Home/Directory/professional cloud architect

professional cloud architect Practice Questions

Page 1 of 3 (240 total questions)

You are designing a serverless microservices architecture for a new startup. The application needs to handle unpredictable traffic spikes without managing any underlying infrastructure. Which compute service should you use?
View Question & Answer ➔
Your organization is migrating a legacy monolithic application to Google Cloud. The application requires a specific version of a proprietary OS kernel that is not available in the public image gallery. What is the most appropriate migration path?
View Question & Answer ➔
A biotech company is running high-performance computing (HPC) workloads on GCE. They need to maximize network throughput and minimize latency between nodes in a cluster. Which networking feature should they enable?
View Question & Answer ➔
Your CEO wants to reduce cloud spend by 20%. You notice that many development projects have running VMs that are unused on weekends. What is the most automated way to solve this?
View Question & Answer ➔
You are designing a solution for a company that needs to run a specialized Windows-based application that requires access to a physical USB dongle for licensing. Which GCP service supports this?
View Question & Answer ➔
An enterprise wants to minimize the security risk of 'Credential Theft' for their VM instances. They want to avoid using traditional long-lived SSH keys. What is the Google-recommended approach?
View Question & Answer ➔
You are migrating a legacy e-commerce application to GCP. The application requires a shared filesystem that is mountable by multiple Compute Engine VMs and supports standard NFS protocols. Which service should you choose?
View Question & Answer ➔
You are designing a high-availability architecture for a web application. You want to ensure that if Google's 'us-central1-a' zone fails, your application gracefully redirects traffic to 'us-central1-b' and 'us-central1-f' without any manual intervention. Which GCE component is required?
View Question & Answer ➔
To reduce the cost of a high-consumption GCE environment with predictable workloads, an organization wants to commit to a specific amount of CPU and RAM for 3 years. Which pricing model should they use?
View Question & Answer ➔
To ensure that you always have a specific type of GPU (e.g., NVIDIA A100) available in a particular zone for an upcoming research project, which GCP feature should you use?
View Question & Answer ➔
You need to host a static website (HTML, CSS, JS) with the lowest possible cost and high durability. You do not need server-side processing. Which storage solution should you choose?
View Question & Answer ➔
You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?
View Question & Answer ➔
An enterprise wants to enforce a policy that all Cloud Storage buckets created in the organization must have 'Uniform Bucket-Level Access' enabled to prevent accidental exposure of individual objects. How should they implement this?
View Question & Answer ➔
You are migrating a 1 PB dataset of medical images to Cloud Storage. The data is currently on-premises and must be moved as quickly as possible. You have a 1 Gbps internet connection. What is the most feasible way to migrate ?
View Question & Answer ➔
You are hosting a website on Cloud Storage. You want to use a custom domain name (e.g., www.example.com) and serve content over HTTPS. What is the architecture to achieve this?
View Question & Answer ➔
Scenario: A fintech startup wants to ensure that developers cannot accidentally create public Cloud Storage buckets. How should they enforce this organization-wide?
View Question & Answer ➔
You are hosting a large-scale data lake on Cloud Storage. You want to automatically move objects to cheaper storage classes (e.g., Nearline to Coldline) after they haven't been accessed for 90 days. How should you do this?
View Question & Answer ➔
A financial firm needs to store sensitive audit logs for 7 years without the possibility of them being deleted or modified, even by an administrator with 'Owner' permissions. Which Cloud Storage feature should they use?
View Question & Answer ➔
You are designing an archival strategy for 500 TB of scientific data. The data must be retained for 10 years and will likely never be accessed. What is the most cost-effective storage class?
View Question & Answer ➔
You are hosting a static website on Cloud Storage and want to provide a way for authenticated users to upload large files directly to a specific bucket without sharing your private service account keys. What is the most secure method?
View Question & Answer ➔
A financial application requires a relational database that supports high availability and automated backups. The database must be fully managed to reduce operational overhead. Which service fits these requirements?
View Question & Answer ➔
Your company is deploying a global application that requires a relational database. The application must support multi-region writes with strong consistency and five-nines (99.999%) availability. Which database service should you recommend?
View Question & Answer ➔
You need to migrate a 50 TB PostgreSQL database from on-premises to Cloud SQL. The business requires the cutover to have less than 1 hour of downtime. Which migration strategy is most effective?
View Question & Answer ➔
A video game company needs to handle a massive influx of users during a tournament. They need a database that can handle millions of lightning-fast reads and writes with sub-10ms latency for player status updates. Which NoSQL service should they use?
View Question & Answer ➔
What is the primary benefit of 'Regional Cloud SQL' (High Availability) over 'Standalone Cloud SQL'?
