Google Cloud – Professional Cloud Architect Certification learning path

Keep our brightest minds in education and support instructors. Udemy online courses start at $11.99 during our World Teachers’ Day Sale.

Google Cloud – Professional Cloud Architect certification exam is one of the toughest exam I have appeared for. It can surely be compared inline with the AWS Solution Architect/DevOps Professional exams. However, the gamut of services and concepts it tests your knowledge on is really vast.

Quick summary of the exam

  • Wide range of Google Cloud services and what they actually do. It includes Compute, Storage, Network and even Data services
  • Questions sometimes tests your logical thinking rather than any concept regarding Google Cloud.
  • Hands-on, if you have not worked on GCP before make sure you do lots of labs else you would be absolute clueless for some of the questions and commands
  • Tests are updated for the latest enhancements. There are no reference of Google Container Engine and everything was Google Kubernetes Engine, covers Cloud Functions, Cloud Spanner.
  • Make sure you cover the case studies before hand. I got around 15 questions (almost 5 per case study) and it can really be a savior for you in the exams.
  • Be sure that NO Online Course or Practice tests is going to cover all. I did LinuxAcademy which is really vast, but hands-on or practical knowledge is MUST.

The list of topics is quite long, but something that you need to be sure to cover are

  • Identity Services
    • Cloud IAM 
      • provides administrators the ability to manage cloud resources centrally by controlling who can take what action on specific resources.
      • Understand how IAM works and how rules apply esp. the hierarchy from Organization -> Folder -> Project -> Resources
      • How do you use on-premises authentication provider? Google Cloud Directory Sync (GCDS)
  • Compute Services
    • Make sure you know all the compute services Google Compute Engine, Google App Engine and Google Kubernetes Engine. You need to be sure to know the pros and cons and the use cases that you should use them.
    • Google Compute Engine
      • Google Compute Engine is the best IaaS option for compute and provides fine grained control
      • Make sure you know how to create a GCE, connect to it using Cloud shell or ssh keys
      • Make sure you know the difference between backups and images and how to create the same
      • Understand how you can recreate instance in different zones and regions
      • Understand the pricing and discounts model Hint – Sustained (automatic upto 30%) vs Committed (1 to 3 yrs) discounts.
      • Understand Preemptible VMs and their use cases.
      • Managed instance groups are covered heavily the exam, as they provide the key auto-scaling capability. Hint you need to create an Instance template and associate it with Instance group
      • Understand how migration or traffic splitting with Managed instance groups works Hint – rolling updates & deployments
      • In case of any issues or errors, how to debug the same
    • Google App Engine
      • Google App Engine is mainly the best option for PaaS with platforms supported and features provided.
      • Understand the key differences between Standard and Flexible App Engine. Hint – network did not work for Standard, so VPN connections did not work and you would need to use Flexible environment.
      • Deploy an application with App Engine and understand how versioning and rolling deployments can be done
    • Google Kubernetes Engine
      • Google Container Engine is now officially Google Kubernetes Engine and the questions refer to the same
      • Google Kubernetes Engine, powered by the open source container scheduler Kubernetes, enables you to run containers on Google Cloud Platform.
      • Kubernetes Engine takes care of provisioning and maintaining the underlying virtual machine cluster, scaling your application, and operational logistics such as logging, monitoring, and cluster health management.
      • Be sure to Create a Kubernetes Cluster and configure it to host an application
      • Very important to understand where to use gcloud commands (to create a cluster) and kubectl commands (manage the cluster components)
    • Cloud Functions
      • is a lightweight, event-based, asynchronous compute solution that allows you to create small, single-purpose functions that respond to cloud events without the need to manage a server or a runtime environment.
      • Remember that Cloud Functions is serverless and scales from zero to scale and back to zero as the demand changes.
  • Network Services
    • Virtual Private Cloud
      • Create a Custom Virtual Private Cloud (VPC), subnets and host applications within them Hint VPC spans across region
      • Understand how Firewall rules works and how they are configured. Hint – Focus on Network Tags.
      • Understand the concept of shared VPC which allows for access to resources using internal IPs
      • Understand VPC Peering and Private Google Access use cases
    • On-premises connectivity
      • Cloud VPN and Interconnect are 2 components which help you connect to on-premises data center.
      • Understand limitations of Cloud VPN esp. 1.5Gbps limit. How it can be improved with multiple tunnels.
      • Understand what are the requirements to setup Cloud VPN. Hint – Cloud Router is required for BGP.
      • Know Interconnect as the reliable high speed, low latency and dedicated bandwidth options.
    • Cloud Load Balancer (GCLB)
      • Google Cloud Load Balancing provides scaling, high availability, and traffic management for your internet-facing and private applications.
