1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-DEVELOPER

Google PROFESSIONAL-CLOUD-DEVELOPER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-DEVELOPER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-DEVELOPER
  • Exam Name
    :Professional Cloud Developer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :405 Q&As
  • Last Updated
    :May 24, 2026

Google PROFESSIONAL-CLOUD-DEVELOPER Online Questions & Answers

  • Question 141:

    For this question, refer to the HipLocal case study.

    A recent security audit discovers that HipLocal's database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. HipLocal needs to reduce the risk of these credentials being stolen.

    What should they do?

    A. Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.
    B. Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.
    C. Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.
    D. Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

  • Question 142:

    Your team has created an application that is hosted on a Google Kubernetes Engine (GKE) cluster. You need to connect the application to a legacy REST service that is deployed in two GKE clusters in two different regions. You want to connect your application to the target service in a way that is resilient. You also want to be able to run health checks on the legacy service on a separate port.

    How should you set up the connection? (Choose two.)

    A. Use Traffic Director with a sidecar proxy to connect the application to the service.
    B. Use a proxyless Traffic Director configuration to connect the application to the service.
    C. Configure the legacy service's firewall to allow health checks originating from the proxy.
    D. Configure the legacy service's firewall to allow health checks originating from the application.
    E. Configure the legacy service's firewall to allow health checks originating from the Traffic Director control plane.

  • Question 143:

    You are developing an application on Compute Engine that needs to securely access secrets such as API keys and database passwords. You want to avoid storing secrets in the source code or on disk.

    What should you do?

    A. Store the secrets in a Cloud Storage bucket and restrict bucket access.
    B. Store the secrets in Secret Manager and access them at runtime using the client library.
    C. Store the secrets as environment variables in the instance template.
    D. Store the secrets in Firestore and encrypt them manually.

  • Question 144:

    You manage an application deployed on GKE clusters across multiple environments. You are using Cloud Build to run user acceptance testing (UAT) tests. You have integrated Cloud Build with Artifact Analysis, and enabled the Binary Authorization API in all Google Cloud projects hosting your environments. You want only container images that have passed certain automated UAT tests to be deployed to the production environment. You have already created an attestor.

    What should you do next?

    A. After the UAT phase, sign the attestation with a key stored as a Kubernetes secret. Add a GKE cluster- specific rule in Binary Authorization for the UAT Google Cloud project.
    B. After the UAT phase, sign the attestation with a key stored as a Kubernetes secret. Add a GKE cluster- specific rule in Binary Authorization for the production Google Cloud project policy.
    C. After the UAT phase, sign the attestation with a key stored in Cloud Key Management Service (KMS). Add a default rule in Binary Authorization for the UAT Google Cloud project.
    D. After the UAT phase, sign the attestation with a key stored in Cloud Key Management Service (KMS). Add a GKE cluster-specific rule in Binary Authorization for the production Google Cloud project policy.

  • Question 145:

    You are deploying a Python application to Cloud Run using Cloud Source Repositories and Cloud Build.

    The Cloud Build pipeline is shown below:

    You want to optimize deployment times and avoid unnecessary steps.

    What should you do?

    A. Remove the step that pushes the container to Artifact Registry.
    B. Deploy a new Docker registry in a VPC, and use Cloud Build worker pools inside the VPC to run the build pipeline.
    C. Store image artifacts in a Cloud Storage bucket in the same region as the Cloud Run instance.
    D. Add the --cache-from argument to the Docker build step in your build config file.

  • Question 146:

    You are developing a custom job scheduler that must have a persistent cache containing entries of all Compute Engine VMs that are in a running state (not deleted, stopped, or suspended). The job scheduler checks this cache and only sends jobs to the available Compute Engine VMs in the cache. You need to ensure that the available Compute Engine instance cache is not stale.

    What should you do?

