CertGrid
Google Cloud Certification

Google Cloud Professional Cloud Architect Practice Exam

Validates ability to design, manage, and provision secure, scalable, reliable cloud solution architectures on Google Cloud, and to optimize business and technical processes.

Practice 717 exam-style Google Cloud Professional Cloud Architect questions with full answer explanations, then take timed mock exams that score like the real thing.

Start practicing free Sign in
717
Practice questions
50
On the real exam
700
Passing score
120 min
Exam length

What the Google Cloud Professional Cloud Architect exam covers

Free Google Cloud Professional Cloud Architect sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 717.

  1. Question 1Designing and Planning a Cloud Solution Architecture

    An application needs a relational database with global horizontal scale and strong consistency. Which Google Cloud service fits?

    • ABigtable
    • BFirestore
    • CCloud SQL
    • DCloud SpannerCorrect
    ✓ Correct answer: D

    Spanner is global relational database with ACID properties.

    Why the other options are wrong
    • ABigtable is incorrect because Lacks relational schema..
    • BFirestore is incorrect because Not suitable for this scenario..
    • CCloud SQL is incorrect because Regional only, not global..
  2. Question 2Designing for Security and Compliance

    Which IAM role type should you prefer over the broad primitive roles (Owner/Editor/Viewer)?

    • AAlways use Owner for simplicity
    • BDisable IAM
    • CUse only the primitive Viewer everywhere
    • Dpredefined (or custom) roles scoped to specific services/actionsCorrect
    ✓ Correct answer: D

    predefined (or custom) roles scoped to specific services/actions is correct.

    Why the other options are wrong
    • AAlways use Owner for simplicity is incorrect because Not suitable for this scenario..
    • BDisable IAM is incorrect because Not suitable for this scenario..
    • CUse only the primitive Viewer everywhere is incorrect because Not suitable for this scenario..
  3. Question 3Ensuring Solution and Operations ReliabilitySelect all that apply

    Which TWO practices improve solution reliability? (Choose TWO)

    • ADeploying across multiple zones/regionsCorrect
    • BDisabling autoscaling under load
    • CRunning a single instance with no monitoring
    • Dhealth checks with autohealing/load-balancer integrationCorrect
    ✓ Correct answer: A, D

    deploying across multiple zones/regions is correct.

    Why the other options are wrong
    • BDisabling autoscaling under load is incorrect because Not suitable for this scenario..
    • CRunning a single instance with no monitoring is incorrect because Not suitable for this scenario.. --- D. health checks with autohealing/load-balancer integration. health checks with autohealing/load-balancer integration is correct. Disabling autoscaling under load is incorrect because Not suitable for this scenario.. Running a single instance with no monitoring is incorrect because Not suitable for this scenario..
  4. Question 4Designing and Planning a Cloud Solution Architecture

    An application serves users only in one country and needs the lowest cost while keeping HA. Which storage/region strategy is most appropriate for its Cloud Storage data?

    • AUse Archive class for the primary serving data
    • BUse a regional bucket close to the users rather than a multi-region bucketCorrect
    • CAlways use a dual-region or multi-region bucket regardless of audience
    • DStore the data only on a single VM local SSD
    ✓ Correct answer: B

    Use a regional bucket close to the users rather than a multi-region bucket is correct.

    Why the other options are wrong
    • AUse Archive class for the primary serving data is incorrect because Not suitable for this scenario..
    • CAlways use a dual-region or multi-region bucket regardless of audience is incorrect because Not suitable for this scenario..
    • DStore the data only on a single VM local SSD is incorrect because Not suitable for this scenario..
  5. Question 5Designing for Security and Compliance

    Which command enforces the org policy that disables creation of VM external IPs (constraints/compute.vmExternalIpAccess) at the org level?

    • Agcloud org-policies block compute.vmExternalIpAccess --org=123456789
    • Bgcloud resource-manager org-policies deny compute.vmExternalIpAccess --organization=123456789 --allCorrect
    • Cgcloud compute project-info update --no-external-ip
    • Dgcloud iam org-policies set compute.vmExternalIpAccess --deny-all
    ✓ Correct answer: B

    gcloud resource-manager org-policies deny compute.vmExternalIpAccess --organization=123456789 --all is correct.

    Why the other options are wrong
    • Agcloud org-policies block compute.vmExternalIpAccess --org=123456789 is incorrect because Not suitable for this scenario..
    • Cgcloud compute project-info update --no-external-ip is incorrect because Not suitable for this scenario..
    • Dgcloud iam org-policies set compute.vmExternalIpAccess --deny-all is incorrect because Not suitable for this scenario..
  6. Question 6Designing for Security and Compliance

    A team must store database passwords and API tokens for applications with versioning, fine-grained IAM, and audit logging. Which service is designed for this?

