Google Cloud Architect Practice Test

A. × Incorrect: Google Cloud CDN is incorrect because it does not answer this stem as directly as Global Load Balancing.

B. ✓ Correct: Global Load Balancing is the correct answer because global Load Balancing is designed for distributing traffic across multiple regions, ensuring low latency and high availability. The wrong answers are useful review cues: Cloud CDN caches content at the edge; Cloud DNS manages DNS zones and records, while Compute Engine provides virtual machines and infrastructure control, but they do not match this stem as directly as Global Load Balancing.

C. × Incorrect: Cloud DNS is incorrect because it does not answer this stem as directly as Global Load Balancing.

D. × Incorrect: Compute Engine is incorrect because it does not answer this stem as directly as Global Load Balancing.

A. × Incorrect: Cloud IAM Roles is incorrect because it does not answer this stem as directly as Identity-Aware Proxy.

B. ✓ Correct: Identity-Aware Proxy is the correct answer because identity-Aware Proxy (IAP) is designed for secure remote access to applications hosted on Google Cloud, ensuring that the application itself does not need to be exposed directly to the internet. The wrong answers are useful review cues: IAM controls identity and permission relationships; Workload Identity Federation lets external identities access Google Cloud without long-lived service account keys, while service account impersonation lets one principal act as a service account when permitted, but they do not match this stem as directly as Identity-Aware Proxy.

C. × Incorrect: Workload Identity Federation is incorrect because it does not answer this stem as directly as Identity-Aware Proxy.

D. × Incorrect: Service Account Impersonation is incorrect because it does not answer this stem as directly as Identity-Aware Proxy.

A. × Incorrect: Implementing detailed logging only is incorrect because it does not answer this stem as directly as Setting up comprehensive metrics and alerts.

B. ✓ Correct: Setting up comprehensive metrics and alerts is the correct answer because comprehensive metrics and alerts provide the necessary insights to identify issues and opportunities for improvement in real-time. The wrong answers are useful review cues: Implementing detailed logging only is a related option that does not directly answer this stem; Disabling all third-party monitoring tools is a related option that does not directly answer this stem, while performance optimization focuses on workload responsiveness and efficiency, but they do not match this stem as directly as Setting up comprehensive metrics and alerts.

C. × Incorrect: Disabling all third-party monitoring tools is incorrect because it does not answer this stem as directly as Setting up comprehensive metrics and alerts.

D. × Incorrect: Focusing solely on user interface performance is incorrect because it does not answer this stem as directly as Setting up comprehensive metrics and alerts.

A. ✓ Correct: Immediately roll back to the previous stable version is the correct answer because immediately roll back to the previous stable version. Rolling back to a previously stable version ensures service continuity while the issue is investigated. The wrong answers are useful review cues: Continue deploying new versions regardless of issues. is a related option that does not directly answer this stem; root-cause work identifies how an incident began and why it happened, while Restart all affected services manually without investigation. is a related option that does not directly answer this stem, but they do not match this stem as directly as Immediately roll back to the previous stable version..

B. × Incorrect: Continue deploying new versions regardless of issues is incorrect because it does not answer this stem as directly as Immediately roll back to the previous stable version..

C. × Incorrect: Pause all deployments and investigate the root cause is incorrect because it does not answer this stem as directly as Immediately roll back to the previous stable version..

D. × Incorrect: Restart all affected services manually without investigation is incorrect because it does not answer this stem as directly as Immediately roll back to the previous stable version..

A. × Incorrect: Minimize data storage costs is incorrect because it does not answer this stem as directly as Ensure uninterrupted service availability.

B. × Incorrect: Increase employee productivity is incorrect because it does not answer this stem as directly as Ensure uninterrupted service availability.

C. × Incorrect: Reduce network bandwidth usage is incorrect because it does not answer this stem as directly as Ensure uninterrupted service availability.

D. ✓ Correct: Ensure uninterrupted service availability is the correct answer because the main objective of a disaster recovery strategy is to ensure that services remain available during and after a disaster. The wrong answers are useful review cues: Minimize data storage costs is a related option that does not directly answer this stem; Increase employee productivity is a related option that does not directly answer this stem, while Reduce network bandwidth usage is a related option that does not directly answer this stem, and they do not match this stem as directly as Ensure uninterrupted service availability.

