Google Exams Lab

Professional Cloud Architect - questions & answers

Study template for gradually building a Q&A bank. Adjust topics and structure to your plan.

Back to overview Jump to questions

Status: In progress · Questions: 40 · Notes: 40

How to use it

Every question follows the same format: short answer, explanation and steps.

  • Frame the question as a real-world scenario.
  • Answer in one or two sentences.
  • Add detail (why, trade-offs, risks).
  • List steps/diagnostics and tag it.
Template

Question standard

A consistent structure keeps the bank readable and easy to revise.

  • Question - scenario or decision point
  • Short answer - 1-2 sentences
  • Explanation - why this solution fits
  • Steps - implementation or diagnostics
  • Tags - domain, tool, priority

Status legend

Draft Review Mastered Needs revisit

Update the badge in each question to guide your review cycles.

Quick tips

  • Add 1-2 references for every question.
  • Write answers as if explaining to a junior engineer.
  • Capture common pitfalls and anti-patterns.

Question bank

The study blocks are working drafts - adapt them to your plan or the exam guide.

Study block 1 · Architecture & design

Platform design, availability, scaling, and strategic architecture decisions.

[Question] multi-region active-active API for a critical service. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "multi-region active-active API for a critical service" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "multi-region active-active API for a critical service" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "multi-region active-active API for a critical service" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "multi-region active-active API for a critical service".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

[Question] choosing Cloud Run vs GKE for a stateless backend. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "choosing Cloud Run vs GKE for a stateless backend" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "choosing Cloud Run vs GKE for a stateless backend" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "choosing Cloud Run vs GKE for a stateless backend" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "choosing Cloud Run vs GKE for a stateless backend".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

[Question] event-driven integration with Pub/Sub and Cloud Run. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "event-driven integration with Pub/Sub and Cloud Run" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "event-driven integration with Pub/Sub and Cloud Run" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "event-driven integration with Pub/Sub and Cloud Run" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "event-driven integration with Pub/Sub and Cloud Run".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

[Question] global load balancing plus Cloud CDN for a public web app. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "global load balancing plus Cloud CDN for a public web app" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "global load balancing plus Cloud CDN for a public web app" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "global load balancing plus Cloud CDN for a public web app" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "global load balancing plus Cloud CDN for a public web app".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

[Question] Shared VPC design across platform and application teams. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "Shared VPC design across platform and application teams" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "Shared VPC design across platform and application teams" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Shared VPC design across platform and application teams" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Shared VPC design across platform and application teams".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

[Question] hybrid connectivity through HA VPN and Cloud Router. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "hybrid connectivity through HA VPN and Cloud Router" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "hybrid connectivity through HA VPN and Cloud Router" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "hybrid connectivity through HA VPN and Cloud Router" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "hybrid connectivity through HA VPN and Cloud Router".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

[Question] disaster recovery with explicit RTO/RPO for a tier-1 workload. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "disaster recovery with explicit RTO/RPO for a tier-1 workload" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "disaster recovery with explicit RTO/RPO for a tier-1 workload" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "disaster recovery with explicit RTO/RPO for a tier-1 workload" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "disaster recovery with explicit RTO/RPO for a tier-1 workload".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

[Question] migration landing zone for the first application wave. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "migration landing zone for the first application wave" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "migration landing zone for the first application wave" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "migration landing zone for the first application wave" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "migration landing zone for the first application wave".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Architecture Review

Source: Cloudpeakify original question

Study block 2 · Data & storage

Data platforms, database choices, data lifecycle, and resilience.