View Question & Answer ➔
An organization is using Google Cloud Spanner for their transactional database. They want to optimize performance for a table that has a high volume of writes. What is a key design best practice in Spanner to avoid 'hotspots'?
View Question & Answer ➔
To increase the availability of your Cloud SQL database across multiple regions, what feature should you use?
View Question & Answer ➔
A travel website wants to personalize their homepage for every user in real-time based on their recent browsing history. They need a database that can handle very high write volume and sub-millisecond read latency. Which service should they use?
View Question & Answer ➔
You are hosting a containerized web app on GKE. You want to ensure that your backend pods can access a Cloud SQL database without exposing the database to the public internet. What is the recommended networking approach?
View Question & Answer ➔
You are designing a disaster recovery solution for a business that cannot afford more than 5 minutes of data loss (RPO). They are using a Cloud SQL database. Which architecture is required?
View Question & Answer ➔
Your application generates millions of clickstream events per second. You need a service to ingest and buffer this data in real-time before processing it. Which service fits this need?
View Question & Answer ➔
You are building a real-time collaborative application that requires low-latency synchronization of state between many clients. Which database is best suited for this NoSQL document workload?
View Question & Answer ➔
Which GCP service provides a managed MongoDB-compatible experience for developers who want a document database with real-time sync?
View Question & Answer ➔
A large retail company needs to connect their on-premises data center to Google Cloud with a dedicated, low-latency 100 Gbps connection. They require the traffic to be encrypted in transit and must avoid the public internet. Which solution should they use?
View Question & Answer ➔
A financial firm wants to ensure that no data can be exfiltrated from their BigQuery datasets, even by authorized users. They want to restrict access to these datasets to only specific VPC networks. Which tool should they implement?
View Question & Answer ➔
A SaaS provider wants to offer their customers a way to privately access their internal API services hosted on GCP without using public IPs or VPNs. Which GCP feature enables this cross-organization private connectivity?
View Question & Answer ➔
An organization wants to analyze the network traffic across all their GCP projects to identify unusual patterns or security threats. They need to see details like source/destination IP, ports, and protocols. What should they enable?
View Question & Answer ➔
Which feature of the Google Cloud VPC network allows for global internal communication between VMs without needing external IPs or VPNs, even across multiple projects?
View Question & Answer ➔
Your company is running a high-traffic API on GKE Enterprise. You want to prevent data exfiltration by ensuring that pods in your cluster can only communicate with authorized Google APIs and that no traffic can reach the public internet except through specific gateways. Which tool is designed for this?
View Question & Answer ➔
Which networking solution provides a physical 10 Gbps or 100 Gbps connection between your on-premises network and Google's network for traffic that DOES NOT traverse the public internet?
View Question & Answer ➔
You are analyzing petabytes of data for business intelligence reports. You need a fully managed, serverless enterprise data warehouse that supports SQL queries. Which service is best suited for this task?
View Question & Answer ➔
A data analytics team needs to process streaming data from millions of IoT devices. The data arrives at unpredictable intervals and must be analyzed in real-time before being stored in BigQuery. Which architecture is most scalable and cost-effective?
View Question & Answer ➔
A data warehouse team needs to join data from BigQuery with data stored in a Cloud SQL PostgreSQL instance in real-time. Which BigQuery feature allows this federated query without moving the data?
View Question & Answer ➔
Your data science team wants to use SQL to build and deploy a machine learning model for predicting customer churn directly where the data resides. They want to avoid complex ETL and data movement. Which service should they use?
View Question & Answer ➔
To optimize costs for a BigQuery project, you want to identify which queries are consuming the most 'Slots' and which datasets are never accessed. Which tool should you use?
View Question & Answer ➔
Your company is audit-driven and needs to capture and analyze every SQL query executed against BigQuery for compliance purposes. How can they achieve this?
View Question & Answer ➔
An organization is migrating a massive SQL Server data warehouse to BigQuery. They want to ensure that the data remains encrypted at all times, and only specific groups of users can view sensitive columns like names and addresses. Which combination of features should they use?
View Question & Answer ➔
An organization is migrating their 100 TB of data to BigQuery. They want to ensure they don't go over budget. What is the most effective way to control costs for analytical queries?
View Question & Answer ➔
Your company needs to analyze data stored in Amazon S3 and Azure Blob Storage using BigQuery without moving the data to Google Cloud. Which BigQuery feature provides this multi-cloud analytics capability?
View Question & Answer ➔
A media company wants to share their real-time news dataset with hundreds of external partner organizations in a way that is secure, governed, and doesn't involve copying or exporting the data. What is the recommended GCP service?