A. × Incorrect: Log routing with a single sink is incorrect because it does not answer this stem as directly as Cloud Audit Logs for all projects..

B. × Incorrect: Custom logs in each project is incorrect because it does not answer this stem as directly as Cloud Audit Logs for all projects..

C. ✓ Correct: Cloud Audit Logs for all projects is the correct answer because cloud Audit Logs for all projects. Cloud Audit Logs provide comprehensive monitoring of user activity across Google Cloud resources, including multiple projects, which is essential for compliance and security audits. The wrong answers are useful review cues: Log routing with a single sink. is a related option that does not directly answer this stem; Custom logs in each project. is a related option that does not directly answer this stem, while Unified logging service. is a related option that does not directly answer this stem, but they do not match this stem as directly as Cloud Audit Logs for all projects..

D. × Incorrect: Unified logging service is incorrect because it does not answer this stem as directly as Cloud Audit Logs for all projects..

A. × Incorrect: Shared-core machine family is incorrect because it does not answer this stem as directly as Memory-optimized machine family.

B. ✓ Correct: Memory-optimized machine family is the correct answer because compute Engine machine-family documentation identifies memory-optimized machines for workloads that need high memory capacity. The wrong answers are useful review cues: Shared-core machine family is a related option that does not directly answer this stem; Storage bucket class is a related option that does not directly answer this stem, while Cloud Run runs serverless containers that scale with requests, but they do not match this stem as directly as Memory-optimized machine family.

C. × Incorrect: Storage bucket class is incorrect because it does not answer this stem as directly as Memory-optimized machine family.

D. × Incorrect: Cloud Run function class is incorrect because it does not answer this stem as directly as Memory-optimized machine family.

A. × Incorrect: Encrypting the secrets with a third-party tool is incorrect because it does not answer this stem as directly as By setting up alerts on Cloud Monitoring.

B. × Incorrect: Using version control systems like Git is incorrect because it does not answer this stem as directly as By setting up alerts on Cloud Monitoring.

C. × Incorrect: Disabling all access to the secrets is incorrect because it does not answer this stem as directly as By setting up alerts on Cloud Monitoring.

D. ✓ Correct: By setting up alerts on Cloud Monitoring is the correct answer because setting up alerts in Cloud Monitoring helps detect and respond to unauthorized access. The wrong answers are useful review cues: Encrypting the secrets with a third-party tool is a related option that does not directly answer this stem; Using version control systems like Git is a related option that does not directly answer this stem, while Disabling all access to the secrets is a related option that does not directly answer this stem, and they do not match this stem as directly as By setting up alerts on Cloud Monitoring.

A. ✓ Correct: Establishing comprehensive monitoring and alerting mechanisms is the correct answer because comprehensive monitoring and alerting mechanisms are crucial for operational excellence as they enable quick identification and response to incidents. The wrong answers are useful review cues: Ensuring high availability through redundant systems is a related option that does not directly answer this stem; access control restricts who or what can use a resource, while Optimizing resource usage with auto-scaling policies is a related option that does not directly answer this stem, and they do not match this stem as directly as Establishing comprehensive monitoring and alerting mechanisms.

B. × Incorrect: Ensuring high availability through redundant systems is incorrect because it does not answer this stem as directly as Establishing comprehensive monitoring and alerting mechanisms.

C. × Incorrect: Implementing strict access controls on all resources is incorrect because it does not answer this stem as directly as Establishing comprehensive monitoring and alerting mechanisms.

D. × Incorrect: Optimizing resource usage with auto-scaling policies is incorrect because it does not answer this stem as directly as Establishing comprehensive monitoring and alerting mechanisms.

A. × Incorrect: Use a single service account for all API interactions is incorrect because it does not answer this stem as directly as Implement IAM roles with least privilege access per API..

B. ✓ Correct: Implement IAM roles with least privilege access per API is the correct answer because implement IAM roles with least privilege access per API. Using IAM roles allows you to define specific permissions needed by an application, ensuring that the principle of least privilege is followed. The wrong answers are useful review cues: service accounts are identities used by workloads or automation; Create separate OAuth 2.0 credentials for each API. is a related option that does not directly answer this stem, while Utilize shared JWT tokens between different APIs. is a related option that does not directly answer this stem, but they do not match this stem as directly as Implement IAM roles with least privilege access per API..

