Diagnostic questions: Managing and Provisioning a Solution Infrastructure :Preparing for your Professional Cloud Architect Journey (Preparing for Google Cloud Certification: Cloud Architect Professional Certificate) Answers 2025
β Question 1
Correct Answer: π© Enable VPC Service Controls, define a network perimeter, and enable VPC Flow Logs
β Enable VPC Service Controls + audit logs
β Use IAP + audit logs
β Require Cloud VPN for all users
Explanation:
VPC Service Controls + a network perimeter restricts access to trusted networks only.
VPC Flow Logs provide detailed network visibility for auditing and forensics.
β Question 2
Correct Answer: π© Deploy web app on App Engine standard, MIG for chat servers, and use external passthrough NLB for TCP
β Other options use wrong LB types or unmanaged groups
Explanation:
-
Web app = HTTP β App Engine Standard + Application Load Balancer
-
Chat servers = TCP β External passthrough NLB
-
MIG = scalable backend
β Question 3
Correct Answer: π© Temporarily disable account β Export to Cloud Storage β auto-delete after 60 days
β Restore DB
β Disable 30 days only
β Ask users to save their own data
Explanation:
For compliance + returns: store account snapshot externally with Cloud Storage + lifecycle deletion after 60 days.
β Question 4
Correct Answer: π© Set up repo β Check in code β Run tests β Build container β Deploy
β Other orderings incorrect
Explanation:
Standard CI pipeline:
Repo β Code β Tests β Container β Deploy
β Question 5
Correct Answer: π© Deploy as Compute Engine VMs (Terraform optional but simplest is CE directly)
β App Engine (needs refactor)
β GKE (requires containerization)
β Microservices refactor (heavy rewrite)
Explanation:
Minimal refactor β Compute Engine running Ubuntu VM images.
β Question 6
Correct Answer: π© Automate with Terraform
β Deployment Manager
β GKE manifests
β Docker alone
Explanation:
Terraform = multi-cloud, declarative, parallel execution β best match.
β Question 7
Correct Answer: π© Backend loosely coupled + REST over HTTPS
β Tight coupling
β gRPC for external (not ideal)
β Tightly coupled gRPC
Explanation:
External partner APIs = REST + loose coupling requirements.
β Question 8
Correct Answer: π© Use network tags + Secure Boot + vTPM
β labels (labels donβt enforce firewall rules)
β using only service accounts
β wrong combos
Explanation:
Security layers:
-
Network tags β firewall restrictions
-
Secure Boot + vTPM β VM integrity
β Question 9
Correct Answer: π© kubectl autoscale deployment to max 6 pods
β Editing pods (not allowed)
β Editing pod replicas
β Autoscale pod (wrong target)
Explanation:
Autoscaling applies to deployments, not pods.
β Question 10
Correct Answer: π© Global Application Load Balancer β URL map β target proxy β backend service
β Proxy NLB (doesnβt use URL maps)
β NLB (not global HTTP)
β Wrong sequence
Explanation:
URL-based routing + global proximity routing β Global External Application Load Balancer.
π§Ύ Summary Table
| Q# | Correct Answer | Key Concept |
|---|---|---|
| 1 | VPC-SC + VPC Flow Logs | Best network perimeter security |
| 2 | App Engine + MIG + NLB | HTTP vs TCP load balancing |
| 3 | Disable β Export β Auto-delete | Retain data for returns |
| 4 | Repo β Code β Tests β Build β Deploy | CI/CD sequence |
| 5 | Compute Engine | Minimal refactor lift-and-shift |
| 6 | Terraform | Multi-cloud IaC |
| 7 | Loosely coupled REST | API design |
| 8 | Network tags + Secure Boot | Compute Engine layered security |
| 9 | HPA on deployment | Kubernetes autoscaling |
| 10 | Global App LB + URL Map | Geo-aware + path-aware routing |