View Question & Answer ➔
Your media company streams video content to users globally. Users in different regions are experiencing high latency. You need to improve performance by caching content closer to the users. Which service should you implement?
View Question & Answer ➔
You are hosting a static website on Cloud Storage. You want to provide users with slow speeds the fastest possible experience by caching content as close to them as possible. What should you add?
View Question & Answer ➔
A global news agency is using Cloud CDN to cache images from their website. They want to prevent other websites from hotlinking to their images and stealing bandwidth. Which Cloud CDN feature helps with this?
View Question & Answer ➔
A news agency wants to optimize their Cloud CDN cache hit ratio for dynamically generated articles. They want to ensure that different versions of the same article (e.g., for different languages or device types) are cached correctly based on URL parameters. Which feature should they configure?
View Question & Answer ➔
A security company wants to inspect all outgoing web traffic from their GCP VPC to ensure no sensitive data is being leaked. Which tool provides a managed way to mirror traffic to an IDS/IPS?
View Question & Answer ➔
Which GCP feature allows you to create a secure, private connection between a GCP VPC and a 3rd-party SaaS provider (like Salesforce or Datadog) without traversing the public internet?
View Question & Answer ➔
You are designing a hybrid connectivity architecture for a large bank. They need the highest possible reliability for their connection to Google Cloud and have two physical routers on-premises. What is the Google-recommended 'high availability' configuration for Dedicated Interconnect?
View Question & Answer ➔
Your organization uses multiple VPCs across different projects for different business units. You want to enable cross-project communication while ensuring that the central IT team maintains control over the network infrastructure and IP allocations. Which architecture should you choose?
View Question & Answer ➔
To troubleshoot intermittent connectivity issues between two VMs in different regions, you want to see a step-by-step trace of which firewall rules and routing decisions are being applied to a sample packet. Which tool should you use?
View Question & Answer ➔
An enterprise is using a shared VPC architecture. They want to ensure that 'Service Project A' can only communicate with 'Service Project B' over the network and that no other projects in the organization can connect. How should they implement this using the principle of least privilege?
View Question & Answer ➔
Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?
View Question & Answer ➔
A company wants to ensure that its public-facing API is protected against SQL injection, cross-site scripting (XSS), and common bot attacks. Which service provides these web application firewall (WAF) capabilities?
View Question & Answer ➔
Your company is running a massive e-commerce site on GCE with a global HTTP(S) LB. During a promotional event, you suspect a bot-driven L7 DDoS attack. What is the fastest way to respond and block the malicious traffic patterns?
View Question & Answer ➔
What is the primary way to protect a Cloud Run service from large-scale L7 DDoS attacks while still allowing legitimate global traffic?
View Question & Answer ➔
You are hosting a web application on GCE with a global load balancer. You suspect a Layer 7 DDoS attack targeting a specific URL path. What is the fastest way to mitigate the attack?
View Question & Answer ➔
A global conglomerate wants to interconnect multiple VPCs located in different organizations (e.g., after an acquisition) while maintaining centralized control and avoiding overlapping IP ranges. Which tool is best for this?
View Question & Answer ➔
An organization wants to analyze the network topology of their VPC to identify which subnets are most heavily used and where traffic is flowing between regions. Which tool should they use?
View Question & Answer ➔
You are designing a schema for a Cloud Bigtable table that will store financial time-series data. To prevent performance degradation due to row-key hotspots, what is the best strategy for your row key design?
View Question & Answer ➔
Which Cloud Spanner feature allows you to store related data from different tables in the same physical storage splits to improve join performance and consistency?
View Question & Answer ➔
You are migrating a critical monolithic database to Cloud SQL. To minimize the risk of data loss due to a catastrophic zonal failure, which configuration is most important?
View Question & Answer ➔
Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?
View Question & Answer ➔
You are designing a solution for a healthcare provider that needs to store petabytes of patient data. The data must be encrypted with keys managed by the provider on their own hardware security modules (HSM) on-premises. Which encryption method should you use?
View Question & Answer ➔
An organization wants to centralize the management of secrets (API keys, certificates, passwords) and audit every time a secret is accessed. Which service provides this with native IAM integration?
View Question & Answer ➔
An enterprise wants to enforce a security policy that requires all data at rest in BigQuery to be encrypted using keys that they rotate and manage on-premises. Which Cloud KMS feature enables this?
View Question & Answer ➔
A global company needs a centralized place to store and manage their API keys, database passwords, and OAuth client secrets while ensuring that different projects' secrets are isolated. Which service is appropriate?