    • ASecret ManagerCorrect
    • BA plaintext file in a Cloud Storage bucket
    • CHard-coded values in the container image
    • DVM instance metadata in clear text
    ✓ Correct answer: A

    Secret Manager is correct.

    Why the other options are wrong
    • BA plaintext file in a Cloud Storage bucket is incorrect because Not suitable for this scenario..
    • CHard-coded values in the container image is incorrect because Not suitable for this scenario..
    • DVM instance metadata in clear text is incorrect because Not suitable for this scenario..
  7. Question 7Designing for Security and Compliance

    A deny IAM policy and an allow policy both apply to a principal for the same permission. Which wins?

    • AThe deny policy takes precedence and the action is blocked, regardless of any allow grantCorrect
    • BThey cancel out and access defaults to Owner
    • CThe allow grant always overrides a deny
    • DWhichever was created most recently wins
    ✓ Correct answer: A

    The deny policy takes precedence and the action is blocked, regardless of any allow grant is correct.

    Why the other options are wrong
    • BThey cancel out and access defaults to Owner is incorrect because Not suitable for this scenario..
    • CThe allow grant always overrides a deny is incorrect because Not suitable for this scenario..
    • DWhichever was created most recently wins is incorrect because Not suitable for this scenario..
  8. Question 8Ensuring Solution and Operations ReliabilitySelect all that apply

    Which TWO are valid notification channels for a Cloud Monitoring alerting policy? (Choose TWO)

    • AA BigQuery dataset
    • BPagerDuty / webhookCorrect
    • CEmailCorrect
    • DA Compute Engine local disk
    ✓ Correct answer: B, C

    PagerDuty / webhook is correct.

    Why the other options are wrong
    • AA BigQuery dataset is incorrect because Not suitable for this scenario..
    • DA Compute Engine local disk is incorrect because Not suitable for this scenario.. --- C. Email. Email is correct. A BigQuery dataset is incorrect because Not suitable for this scenario.. A Compute Engine local disk is incorrect because Not suitable for this scenario..
  9. Question 9Managing and Provisioning a Solution Infrastructure

    You must continuously replicate an on-prem MySQL database into Cloud SQL with minimal downtime cutover. Which managed service is purpose-built for this?

    • ADatabase Migration Service (DMS)Correct
    • BCloud CDN
    • CCloud Storage transfer
    • DCloud Build
    ✓ Correct answer: A

    MIG manages VMs with autoscaling and self-healing.

    Why the other options are wrong
    • BCloud CDN is incorrect because Not suitable for this scenario..
    • CCloud Storage transfer is incorrect because Not suitable for this scenario..
    • DCloud Build is incorrect because Not suitable for this scenario..
  10. Question 10Managing and Provisioning a Solution Infrastructure

    VMs in a private subnet with no external IP can reach internal resources but fail to download OS package updates from the internet. Internal apps work fine. What should you add to restore outbound internet access without assigning public IPs?

    • AEnable Cloud CDN on the VMs
    • BAdd a Cloud Armor policy
    • CCreate a Cloud DNS private zone
    • DConfigure Cloud NAT for the subnet's regionCorrect
    ✓ Correct answer: D

    NAT enables outbound from private VMs.

    Why the other options are wrong
    • AEnable Cloud CDN on the VMs is incorrect because Not suitable for this scenario..
    • BAdd a Cloud Armor policy is incorrect because Not suitable for this scenario..
    • CCreate a Cloud DNS private zone is incorrect because DNS service, not applicable..
Unlock all 717 Google Cloud Professional Cloud Architect questions

Google Cloud Professional Cloud Architect practice exam FAQ

How many questions are in the Google Cloud Professional Cloud Architect practice exam on CertGrid?

CertGrid has 717 practice questions for Google Cloud Professional Cloud Architect, covering 6 exam domains. The real Google Cloud Professional Cloud Architect exam has about 50 questions.

What is the passing score for Google Cloud Professional Cloud Architect?

The Google Cloud Professional Cloud Architect exam passing score is 700, and you have about 120 minutes to complete it. CertGrid scores your practice attempts the same way so you know when you are ready.

Are these official Google Cloud Professional Cloud Architect exam questions?

No. CertGrid is an independent practice platform. Questions are written to mirror the style and concepts of Google Cloud Professional Cloud Architect, with full explanations, but they are not official or copied vendor exam items. They are original practice questions designed to help you genuinely learn the material.

Can I practice Google Cloud Professional Cloud Architect for free?

Yes. You can start practicing Google Cloud Professional Cloud Architect for free with daily practice and sample questions. Paid plans unlock full timed exams, complete explanations, and domain analytics.