G O O G L E C E R T I F I C A T I O N
Professional Cloud Architect Practice Exam
Exam Number: 1004 | Last updated April 21, 2026 | 1492+ questions across 6 vendor-aligned objectives
Professional Cloud Architect is Google’s certification for practitioners who possess the practical knowledge Google expects on its platform. It is built for solution architects, technical leads, and senior engineers who design and govern multi-team Google Cloud deployments, and scoring rewards candidates who translate features into measurable results rather than simply recognize service names.
Heavy-weighted areas define where study time pays back fastest: 24% targets Designing and Planning a Cloud Solution Architecture (business requirements, technical trade-offs, migration planning, resilience design); 18% targets Designing for Security and Compliance (identity federation, data encryption, regulatory alignment, audit controls); 18% targets Analyzing and Optimizing Technical and Business Processes (SDLC integration, DevOps maturity, cost optimization, SLO definition).
Supporting domains fill out the blueprint: 15% covers Managing and Provisioning a Solution Infrastructure (VPC design, IAM hierarchy, storage selection, network peering); 15% covers Ensuring Solution and Operations Reliability (monitoring strategy, chaos testing, capacity planning, incident response); 10% covers Managing Implementation (deployment automation, stakeholder communication, third-party integration). Each still appears on the exam, so none can be safely skipped.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Google documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
939
practice exam users
91.8%
satisfied users
79.4%
passed the exam
4.5/5
quality rating
Test your Cloud Architect knowledge
10 of 1492+ questions
Question #1 - Designing and Planning a Cloud Solution Architecture
A retail chain is lifting 150 on-premises Linux VMs into Google Cloud with a hard ten-week deadline and no application refactoring bandwidth.
Which migration strategy best matches the constraints?
A) Rewrite each app as serverless on Cloud Run
B) Lift-and-shift with Migrate to Virtual Machines
C) Re-platform everything onto GKE this quarter
D) Retire all 150 workloads and start fresh
Show solution
Correct answers: B – Explanation:
Migrate to Virtual Machines enables a fast lift-and-shift that matches the deadline and no-refactor constraint. Rewriting to serverless or replatforming to GKE requires engineering investment the team does not have. Retiring 150 workloads contradicts the goal. Source: Check Source
Question #2 - Designing for Security and Compliance
A healthcare architect needs to ensure encryption keys used for a BigQuery dataset are under the organization’s sole control, with the ability to revoke access company-wide in minutes.
Which key management approach fits the requirement?
A) Google-managed encryption keys with default rotation
B) Customer-supplied encryption keys uploaded daily to each dataset
C) Customer-managed encryption keys in Cloud KMS with key-level disable
D) Application-layer encryption using a static secret in code
Show solution
Correct answers: C – Explanation:
CMEK in Cloud KMS lets the organization control, rotate, and disable the key (effectively revoking access to data) on demand. Google-managed keys do not give customer-side disable. CSEK rotation patterns are cumbersome. Static secrets in code are a known anti-pattern. Source: Check Source
Question #3 - Managing and Provisioning a Solution Infrastructure
A platform team wants a single VPC that hosts shared network resources used by multiple autonomous project teams, while still letting each team manage its own workloads.
Which Google Cloud pattern best fits this requirement?
A) Standalone VPCs with VPN tunnels between every pair
B) Legacy networks in each project
C) Default networks per project with nat gateways only
D) Shared VPC with a host project and service projects
Show solution
Correct answers: D – Explanation:
Shared VPC centralizes networking in a host project while letting service projects deploy workloads, which is exactly this architecture. Pairwise VPN meshes scale poorly. Legacy networks are deprecated. Default networks are not a shared design. Source: Check Source
Question #4 - Analyzing and Optimizing Technical and Business Processes
An architect reviewing Compute Engine spend sees workloads that run predictably 24×7 for years with no elasticity needs.
Which pricing strategy typically yields the largest discount for such steady workloads?
A) Committed use discounts for 1 or 3 years
B) Preemptible VMs only
C) Sustained use discounts with no commitments
D) Paying on-demand and enabling Spot
Show solution
Correct answers: A – Explanation:
Committed use discounts give the deepest savings for steady, predictable workloads over 1 or 3 years. Preemptible/Spot VMs are cheap but can be reclaimed, which is wrong for steady services. Sustained use discounts apply automatically but are smaller. On-demand is the baseline. Source: Check Source
Question #5 - Ensuring Solution and Operations Reliability
A fintech requires a relational database that survives a full regional outage with near-zero RPO and strong consistency globally.
Which Google Cloud database best meets those requirements?
A) Cloud SQL single-zone
B) Cloud SQL cross-zone HA
C) Cloud Spanner multi-region configuration
D) Bigtable single cluster
Show solution
Correct answers: C – Explanation:
Cloud Spanner multi-region provides globally strong consistency and survives regional failure with near-zero RPO. Cloud SQL single-zone does not survive a zone failure. Cross-zone HA survives a zone but not a region. Single-cluster Bigtable does not span regions. Source: Check Source
Question #6 - Managing Implementation
A platform architect needs to standardize infrastructure provisioning across twelve teams so the same IAM, network, and logging baselines are applied every time.
Which approach best enforces that standard?