C. × Incorrect: Create separate OAuth 2.0 credentials for each API is incorrect because it does not answer this stem as directly as Implement IAM roles with least privilege access per API..

D. × Incorrect: Utilize shared JWT tokens between different APIs is incorrect because it does not answer this stem as directly as Implement IAM roles with least privilege access per API..

A. ✓ Correct: The initial trigger event is the correct answer because identifying the initial trigger event helps in understanding how the incident started, which is crucial for further analysis. The wrong answers are useful review cues: All potential contributing factors is a related option that does not directly answer this stem; The underlying technical issue is a related option that does not directly answer this stem, while The immediate impact on users is a related option that does not directly answer this stem, and they do not match this stem as directly as The initial trigger event.

B. × Incorrect: All potential contributing factors is incorrect because it does not answer this stem as directly as The initial trigger event.

C. × Incorrect: The underlying technical issue is incorrect because it does not answer this stem as directly as The initial trigger event.

D. × Incorrect: The immediate impact on users is incorrect because it does not answer this stem as directly as The initial trigger event.

A. × Incorrect: Release approvals is incorrect because it does not answer this stem as directly as Rollback triggers.

B. × Incorrect: Deployment policies is incorrect because it does not answer this stem as directly as Rollback triggers.

C. ✓ Correct: Rollback triggers is the correct answer because rollback triggers in Cloud Deploy automatically initiate a rollback process when certain conditions are met, ensuring application stability. The wrong answers are useful review cues: release approvals add a human gate before rollout; deployment policies constrain how releases move through stages, while rollback behavior restores a previous release when problems appear, but they do not match this stem as directly as Rollback triggers.

D. × Incorrect: Manual rollbacks is incorrect because it does not answer this stem as directly as Rollback triggers.

A. × Incorrect: Enable Cloud DNS forwarding is incorrect because it does not answer this stem as directly as Configure a global load balancer.

B. × Incorrect: Create a shared VPC service project is incorrect because it does not answer this stem as directly as Configure a global load balancer.

C. × Incorrect: Set up peering connections between the subnets is incorrect because it does not answer this stem as directly as Configure a global load balancer.

D. ✓ Correct: Configure a global load balancer is the correct answer because a global load balancer is essential for directing traffic across different regions, ensuring high availability and redundancy. The wrong answers are useful review cues: Cloud DNS manages DNS zones and records; Create a shared VPC service project is a related option that does not directly answer this stem, while Set up peering connections between the subnets is a related option that does not directly answer this stem, and they do not match this stem as directly as Configure a global load balancer.

A. × Incorrect: Use a single service account with broad permissions is incorrect because it does not answer this stem as directly as Implement Workload Identity Federation for secure delegation..

B. × Incorrect: Store API keys in environment variables for all users is incorrect because it does not answer this stem as directly as Implement Workload Identity Federation for secure delegation..

C. ✓ Correct: Implement Workload Identity Federation for secure delegation is the correct answer because implement Workload Identity Federation for secure delegation. Workload Identity Federation enables secure and temporary access from external identities, ensuring that no long-term credentials are stored on the client side. The wrong answers are useful review cues: service accounts are identities used by workloads or automation; Store API keys in environment variables for all users. is a related option that does not directly answer this stem, while Grant IAM roles directly to individual user accounts. is a related option that does not directly answer this stem, but they do not match this stem as directly as Implement Workload Identity Federation for secure delegation..

D. × Incorrect: Grant IAM roles directly to individual user accounts is incorrect because it does not answer this stem as directly as Implement Workload Identity Federation for secure delegation..

A. ✓ Correct: Recovery time objective is the correct answer because google Cloud disaster recovery guidance uses recovery time objective to describe how long a workload can be unavailable after a failure. The wrong answers are useful review cues: service accounts are identities used by workloads or automation; Subnet CIDR size is a related option that does not directly answer this stem, while Container image digest is a related option that does not directly answer this stem, and they do not match this stem as directly as Recovery time objective.

B. × Incorrect: Service account key age is incorrect because it does not answer this stem as directly as Recovery time objective.

C. × Incorrect: Subnet CIDR size is incorrect because it does not answer this stem as directly as Recovery time objective.

