Sharpen Your Skills: 23 Practice Questions for the Google Cloud Professional Cloud Developer Certification Exam

As a Professional Google Cloud Developer, your primary role will involve constructing highly scalable and robust applications within the Google Cloud environment. This credential represents an intermediate-level examination that rigorously assesses your proficiency in Google Cloud best practices and developer tools. Google formally recommends that candidates possess at least three years of pertinent professional experience, with a minimum of one year specifically dedicated to working within the Google Cloud ecosystem. For experienced developers, this examination should prove to be a manageable challenge.

This compilation of 25 practice questions is meticulously crafted to mirror the format of the actual Google Cloud Developer exam, providing you with invaluable insight into the types of questions you can anticipate. Should you desire further practice, we encourage you to explore our comprehensive [free practice exam] (link to free practice exam if available).

Google Cloud Certified Professional Cloud Developer Exam Questions

Designing Highly Scalable, Available, and Reliable Cloud-Native Applications

Question 1. Your client seeks a rapid and convenient solution for extending the functionality of an existing application. They require a mechanism to trigger a series of welcome activities and subsequent follow-up actions whenever a new customer record is created in their Firebase database, irrespective of the specific function that initially recorded the new customer. Which of the following solutions would you advise? (Choose 1)

  • Compute Engine and Managed Instances B. App Engine Flexible Environment C. App Engine Standard Environment D. Cloud Functions E. Cloud Run (fully managed)

Correct Answer: D

Explanation: While any of the listed environments could technically host the additional functionalities, Cloud Functions stands out as the optimal solution. It offers native event handling capabilities for Firebase Realtime Database events, eliminating the need to modify existing client code. Cloud Functions possess full administrative privileges, ensuring that every database change is processed individually. Furthermore, Cloud Functions represent a decoupled and economically efficient solution due to their pay-as-you-go billing model.

Cloud Functions can handle database events in two primary ways: by listening specifically for creation, update, or deletion events, or by monitoring any type of change to a given database path. The supported Cloud Functions event handlers for Firebase Realtime Database include:

  • onWrite(): Triggers when data is created, updated, or deleted.
  • onCreate(): Triggers specifically when new data is created.
  • onUpdate(): Triggers when existing data is updated.
  • onDelete(): Triggers when data is deleted.

Question 2. A team of mobile developers is currently developing a new application that necessitates seamless data synchronization between mobile devices and a backend database. Which database service would you recommend for this specific requirement?

  • Cloud SQL B. BigQuery C. Firestore D. Spanner E. Bigtable

Correct Answer: C

Explanation: Firestore, an integral part of both GCP and Firebase, is the only database service explicitly designed for modern web and mobile applications that provides live synchronization capabilities and offline support. It’s a fast, fully managed, serverless, cloud-native NoSQL document database engineered to simplify the storage, synchronization, and querying of data for mobile, web, and IoT applications at a global scale. Cloud Firestore is considered the next generation of Cloud Datastore, essentially offering similar functionalities with enhanced features.

Question 3. You are performing a lift-and-shift migration of several applications to Google Cloud Platform, utilizing Compute Engine. These applications require scalability, necessitating the configuration of Load Balancers and instance groups. Some of these applications manage session data directly in memory. Which configuration should you choose to ensure these applications function correctly?

  • HTTP(S) load balancer with Session affinity B. HTTP(S) load balancer with WebSocket proxy support C. QUIC protocol support for HTTPS Load Balancing D. Network Load Balancing E. SSL Proxy with Health Checks

Correct Answer: A

Explanation: Session affinity provides a «best-effort» mechanism to consistently route requests from a particular client to the same backend instance, as long as that backend remains healthy and has the capacity to serve the requests according to its configured balancing mode. This is the most effective approach to ensure that session data maintained in memory is preserved across subsequent client requests. Session affinity is a standard feature of HTTP(S) load balancing.

  • Google Cloud SSL Proxy Load Balancing terminates user SSL (TLS) connections at the load balancing layer and then distributes connections to backend instances using either SSL or TCP protocols. SSL Proxy is primarily intended for non-HTTP(S) traffic. For HTTP(S) traffic, HTTP(S) load balancing is the recommended choice.
  • A pass-through load balancer allows your backend instances to receive the original client request directly.