    A. Set up an organization-level Cloud Storage log sink with a filter to capture the audit log events for Compute Engine. Configure an Eventarc trigger that executes when the Cloud Storage bucket is updated and sends these events to the application to update the cache.
    B. Set up a Cloud Asset Inventory real-time feed of insert and delete events with the asset types filter set to compute.googleapis.com/Instance. Configure an Eventarc trigger that sends these events to the application to update the cache.
    C. Set up an organization-level Pub/Sub log sink with a filter to capture the audit log events for Compute Engine. Configure an Eventarc trigger that sends these events to the application to update the cache.
    D. Set up an organization-level BigQuery log sink. Configure the application to query this BigQuery table every minute to retrieve the last minute's events and update the cache.

  • Question 147:

    You work for an environmental agency in a large city. You are developing a new monitoring platform that will capture air quality readings from thousands of locations in the city. You want the air quality reading devices to send and receive their data payload to the newly created RESTful backend systems every minute by using a curl command. The backend systems are running in a single cloud region and are using Premium Tier networking. You need to connect the devices to the backend while minimizing the daily average latency, measured by using Time to First Byte (TTFB).

    How should you build this service?

    A. 1. Run the air quality devices' backends on Compute Engine VMs. 2. Create a weighted round robin routing policy on Cloud DNS. 3. Configure the air quality devices to connect by using this DNS.
    B. 1. Run the air quality devices' backends on Compute Engine VMs. 2. Create a round robin routing policy on Cloud DNS for these Compute Engine VMs. 3. Configure the air quality devices to connect by using this DNS.
    C. 1. Run the air quality devices' backends in a managed instance group. 2. Create an external passthrough Network Load Balancer to connect to the managed instance group. 3. Configure a connection between the air quality devices and the Network Load Balancer.
    D. 1 Run the air quality devices' backends in a managed instance group. 2. Create an external Application Load Balancer, and connect it to the managed instance group. 3. Configure a connection between the air quality devices and the Application Load Balancer.

  • Question 148:

    You need to deploy an internet-facing microservices application to Google Kubernetes Engine (GKE). You want to validate new features using the A/B testing method. You have the following requirements for deploying new container image releases:

    1. There is no downtime when new container images are deployed.

    2. New production releases are tested and verified using a subset of production users.

    What should you do?

    A. 1. Configure your CI/CD pipeline to update the Deployment manifest file by replacing the container version with the latest version. 2. Recreate the Pods in your cluster by applying the Deployment manifest file. 3. Validate the application's performance by comparing its functionality with the previous release version, and roll back if an issue arises.
    B. 1. Create a second namespace on GKE for the new release version. 2. Create a Deployment configuration for the second namespace with the desired number of Pods. 3. Deploy new container versions in the second namespace. 4. Update the Ingress configuration to route traffic to the namespace with the new container versions.
    C. 1. Install the Anthos Service Mesh on your GKE cluster. 2. Create two Deployments on the GKE cluster, and label them with different version names. 3. Implement an Istio routing rule to send a small percentage of traffic to the Deployment that references the new version of the application.
    D. 1. Implement a rolling update pattern by replacing the Pods gradually with the new release version. 2. Validate the application's performance for the new subset of users during the rollout, and roll back if an issue arises.

  • Question 149:

    You are a developer at a social media company. The company runs their social media website on- premises and uses MySQL as a backend to store user profiles and user posts. Your company plans to migrate to Google Cloud, and your team will migrate user profile information to Firestore. You are tasked with designing the Firestore collections.

    What should you do?

    A. Create one root collection for user profiles, and create one root collection for user posts.
    B. Create one root collection for user profiles, and create one subcollection for each user's posts.
    C. Create one root collection for user profiles, and store each user's post as a nested list in the user profile document.
    D. Create one root collection for user posts, and create one subcollection for each user's profile.

  • Question 150:

    For this question, refer to the HipLocal case study.

    How should HipLocal increase their API development speed while continuing to provide the QA team with a stable testing environment that meets feature requirements?

    A. Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.
    B. Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.
    C. Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.
    D. Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-DEVELOPER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.