      • Understand Google Load Balancing options and their use cases esp. which is global and internal and what protocols they support.
  • Storage Services
    • Understand each storage service options and their use cases.
    • Persistent disks
      • attached to the Compute Engines, provide fast access however are limited in scalability, availability and scope.
      • Remember performance depends on the size of the disk
    • Cloud Storage
      • cost-effective object storage for an unstructured data.
      • very important to know the different classes and their use cases esp. Regional and Multi-Regional (frequent access), Nearline (monthly access) and Coldline (yearly access)
      • Understand how encryption works
      • Understand Signed URL to give temporary access and the users do not need to be GCP users
      • Understand permissions – IAM vs ACLs (fine grained control)
    • Relational Databases
      • Know Cloud SQL and Cloud Spanner
      • Cloud SQL
        • is a fully-managed service that provides MySQL and PostgreSQL only.
        • Limited to 10TB and is a regional service.
      • Cloud Spanner
        • is a fully managed, mission-critical relational database service.
        • provides a scalable online transaction processing (OLTP) database with high availability and strong consistency at global scale.
        • globally distributed and can scale and handle more than 10TB.
        • not a direct replacement and would need migration
      • There are no direct options for Microsoft SQL Server or Oracle yet.
    • NoSQL
      • Know Cloud Datastore and BigTable
      • Datastore
        • provides document database for web and mobile applications. Datastore is not for analytics
        • Understand Datastore indexes and how to update indexes for Datastore
        • Can be configured Multi-regional and regional
      • Bigtable
        • provides column database suitable for both low-latency single-point lookups and precalculated analytics
        • understand Bigtable is not for long term storage as it is quite expensive
    • Data Warehousing
      • BigQuery
        • provides scalable, fully managed enterprise data warehouse (EDW) with SQL and fast ad-hoc queries.
        • Remember it is most suitable for historical analysis.
    • MemoryStore and Firebase did not feature in any of the questions
  • Data Services
    • Although there is a different certification for Data Engineer, the Cloud Architect does cover data services. Data services are also part of the use cases so be sure to know about them
    • Know the Big Data stack and understand which service fits the different layers of ingest, store, process, analytics, use
    • Key Services which need to be mainly covered are –
      • Cloud Storage as the medium to store data as data lake
      • Cloud Pub/Sub as the messaging service to capture real time data esp. IoT
      • Cloud Pub/Sub is designed to provide reliable, many-to-many, asynchronous messaging between applications esp. real time IoT data capture
      • Cloud Dataflow to process, transform, transfer data and the key service to integrate store and analytics.
      • Cloud BigQuery for storage and analytics. Remember BigQuery provides the same cost-effective option for storage as Cloud Storage
      • Cloud Dataprep to clean and prepare data. Hint – It can be used anomaly detection.
      • Cloud Dataproc to handle existing Hadoop/Spark jobs. Hint – Use it to replace existing hadoop infra.
      • Cloud Datalab is an interactive tool for exploration, transformation, analysis and visualization of your data on Google Cloud Platform
  • Monitoring
    • Google Stackdriver
      • provides everything from monitoring, alert, error reporting, metrics, diagnostics, debugging, trace.
      • remember audits are mainly checking Stackdriver
  • DevOps services
    • Deployment Manager is Infrastructure as Code
    • Cloud Source Repositories provides source code repository with Git version control to support collaborative development
    • Container Registry is a private Docker image storage system on Google Cloud Platform. Images are immutable.
    • Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure.
    • Cloud Launcher provides a way to launch common software packages e.g. Jenkins or WordPress and stacks on Google Compute Engine with just a few clicks like a prepackaged solution. It can help minimize deployment time
  • Security Services
    • Cloud Security Scanner is a web application security scanner that enables developers to easily check for a subset of common web application vulnerabilities in websites built on App Engine and Compute Engine.
    • Data Loss Prevention API to handle sensitive data esp. redaction of PII data.
    • Focus on PCI-DSS, how to handle to same. Remember, GCP services are PCI-DSS complaint, however you need to make sure for your applications and hosting to be inline with PCI-DSS.
    • Same concept as PCI-DSS applies to GDPR as well
  • Other Services
    • Storage Transfer Service allows import of large amounts of online data into Google Cloud Storage, quickly and cost-effectively. Online data is the key here as it supports AWS S3, HTTP/HTTPS and other GCS buckets. If the data is on-premises you need to use gsutil command
    • Transfer Appliance to transfer large amounts of data quickly and cost-effectively into Google Cloud Platform. Check for the data size and it would be always compared with Google Transfer Service or gsutil commands.
    • Spinnaker is an open source, multi-cloud, continuous delivery platform and does appear in answer options. So be sure to know about it.
    • Jenkins for Continuous Integration and Continuous Delivery.
  • Case Studies