D. × Incorrect: Container image digest is incorrect because it does not answer this stem as directly as Recovery time objective.

A. × Incorrect: gcloud storage bucket-list is incorrect because it does not answer this stem as directly as gsutil ls gs://.

B. × Incorrect: bq ls --buckets is incorrect because it does not answer this stem as directly as gsutil ls gs://.

C. ✓ Correct: gsutil ls gs:// is the correct answer because the correct command 'gsutil ls gs://' is used to list all the buckets in a project. The wrong answers are useful review cues: Cloud Storage is object storage for durable files and objects, while bq is the BigQuery command-line tool, but they do not match this stem as directly as gsutil ls gs://.

D. × Incorrect: gcloud storage ls is incorrect because it does not answer this stem as directly as gsutil ls gs://.

A. × Incorrect: Disabling all unused services immediately is incorrect because it does not answer this stem as directly as Implementing auto-scaling policies.

B. ✓ Correct: Implementing auto-scaling policies is the correct answer because auto-scaling policies help adjust resource allocation based on demand, reducing costs by avoiding over-provisioning. The wrong answers are useful review cues: Disabling all unused services immediately is a related option that does not directly answer this stem; Creating more detailed billing reports is a related option that does not directly answer this stem, while Increasing the number of reserved instances is a related option that does not directly answer this stem, and they do not match this stem as directly as Implementing auto-scaling policies.

C. × Incorrect: Creating more detailed billing reports is incorrect because it does not answer this stem as directly as Implementing auto-scaling policies.

D. × Incorrect: Increasing the number of reserved instances is incorrect because it does not answer this stem as directly as Implementing auto-scaling policies.

A. ✓ Correct: To visualize metrics data is the correct answer because custom dashboards allow users to visualize and monitor key performance indicators and other relevant metrics for their services. The wrong answers are useful review cues: To manage IAM roles is a related option that does not directly answer this stem; To configure network settings is a related option that does not directly answer this stem, while Cloud Run functions are event-driven serverless functions, but they do not match this stem as directly as To visualize metrics data.

B. × Incorrect: To manage IAM roles is incorrect because it does not answer this stem as directly as To visualize metrics data.

C. × Incorrect: To configure network settings is incorrect because it does not answer this stem as directly as To visualize metrics data.

D. × Incorrect: To deploy cloud functions is incorrect because it does not answer this stem as directly as To visualize metrics data.

A. × Incorrect: Encrypt all objects with customer-managed keys is incorrect because it does not answer this stem as directly as Move objects to Nearline.

B. × Incorrect: Delete objects after 30 days is incorrect because it does not answer this stem as directly as Move objects to Nearline.

C. ✓ Correct: Move objects to Nearline is the correct answer because moving objects to the Nearline storage class reduces costs for data that is rarely accessed but still needs to be retained. The wrong answers are useful review cues: Encrypt all objects with customer-managed keys is a related option that does not directly answer this stem; Delete objects after 30 days is a related option that does not directly answer this stem, while Archive objects in a separate bucket is a related option that does not directly answer this stem, and they do not match this stem as directly as Move objects to Nearline.

D. × Incorrect: Archive objects in a separate bucket is incorrect because it does not answer this stem as directly as Move objects to Nearline.

A. × Incorrect: Service Catalog is incorrect because it does not answer this stem as directly as Model Armor.

B. × Incorrect: Cloud NAT is incorrect because it does not answer this stem as directly as Model Armor.

C. ✓ Correct: Model Armor is the correct answer because google Cloud documentation describes Model Armor as a service for screening model prompts and responses for safety and security risks. The wrong answers are useful review cues: Service Catalog is a related option that does not directly answer this stem; Cloud NAT gives private resources outbound internet access, while Cloud DNS manages DNS zones and records, but they do not match this stem as directly as Model Armor.

D. × Incorrect: Cloud DNS peering is incorrect because it does not answer this stem as directly as Model Armor.

A. × Incorrect: Using reserved instances exclusively is incorrect because it does not answer this stem as directly as Implementing auto-scaling with spot instances.

B. × Incorrect: Purchasing committed use discounts is incorrect because it does not answer this stem as directly as Implementing auto-scaling with spot instances.