View Question & Answer ➔
An enterprise wants to ensure that all their Cloud Storage buckets are encrypted with their own keys. They also want to be able to disable access to all their data globally in an instant by revoking the keys. Which encryption method provides this 'kill switch'?
View Question & Answer ➔
To meet compliance requirements that specify encryption keys must be rotated every 90 days, but you want to avoid manual overhead, how should you configure Cloud KMS?
View Question & Answer ➔
Your company is running a mission-critical database on GCE. To meet an RPO of 0 (zero data loss) across regions, which architecture is required?
View Question & Answer ➔
A global retailer wants to store their product catalog in a database that provides automatic data distribution and consistency across many continents. Which service is best?
View Question & Answer ➔
You are building a real-time multiplayer game. You need a database that can handle millions of concurrent players with millisecond-level latency for game state updates. Which service should you choose?
View Question & Answer ➔
A law firm wants to digitize millions of scanned contracts. You need an AI service to extract text, forms, and tables from these PDF documents automatically. Which service is designed for this?
View Question & Answer ➔
An organization wants to analyze the performance of their SQL queries in Cloud SQL. They want to identify the slowest queries and see execution plans to optimize them. Which tool should they use?
View Question & Answer ➔
Your team is running a large-scale Bigtable instance. They notice that queries for a specific key range are significantly slower than others. What is the most likely cause?
View Question & Answer ➔
Which Cloud SQL feature allows you to perform an almost instantaneous zero-copy 'snapshot' of a database for testing purposes?
View Question & Answer ➔
A media streaming company is experiencing sudden spikes in traffic. They want to move their containerized legacy app to a platform that can quickly scale to thousands of instances and handle uneven load without managing individual nodes. They require custom environment variables and Secrets. What is the best platform?
View Question & Answer ➔
You need to scale a Cloud Run service to handle extremely high traffic. However, your backend Cloud SQL database has a hard limit on the number of concurrent connections. What is the most architectural way to handle this?
View Question & Answer ➔
You are migrating a legacy Java application to Cloud Run. The application requires access to a legacy Oracle database on-premises that is connected via Cloud VPN. How should you enable this connectivity from Cloud Run?
View Question & Answer ➔
To minimize the 'Cold Start' latency of a Cloud Run service that is rarely used but requires high performance when it is invoked, which feature should you use?
View Question & Answer ➔
Your organization uses Anthos to manage clusters both on-premises and on Google Cloud. You want to apply a consistent set of security policies and configurations across all clusters automatically. Which tool should you use?
View Question & Answer ➔
A large organization wants to manage its cloud infrastructure using a 'GitOps' approach where changes to the environment are driven by pull requests. Which GCP service natively supports this model for K8s?
View Question & Answer ➔
You are building a customer support chatbot that needs to understand natural language intent (e.g., 'book a flight'). Which service provides Natural Language Understanding (NLU) capabilities?
View Question & Answer ➔
You are deploying a global microservices application. You want to ensure that traffic is encrypted between services (mTLS) and that you have fine-grained visibility into service-to-service communication. Which solution is most appropriate?
View Question & Answer ➔
Your company is building an AI-powered chatbot that needs to understand sentiment and extract entities from customer feedback in 50 different languages. Which combination of pre-trained APIs should you use?
View Question & Answer ➔
Your organization is migrating a massive Hadoop/Spark cluster to Google Cloud. They want to maintain their existing Hive scripts and HDFS storage patterns with minimal changes. Which service is the best fit?
View Question & Answer ➔
An enterprise wants to deploy and manage a fleet of 500+ GKE clusters across multiple clouds and on-premises environments from a single dashboard. Which Anthos component is essential?
View Question & Answer ➔
An organization needs a serverless way to process data in batches of 1 million rows every hour. The process requires complex business logic that is difficult to express in SQL. Which service is most appropriate?
View Question & Answer ➔
Your team is using Vertex AI to train custom deep learning models. They want to track all experiment parameters and metrics across hundreds of training runs to find the best model version. Which Vertex AI component should they use?
View Question & Answer ➔
A retail company wants to use AI to automatically generate personalized product recommendations for their website users. Which Vertex AI component is specifically designed for these types of large-scale retrieval tasks?
View Question & Answer ➔
Your team is running a microservices application on GKE. You want to enforce that all inter-service communication is encrypted with mutual TLS (mTLS) and that you can perform canary deployments across different services. Which tool is best for this?
View Question & Answer ➔
A retail company wants to use AI to automatically detect and blur human faces in images uploaded to their product reviews. Which GCP service offers this capability as a pre-trained feature?
View Question & Answer ➔