Question 4. You are employed by an international company headquartered in North America, and your manager has instructed you to plan for GDPR compliance specifically for operations within Europe. Which of the following elements must you address?

  • Create an updated inventory of personal data that you handle. B. Allow common data to be public, if the Customer doesn’t advise against. C. Use California Consumer Protection Act (CCPA) rules. D. Review your current controls, policies, and processes for managing and protecting data.

Correct Answers: A, D

Explanation: The General Data Protection Regulation (EU) 2016/679 (GDPR) is a comprehensive EU law concerning data protection and privacy within the European Union (EU) and the European Economic Area (EEA). It also governs the transfer of personal data outside these regions. The primary objectives of GDPR are to empower individuals with greater control over their personal data and to streamline regulatory frameworks for international business by unifying data protection regulations across the EU.

  • Option B is incorrect because GDPR is fundamentally about protecting privacy, which directly opposes the unsolicited distribution of private information.
  • Option C is incorrect because CCPA (California Consumer Privacy Act) rules, while related to data privacy, are distinct from GDPR and apply to different jurisdictions.

Therefore, creating an updated inventory of personal data (A) and reviewing existing data management controls, policies, and processes (D) are crucial steps for GDPR compliance.

Question 5. You are tasked with planning the migration of a critical application that relies on an Oracle Database to GCP. The application requires a horizontally scalable and globally operational SQL database. Which service is best suited for this, and what type of schema migration is recommended?

  • Cloud SQL with no schema migration B. Cloud SQL with sequential primary keys migration C. Cloud Spanner with no schema migration D. Cloud Spanner with sequential primary keys migration

Correct Answer: D

Explanation: The requirements for a global, horizontally scalable SQL database with synchronized replicas and shards across multiple servers unequivocally point to Cloud Spanner. However, when migrating to Cloud Spanner, a critical consideration is the risk of «hotspotting» – where updates are disproportionately directed to a single server due to the chosen primary key strategy. This is particularly problematic with monotonically increasing integer keys, as all new inserts would consistently target the end of the key space, leading to a bottleneck on a single server.

To mitigate hotspotting and distribute the load effectively across multiple servers, the following techniques are recommended during schema migration for Cloud Spanner:

  • Hash the key: Compute a hash of the original key and store it in a new column. Use this hash column (or a combination of the hash column and unique key columns) as the primary key.
  • Swap column order: Reorder the columns within the primary key to encourage more balanced data distribution.
  • Use UUIDs (Universally Unique Identifiers): Version 4 UUIDs are particularly recommended due to their use of random values in high-order bits, which helps spread writes across the key space. Avoid UUID algorithms (like version 1) that embed timestamps in high-order bits, as this can still lead to hotspots.
  • Bit-reverse sequential values: Apply a bit-reversal operation to sequential values to randomize their distribution.

Question 6. With Cloud Storage, different storage classes are available, and transitions between certain classes are permissible. However, some transitions are explicitly disallowed. Which of the following transitions is not possible?

  • Regional to Nearline B. Multi-Regional to Coldline C. Regional to Multi-Regional D. Nearline to Coldline

Correct Answer: C

Explanation: When you create a Cloud Storage bucket, you must explicitly declare whether it will be designated as Regional or Multi-Regional. This designation is a fundamental attribute and cannot be altered after bucket creation. All other listed transitions between storage classes (e.g., Regional to Nearline, Multi-Regional to Coldline, Nearline to Coldline) are permitted as part of data lifecycle management, allowing you to optimize costs based on access patterns.

Question 7. You are seeking a SQL system capable of integrating and querying both historical and production data. The data must be organized in complex structures, specifically requiring the storage of orders and invoices in a denormalized and complete manner, with both header and detail information contained within the same structure. Which of the following products would you choose?

  • Cloud Datastore B. Cloud Spanner C. Cloud Bigtable D. BigQuery E. Cloud SQL

Correct Answer: D

Explanation: BigQuery is an Online Analytical Processing (OLAP) engine that is exceptionally well-suited for large-scale analytical queries. While it can manage normalized data and perform joins, it performs optimally with denormalized information. Crucially, BigQuery possesses the unique capability to handle nested and repeated columns and structures, directly addressing the requirement to store complex data like orders and invoices (with header and detail) within a single, denormalized structure.

