Professional Cloud Architect · 12% of the exam

Ensure solution and operations reliability: free practice questions

5 sample questions from our 30-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real Google Cloud exam.

1. A development team wants to identify which specific functions in their Go-based Cloud Run service are consuming the most CPU time under production load, without adding manual instrumentation code. Which GCP tool provides this capability with the least operational overhead?

  • A. Cloud Profiler, which continuously collects CPU and heap profiles from running services with minimal performance overhead and no code changes beyond adding the agent import.✓ Correct
  • B. Cloud Trace, which records the latency of individual requests and can identify slow spans that correspond to high CPU functions.
  • C. Cloud Monitoring custom metrics, where the team manually records CPU usage per function using the Cloud Monitoring API.
  • D. Cloud Debugger, which allows setting logpoints in production code to capture variable state and infer CPU usage.
Explanation

Option A is correct because Cloud Profiler is specifically designed for continuous CPU (and heap) profiling of production applications. For Go, it requires importing the profiler agent package and initializing it—no manual instrumentation of individual functions is needed. It uses statistical sampling with very low overhead and presents a flame graph identifying hot functions. Option B is wrong because Cloud Trace measures request latency across distributed services and records span durations; it does not profile CPU usage at the function level within a single service. Option C is wrong because recording custom metrics manually per function requires significant code instrumentation effort, which the question explicitly asks to minimize, and it measures throughput/count rather than CPU profiling data. Option D is wrong because Cloud Debugger (now deprecated as Cloud Debugger, succeeded by snapshot-based debugging) captures program state at specific points; it does not measure CPU time or produce profiling data.

2. A team has deployed a latency-sensitive microservice on GKE. During rolling updates, some pods are terminated before in-flight requests complete, causing HTTP 502 errors for users. The application itself supports graceful shutdown. Which TWO configuration changes will BEST eliminate these errors during deployments? (Choose TWO)

  • A. Set a terminationGracePeriodSeconds on the pod spec that is long enough for in-flight requests to complete.✓ Correct
  • B. Add a preStop lifecycle hook that introduces a short sleep before the container receives SIGTERM.✓ Correct
  • C. Configure a PodDisruptionBudget that sets minAvailable to 100% of replicas.
  • D. Enable the HorizontalPodAutoscaler to add extra pods before each deployment.
  • E. Set the deployment strategy's maxUnavailable to 50% to speed up rollouts.
  • F. Add a readiness probe that immediately starts failing when shutdown begins.
Explanation

Option A is correct because setting an adequate terminationGracePeriodSeconds ensures Kubernetes waits long enough for the application to finish serving in-flight requests before forcibly killing the container. Option B is correct because a preStop sleep hook introduces a brief delay before SIGTERM is sent, giving the load balancer time to drain the pod from its backend set before the application starts shutting down—this directly prevents new requests from being routed to a terminating pod. Option C is wrong because setting minAvailable to 100% would make rolling updates impossible, as Kubernetes could never evict any pod. Option D is wrong because the HPA adds pods based on load metrics and doesn't coordinate with deployment rollouts to prevent connection draining issues. Option E is wrong because increasing maxUnavailable would make the problem worse by terminating more pods simultaneously. Option F is wrong because a failing readiness probe alone doesn't solve the connection draining issue for requests already in flight; it prevents new traffic routing but doesn't address the grace period problem.

3. A team has a Cloud SQL for PostgreSQL instance in us-central1 that serves a production application. They need a recovery strategy that meets an RPO of less than 5 minutes and an RTO of less than 30 minutes in the event of a regional failure. Which combination of Cloud SQL features BEST meets these requirements?

  • A. Enable automated backups with point-in-time recovery (PITR) and configure a cross-region read replica in another region that can be promoted to a standalone instance.✓ Correct
  • B. Enable automated daily backups to Cloud Storage and restore from the most recent backup in a new region when failure occurs.
  • C. Create a scheduled Cloud Scheduler job to export the database to Cloud Storage every 5 minutes for use as a recovery point.
  • D. Use a single-region Cloud SQL instance with a high-availability (HA) standby node in the same region as the primary.
Explanation

Option A is correct because a cross-region read replica replicates data asynchronously with very low lag (typically seconds to a few minutes), meeting the RPO of less than 5 minutes. The replica can be promoted to a standalone primary instance in under 30 minutes, satisfying the RTO requirement. PITR provides additional granularity for recovery. Option B is wrong because daily backups result in up to 24 hours of data loss (RPO far exceeds 5 minutes), and restoring to a new region from backup typically takes longer than 30 minutes for a production-sized database. Option C is wrong because Cloud Scheduler triggering database exports every 5 minutes is operationally fragile, creates significant I/O overhead on the primary, and restoration from exports is a slow, manual process that would not meet a 30-minute RTO. Option D is wrong because a same-region HA configuration provides failover within the same region only—it does not protect against a full regional failure, which is the failure scenario described.