Page 1 of 3Next →

professional cloud architect Practice Questions

You are designing a serverless microservices architecture for a new startup. The application needs to handle unpredictable traffic spikes without managing any underlying infrastructure. Which compute service should you use?

Your organization is migrating a legacy monolithic application to Google Cloud. The application requires a specific version of a proprietary OS kernel that is not available in the public image gallery. What is the most appropriate migration path?

A biotech company is running high-performance computing (HPC) workloads on GCE. They need to maximize network throughput and minimize latency between nodes in a cluster. Which networking feature should they enable?

Your CEO wants to reduce cloud spend by 20%. You notice that many development projects have running VMs that are unused on weekends. What is the most automated way to solve this?

You are designing a solution for a company that needs to run a specialized Windows-based application that requires access to a physical USB dongle for licensing. Which GCP service supports this?

An enterprise wants to minimize the security risk of 'Credential Theft' for their VM instances. They want to avoid using traditional long-lived SSH keys. What is the Google-recommended approach?

You are migrating a legacy e-commerce application to GCP. The application requires a shared filesystem that is mountable by multiple Compute Engine VMs and supports standard NFS protocols. Which service should you choose?

You are designing a high-availability architecture for a web application. You want to ensure that if Google's 'us-central1-a' zone fails, your application gracefully redirects traffic to 'us-central1-b' and 'us-central1-f' without any manual intervention. Which GCE component is required?

To reduce the cost of a high-consumption GCE environment with predictable workloads, an organization wants to commit to a specific amount of CPU and RAM for 3 years. Which pricing model should they use?

To ensure that you always have a specific type of GPU (e.g., NVIDIA A100) available in a particular zone for an upcoming research project, which GCP feature should you use?

You need to host a static website (HTML, CSS, JS) with the lowest possible cost and high durability. You do not need server-side processing. Which storage solution should you choose?

You need to grant developers read-only access to Google Cloud Storage buckets without giving them access to other services. What's the best approach using Cloud IAM?

An enterprise wants to enforce a policy that all Cloud Storage buckets created in the organization must have 'Uniform Bucket-Level Access' enabled to prevent accidental exposure of individual objects. How should they implement this?

You are migrating a 1 PB dataset of medical images to Cloud Storage. The data is currently on-premises and must be moved as quickly as possible. You have a 1 Gbps internet connection. What is the most feasible way to migrate ?

You are hosting a website on Cloud Storage. You want to use a custom domain name (e.g., www.example.com) and serve content over HTTPS. What is the architecture to achieve this?

Scenario: A fintech startup wants to ensure that developers cannot accidentally create public Cloud Storage buckets. How should they enforce this organization-wide?

You are hosting a large-scale data lake on Cloud Storage. You want to automatically move objects to cheaper storage classes (e.g., Nearline to Coldline) after they haven't been accessed for 90 days. How should you do this?

A financial firm needs to store sensitive audit logs for 7 years without the possibility of them being deleted or modified, even by an administrator with 'Owner' permissions. Which Cloud Storage feature should they use?

You are designing an archival strategy for 500 TB of scientific data. The data must be retained for 10 years and will likely never be accessed. What is the most cost-effective storage class?

You are hosting a static website on Cloud Storage and want to provide a way for authenticated users to upload large files directly to a specific bucket without sharing your private service account keys. What is the most secure method?

A financial application requires a relational database that supports high availability and automated backups. The database must be fully managed to reduce operational overhead. Which service fits these requirements?