BigQuery is not a traditional relational database but rather an enterprise-grade, serverless, highly scalable, and cost-effective cloud data warehouse. It solves the problem of analyzing massive datasets by enabling super-fast SQL queries, leveraging the immense processing power of Google’s underlying infrastructure. It can rapidly analyze data ranging from gigabytes to petabytes using ANSI SQL.

Building and Testing Applications

Question 8. As the leader of a development group, you are migrating several applications to the Cloud and have been asked for guidance on setting up a local work environment. Your company requires the use of specific development tools installed on client machines. Which of these recommendations would you provide?

  • Develop locally by making remote calls to services with credentials embedded within the code. B. Develop remotely with the setup of a VM using Compute Engine and a Development Disk Image. C. Use Cloud Shell. D. Install Cloud SDK and use Service Accounts.

Correct Answer: D

Explanation:

  • A is incorrect because embedding credentials directly within application code (credentials within the code) is a severe security vulnerability and is never recommended practice.
  • B is incorrect because setting up and maintaining a dedicated VM on Compute Engine for each developer’s remote environment is prohibitively expensive and overly complex for a typical local development setup.
  • C is incorrect because while Cloud Shell is a feasible option for light development and quick commands, it is a cloud-based environment and not a «local work environment» as specified by the question, which requires specific tools installed on the clients.
  • D is correct because installing the Cloud SDK on local client machines provides the necessary command-line tools to interact with GCP services from a local environment. Utilizing Service Accounts is the recommended and secure practice for authenticating and authorizing applications and developers to access GCP resources, avoiding the need to embed credentials directly in code. The Cloud SDK is specifically designed for this purpose.

Question 9. You are the leader of a development group aiming to adopt Continuous Integration and Deployment (CI/CD) techniques, emphasizing best practices for procedure organization. Your company’s policy prohibits publishing code on public or uncertified external sites. Where should the code developed by your team be stored and shared?

  • Cloud Storage with versioned Objects B. GitHub C. Cloud Source Repositories D. App Engine and Blue/Green Integration

Correct Answer: C

Explanation: Google Cloud Source Repositories are private, fully featured, scalable Git repositories hosted directly on Google Cloud Platform. Git is a version control program that tracks file changes, registers history, and can trigger automated actions (like CI/CD pipelines).

  • A is incorrect because Cloud Storage, while capable of versioning objects, is not a Git repository and lacks the inherent features for collaborative source code management (e.g., branching, merging, pull requests) that a Git repository provides.
  • B is incorrect because GitHub, while a popular Git repository service, is a public or externally managed site. The question explicitly states that the company policy prohibits publishing code on «public or not internally certified Sites.»
  • D is incorrect because App Engine is a platform-as-a-service for deploying applications, not a Git repository. Blue/Green deployment is a deployment strategy, not a source code integration tool.

Therefore, Cloud Source Repositories are the ideal solution, providing a private, secure, and fully compliant Git environment within GCP.

Question 10. As the leader of a development group, you are committed to implementing Continuous Integration and Deployment (CI/CD) techniques, with an emphasis on optimal procedural organization. A new company trend dictates deploying applications and services within containers, with Kubernetes being the chosen orchestration platform. You want to initiate deployment as soon as new source code is committed. Which Google Cloud product is best suited for creating Docker images from source code?

  • Cloud Build B. Cloud Code C. Cloud Tasks D. Cloud Repositories E. Cloud Run

Correct Answer: A

Explanation: Cloud Build is Google Cloud’s fully managed continuous integration and continuous delivery (CI/CD) platform. It can define comprehensive workflows for building, testing, and deploying applications across various environments, including virtual machines, serverless platforms, Kubernetes, or Firebase. Crucially, Cloud Build excels at taking source code and automatically creating Docker images (container images) from it.

  • B is incorrect because Cloud Code is an integrated set of tools (often extensions for IDEs like Visual Studio Code and IntelliJ) designed to help developers write, deploy, and debug cloud-native applications, particularly for Kubernetes. It facilitates development but doesn’t build images itself.
  • C is incorrect because Cloud Tasks is an asynchronous task execution service used to encode and execute tasks using queues, not for building container images.
  • D is incorrect because Cloud Repositories are Git source code repositories, used for storing code, not for building images from code.
  • E is incorrect because Cloud Run is a serverless platform for deploying and running containerized applications, not for building the container images themselves.