[Question] Cloud SQL vs AlloyDB for an OLTP workload. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "Cloud SQL vs AlloyDB for an OLTP workload" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "Cloud SQL vs AlloyDB for an OLTP workload" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Cloud SQL vs AlloyDB for an OLTP workload" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Cloud SQL vs AlloyDB for an OLTP workload".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

[Question] BigQuery partitioning and clustering for cost/performance. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "BigQuery partitioning and clustering for cost/performance" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "BigQuery partitioning and clustering for cost/performance" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "BigQuery partitioning and clustering for cost/performance" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "BigQuery partitioning and clustering for cost/performance".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

[Question] Spanner for globally consistent transactions. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "Spanner for globally consistent transactions" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "Spanner for globally consistent transactions" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Spanner for globally consistent transactions" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Spanner for globally consistent transactions".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

[Question] Bigtable for telemetry and time-series data. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "Bigtable for telemetry and time-series data" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "Bigtable for telemetry and time-series data" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Bigtable for telemetry and time-series data" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Bigtable for telemetry and time-series data".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

[Question] data residency strategy across EU and US regions. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "data residency strategy across EU and US regions" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "data residency strategy across EU and US regions" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "data residency strategy across EU and US regions" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "data residency strategy across EU and US regions".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

[Question] backup and restore strategy for a mission-critical database. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "backup and restore strategy for a mission-critical database" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "backup and restore strategy for a mission-critical database" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "backup and restore strategy for a mission-critical database" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "backup and restore strategy for a mission-critical database".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

[Question] schema evolution in a data lake without breaking consumers. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "schema evolution in a data lake without breaking consumers" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "schema evolution in a data lake without breaking consumers" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "schema evolution in a data lake without breaking consumers" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "schema evolution in a data lake without breaking consumers".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

[Question] minimal-downtime data migration from on-premises to GCP. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "minimal-downtime data migration from on-premises to GCP" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "minimal-downtime data migration from on-premises to GCP" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "minimal-downtime data migration from on-premises to GCP" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "minimal-downtime data migration from on-premises to GCP".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Data Review

Source: Cloudpeakify original question

Study block 3 · Migration & modernization

Migration waves, modernization patterns, and transition to cloud-native.

[Question] application portfolio prioritization using the 6R model. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "application portfolio prioritization using the 6R model" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "application portfolio prioritization using the 6R model" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "application portfolio prioritization using the 6R model" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "application portfolio prioritization using the 6R model".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

[Question] strangler pattern for decomposing a legacy monolith. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "strangler pattern for decomposing a legacy monolith" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "strangler pattern for decomposing a legacy monolith" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "strangler pattern for decomposing a legacy monolith" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "strangler pattern for decomposing a legacy monolith".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

[Question] dual-write cutover during migration to microservices. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "dual-write cutover during migration to microservices" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "dual-write cutover during migration to microservices" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "dual-write cutover during migration to microservices" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "dual-write cutover during migration to microservices".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

[Question] containerization roadmap for VM-based applications. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "containerization roadmap for VM-based applications" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "containerization roadmap for VM-based applications" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "containerization roadmap for VM-based applications" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "containerization roadmap for VM-based applications".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

[Question] IAM and Org Policy baseline before a migration wave. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "IAM and Org Policy baseline before a migration wave" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "IAM and Org Policy baseline before a migration wave" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "IAM and Org Policy baseline before a migration wave" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "IAM and Org Policy baseline before a migration wave".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

[Question] application secret externalization into Secret Manager. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "application secret externalization into Secret Manager" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "application secret externalization into Secret Manager" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "application secret externalization into Secret Manager" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "application secret externalization into Secret Manager".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

[Question] observability baseline before production cutover. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "observability baseline before production cutover" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "observability baseline before production cutover" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "observability baseline before production cutover" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "observability baseline before production cutover".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

[Question] post-migration stabilization and handover to the SRE team. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "post-migration stabilization and handover to the SRE team" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "post-migration stabilization and handover to the SRE team" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "post-migration stabilization and handover to the SRE team" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "post-migration stabilization and handover to the SRE team".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Migration Review

Source: Cloudpeakify original question

Study block 4 · Governance & reliability

Organizational guardrails, operations governance, incident management, and capacity.

