Google Cloud – Professional Cloud Developer Certification learning path
📌 Last Updated: June 2026 — This post has been updated to reflect current exam format, service renamings (Cloud Run functions, Spot VMs, Sensitive Data Protection), deprecated services (Cloud Debugger shut down May 2023), and the transition to Pearson VUE for exam delivery.
Continuing on the Google Cloud Journey, glad to have passed the sixth certification with the Professional Cloud Developer certification.
Google Cloud – Professional Cloud Developer Certification Summary
- The exam has 50-60 multiple choice and multiple select questions to be answered in 2 hours.
- Registration fee is $200 (plus tax where applicable).
- Covers a wide range of Google Cloud services mainly focusing on application development, containerization, CI/CD pipelines, and cloud service integration.
- As of March 2026, exams are delivered through Pearson VUE (previously Kryterion). You can take the exam online-proctored or at a testing center.
- Exams are being updated to reflect product updates announced at Google Cloud Next ’26, including Gemini and AI-related services. Refer to the exam guide for current topics.
- Make sure you cover the case studies beforehand. I got ~5-6 questions and it can really be a savior for you in the exams.
- As mentioned for all the exams, Hands-on is a MUST, if you have not worked on GCP before make sure you do lots of labs else you would be absolutely clueless about some of the questions and commands.
- Google recommends 3+ years of industry experience including 1+ years designing and managing solutions using Google Cloud.
Google Cloud – Professional Cloud Developer Certification Resources
- Google Cloud – Professional Cloud Developer Exam Guide
- Google Cloud – Professional Cloud Developer Certification Page
- Courses
- Udemy – Google Cloud Developer – GCP Professional Certification
- Coursera – Developing Applications with Google Cloud Platform
- Coursera – Getting Started with Google Kubernetes Engine
- Coursera – Architecting with Google Kubernetes Engine: Production
A Cloud Guru – Google Cloud Certified – Professional Cloud Developer(A Cloud Guru was shut down in November 2025. Content has been migrated to Pluralsight Cloud+)
- Practice tests
- Use Google Skills (formerly Google Cloud Skills Boost / Qwiklabs) for hands-on labs as much as possible.
- Google Cloud also offers a free practice exam with 20 questions to assess readiness.
Google Cloud – Professional Cloud Developer Certification Topics
Case Studies
Compute Services
- Compute services like Google Compute Engine, Google Kubernetes Engine, Cloud Run, and App Engine are covered with focus on selecting the right platform and security aspects.
- Google Compute Engine
- Google Compute Engine is the best IaaS option for compute and provides fine-grained control.
- Compute Engine is recommended to be used with Service Account with the least privilege to provide access to Google services and the information can be queried from instance metadata.
- Compute Engine Persistent disks can be attached to multiple VMs in read-only mode.
- Compute Engine launch issues reasons:
- Boot disk is full.
- Boot disk is corrupted.
- Boot Disk has an invalid master boot record (MBR).
- Quota Errors.
- Can be debugged using Serial console.
- Spot VMs (previously known as Preemptible VMs) and their use cases. Spot VMs are the recommended replacement — they have no 24-hour maximum lifetime (unlike legacy Preemptible VMs) and run indefinitely as long as capacity is available. HINT — shutdown script to perform cleanup actions.
- Cloud Run
- Cloud Run is a fully managed serverless platform for deploying and running containerized applications without managing infrastructure.
- Cloud Run services — run containers that are invocable via HTTP requests or events, with automatic scaling (including scale-to-zero).
- Cloud Run jobs — run containers to completion for batch workloads, scripts, and data processing tasks (GA since 2023).
- Cloud Run functions (formerly Cloud Functions, renamed August 2024) — event-driven functions with the same simple programming model, now deployed on Cloud Run infrastructure with fine-grained control over concurrency, CPU/memory, and networking.
- Cloud Run supports GPU access for AI/ML inference workloads.
- Cloud Run integrates with Eventarc for event delivery from 130+ Google Cloud sources.
- Supports minimum instances to avoid cold starts, and maximum instances to control costs.
- Google Kubernetes Engine
- Google Kubernetes Engine enables running containers on Google Cloud.
- GKE Autopilot is the recommended fully managed mode — Google manages nodes, nodepools, and scaling. In 2024, 30% of active GKE clusters used Autopilot mode. As of 2026, Autopilot is available to all qualifying clusters.
- Understand GKE containers, Pods, Deployments, Service, DaemonSet, StatefulSets:
- Pods are the smallest, most basic deployable objects in Kubernetes. A Pod represents a single instance of a running process in the cluster and can contain single or multiple containers.
- Deployments represent a set of multiple, identical Pods with no unique identities. A Deployment runs multiple replicas of the application and automatically replaces any instances that fail or become unresponsive.
- StatefulSets represent a set of Pods with unique, persistent identities and stable hostnames that GKE maintains regardless of where they are scheduled.
- DaemonSets manage groups of replicated Pods. DaemonSets attempt to adhere to a one-Pod-per-node model, either across the entire cluster or a subset of nodes.
- Service is to group a set of Pod endpoints into a single resource. GKE Services can be exposed as ClusterIP, NodePort, and Load Balancer.
- Ingress object defines rules for routing HTTP(S) traffic to applications running in a cluster. An Ingress object is associated with one or more Service objects.