Question 11. As the project leader of development, management has requested you to prepare a plan with organizational proposals for migrating corporate applications to the cloud, covering both development projects and operational strategy. What do you propose for the new organization of development?

  • Create small groups with Scrum Masters. B. No changes: adhere to consolidated methods. C. Decentralize development and utilize offshore development. D. Maintain the current organization and modernize only the deployment process.

Correct Answer: A

Explanation: To enhance and modernize software development practices, adopting Agile methodologies is highly advisable. Agile software development structures requirements and solutions through the collaborative efforts of self-organizing and cross-functional teams, working closely with their customers/end-users. Its core tenets include adaptive planning, evolutionary development, early and continuous delivery, and perpetual improvement. Scrum, a widely recognized agile process framework for managing complex knowledge work, explicitly advocates for small, self-organizing teams guided by a Scrum Master.

  • B is incorrect because sticking to old methods contradicts the goal of modernizing and improving.
  • C is incorrect because while decentralization and offshore development can be parts of a strategy, they are organizational structures, not direct proposals for modernizing development organization in terms of methodology.
  • D is incorrect because modernizing only deployment without addressing the underlying development organization will likely lead to inefficiencies and hinder true agility.

Question 12. Consider the following SQL Statement in BigQuery:

SQL

SELECT ANY_VALUE(fruit) as any_value

FROM UNNEST([«apple», «banana», «pear»]) as fruit;

What is the result of this query?

  • A table with 3 rows. B. Apple C. Banana D. Pear E. One of the values, randomly.

Correct Answer: E

Explanation: The key elements in this BigQuery SQL query are:

  • UNNEST: This function takes an ARRAY (in this case, [«apple», «banana», «pear»]) and flattens it into a table, where each array element becomes a row. UNNEST can be used within or outside the FROM clause.
  • ANY_VALUE: This is an aggregate analytic function that returns a randomly selected value from the input group of rows. If there are zero input rows, it returns NULL.

Therefore, when this query is executed, UNNEST creates a temporary table with three rows: «apple», «banana», and «pear». The ANY_VALUE function then selects one of these values at random. Consequently, each execution of the query might yield a different result (either «apple», «banana», or «pear»).

A more complex statement illustrating ANY_VALUE with an OVER clause is:

SELECT fruit,

       ANY_VALUE(fruit) OVER (ORDER BY LENGTH(fruit) ROWS BETWEEN 1 PRECEDING AND CURRENT ROW) AS any_value

FROM UNNEST([«apple», «banana», «pear»]) as fruit;

This extended example demonstrates how ANY_VALUE can be used within a window function, but the core behavior of returning a random value from its input set remains.

Deploying Applications

Question 13. You have set up an application to be deployed in a Kubernetes Cluster with GKE. Your application interacts with various Google Cloud services, including Cloud Spanner and Cloud Pub/Sub. You are tasked with finding an optimized way to securely authorize all operations. What is the best method to achieve this?

  • Write the login credentials of a user enabled for those Services in the Deployment manifest file in YAML format. B. Associate a specific service account with the configuration of the specific node pool (NodeConfig). C. Create a service account and use the corresponding key with a Kubernetes Secret. D. Write the credentials in the source repository or inside the container image.

Correct Answer: C

Explanation:

  • A and D are incorrect because it is a fundamental security best practice to never embed or expose security information or credentials in plaintext within application code, configuration files (like YAML deployment manifests), source repositories, or container images. This creates significant security vulnerabilities.

  • B is not the optimal choice because while you can configure a Service Account to be associated with VMs created in a node pool, the privileges assigned might not align with the principle of least privilege for individual applications or pods within that node pool. Different applications or pods sharing the same VM might require different, more granular permissions.

  • C is the best method. To achieve granular security and adhere to the principle of least privilege for each pod in Kubernetes, the recommended procedure is:

    • Create a dedicated Service Account: Grant it only the necessary permissions required to access Cloud Spanner and Cloud Pub/Sub.
    • Generate a Service Account Key: Obtain the JSON key file for this Service Account.
    • Store the Service Account Key in a Kubernetes Secret: Kubernetes Secret objects are designed to store sensitive information (like passwords, OAuth tokens, and API keys) securely. Storing the key in a Secret is much safer and more flexible than embedding it directly.
    • Access the Service Account key from the Pod: Configure your Kubernetes Pod definition to mount the Secret as a volume and set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the JSON key file within that secret volume. This allows the application within the pod to automatically authenticate using the specified service account’s permissions.
  • Kubernetes Secret objects allow you to store and manage sensitive information safely. A Kubernetes volume is a directory that is accessible to containers within a Pod, providing a mechanism to inject secrets.