Resources

Google Cloud Certified – Professional Cloud Architect exam assesses your ability to

Section 1: Designing and planning a cloud solution architecture

  • 1.1 Designing a solution infrastructure that meets business requirements. Considerations include:
    • business use cases and product strategy
    • cost optimization
    • supporting the application design
    • integration
    • movement of data
    • tradeoffs
    • build, buy or modify
    • success measurements (e.g., Key Performance Indicators (KPI), Return on Investment (ROI), metrics)
    • Compliance and observability
  • 1.2 Designing a solution infrastructure that meets technical requirements. Considerations include:
    • high availability and failover design
    • elasticity of cloud resources
    • scalability to meet growth requirements
  • 1.3 Designing network, storage, and compute resources. Considerations include:
    • integration with on premises/multi-cloud environments
      Cloud native networking (VPC, peering, firewalls, container networking)
    • identification of data processing pipeline
    • matching data characteristics to storage systems
    • data flow diagrams
    • storage system structure (e.g., Object, File, RDBMS, NoSQL, NewSQL)
    • mapping compute needs to platform products
  • 1.4 Creating a migration plan (i.e., documents and architectural diagrams). Considerations include:
    • integrating solution with existing systems
    • migrating systems and data to support the solution
    • licensing mapping
    • network and management planning
    • testing and proof-of-concept
  • 1.5 Envisioning future solution improvements. Considerations include:
    • cloud and technology improvements
    • business needs evolution
    • evangelism and advocacy

Section 2: Managing and provisioning solution Infrastructure

  • 2.1 Configuring network topologies. Considerations include:
    • extending to on-premise (hybrid networking)using VPN or Interconnect
    • extending to a multi-cloud environment which may include GCP to GCP communication
    • security
    • data protection
  • 2.2 Configuring individual storage systems. Considerations include:
    • data storage allocation
    • data processing/compute provisioning
    • security and access management
    • network configuration for data transfer and latency
    • data retention and data lifecycle management
    • data growth management
  • 2.3 Configuring compute systems. Considerations include:
    • compute system provisioning
    • compute volatility configuration (preemptible vs. standard)
    • network configuration for compute nodes
    • infrastructure provisioning technology configuration (e.g. Chef/Puppet/Ansible/Terraform)
    • container orchestration (e.g. Kubernetes)

Section 3: Designing for security and compliance

  • 3.1 Designing for security. Considerations include:
    • Identity and Access Management (IAM)
    • Resource hierarchy (organizations, folders, projects)
    • data security (key management, encryption)
    • penetration testing
    • Separation of Duties (SoD)
    • security controls
    • Managing customer-supplied encryption keys with Cloud KMS
  • 3.2 Designing for legal compliance. Considerations include:
    • legislation (e.g., Health Insurance Portability and Accountability Act (HIPAA), Children’s Online Privacy Protection Act (COPPA), etc.)
      audits (including logs)
    • certification (e.g., Information Technology Infrastructure Library (ITIL) framework)