C. × Incorrect: Deploying static resource sizes year-round is incorrect because it does not answer this stem as directly as Implementing auto-scaling with spot instances.

D. ✓ Correct: Implementing auto-scaling with spot instances is the correct answer because auto-scaling with spot instances allows for dynamic adjustment of resources based on demand, reducing costs during off-peak times. The wrong answers are useful review cues: Using reserved instances exclusively is a related option that does not directly answer this stem; Purchasing committed use discounts is a related option that does not directly answer this stem, while Deploying static resource sizes year-round is a related option that does not directly answer this stem, and they do not match this stem as directly as Implementing auto-scaling with spot instances.

A. × Incorrect: Rate Quotas is incorrect because it does not answer this stem as directly as Usage Plans.

B. × Incorrect: Access Control is incorrect because it does not answer this stem as directly as Usage Plans.

C. × Incorrect: Throttling Policies is incorrect because it does not answer this stem as directly as Usage Plans.

D. ✓ Correct: Usage Plans is the correct answer because usage Plans allow you to define and enforce rate limits on API requests. The wrong answers are useful review cues: quotas limit request volume over a defined window; access control restricts who or what can use a resource, while Throttling Policies is a related option that does not directly answer this stem, and they do not match this stem as directly as Usage Plans.

A. × Incorrect: Log sink is incorrect because it does not answer this stem as directly as Catalog.

B. × Incorrect: Firewall policy is incorrect because it does not answer this stem as directly as Catalog.

C. × Incorrect: VPC subnet is incorrect because it does not answer this stem as directly as Catalog.

D. ✓ Correct: Catalog is the correct answer because service Catalog documentation describes catalogs as collections used to organize solutions that can be shared with users. The wrong answers are useful review cues: Log sink is a related option that does not directly answer this stem; Firewall policy is a related option that does not directly answer this stem, while VPC subnet is a related option that does not directly answer this stem, and they do not match this stem as directly as Catalog.

A. ✓ Correct: Step-by-step procedures for restoring service availability is the correct answer because the primary goal of an incident response runbook is to provide clear, actionable steps to restore service availability. The wrong answers are useful review cues: A detailed list of all stakeholders' contact information is a related option that does not directly answer this stem; An exhaustive inventory of all cloud resources used by the company is a related option that does not directly answer this stem, while Instructions on how to update the company's website is a related option that does not directly answer this stem, and they do not match this stem as directly as Step-by-step procedures for restoring service availability.

B. × Incorrect: A detailed list of all stakeholders' contact information is incorrect because it does not answer this stem as directly as Step-by-step procedures for restoring service availability.

C. × Incorrect: An exhaustive inventory of all cloud resources used by the company is incorrect because it does not answer this stem as directly as Step-by-step procedures for restoring service availability.

D. × Incorrect: Instructions on how to update the company's website is incorrect because it does not answer this stem as directly as Step-by-step procedures for restoring service availability.

A. × Incorrect: Configure VPC service controls is incorrect because it does not answer this stem as directly as Establish a service attachment.

B. ✓ Correct: Establish a service attachment is the correct answer because service attachments are used to establish private connectivity between an on-premises network and Google services. The wrong answers are useful review cues: VPC Service Controls create service perimeters around supported resources; Create a peering connection in the VPC is a related option that does not directly answer this stem, while Set up interconnects with shared VPC is a related option that does not directly answer this stem, and they do not match this stem as directly as Establish a service attachment.

C. × Incorrect: Create a peering connection in the VPC is incorrect because it does not answer this stem as directly as Establish a service attachment.

D. × Incorrect: Set up interconnects with shared VPC is incorrect because it does not answer this stem as directly as Establish a service attachment.

A. × Incorrect: Create individual IAM policies for each project is incorrect because it does not answer this stem as directly as Use folders to group related projects and apply centralized IAM policies..

B. ✓ Correct: Use folders to group related projects and apply centralized IAM policies is the correct answer because use folders to group related projects and apply centralized IAM policies. Using folders allows you to group related projects together and apply consistent IAM policies across them, simplifying management and compliance. The wrong answers are useful review cues: IAM controls identity and permission relationships, while Assign all users global roles that cover all projects. is a related option that does not directly answer this stem, but they do not match this stem as directly as Use folders to group related projects and apply centralized IAM policies..