Question 14. You have an application that analyzes transcribed customer service requests to prepare template answers for an operator assistance system. The challenge is that confidential information is sometimes transcribed within these dialogues and should not be disclosed. What is the most straightforward and immediate GCP technique to integrate into the program that processes these texts?

  • Use Cloud Data Loss Prevention. B. Use Dialogflow. C. Create a Python app with a list of the sensitive data/words to be detected. D. Use Cloud Natural Language API.

Correct Answer: A

Explanation: Cloud Data Loss Prevention (DLP) is the perfect, ready-to-use solution for this scenario. It leverages infoTypes (information types) to define precisely what it scans for. An infoType represents a category of sensitive data, such as names, email addresses, telephone numbers, identification numbers, or credit card numbers.

Cloud DLP is equipped with a vast set of pre-built infoType detectors and allows for the development and creation of custom infoType detectors to meet specific business needs.

  • B is incorrect because Dialogflow is an end-to-end development suite for building conversational interfaces (like chatbots and IVR systems). It is not designed for sensitive data detection within arbitrary text.
  • C is incorrect because manually creating a Python application with a hardcoded list of sensitive data/words is a cumbersome, error-prone, and extremely difficult-to-maintain solution, especially as data patterns evolve.
  • D is incorrect because the Cloud Natural Language API provides natural language understanding capabilities such as sentiment analysis, entity analysis, content classification, and syntax analysis. While it processes text, it is not directly aimed at identifying and redacting sensitive data in the way Cloud DLP is.

Question 15. You are planning to deploy a set of applications in GKE (Google Kubernetes Engine). Which two choices must you make to ensure that the application will not have any single points of failure and will be scalable? (Choose 2 options)

  • Create a cluster with a default-pool with cluster autoscaler. B. Create a single-zone cluster. C. Create a cluster with a default-pool with a default configuration. D. Create a regional cluster.

Correct Answer: A, D

Explanation: To eliminate any Single Point of Failure (SPOF) and ensure high scalability for applications deployed in GKE, you must account for both the worker nodes and the control plane (master).

  • Option A (Create a cluster with a default-pool with cluster autoscaler) addresses the scalability and resilience of the worker nodes. A cluster autoscaler automatically adjusts the number of nodes in your cluster based on the demands of your workloads, ensuring that you have enough capacity when needed and scale down to save costs when not. Nodes with auto-healing capabilities are also crucial for maintaining worker node health.

  • Option D (Create a regional cluster) addresses the resilience of the cluster control plane (master). A regional cluster distributes multiple replicas of the control plane across multiple zones within a given region. This means that if one zone experiences an outage, your cluster’s control plane remains available in other zones, preventing it from becoming a single point of failure.

  • B is incorrect because a single-zone cluster has a single control plane (master) running in one zone. If that zone experiences an outage, the control plane becomes unavailable, impacting the cluster’s ability to be configured, and potentially affecting workloads.

  • C is incorrect because a default configuration for a node pool without an autoscaler would not inherently provide the required scalability or resilience against traffic surges or node failures.

While multi-zonal clusters (single control plane, nodes in multiple zones) offer better availability for workloads than single-zone clusters, they still have a single control plane, which can be an SPOF during control plane upgrades or zone outages. Regional clusters are the most robust solution for highly available and scalable applications in GKE.

Question 16. Your team has established a standard VM configuration for a group of applications and prepared a template. Everything is currently functioning well. Now, traffic is increasing, and you need to ensure the applications are more scalable, highly available, and secure. What is the very first action you should take?

  • For the next VM, add the —scalable parameter in the template. B. Set up a Load Balancer. C. Take a snapshot of the boot disk. D. Set up a managed instance group.

Correct Answer: D

Explanation: The Managed Instance Group (MIG) is the fundamental building block for achieving both high availability and autoscaling for your Compute Engine VMs.

  • A MIG automatically recreates instances if they stop, crash, malfunction, or are deleted (unless deleted by a specific instance group management command), ensuring high availability.

