Certkingdom Exam Preparation Tools, CCIE lab, CCNA Exams, CCNP Exams, CCIE Written Exams: Google Certified Professional Cloud Architect (GCP) Exam

Length: 2 hours
Registration fee: $200 (plus tax where applicable)
Languages: English, Japanese
Exam format: Multiple choice and multiple select, taken remotely or in person at a test center. Locate a test center near you.

Professional Cloud Architects enable organizations to leverage Google Cloud technologies. With a thorough understanding of cloud architecture and Google Cloud, they design, develop, and manage robust, secure, scalable, highly available, and dynamic solutions to drive business objectives.

The Professional Cloud Architect certification exam assesses your ability to:
Design and plan a cloud solution architecture
Manage and provision the cloud solution infrastructure
Design for security and compliance
Analyze and optimize technical and business processes
Manage implementations of cloud architecture
Ensure solution and operations reliability

Exam delivery method:
a. Take the online-proctored exam from a remote location
b. Take the onsite-proctored exam at a testing center
Prerequisites: None

Recommended experience: 3+ years of industry experience including 1+ years designing and managing solutions using Google Cloud

Certification Renewal / Recertification: Candidates must recertify in order to maintain their certification status. Unless explicitly stated in the detailed exam descriptions, all Google Cloud certifications are valid for two years from the date of certification. Recertification is accomplished by retaking the exam during the recertification eligibility time period and achieving a passing score. You may attempt recertification starting 60 days prior to your certification expiration date.

The exam guide contains a complete list of topics that may be included on the exam, helping you determine if your skills align with the exam.
2. Start training

Professional Cloud Architect

Certification exam guide
A Google Cloud Certified Professional Cloud Architect enables organizations to leverage Google Cloud technologies. Through an understanding of cloud architecture and Google technology, this individual designs, develops, and manages robust, secure, scalable, highly available, and dynamic solutions to drive business objectives. The Cloud Architect should be proficient in all aspects of enterprise cloud strategy, solution design, and architectural best practices. The Cloud Architect should also be experienced in software development methodologies and approaches including multi-tiered distributed applications which span multicloud or hybrid environments.

Case studies
During the exam for the Cloud Architect Certification, some of the questions may refer you to a case study that describes a fictitious business and solution concept. These case studies are intended to provide additional context to help you choose your answer(s). Review the case studies that may be used in the exam.

EHR Healthcare
Helicopter Racing League
Mountkirk Games
TerramEarth

Section 1. Designing and planning a cloud solution architecture

1.1 Designing a solution infrastructure that meets business requirements. Considerations include:
Business use cases and product strategy
Cost optimization
Supporting the application design
Integration with external systems
Movement of data
Design decision trade-offs
Build, buy, modify, or deprecate
Success measurements (e.g., key performance indicators [KPI], return on investment [ROI], metrics)
Compliance and observability

1.2 Designing a solution infrastructure that meets technical requirements. Considerations include:
High availability and failover design
Elasticity of cloud resources with respect to quotas and limits
Scalability to meet growth requirements
Performance and latency

1.3 Designing network, storage, and compute resources. Considerations include:
Integration with on-premises/multicloud environments
Cloud-native networking (VPC, peering, firewalls, container networking)
Choosing data processing technologies
Choosing appropriate storage types (e.g., object, file, databases)
Choosing compute resources (e.g., preemptible, custom machine type, specialized workload)
Mapping compute needs to platform products

1.4 Creating a migration plan (i.e., documents and architectural diagrams). Considerations include:
Integrating solutions with existing systems
Migrating systems and data to support the solution
Software license mapping
Network planning
Testing and proofs of concept
Dependency management planning

1.5 Envisioning future solution improvements. Considerations include:
Cloud and technology improvements
Evolution of business needs
Evangelism and advocacy