Section 4: Analyzing and optimizing technical and business processes

  • 4.1 Analyzing and defining technical processes. Considerations include:
    • Software Development Lifecycle Plan (SDLC)
    • continuous integration / continuous deployment
    • troubleshooting / post mortem analysis culture
    • testing and validation
    • IT enterprise process (e.g. ITIL)
    • business continuity and disaster recovery
  • 4.2 Analyzing and defining business processes. Considerations include:
    • stakeholder management (e.g. Influencing and facilitation)
    • change management
    • team assessment / skills readiness
    • decision making process
    • customer success management
    • cost optimization / resource optimization (Capex / Opex)
  • 4.3 Developing procedures to test resilience of solution in production (e.g., DiRT and Simian Army)

Section 5: Managing implementation

  • 5.1 Advising development/operation team(s) to ensure successful deployment of the solution. Considerations include:
    • application development
    • API best practices
    • testing frameworks (load/unit/integration)
    • data and system migration tooling
  • 5.2 Interacting with Google Cloud using GCP SDK (gcloud, gsutil and bq). Considerations include:
    • local installation
    • Google Cloud Shell

Section 6: Ensuring solution and operations reliability

  • 6.1 Monitoring/Logging/Alerting solution
  • 6.2 Deployment and release management
  • 6.3 Supporting operational troubleshooting
  • 6.4 Evaluating quality control measures

Case Studies

  • Mountkirk Games
  • Dress4Win
  • TerramEarth

66 thoughts on “Google Cloud – Professional Cloud Architect Certification learning path

        1. Google Professional is inline with AWS Solution Architect – Professional. It took me around 2 months to prepare for it with roughly 2 hrs per day. So plan accordingly.

  1. Thank you for this valuable summary. Your continued work to help others in their Cloud training and certification quests is very much appreciated.
    regards
    Allan

  2. Thanks Jayendra! I have planned my certification for next month and been preparing since two months. How much % of questions could we expect from Braincert or is it just a practicing site?

    1. Hi GP, from a conceptual front you should expect a coverage of data 70% or more. The questions are not as is, so you need to be sure you get your concepts right.

    1. AWS has a larger market and is more matured than Azure and GCP. Also in my experience AWS have lot of jobs.

  3. Jayendra
    I have cleared all 3 google cloud certifications. I got completely new set of questions and I saw only 2 or 3 similar questions like braincert or practice questions we reviewed over e-mail. As I have cleared the google data engineer certification, i would like complete AWS Big Specialty certification. Can you suggest good course like Linux Academy or Cloud Guru or cloud academy along with good practice questions

    1. Thats great .. Congrats Raghavarao.
      I am not surprised as it seems Google question bank is quite vast and they keep on updating. For Big Data both are good, so you can check on either.

    1. Hi Ilan, Google does not disclose the passing %. However, given my experience above 70% confident is for sure to pass the exams 🙂

  4. I want to buy google cloud professional architect practice tests. have you looked at udemy as well as braincert? braincert is Rs.1700 but 250 Qs. Udemy is for Rs700 125Qs.

      1. Hi Jayendra, I attempted exam last week but was unable to pass. Could you please provide me the dumps which you have.

  5. Hi,

    Last week i have cleared Google Cloud Professional Architect Exam.

    Braincert Practice tests papers helped a lot.

  6. Hi JP, Are there are pre-requisites in terms of other certifications before one can go for GCP Architect?
    I do not have any certification in cloud but have been working on GCP for last 1 year

    1. Absolutely Nothing, I appeared directly to GCP Professional Cloud Architect with a bit of working knowledge. Working knowledge would be a great help.

  7. Hi Jayendra,

    I have attempted for exam las week but unable to pass the exam, could you help in providing some instructions to pass the exam. Is Braincert have the similar pattern of questions which gets in exam? Please help

  8. Thank you.. I have noted all the questions which I got in the exam .. could you please help me in reviewing them ..

    1. Hi Maroju,
      If possible can you send me the questions you have noted down at ishaansutaria AT gmail dOT com

  9. Today I passed the GCP architect exam. The test was really hard and braincert mock questions helped a little, I would say.

    1. Hi Somenath,

      I am facing some issue with GCP architect challenge lab. Could you please help me on this?

  10. Hi ,

    I have been reading your blogs for AWS exams. It is great to see your blog for GCP. Could you please help me understand how many questions come up in 2 hours exam?