4. A team has deployed a containerized application on GKE and wants to verify that the application is serving traffic correctly before routing production traffic to newly deployed pods. The application requires a 30-second warm-up period after startup before it can handle requests reliably. During this warm-up period, the application's `/health` endpoint returns HTTP 200, but requests to the main API endpoints return errors. Which probe configuration CORRECTLY handles this scenario?

  • A. Configure a `readinessProbe` on the `/health` endpoint with `initialDelaySeconds: 30` to delay traffic routing until after the warm-up period, and rely on the deployment's `maxUnavailable` setting to control rollout speed.
  • B. Configure a `startupProbe` on the main API endpoint with `failureThreshold: 30` and `periodSeconds: 1`, combined with a `readinessProbe` on the `/api/ready` endpoint that performs a lightweight API call to verify the service is genuinely ready to serve traffic.✓ Correct
  • C. Configure only a `livenessProbe` on the `/health` endpoint with `initialDelaySeconds: 30`, which will prevent traffic from being sent to the pod until it is healthy.
  • D. Set `terminationGracePeriodSeconds: 30` on the pod spec so that Kubernetes waits 30 seconds before sending traffic to newly started pods.
Explanation

Option B is correct: the scenario describes a situation where the `/health` endpoint is misleading during warm-up (returns 200 but the service isn't ready). A `startupProbe` on the actual API endpoint gates the pod from being considered 'started' until the API is genuinely available — the `failureThreshold: 30` with `periodSeconds: 1` gives exactly 30 seconds for startup. Once the startupProbe succeeds, the `readinessProbe` on `/api/ready` (a real API check) takes over to control traffic routing throughout the pod's lifetime. Option A is wrong because `initialDelaySeconds: 30` on a readinessProbe simply delays the first probe check by 30 seconds — but the `/health` endpoint returns 200 even during warm-up, so the pod will pass the readiness check immediately after the delay and start receiving traffic before it's actually ready. Option C is wrong: a `livenessProbe` controls whether a pod is restarted, not whether it receives traffic — only `readinessProbe` gates Service traffic routing. Option D is wrong: `terminationGracePeriodSeconds` controls how long Kubernetes waits after sending SIGTERM before forcibly killing a pod on shutdown — it has no effect on when a new pod starts receiving traffic.

5. A microservices platform team wants to reduce mean time to detect (MTTD) for latency regressions across 40 services. Each service already emits request latency data to Cloud Monitoring. The team wants to automatically detect when p99 latency for any service exceeds its historical baseline by more than 20%, without manually creating individual alerting policies for each service. Which approach BEST addresses this at scale?

  • A. Create a single Cloud Monitoring alerting policy per service using the Cloud Monitoring API or Terraform, parameterized by service name, and deploy all 40 policies in a batch using infrastructure-as-code.✓ Correct
  • B. Enable Cloud Trace on all services and configure a trace-based latency SLO in Cloud Monitoring for each service, which will automatically establish dynamic baselines.
  • C. Use Cloud Monitoring's Metric Absence alerting condition on each service's latency metric, which automatically flags deviations from historical norms.
  • D. Configure a single alerting policy using a metric condition with `groupByFields` set to the service label, so a single policy evaluates p99 latency against a static threshold for all services grouped by service name.
Explanation

Option A is correct: while there is no single 'magic' Cloud Monitoring feature that auto-detects percentage deviations from dynamic baselines across all services without any configuration, the practical recommended approach at scale is to use IaC (Terraform with the Cloud Monitoring provider) to programmatically generate and deploy one alerting policy per service. This is the GCP-recommended operational pattern for managing monitoring at scale and keeps policies maintainable. Option B is partially appealing but misleading: Cloud Trace does support SLO-based alerting, but SLOs require explicit threshold definition, not dynamic 20%-above-baseline detection, and do not automatically establish baselines. Option C is wrong: Metric Absence conditions fire when no data is received for a metric, not when a metric deviates from a historical baseline. Option D is close but fundamentally flawed: a single policy with `groupByFields` can evaluate all services in one policy, but a 'static threshold' does not satisfy the requirement of detecting deviation from each service's individual historical baseline — a single static threshold would not be appropriate across services with very different baseline latencies.

25 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free
Ensure solution and operations reliability — Free Professional Cloud Architect Practice Questions | DataCertPrep — Certification Prep