Your company is deploying a global application that requires a relational database. The application must support multi-region writes with strong consistency and five-nines (99.999%) availability. Which database service should you recommend?

You need to migrate a 50 TB PostgreSQL database from on-premises to Cloud SQL. The business requires the cutover to have less than 1 hour of downtime. Which migration strategy is most effective?

A video game company needs to handle a massive influx of users during a tournament. They need a database that can handle millions of lightning-fast reads and writes with sub-10ms latency for player status updates. Which NoSQL service should they use?

What is the primary benefit of 'Regional Cloud SQL' (High Availability) over 'Standalone Cloud SQL'?

An organization is using Google Cloud Spanner for their transactional database. They want to optimize performance for a table that has a high volume of writes. What is a key design best practice in Spanner to avoid 'hotspots'?

To increase the availability of your Cloud SQL database across multiple regions, what feature should you use?

A travel website wants to personalize their homepage for every user in real-time based on their recent browsing history. They need a database that can handle very high write volume and sub-millisecond read latency. Which service should they use?

You are hosting a containerized web app on GKE. You want to ensure that your backend pods can access a Cloud SQL database without exposing the database to the public internet. What is the recommended networking approach?

You are designing a disaster recovery solution for a business that cannot afford more than 5 minutes of data loss (RPO). They are using a Cloud SQL database. Which architecture is required?

Your application generates millions of clickstream events per second. You need a service to ingest and buffer this data in real-time before processing it. Which service fits this need?

You are building a real-time collaborative application that requires low-latency synchronization of state between many clients. Which database is best suited for this NoSQL document workload?

Which GCP service provides a managed MongoDB-compatible experience for developers who want a document database with real-time sync?

A large retail company needs to connect their on-premises data center to Google Cloud with a dedicated, low-latency 100 Gbps connection. They require the traffic to be encrypted in transit and must avoid the public internet. Which solution should they use?

A financial firm wants to ensure that no data can be exfiltrated from their BigQuery datasets, even by authorized users. They want to restrict access to these datasets to only specific VPC networks. Which tool should they implement?

A SaaS provider wants to offer their customers a way to privately access their internal API services hosted on GCP without using public IPs or VPNs. Which GCP feature enables this cross-organization private connectivity?

An organization wants to analyze the network traffic across all their GCP projects to identify unusual patterns or security threats. They need to see details like source/destination IP, ports, and protocols. What should they enable?

Which feature of the Google Cloud VPC network allows for global internal communication between VMs without needing external IPs or VPNs, even across multiple projects?

Which networking solution provides a physical 10 Gbps or 100 Gbps connection between your on-premises network and Google's network for traffic that DOES NOT traverse the public internet?

You are analyzing petabytes of data for business intelligence reports. You need a fully managed, serverless enterprise data warehouse that supports SQL queries. Which service is best suited for this task?

A data analytics team needs to process streaming data from millions of IoT devices. The data arrives at unpredictable intervals and must be analyzed in real-time before being stored in BigQuery. Which architecture is most scalable and cost-effective?

A data warehouse team needs to join data from BigQuery with data stored in a Cloud SQL PostgreSQL instance in real-time. Which BigQuery feature allows this federated query without moving the data?

Your data science team wants to use SQL to build and deploy a machine learning model for predicting customer churn directly where the data resides. They want to avoid complex ETL and data movement. Which service should they use?

To optimize costs for a BigQuery project, you want to identify which queries are consuming the most 'Slots' and which datasets are never accessed. Which tool should you use?

Your company is audit-driven and needs to capture and analyze every SQL query executed against BigQuery for compliance purposes. How can they achieve this?

An organization is migrating a massive SQL Server data warehouse to BigQuery. They want to ensure that the data remains encrypted at all times, and only specific groups of users can view sensitive columns like names and addresses. Which combination of features should they use?

An organization is migrating their 100 TB of data to BigQuery. They want to ensure they don't go over budget. What is the most effective way to control costs for analytical queries?

Your company needs to analyze data stored in Amazon S3 and Azure Blob Storage using BigQuery without moving the data to Google Cloud. Which BigQuery feature provides this multi-cloud analytics capability?

A media company wants to share their real-time news dataset with hundreds of external partner organizations in a way that is secure, governed, and doesn't involve copying or exporting the data. What is the recommended GCP service?

Your media company streams video content to users globally. Users in different regions are experiencing high latency. You need to improve performance by caching content closer to the users. Which service should you implement?