Section 2. Managing and provisioning a solution infrastructure

2.1 Configuring network topologies. Considerations include:
Extending to on-premises environments (hybrid networking)
Extending to a multicloud environment that may include Google Cloud to Google Cloud communication
Security protection (e.g. intrusion protection, access control, firewalls)

2.2 Configuring individual storage systems. Considerations include:
Data storage allocation
Data processing/compute provisioning
Security and access management
Network configuration for data transfer and latency
Data retention and data life cycle management
Data growth planning

2.3 Configuring compute systems. Considerations include:
Compute resource provisioning
Compute volatility configuration (preemptible vs. standard)
Network configuration for compute resources (Google Compute Engine, Google Kubernetes Engine, serverless networking)
Infrastructure orchestration, resource configuration, and patch management
Container orchestration

Section 3. Designing for security and compliance

3.1 Designing for security. Considerations include:
Identity and access management (IAM)
Resource hierarchy (organizations, folders, projects)
Data security (key management, encryption, secret management)
Separation of duties (SoD)
Security controls (e.g., auditing, VPC Service Controls, context aware access, organization policy)
Managing customer-managed encryption keys with Cloud Key Management Service
Remote access

3.2 Designing for compliance. Considerations include:
Legislation (e.g., health record privacy, children’s privacy, data privacy, and ownership)
Commercial (e.g., sensitive data such as credit card information handling, personally identifiable information [PII])
Industry certifications (e.g., SOC 2)
Audits (including logs)

Section 4. Analyzing and optimizing technical and business processes

4.1 Analyzing and defining technical processes. Considerations include:
Software development life cycle (SDLC)
Continuous integration / continuous deployment
Troubleshooting / root cause analysis best practices
Testing and validation of software and infrastructure
Service catalog and provisioning
Business continuity and disaster recovery

4.2 Analyzing and defining business processes. Considerations include:
Stakeholder management (e.g. influencing and facilitation)
Change management
Team assessment / skills readiness
Decision-making processes
Customer success management
Cost optimization / resource optimization (capex / opex)

4.3 Developing procedures to ensure reliability of solutions in production (e.g., chaos engineering, penetration testing)

Section 5. Managing implementation

5.1 Advising development/operation team(s) to ensure successful deployment of the solution. Considerations include:
Application development
API best practices
Testing frameworks (load/unit/integration)
Data and system migration and management tooling

5.2 Interacting with Google Cloud programmatically. Considerations include:
Google Cloud Shell
Google Cloud SDK (gcloud, gsutil and bq)
Cloud Emulators (e.g. Cloud Bigtable, Datastore, Spanner, Pub/Sub, Firestore)

Section 6. Ensuring solution and operations reliability

6.1 Monitoring/logging/profiling/alerting solution

6.2 Deployment and release management

6.3 Assisting with the support of deployed solutions

6.4 Evaluating quality control measures

QUESTION 1
The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least
privilege model with separation of duties for administration between production and development resources.
What Google domain and project structure should you recommend?

A. Create two G Suite accounts to manage users: one for development/test/staging and one for production.
Each account should contain one project for every application
B. Create two G Suite accounts to manage users: one with a single project for all development applications
and one with a single project for all production applications
C. Create a single G Suite account to manage users with each stage of each application in its own project
D. Create a single G Suite account to manage users with one project for the development/test/staging
environment and one project for the production environment

Answer: D

QUESTION 2
A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down
the old server, the new database server stops responding to SSH connections. It is still serving database
requests to the application servers correctly.
What three steps should you take to diagnose the problem? (Choose three.)

A. Delete the virtual machine (VM) and disks and create a new one
B. Delete the instance, attach the disk to a new VM, and investigate
C. Take a snapshot of the disk and connect to a new machine to investigate
D. Check inbound firewall rules for the network the machine is connected to
E. Connect the machine to another network with very simple firewall rules and investigate
F. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate

Answer: C,D,F

QUESTION 3
JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers
to Google Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.
What service account key-management strategy should you recommend?

A. Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
B. Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
C. Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
D. Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs

Answer: C