[Question] Org Policy guardrails for new projects. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "Org Policy guardrails for new projects" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "Org Policy guardrails for new projects" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Org Policy guardrails for new projects" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Org Policy guardrails for new projects".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

[Question] Policy Controller to enforce Kubernetes standards. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "Policy Controller to enforce Kubernetes standards" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "Policy Controller to enforce Kubernetes standards" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Policy Controller to enforce Kubernetes standards" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Policy Controller to enforce Kubernetes standards".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

[Question] SLO-based capacity planning for seasonal peaks. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "SLO-based capacity planning for seasonal peaks" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "SLO-based capacity planning for seasonal peaks" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "SLO-based capacity planning for seasonal peaks" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "SLO-based capacity planning for seasonal peaks".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

[Question] centralized logging and retention model. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "centralized logging and retention model" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "centralized logging and retention model" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "centralized logging and retention model" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "centralized logging and retention model".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

[Question] incident command process for a sev-1 outage. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "incident command process for a sev-1 outage" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "incident command process for a sev-1 outage" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "incident command process for a sev-1 outage" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "incident command process for a sev-1 outage".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

[Question] chaos testing plan for critical services. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "chaos testing plan for critical services" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "chaos testing plan for critical services" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "chaos testing plan for critical services" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "chaos testing plan for critical services".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

[Question] budget alerts and a FinOps ownership model. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "budget alerts and a FinOps ownership model" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "budget alerts and a FinOps ownership model" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "budget alerts and a FinOps ownership model" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "budget alerts and a FinOps ownership model".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

[Question] response workflow for cost anomalies. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "response workflow for cost anomalies" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "response workflow for cost anomalies" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "response workflow for cost anomalies" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "response workflow for cost anomalies".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Governance Review

Source: Cloudpeakify original question

Study block 5 · Security & compliance

IAM, data protection, auditability, compliance, and security controls.

[Question] least-privilege IAM model for an enterprise organization. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "least-privilege IAM model for an enterprise organization" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "least-privilege IAM model for an enterprise organization" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "least-privilege IAM model for an enterprise organization" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "least-privilege IAM model for an enterprise organization".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

[Question] workforce identity federation for external administrators. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "workforce identity federation for external administrators" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "workforce identity federation for external administrators" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "workforce identity federation for external administrators" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "workforce identity federation for external administrators".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

[Question] CMEK strategy across storage, BigQuery, and databases. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "CMEK strategy across storage, BigQuery, and databases" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "CMEK strategy across storage, BigQuery, and databases" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "CMEK strategy across storage, BigQuery, and databases" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "CMEK strategy across storage, BigQuery, and databases".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

[Question] VPC Service Controls for data exfiltration prevention. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "VPC Service Controls for data exfiltration prevention" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "VPC Service Controls for data exfiltration prevention" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "VPC Service Controls for data exfiltration prevention" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "VPC Service Controls for data exfiltration prevention".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

[Question] secret rotation policy and break-glass access. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "secret rotation policy and break-glass access" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Deploy directly to production without tests, canary rollout, or rollback.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: A. Design and validate "secret rotation policy and break-glass access" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "secret rotation policy and break-glass access" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "secret rotation policy and break-glass access".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

[Question] DLP controls for PII in analytics pipelines. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Design and validate "DLP controls for PII in analytics pipelines" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Grant broad Owner/Editor access to speed up delivery.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: B. Design and validate "DLP controls for PII in analytics pipelines" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "DLP controls for PII in analytics pipelines" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "DLP controls for PII in analytics pipelines".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

[Question] Access Approval and audit transparency process. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Design and validate "Access Approval and audit transparency process" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Ignore SLO metrics and react only after an incident happens.

Short answer: C. Design and validate "Access Approval and audit transparency process" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Access Approval and audit transparency process" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Access Approval and audit transparency process".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

[Question] evidence collection for ISO 27001 and SOC 2 audits. Which approach is most suitable for production? Review

Options:

  • A. Deploy directly to production without tests, canary rollout, or rollback.
  • B. Grant broad Owner/Editor access to speed up delivery.
  • C. Ignore SLO metrics and react only after an incident happens.
  • D. Design and validate "evidence collection for ISO 27001 and SOC 2 audits" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "evidence collection for ISO 27001 and SOC 2 audits" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "evidence collection for ISO 27001 and SOC 2 audits" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "evidence collection for ISO 27001 and SOC 2 audits".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
Cloud Architect Security Review

Source: Cloudpeakify original question

Want to add another certification?

Duplicate this page, adjust the blocks and start adding new questions.

Back to exams overview