  • Managed instance groups inherently support autoscaling, which dynamically adds or removes instances based on configured metrics (e.g., CPU utilization, load balancing capacity), making your application scalable. You would typically set up a Load Balancer in front of the MIG to distribute traffic across its instances.

  • A is incorrect because there is no standard —scalable parameter in a VM template in GCP Compute Engine. Scalability is achieved through MIGs.

  • B is incorrect because while a Load Balancer is essential for distributing traffic across multiple instances, it requires a backend to distribute traffic to. You must first have a group of instances that can scale and self-heal, which is provided by a MIG.

  • C is incorrect because taking a snapshot of the boot disk is a good practice for backup and recovery, but it doesn’t directly address the immediate need for scalability, high availability, or security enhancement in a production environment with increasing traffic.

Therefore, setting up a managed instance group is the crucial first step to enable automatic scaling and enhance availability.

Question 17. You desire greater control over your Google Cloud Platform (GCP) Virtual Machines (VMs). Specifically, you want to optimize performance and identify the ideal configuration to ensure your applications are consistently fast and available. You are looking for detailed Disk and Memory metrics and statistics typically collected with the «collectd» Linux command. Which function can you activate, and how?

  • Stackdriver Monitoring agent B. Cloud Armor C. Nothing: GCP Console alone supplies everything. D. You must use a third-party tool to have an advanced monitor.

Correct Answer: A

Explanation: The Stackdriver Monitoring agent (now part of Google Cloud’s Operations suite, specifically Cloud Monitoring) is a collectd-based daemon that gathers comprehensive system and application metrics directly from virtual machine instances and transmits them to Cloud Monitoring.

  • Metrics are crucial for understanding the performance of applications and system services.

  • Cloud Monitoring can monitor GCP, AWS, and third-party software environments.

  • While standard Cloud Monitoring can access some basic instance metrics by default, installing the Monitoring agent (which is optional but highly recommended for detailed insights) allows you to define and collect a much broader range of data, including specific disk, CPU, network, and process metrics, as well as metrics from third-party applications.

  • B is incorrect because Cloud Armor is a web application firewall (WAF) and DDoS protection service. It is designed to defend against denial-of-service attacks and web-based threats, not for collecting detailed VM performance metrics.

  • C is incorrect because the GCP Console’s default metrics do not provide the granular, «collectd»-level details that the question specifies (e.g., in-depth disk and memory utilization).

  • D is incorrect because Google Cloud provides its own robust and capable monitoring solution (Cloud Monitoring with the agent) that can fulfill this requirement without resorting to an external third-party tool.

Question 18. Your team has deployed some applications in GKE (Google Kubernetes Engine). They have asked you how they can view a detailed list of the containers with just a few commands. Which is the correct statement to use?

  • gcloud container images describe B. gcloud container images list C. kubectl container list images D. kubectl container list images —detail

Correct Answer: A

Explanation: To get a detailed description of container images managed by Google Cloud, the command gcloud container images describe is the appropriate choice. This command provides comprehensive metadata about a specific image, including its layers, size, and other attributes.

  • gcloud container images list (Option B) is incorrect because it provides a simple list of the image names, not a detailed description.
  • kubectl container list images (Option C and D) are incorrect because kubectl commands are primarily used for managing Kubernetes resources (pods, deployments, services, etc.) within a cluster. While Kubernetes uses container images, the actual management and detailed listing of container images themselves (especially in a container registry like Google Container Registry or Artifact Registry) are typically handled by gcloud commands, as images are managed by GCP, not directly by Kubernetes.

Question 19. You need to migrate a Python application to GCP. The main challenge is that the application may experience sudden traffic bursts, necessitating very rapid scaling. The primary requirements for this application are therefore performance and availability. Given these requirements, which platform would you choose?

  • Compute Engine with Managed Instance Group B. App Engine Standard with automatic scaling C. App Engine Flex with Automatic scaling D. Cloud Functions

Correct Answer: B

Explanation: For applications requiring very rapid scaling and handling sudden traffic bursts while prioritizing performance and availability, App Engine Standard Environment with automatic scaling is the most suitable choice. App Engine Standard is renowned for its extremely fast cold start times and rapid scaling capabilities because its underlying execution environments are pre-warmed and highly optimized.

  • When a service experiences a sudden increase in requests, App Engine Standard can quickly create a large number of instances to handle the load. This is particularly advantageous for applications with highly variable traffic patterns.