A) Manual console deployments with screenshots archived
B) Terraform modules published in a central registry
C) Ad-hoc gcloud scripts emailed to each team
D) A shared spreadsheet listing the required settings
Show solution
Correct answers: B – Explanation:
Reusable Terraform modules in a central registry codify baselines and make them enforceable through code review and CI. Manual console work, ad-hoc scripts, and spreadsheets all allow drift and do not scale. Source: Check Source
Question #7 - Analyzing and Optimizing Technical and Business Processes
A team wants to translate a 99.9% monthly availability target into an operational signal that guides their release pace.
Which concept converts that target into release-freezing guidance?
A) A latency histogram
B) An SLI only
C) A monthly satisfaction survey
D) An error budget derived from the SLO
Show solution
Correct answers: D – Explanation:
An error budget is the allowed unavailability (100% minus the SLO) within a window and is the standard SRE signal for pacing releases. An SLI is the measurement, not the budget. Latency histograms are one data point. Surveys do not translate an SLO. Source: Check Source
Question #8 - Ensuring Solution and Operations Reliability
A Cloud Architect must design DR for a Cloud SQL Postgres instance with a target RPO of 5 minutes and RTO of 30 minutes.
Which Cloud SQL capability most directly supports these targets?
A) Export to Cloud Storage once weekly
B) Automated backups and point-in-time recovery enabled
C) Manual binlog copy to a laptop
D) Replication only to the same zone
Show solution
Correct answers: B – Explanation:
Automated backups combined with point-in-time recovery give Cloud SQL the ability to restore to within minutes, which matches the RPO/RTO targets. Weekly exports do not meet a 5-minute RPO. Manual binlog copy is not a supported DR pattern. Same-zone replication does not survive zone failure. Source: Check Source
Question #9 - Designing for Security and Compliance
A large enterprise wants its on-premises Active Directory users to sign in to Google Cloud without provisioning Cloud Identity passwords.
Which Google Cloud capability supports that federation pattern?
A) Identity federation via Google Cloud Directory Sync and SAML SSO
B) Hand-mapping each user to a service account
C) Issuing one shared login to the whole company
D) Disabling all IAM and relying on VPC firewall
Show solution
Correct answers: A – Explanation:
GCDS syncs directory identities and SAML SSO federates authentication to the existing IdP, so users keep their corporate passwords. Service account per user is wrong on two levels. A shared login is an anti-pattern. Firewall alone is not authentication. Source: Check Source
Question #10 - Designing and Planning a Cloud Solution Architecture
A case study states the business needs low-latency inference for retail kiosks in 200 store locations with unreliable uplinks.
Which architecture most directly addresses the reliability constraint?
A) Place inference models only in a single us-central1 endpoint
B) Require every kiosk to call a remote Gemini API on every click
C) Deploy models at each store using GDC Edge or similar edge runtime
D) Pre-render static answers nightly and serve them only
Show solution
Correct answers: C – Explanation:
Edge deployment (GDC Edge, on-prem Kubernetes, or equivalent) keeps inference local so unreliable uplinks do not break kiosks. A single central endpoint fails when the link drops. Every-click calls to a remote API magnify the reliability problem. Static answers cannot replace dynamic inference. Source: Check Source
Get 1492+ more questions with source-linked explanations
Every answer traces to the exact Google documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated April 21, 2026
Learn more...
What the Cloud Architect exam measures
- Designing and Planning a Cloud Solution Architecture (24%): Apply Google Cloud practices to business requirements, technical trade-offs, migration planning, resilience design.
- Managing and Provisioning a Solution Infrastructure (15%): Apply Google Cloud practices to VPC design, IAM hierarchy, storage selection, network peering.
- Designing for Security and Compliance (18%): Apply Google Cloud practices to identity federation, data encryption, regulatory alignment, audit controls.
- Analyzing and Optimizing Technical and Business Processes (18%): Apply Google Cloud practices to SDLC integration, DevOps maturity, cost optimization, SLO definition.
- Managing Implementation (10%): Apply Google Cloud practices to deployment automation, stakeholder communication, third-party integration.
- Ensuring Solution and Operations Reliability (15%): Apply Google Cloud practices to monitoring strategy, chaos testing, capacity planning, incident response.
How to prepare for this exam
- Review the Professional Cloud Architect official exam guide end to end before you commit a study plan, so every later hour is spent against the published blueprint.
- Complete the relevant Google Cloud Skills Boost learning path and treat its labs as non-optional rather than extra credit.
- Get hands-on practice in Qwiklabs sandbox, repeating the same tasks from memory until configuration feels routine.
- Apply what you learn in real-world project experience — your day job, a volunteer project, or an open-source contribution — so the concepts stick.
- Master one objective at a time, starting with the highest-weighted domain on the blueprint and moving down from there.
- Use PowerKram learn mode with feedback and sourced links to close gaps while the answer rationale is still fresh.
- Finish with PowerKram exam mode across all objectives under realistic time pressure before you book the real exam.
Career paths and salary outlook
Holding the Professional Cloud Architect certification typically supports roles such as:
- Cloud Solutions Architect: roughly $ 140,000 to $195,000 USD per year in the US market (range varies by region, years of experience, and specialization). See current data on Glassdoor.
- Principal Cloud Engineer: roughly $ 165,000 to $225,000 USD per year in the US market (range varies by region, years of experience, and specialization). See current data on Levels.fyi.
- Enterprise Architect: roughly $ 155,000 to $210,000 USD per year in the US market (range varies by region, years of experience, and specialization). See current data on Payscale.
Official resources
Work directly from Google’s own preparation resources and treat third-party content as a supplement: