Google PROFESSIONAL-CLOUD-DEVELOPER Online Practice
Questions and Exam Preparation
PROFESSIONAL-CLOUD-DEVELOPER Exam Details
Exam Code
:PROFESSIONAL-CLOUD-DEVELOPER
Exam Name
:Professional Cloud Developer
Certification
:Google Certifications
Vendor
:Google
Total Questions
:405 Q&As
Last Updated
:May 24, 2026
Google PROFESSIONAL-CLOUD-DEVELOPER Online Questions &
Answers
Question 161:
You are developing a web application using Cloud Run and Cloud Storage. You are notified of a production issue that you need to troubleshoot immediately. You need to implement a workaround that requires you to execute a script on a Git repository. Your corporate laptop is unavailable but you have your personal computer. You can use your corporate credentials to access the required Git repository and Google Cloud resources. You want to fix the issue as quickly and efficiently as possible while minimizing additional cost.
What should you do?
A. Create and launch a workstation with Cloud Workstations on your personal computer. Authenticate and set up API access in the workstation. Clone the Git repository and execute the workaround script. Ensure that the issue has been fixed. B. Install VS Code and the extension Cloud Code for VS Code on your personal computer. Check the Cloud Run logs in Cloud Code to confirm the error. Execute the workaround script. Ensure that the issue has been fixed. C. Connect to the Google Cloud console and open Cloud Shell on your personal computer. Clone the Git repository and execute the workaround script. Ensure that the issue has been fixed. D. Download and install the gcloud CLI on your personal computer. Authenticate and set up API access. Clone the Git repository and execute the workaround script. Ensure that the issue has been fixed.
C. Connect to the Google Cloud console and open Cloud Shell on your personal computer. Clone the Git repository and execute the workaround script. Ensure that the issue has been fixed.
Explanation
https://cloud.google.com/run/docs/troubleshooting
Question 162:
You are writing a Compute Engine hosted application in project A that needs to securely authenticate to a Cloud Pub/Sub topic in project B.
What should you do?
A. Add the service account as a publisher on the topic. B. Configure the instances with a service account owned by project C. Configure Application Default Credentials to use the private key of a service account owned by project D. Add the service account as a Cloud Pub/Sub publisher to project A. E. Configure Application Default Credentials to use the private key of a service account owned by project F. Add the service account as a publisher on the topic
B. Configure the instances with a service account owned by project
Question 163:
You are developing an application that will store and access sensitive unstructured data objects in a Cloud Storage bucket. To comply with regulatory requirements, you need to ensure that all data objects are available for at least 7 years after their initial creation. Objects created more than 3 years ago are accessed very infrequently (less than once a year). You need to configure object storage while ensuring that storage cost is optimized.
What should you do? (Choose two.)
A. Set a retention policy on the bucket with a period of 7 years. B. Use IAM Conditions to provide access to objects 7 years after the object creation date. C. Enable Object Versioning to prevent objects from being accidentally deleted for 7 years after object creation. D. Create an object lifecycle policy on the bucket that moves objects from Standard Storage to Archive Storage after 3 years. E. Implement a Cloud Function that checks the age of each object in the bucket and moves the objects older than 3 years to a second bucket with the Archive Storage class. Use Cloud Scheduler to trigger the Cloud Function on a daily schedule.
A. Set a retention policy on the bucket with a period of 7 years. D. Create an object lifecycle policy on the bucket that moves objects from Standard Storage to Archive Storage after 3 years.
Question 164:
You are developing a web application that will be accessible over both HTTP and HTTPS and will run on Compute Engine instances. On occasion, you will need to SSH from your remote laptop into one of the Compute Engine instances to conduct maintenance on the app.
How should you configure the instances while following Google-recommended best practices?
A. Set up a backend with Compute Engine web server instances with a private IP address behind a TCP proxy load balancer. B. Configure the firewall rules to allow all ingress traffic to connect to the Compute Engine web servers, with each server having a unique external IP address. C. Configure Cloud Identity-Aware Proxy API for SSH access. Then configure the Compute Engine servers with private IP addresses behind an HTTP(s) load balancer for the application web traffic. D. Set up a backend with Compute Engine web server instances with a private IP address behind an HTTP(S) load balancer. Set up a bastion host with a public IP address and open firewall ports. Connect to the web instances using the bastion host.
C. Configure Cloud Identity-Aware Proxy API for SSH access. Then configure the Compute Engine servers with private IP addresses behind an HTTP(s) load balancer for the application web traffic.
Your company has a new security initiative that requires all data stored in Google Cloud to be encrypted by customer-managed encryption keys. You plan to use Cloud Key Management Service (KMS) to configure access to the keys. You need to follow the "separation of duties" principle and Google-recommended best practices.
What should you do? (Choose two.)
A. Provision Cloud KMS in its own project. B. Do not assign an owner to the Cloud KMS project. C. Provision Cloud KMS in the project where the keys are being used. D. Grant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS are being used. E. Grant an owner role for the Cloud KMS project to a different user than the owner of the project where the keys from Cloud KMS are being used.
A. Provision Cloud KMS in its own project. B. Do not assign an owner to the Cloud KMS project.
Question 166:
You are a developer at a large corporation. You manage three GKE clusters. Your team's developers need to switch from one cluster to another regularly on the same workstation. You want to configure individual access to these multiple clusters securely while following Google-recommended practices.
What should you do?
A. Ask the developers to use Cloud Shell and run the gcloud container clusters get- command to switch to another cluster.credentials B. Ask the developers to open three terminals on their workstation and use the kubectl config set command to configure access to each cluster. C. Ask the developers to install the gcloud CLI on their workstation and run the gcloud container command to switch to another cluster.clusters get-credentials D. In a text file, define the clusters, users, and contexts. Email the file to the developers and ask them to use the kubectl config set command to add cluster, user, and context details to the file.
C. Ask the developers to install the gcloud CLI on their workstation and run the gcloud container command to switch to another cluster.clusters get-credentials
Explanation
Using the gcloud CLI to run gcloud container clusters get-credentials configures secure, up-to-date access credentials for each GKE cluster according to Google-recommended practices, allowing developers to switch clusters safely and efficiently.
Question 167:
You are currently pushing container images to Artifact Registry and deploying a containerized microservices application to GKE. After deploying the application, you notice that the services do not behave as expected. You use the kubectl get pods command to inspect the state of the application Pods, and discover that one of the Pods has a state of CrashLoopBackoff.
How should you troubleshoot the Pod?
A. Connect to the problematic Pod by running the kubectl exec -it POD_NAME - /bin/bash command where the POD_NAME parameter is the name of the problematic Pod. Inspect the logs in the /var/log/messages folder to determine the root cause. B. Execute the gcloud projects get-iam-policy PROJECT_ID command where the PROJECT_ID parameter is the name of the project where your Artifact Registry resides. Inspect the IAM bindings of the node pool's service account. Validate if the service account has the roles/ role.artifactregistry.reader C. Run the kubectl logs POD_NAME command where the POD_NAME parameter is the name of the problematic Pod. Analyze the logs of the Pod from previous runs to determine the root cause of failed start attempts of the Pod. D. In the Google Cloud console, navigate to Cloud Logging in the project of the cluster's VPC. Enter a filter to show denied egress traffic to the Private Google Access CIDR range. Validate if egress traffic is denied from your GKE cluster to the Private Google Access CIDR range.
C. Run the kubectl logs POD_NAME command where the POD_NAME parameter is the name of the problematic Pod. Analyze the logs of the Pod from previous runs to determine the root cause of failed start attempts of the Pod.
You are planning to add unit tests to your application. You need to be able to assert that published Pub/ Sub messages are processed by your subscriber in order. You want the unit tests to be cost-effective and reliable.
What should you do?
A. Implement a mocking framework. B. Create a topic and subscription for each tester. C. Add a filter by tester to the subscription. D. Use the Pub/Sub emulator.
D. Use the Pub/Sub emulator.
Question 169:
Your organization has users and groups configured in an external identity provider (IdP). You want to leverage the same external IdP to allow Google Cloud console access to all employees. You also want to personalize the sign-in experience by displaying the user's name and photo when users access the Google Cloud console.
What should you do?
A. Configure workforce identity federation with the external IdP, and set up attribute mapping. B. Configure a service account for each individual by using the user name and photo, and grant permissions for each user to impersonate their respective service accounts. C. Configure workload identity federation to get the external IdP tokens, and use these tokens to sign in to the Google Cloud console. D. Create a Google group that includes organization email IDs for all users. Ask users to use the same name, work email ID, and password to register and sign in.
A. Configure workforce identity federation with the external IdP, and set up attribute mapping.
You are designing a Node.js-based mobile news feed application that stores data on Google Cloud. You need to select the application's database. You want the database to have zonal resiliency out of the box, low latency responses, ACID compliance, an optional middle tier, semi-structured data storage, and network-partition-tolerant and offline-mode client libraries.
What should you do?
A. Configure Firestore and use the Firestore client library in the app. B. Configure Bigtable and use the Bigtable client in the app. C. Configure Cloud SQL and use the Google Client Library for Cloud SQL in the app. D. Configure BigQuery and use the BigQuery REST API in the app.
A. Configure Firestore and use the Firestore client library in the app.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Google exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your PROFESSIONAL-CLOUD-DEVELOPER exam preparations
and Google certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.