[PCA] Google Cloud Certified Professional
Cloud Architect Certification Exam Guide
**Question 1. Which Google Cloud compute service automatically scales to zero when idle and
is ideal for HTTP request‑driven workloads?**
A) Compute Engine
B) Google Kubernetes Engine
C) Cloud Run
D) App Engine
Answer: C
Explanation: Cloud Run runs containers in a fully managed environment, scaling down to zero
when no requests are received.
**Question 2. When choosing a datastore for a workload that requires strong consistency
across rows and ACID transactions, which service is most appropriate?**
A) Cloud Bigtable
B) Cloud Spanner
C) Firestore in Datastore mode
D) Cloud SQL
Answer: B
Explanation: Cloud Spanner provides globally distributed strong consistency and supports ACID
transactions.
**Question 3. Which of the following is a primary benefit of using gRPC over HTTP/REST for
internal microservice communication?**
A) Human‑readable payloads
B) Automatic API documentation generation
, [PCA] Google Cloud Certified Professional
Cloud Architect Certification Exam Guide
C) Binary serialization with lower latency
D) Built‑in caching
Answer: C
Explanation: gRPC uses Protocol Buffers, a binary format that reduces payload size and latency
compared to JSON over REST.
**Question 4. In a multi‑region deployment, what is the main purpose of configuring a global
external HTTP(S) load balancer with cross‑region backends?**
A) To enforce network firewall rules
B) To provide low‑latency routing for users worldwide
C) To enable VPC peering
D) To store static assets
Answer: B
Explanation: A global load balancer directs traffic to the closest healthy backend region,
reducing latency.
**Question 5. Which IAM principle should you apply when creating a service account that only
needs to write objects to a specific Cloud Storage bucket?**
A) Grant Owner role on the project
B) Grant Storage Object Admin at the project level
C) Grant Storage Object Creator on the bucket only
D) Grant Viewer role on the bucket
Answer: C
, [PCA] Google Cloud Certified Professional
Cloud Architect Certification Exam Guide
Explanation: Assigning the Storage Object Creator role on the bucket follows the principle of
least privilege.
**Question 6. To protect secrets such as API keys used by Cloud Run services, which Google
Cloud service should store and provide them at runtime?**
A) Cloud KMS
B) Secret Manager
C) Cloud IAM
D) Cloud Scheduler
Answer: B
Explanation: Secret Manager securely stores secrets and can inject them into Cloud Run via
environment variables.
**Question 7. Which feature of Cloud Service Mesh (Anthos Service Mesh) helps enforce mTLS
between services in a GKE cluster?**
A) Ingress controller
B) Sidecar proxy injection
C) Horizontal pod autoscaling
D) Config Connector
Answer: B
Explanation: The sidecar proxies (Envoy) automatically handle mutual TLS for service‑to‑service
traffic.
**Question 8. When modernizing a monolithic application to microservices, which pattern helps
avoid breaking existing clients during API version upgrades?**
, [PCA] Google Cloud Certified Professional
Cloud Architect Certification Exam Guide
A) Circuit breaker
B) API gateway with versioned routes
C) Bulkhead isolation
D) Service discovery only
Answer: B
Explanation: An API gateway can expose multiple versioned endpoints, allowing clients to
migrate gradually.
**Question 9. Which caching strategy is best suited for storing session data that must be shared
across multiple Cloud Run instances?**
A) In‑memory cache inside each container
B) Cloud Memorystore for Redis
C) Cloud CDN
D) Cloud Storage
Answer: B
Explanation: Cloud Memorystore provides a managed, shared Redis cache accessible by all
instances.
**Question 10. A developer needs to test Pub/Sub message handling locally without incurring
network charges. Which tool should they use?**
A) Cloud Shell
B) Pub/Sub emulator
C) Cloud Scheduler UI
D) Cloud Logging
Cloud Architect Certification Exam Guide
**Question 1. Which Google Cloud compute service automatically scales to zero when idle and
is ideal for HTTP request‑driven workloads?**
A) Compute Engine
B) Google Kubernetes Engine
C) Cloud Run
D) App Engine
Answer: C
Explanation: Cloud Run runs containers in a fully managed environment, scaling down to zero
when no requests are received.
**Question 2. When choosing a datastore for a workload that requires strong consistency
across rows and ACID transactions, which service is most appropriate?**
A) Cloud Bigtable
B) Cloud Spanner
C) Firestore in Datastore mode
D) Cloud SQL
Answer: B
Explanation: Cloud Spanner provides globally distributed strong consistency and supports ACID
transactions.
**Question 3. Which of the following is a primary benefit of using gRPC over HTTP/REST for
internal microservice communication?**
A) Human‑readable payloads
B) Automatic API documentation generation
, [PCA] Google Cloud Certified Professional
Cloud Architect Certification Exam Guide
C) Binary serialization with lower latency
D) Built‑in caching
Answer: C
Explanation: gRPC uses Protocol Buffers, a binary format that reduces payload size and latency
compared to JSON over REST.
**Question 4. In a multi‑region deployment, what is the main purpose of configuring a global
external HTTP(S) load balancer with cross‑region backends?**
A) To enforce network firewall rules
B) To provide low‑latency routing for users worldwide
C) To enable VPC peering
D) To store static assets
Answer: B
Explanation: A global load balancer directs traffic to the closest healthy backend region,
reducing latency.
**Question 5. Which IAM principle should you apply when creating a service account that only
needs to write objects to a specific Cloud Storage bucket?**
A) Grant Owner role on the project
B) Grant Storage Object Admin at the project level
C) Grant Storage Object Creator on the bucket only
D) Grant Viewer role on the bucket
Answer: C
, [PCA] Google Cloud Certified Professional
Cloud Architect Certification Exam Guide
Explanation: Assigning the Storage Object Creator role on the bucket follows the principle of
least privilege.
**Question 6. To protect secrets such as API keys used by Cloud Run services, which Google
Cloud service should store and provide them at runtime?**
A) Cloud KMS
B) Secret Manager
C) Cloud IAM
D) Cloud Scheduler
Answer: B
Explanation: Secret Manager securely stores secrets and can inject them into Cloud Run via
environment variables.
**Question 7. Which feature of Cloud Service Mesh (Anthos Service Mesh) helps enforce mTLS
between services in a GKE cluster?**
A) Ingress controller
B) Sidecar proxy injection
C) Horizontal pod autoscaling
D) Config Connector
Answer: B
Explanation: The sidecar proxies (Envoy) automatically handle mutual TLS for service‑to‑service
traffic.
**Question 8. When modernizing a monolithic application to microservices, which pattern helps
avoid breaking existing clients during API version upgrades?**
, [PCA] Google Cloud Certified Professional
Cloud Architect Certification Exam Guide
A) Circuit breaker
B) API gateway with versioned routes
C) Bulkhead isolation
D) Service discovery only
Answer: B
Explanation: An API gateway can expose multiple versioned endpoints, allowing clients to
migrate gradually.
**Question 9. Which caching strategy is best suited for storing session data that must be shared
across multiple Cloud Run instances?**
A) In‑memory cache inside each container
B) Cloud Memorystore for Redis
C) Cloud CDN
D) Cloud Storage
Answer: B
Explanation: Cloud Memorystore provides a managed, shared Redis cache accessible by all
instances.
**Question 10. A developer needs to test Pub/Sub message handling locally without incurring
network charges. Which tool should they use?**
A) Cloud Shell
B) Pub/Sub emulator
C) Cloud Scheduler UI
D) Cloud Logging