  11. Passed the Google Cloud Architect -professional exam successfully. Thanks Jayendra for all the brief you put in.

  12. @Jaydendra – Which one will you recommend Braincert, Whizlabs or Udemy exam preparation question sets. Can you please shed some light.

      1. So shall I purchase Braincert as its costlier than Whizlabs, Do we have any discount coupons available for Braincert. Also does Braincert have explanation of all the questions and their answers like whizlabs?

        1. As per the feedback form users, Braincert is much better than Whizlabs in terms of quality, material and explanations.

    1. Hi MZU,

      Can you share some material ( dump) to complete. I was complete AWS advance architect.
      Regards
      Srinivasan AC

  13. Great write up and made me realize I need to step up my studying.

    Do you recommend taking other Linux academy courses to prepare for the GCP PCA?
    for example, google app engine deep dive, security essentials, kubernetes deep dive etc.

    Thanks.

    1. Its better to actually do Linux Academy Professional Cloud Architect and Professional Data Engineer, which will help you prepare for both exams as there is a surely overlap on both of them.

  14. I like to share below point which helped with my exam

    Part 3 course in LA(linuxacademy) and “Braincert Practice tests papers” without which I could have not cleared the exam for sure (I have already taken courser for GCP traning and completed all 6 modules before starting with LA (it is free for one month)

    Below are the some of the import points in my learning which come in exam , I am able to recollect only some points

    LB

    Different btw Load Balancer , choosing the intended LB (L4 or L7)
    LB will not have firewall rules only instances will have
    Even if it is for backend database and the connection is https api choose L7 LB only

    Interconnect (Dedicated ,Partner or VPN ) :-you want more thans 4 gbps to 10 gbps take patner ,more than 10 gbps use dedicated ,vpn for all other

    Data transfer (GCS , Transfer Applications )

    In GCS we have diff transfer option ,online transfer ,gsutil ect…
    with gsutil you have diff option :- –m for parallel upload ,break and upload large file
    how customer encryption key is added :- to .boto config file, or the command encryption_key=[your key} in every gsutil connect you try to upload
    google recommends that if the data is more than 20 tb or take more that 7days use transfer applcations
    GCS life cycle

    Firewall priory rule (know what is implied allow egress rule , implied deny ingress rule and how the priory is set)

    SSH troubleshoot(stackdriver log will not help ) :-netcat to connect to port 22 or access the serial console

    GKE :- diff btw updating node and cluster ,know how the rollback will happened for statefull application and for other

    SAN storage is mapped to Persistent disk

    Role :- always try to choose pre-defined over other customer roles and primitive roles

    Below are the key words when choosing the correct option

    Stroage (time series, low latency :-Bigtable
    OLAP, analysis :-BIgquery
    for mobile :-datastore )

    Bigquery Roles (users ,jobusers ,dataeditor ,dataowner …) :-know how access is given

    Cloud SQL (read replica and failure replica ) :-only zonal not regional

    Snapshort and Images

    App stranded vs flexible diff

    Authentication :- GCDS ,OAUTH

    Dataflow , dataprep ,Cloud DLP

    MS SQL high availably :- use Always on Avalabity group in different zone

    Java error :-resigned or disable percompilation for the whole applcatiom in app engineZZ

  15. Hi Jayendra…,ashwanth,

    Are the linuxacademy courses – Linux Academy Professional Cloud Architect and Professional Data Engineer free for one month the way it is free in coursera or well need to buy the membership.
    website of linuxacademy reflects it is free for 7 days which i doubt if it will give full access to content. and pricing reflects – ~38$. Any other ideas for the free limited time access ?

    Best Regards,
    Deepak

  16. Hello. I just took the exam for the GCP Professional Cloud Architect and was not successful. What is the best source of study to pass the exam? I have heard about the folowing:

    LinuxAcademy
    BrainCert
    aCloudGuru

    I have taken all of the Coursera courses as well as the QuikLabs Hands-on-labs

    Do you have an idea of what is the best source?

    1. The way i cleared the exam was to do both the Linux Academy courses – Professional Cloud Architect and Professional Data Engineer. That prepared for the exam.
      I did not do Cousera much. I used Braincert for practice and build upon the concepts further and read more of the GCP documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.