  • App Engine Standard also efficiently scales instances down when request volumes decrease, ensuring optimal resource utilization and cost-effectiveness.

  • A is incorrect because while Compute Engine with Managed Instance Groups provides autoscaling, starting new VM instances is inherently slower than App Engine Standard’s instance creation process, making it less ideal for very rapid scaling during sudden bursts.

  • C is incorrect because App Engine Flexible Environment uses Docker containers on Compute Engine VMs, which means its instance startup and scaling times are generally slower than App Engine Standard due to the overhead of provisioning and launching new containers.

  • D is incorrect because while Cloud Functions are serverless and can scale rapidly, they are typically designed for event-driven, short-lived tasks and might not be suitable for entire applications that require continuous background processes or long-running requests. Their scaling characteristics are different from those required for a full application handling web traffic bursts.

Question 20. You have an application that periodically fetches data online and then uploads it to both BigQuery and Cloud Storage. You’ve prepared a bash script to automate this operation. How should you authorize this procedure in an automated, simple, and scalable way on the VM of the managed instance group where it is installed?

  • Create the virtual machine with an image or script that provides the necessary roles. B. Set up a service account with the correct privileges and create the instance template of the virtual machine with this service account. C. Write all the proper and needed credentials in the code. D. Create a procedure in App Engine and translate the script into code in order to load the data.

Correct Answer: B

Explanation:

  • A and C are incorrect for severe security reasons. You should never expose sensitive security information or credentials in plaintext within scripts, configuration files, or directly in code. This poses a significant security risk.
  • D is incorrect because there’s no inherent need to rewrite a perfectly functional bash script into a programming language for App Engine, and doing so doesn’t solve the core authorization challenge in a scalable or simple way for a VM-based operation.

B is the correct and recommended approach:

  • A service account is a special type of Google account that acts as a non-human user, allowing applications and services to be authenticated and authorized to access resources in GCP without using personal user credentials.
  • An instance template is a resource that defines the properties for creating VM instances and managed instance groups. These properties include the machine type, image, identity tags, and crucially, the service account that the VMs will run as.

By creating a service account, granting it only the necessary least privileges (e.g., BigQuery Data Editor, Storage Object Creator roles), and then configuring the instance template to launch VMs with this specific service account, the bash script running on these VMs will automatically inherit the service account’s permissions. This provides an automated, simple, and scalable authorization mechanism without embedding credentials.

Question 21. You have an application running in App Engine Standard Environment that needs to interact with Cloud SQL. Which of the following is the best and safest method to authorize all operations?

  • Configure the service account. B. Grant all authorizations in the app.yaml file. C. Use JWT. D. Grant all authorizations in the index.yaml file. E. Store the service account key in code.

Correct Answer: A

Explanation:

  • B and D are incorrect because it is a critical security violation to store sensitive security information or keys directly in configuration files like app.yaml or index.yaml. These files are often part of source code and could be inadvertently exposed.
  • C is incorrect because JSON Web Tokens (JWTs) are primarily an open standard for securely transmitting information between parties as a JSON object. While you can sign a JWT with a service account key and use it in an OAuth2 procedure, this is an unnecessarily complex method for authorizing an App Engine application to access Cloud SQL. The goal here is to authorize the application itself, not individual users.
  • E is incorrect because storing a service account key directly in application code is a major security vulnerability. Service account keys should only be transmitted and stored securely (e.g., in key stores or secure vaults).

The best and safest way is to configure and utilize the default service account that is automatically created with your App Engine application. A service account is a special type of Google account that acts as a non-human user and can be authenticated and authorized to access resources in GCP. You can then adjust the permissions (roles) for this service account as needed to grant it the specific access required for Cloud SQL. This ensures that your App Engine application has the necessary permissions without compromising security.

Question 22. What is a columnar Database, and which is the corresponding GCP Solution?

  • A SQL Database organized in columns instead of rows. Cloud SQL may act as a columnar Database. B. A NoSQL Database: Cloud Datastore. C. A Big Data Solution: Cloud Dataprep. D. A NoSQL Database: Cloud Bigtable.

Correct Answer: D

Explanation: A columnar database (or column-family database) is a type of NoSQL database that stores data in columns rather than rows. This organization optimizes for analytical queries that often access a subset of columns across many rows, as it reduces the amount of data that needs to be read from disk.