You are hosting a static website on Cloud Storage. You want to provide users with slow speeds the fastest possible experience by caching content as close to them as possible. What should you add?

A global news agency is using Cloud CDN to cache images from their website. They want to prevent other websites from hotlinking to their images and stealing bandwidth. Which Cloud CDN feature helps with this?

A news agency wants to optimize their Cloud CDN cache hit ratio for dynamically generated articles. They want to ensure that different versions of the same article (e.g., for different languages or device types) are cached correctly based on URL parameters. Which feature should they configure?

A security company wants to inspect all outgoing web traffic from their GCP VPC to ensure no sensitive data is being leaked. Which tool provides a managed way to mirror traffic to an IDS/IPS?

Which GCP feature allows you to create a secure, private connection between a GCP VPC and a 3rd-party SaaS provider (like Salesforce or Datadog) without traversing the public internet?

You are designing a hybrid connectivity architecture for a large bank. They need the highest possible reliability for their connection to Google Cloud and have two physical routers on-premises. What is the Google-recommended 'high availability' configuration for Dedicated Interconnect?

Your organization uses multiple VPCs across different projects for different business units. You want to enable cross-project communication while ensuring that the central IT team maintains control over the network infrastructure and IP allocations. Which architecture should you choose?

To troubleshoot intermittent connectivity issues between two VMs in different regions, you want to see a step-by-step trace of which firewall rules and routing decisions are being applied to a sample packet. Which tool should you use?

An enterprise is using a shared VPC architecture. They want to ensure that 'Service Project A' can only communicate with 'Service Project B' over the network and that no other projects in the organization can connect. How should they implement this using the principle of least privilege?

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

A company wants to ensure that its public-facing API is protected against SQL injection, cross-site scripting (XSS), and common bot attacks. Which service provides these web application firewall (WAF) capabilities?

Your company is running a massive e-commerce site on GCE with a global HTTP(S) LB. During a promotional event, you suspect a bot-driven L7 DDoS attack. What is the fastest way to respond and block the malicious traffic patterns?

What is the primary way to protect a Cloud Run service from large-scale L7 DDoS attacks while still allowing legitimate global traffic?

You are hosting a web application on GCE with a global load balancer. You suspect a Layer 7 DDoS attack targeting a specific URL path. What is the fastest way to mitigate the attack?

A global conglomerate wants to interconnect multiple VPCs located in different organizations (e.g., after an acquisition) while maintaining centralized control and avoiding overlapping IP ranges. Which tool is best for this?

An organization wants to analyze the network topology of their VPC to identify which subnets are most heavily used and where traffic is flowing between regions. Which tool should they use?

You are designing a schema for a Cloud Bigtable table that will store financial time-series data. To prevent performance degradation due to row-key hotspots, what is the best strategy for your row key design?

Which Cloud Spanner feature allows you to store related data from different tables in the same physical storage splits to improve join performance and consistency?

You are migrating a critical monolithic database to Cloud SQL. To minimize the risk of data loss due to a catastrophic zonal failure, which configuration is most important?

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

You are designing a solution for a healthcare provider that needs to store petabytes of patient data. The data must be encrypted with keys managed by the provider on their own hardware security modules (HSM) on-premises. Which encryption method should you use?

An organization wants to centralize the management of secrets (API keys, certificates, passwords) and audit every time a secret is accessed. Which service provides this with native IAM integration?

An enterprise wants to enforce a security policy that requires all data at rest in BigQuery to be encrypted using keys that they rotate and manage on-premises. Which Cloud KMS feature enables this?

A global company needs a centralized place to store and manage their API keys, database passwords, and OAuth client secrets while ensuring that different projects' secrets are isolated. Which service is appropriate?

An enterprise wants to ensure that all their Cloud Storage buckets are encrypted with their own keys. They also want to be able to disable access to all their data globally in an instant by revoking the keys. Which encryption method provides this 'kill switch'?

To meet compliance requirements that specify encryption keys must be rotated every 90 days, but you want to avoid manual overhead, how should you configure Cloud KMS?

Your company is running a mission-critical database on GCE. To meet an RPO of 0 (zero data loss) across regions, which architecture is required?

A global retailer wants to store their product catalog in a database that provides automatic data distribution and consistency across many continents. Which service is best?

You are building a real-time multiplayer game. You need a database that can handle millions of concurrent players with millisecond-level latency for game state updates. Which service should you choose?