production and invoke it. B) Use the Firestore emulator locally. C) Replace Firestore calls with in-memory maps in code. D) Use Cloud Build to run integration tests. Answer: B Explanation: The Firestore emulator runs locally, allowing fast, network-free testing of Firestore interactions. Question 53. Which Cloud Build feature can be used to automatically trigger a build when code is pushed to a specific branch in Cloud Source Repositories?
A) Build triggers B) Cloud Scheduler jobs C) Cloud Functions D) Cloud Deployment Manager Answer: A Explanation: Build triggers listen for changes in repositories and start a Cloud Build pipeline accordingly. Question 54. When configuring a Cloud CDN cache key policy, which option ensures that query parameters are ignored, improving cache hit ratio? A) Include all query strings B) Include only the v parameter C) Exclude all query strings D) Use signed URLs Answer: C Explanation: Excluding query strings from the cache key makes the CDN treat URLs with different parameters as the same object, boosting hits. Question 55. Which of the following statements about Cloud Run Autoscaling is correct? A) Autoscaling can only increase instances, never decrease them. B) Autoscaling decisions are based solely on CPU utilization. C) Autoscaling can be configured with a minimum and maximum number of instances. D) Autoscaling is disabled for services with a concurrency of 1. Answer: C Explanation: Cloud Run lets you set both minimum and maximum instance counts, controlling scaling boundaries.