C. × Incorrect: Assign all users global roles that cover all projects is incorrect because it does not answer this stem as directly as Use folders to group related projects and apply centralized IAM policies..

D. × Incorrect: Disable IAM policies and use custom scripts for access control is incorrect because it does not answer this stem as directly as Use folders to group related projects and apply centralized IAM policies..

A. ✓ Correct: Failover to healthy capacity is the correct answer because reliability guidance emphasizes resilient design and recovery behavior so systems can continue operating when components fail or need maintenance. The wrong answers are useful review cues: Deleting monitoring data is a related option that does not directly answer this stem; Using one zonal resource only is a related option that does not directly answer this stem, while Disabling health checks is a related option that does not directly answer this stem, and they do not match this stem as directly as Failover to healthy capacity.

B. × Incorrect: Deleting monitoring data is incorrect because it does not answer this stem as directly as Failover to healthy capacity.

C. × Incorrect: Using one zonal resource only is incorrect because it does not answer this stem as directly as Failover to healthy capacity.

D. × Incorrect: Disabling health checks is incorrect because it does not answer this stem as directly as Failover to healthy capacity.

A. × Incorrect: Using separate state files for each region to maintain isolation is incorrect because it does not answer this stem as directly as Employing modules that define common resources and variables..

B. ✓ Correct: Employing modules that define common resources and variables is the correct answer because employing modules that define common resources and variables. Using modules with defined inputs allows for consistent resource configuration across different regions without duplicating code. The wrong answers are useful review cues: Using separate state files for each region to maintain isolation. is a related option that does not directly answer this stem; Creating individual workspaces for every project within the same region. is a related option that does not directly answer this stem, while Hardcoding regional settings directly into Terraform scripts. is a related option that does not directly answer this stem, but they do not match this stem as directly as Employing modules that define common resources and variables..

C. × Incorrect: Creating individual workspaces for every project within the same region is incorrect because it does not answer this stem as directly as Employing modules that define common resources and variables..

D. × Incorrect: Hardcoding regional settings directly into Terraform scripts is incorrect because it does not answer this stem as directly as Employing modules that define common resources and variables..

A. × Incorrect: Logo dimensions is incorrect because it does not answer this stem as directly as Skills and readiness.

B. × Incorrect: Browser theme preference is incorrect because it does not answer this stem as directly as Skills and readiness.

C. ✓ Correct: Skills and readiness is the correct answer because the Professional Cloud Architect exam guide includes analyzing stakeholder readiness, technical skills, and business processes as part of architecture work. The wrong answers are useful review cues: Logo dimensions is a related option that does not directly answer this stem; Browser theme preference is a related option that does not directly answer this stem, while Ad campaign names is a related option that does not directly answer this stem, and they do not match this stem as directly as Skills and readiness.

D. × Incorrect: Ad campaign names is incorrect because it does not answer this stem as directly as Skills and readiness.

A. × Incorrect: Setting alerts based on SLO violations only after they occur is incorrect because it does not answer this stem as directly as Configuring alerts to notify teams before an SLO is breached, allowing proactive resolution..

B. ✓ Correct: Configuring alerts to notify teams before an SLO is breached, allowing proactive resolution is the correct answer because configuring alerts to notify teams before an SLO is breached, allowing proactive resolution. Proactive notification allows for timely intervention and reduces the likelihood of service degradation. The wrong answers are useful review cues: Setting alerts based on SLO violations only after they occur. is a related option that does not directly answer this stem; Creating alerts that trigger when any metric exceeds its threshold, regardless of impact on user experience. is a related option that does not directly answer this stem, while Disabling all alert notifications during off-hours to avoid unnecessary interruptions. is a related option that does not directly answer this stem, but they do not match this stem as directly as Configuring alerts to notify teams before an SLO is breached, allowing proactive resolution..

C. × Incorrect: Creating alerts that trigger when any metric exceeds its threshold, regardless of impact on user experience is incorrect because it does not answer this stem as directly as Configuring alerts to notify teams before an SLO is breached, allowing proactive resolution..

D. × Incorrect: Disabling all alert notifications during off-hours to avoid unnecessary interruptions is incorrect because it does not answer this stem as directly as Configuring alerts to notify teams before an SLO is breached, allowing proactive resolution..