Cloud Bigtable is Google Cloud’s fully managed, scalable NoSQL wide-columnar database.

  • It is designed for petabyte-scale storage, supporting billions of rows and thousands of columns.

  • It excels at storing very large amounts of single-keyed data with very low latency (sub-millisecond).

  • Cloud Bigtable is ideal for high read and write throughput and serves as an excellent data source for MapReduce operations.

  • Data in Bigtable is organized into sparsely populated tables with three dimensions: row key, column family/qualifier, and timestamp. Each row is indexed by a single row key, and related columns are grouped into column families.

  • Bigtable tables are «sparse,» meaning if a cell contains no data, it takes up no space.

  • It scales proportionally with the number of machines in your cluster without bottlenecks.

  • A is incorrect because traditional SQL databases (like Cloud SQL) are row-oriented. While some SQL databases may offer columnar storage capabilities for analytical purposes, a traditional SQL database itself is not inherently a columnar database in the NoSQL sense, and it cannot function without joins, secondary indexes, or multiple tables in the way a pure columnar NoSQL database does.

  • B is incorrect because Cloud Datastore (now largely succeeded by Firestore) is a document database, not a columnar database. Document databases store data in flexible, semi-structured documents (e.g., JSON or BSON).

  • C is incorrect because Cloud Dataprep is a distinct product: it’s a data service for visually exploring, cleaning, and preparing structured and unstructured data for analysis, reporting, and machine learning. It is a data preparation tool, not a database.

Question 23. You are looking for a low-cost database service that supports strong consistency, atomic transactions, and serializable isolation. The data needs to be partially structured. What database and what configuration would you choose?

  • Cloud SQL MySQL with default configuration B. Cloud SQL Postgres with default configuration C. Cloud Storage with lifecycle D. Cloud Datastore with transactional commits

Correct Answer: D

Explanation: Cloud Datastore (which shares its core technology with Firestore) is a low-cost, fully managed NoSQL database that is designed to handle partially structured data. It provides capabilities that directly address the requirements:

  • Strong Consistency: Datastore can be configured for strong consistency. While this might lead to slightly longer I/O operations compared to less strict consistency models, it guarantees that a user reading data will always retrieve the most up-to-date version, regardless of which server in a cluster responds to the request.

  • Atomic Transactions: Datastore supports transactional commits, meaning a set of mutations (changes) within a transaction are either all applied successfully or none are applied. This ensures data integrity.

  • Serializable Isolation: Datastore’s transactions typically offer serializable isolation, which means concurrent transactions appear to execute serially, preventing common concurrency anomalies.

  • A and B are incorrect because while Cloud SQL (for MySQL and PostgreSQL) are relational databases that offer strong consistency and transactions, they are primarily designed for fully structured, relational data. While they can store some partially structured data using JSON types, they are not optimized for it in the same way a NoSQL document database is, nor are they typically considered «low-cost» in the same serverless, pay-per-use model as Datastore for varying workloads.

  • C is incorrect because Cloud Storage is an object storage service, not a database. It stores unstructured blobs of data and does not provide transactional capabilities, strong consistency for data integrity, or query features inherent to a database. Lifecycle policies are for managing object lifecycles, not transactional data.

Therefore, Cloud Datastore with transactional commits is the optimal choice for a low-cost, partially structured NoSQL database with strong consistency and atomic transaction capabilities.

Related posts:

  1. Advance Your Career with Microsoft Dynamics 365 MB-500 Certification
  2. Boost Your NSE7_EFW-7.2 Exam Preparation: Proven Techniques with Full Version Dumps
  3. From Admin to Architect: How AZ-140 Supercharges Your Azure and VDI Skillset
  4. Latest AWS SAP-C02 Exam Questions for 2025 – Professional Certification
  5. Mastering the SPCOR Cisco Exam: A Comprehensive Guide to Core Topics
  6. Microsoft Dynamics 365 Fundamentals: Finance and Operations Apps Download
  7. Navigating the Latest AWS Developer Certification: The Shift from DVA-C01 to DVA-C02
  8. Navigating the Updated AWS Certified Security Specialty Exam: A Complete Guide to SCS-C02
  9. Preparing for the Google Cloud Professional Data Engineer Certification
  10. SAA-C03 Survival Guide: Key Insights Before You Start Your AWS Journey