- Gateway API is the next-generation routing API for Kubernetes (successor to Ingress). It provides expressive, extensible, and role-oriented traffic routing with built-in capabilities for header-based matching, traffic weighting, and traffic splitting.
- GKE supports Horizontal Pod Autoscaler (HPA) to autoscale deployments based on CPU and Memory.
- GKE supports health checks using
livenessandreadinessprobes:- Readiness probes are designed to let Kubernetes know when the app is ready to serve traffic.
- Liveness probes let Kubernetes know if the app is alive or dead.
- Understand Workload Identity Federation for GKE (formerly Workload Identity) for security — the recommended way to provide Pods running on the cluster access to Google resources without service account keys.
- GKE integrates with Istio/Anthos Service Mesh for mTLS and service-to-service security.
- Google App Engine
- Google App Engine is the PaaS option.
- Understand how to manage auto-scaling and traffic splitting and migration.
- Know the difference between App Engine Flexible vs Standard.
- Cloud Tasks
- is a fully managed service that allows you to manage the execution, dispatch, and delivery of a large number of distributed tasks.
Security Services
- Cloud Identity-Aware Proxy
- Identity-Aware Proxy IAP allows managing access to HTTP-based apps both on Google Cloud and outside of Google Cloud.
- IAP uses Google identities and IAM and can leverage external identity providers as well like OAuth with Facebook, Microsoft, SAML, etc.
- Signed headers using JWT provide secondary security in case someone bypasses IAP.
- Sensitive Data Protection (formerly Cloud DLP)
- Sensitive Data Protection (previously Cloud Data Loss Prevention / Cloud DLP) is a fully managed service designed to help discover, classify, and protect the most sensitive data.
- Provides key features:
- Classification/Inspection — inspect the data and know what data you have, how sensitive it is, and the likelihood.
- De-identification — the process of removing, masking, redaction, replacing information from data.
- Discovery — continuously monitors data resources in your organization, profiling data sensitivity and risk levels across BigQuery, Cloud Storage, and Datastore.
- Web Security Scanner
- Web Security Scanner identifies security vulnerabilities in the App Engine, GKE, and Compute Engine web applications.
- Scans provide information about application vulnerability findings, like OWASP, XSS, Flash injection, outdated libraries, cross-site scripting, clear-text passwords, or use of mixed content.
- Secret Manager
- Secret Manager stores API keys, passwords, certificates, and other sensitive data securely.
- Provides versioning, automatic rotation, and fine-grained IAM access control.
- Integrates natively with Cloud Run, GKE, and Cloud Build for secure secret injection.
Networking Services
- Virtual Private Cloud
- Understand Virtual Private Cloud (VPC), subnets, and host applications within them.
- Private Access options for services allow instances with internal IP addresses to communicate with Google APIs and services.
- Private Google Access allows VMs to connect to the set of external IP addresses used by Google APIs and services by enabling Private Google Access on the subnet used by the VM’s network interface.
- Cloud Load Balancing
- Google Cloud Load Balancing provides scaling, high availability, and traffic management for your internet-facing and private applications.
Identity Services
- Resource Manager
- Understand Resource Manager the hierarchy Organization → Folders → Projects → Resources.
- IAM Policy inheritance is transitive and resources inherit the policies of all of their parent resources.
- Effective policy for a resource is the union of the policy set on that resource and the policies inherited from higher up in the hierarchy.
- Identity and Access Management
- Identify and Access Management – IAM provides administrators the ability to manage cloud resources centrally by controlling who can take what action on specific resources.
- A service account is a special kind of account used by an application or a virtual machine (VM) instance, not a person.
- Understand IAM Best Practices:
- Use groups for users requiring the same responsibilities.
- Use service accounts for server-to-server interactions.
- Use Workload Identity Federation instead of service account keys for external workloads and GKE pods.
- Use Organization Policy Service to get centralized and programmatic control over the organization’s cloud resources.
- Domain-wide delegation of authority to grant third-party and internal applications access to the users’ data (e.g., Google Drive).
Storage Services
- Cloud Storage
- Cloud Storage is cost-effective object storage for unstructured data and provides an option for long term data retention.
- Understand Signed URL to give temporary access and the users do not need to be GCP users. HINT: Signed URL would work for direct upload to GCS without routing the traffic through App Engine or CE.
- Understand Google Cloud Storage Classes and Object Lifecycle Management to transition objects.
- Retention Policies help define the retention period for the bucket, before which the objects in the bucket cannot be deleted.
- Bucket Lock feature allows configuring a data retention policy for a bucket that governs how long objects in the bucket must be retained. The feature also allows locking the data retention policy, permanently preventing the policy from being reduced or removed.
- Know Cloud Storage Best Practices — GCS auto-scaling performs well if requests ramp up gradually rather than having a sudden spike. Also, retry using exponential back-off strategy.
- Cloud Storage can be used to host static websites.
- Cloud CDN can be used with Cloud Storage to improve performance and enable caching.
- Firestore
- Firestore (successor to Cloud Datastore) provides a managed NoSQL document database built for automatic scaling, high performance, and ease of application development.
- Firestore operates in Native mode (real-time sync, offline support) or Datastore mode (backward compatible with Cloud Datastore).
- Artifact Registry
- Artifact Registry is the recommended container and package registry (Container Registry was shut down on March 18, 2025).
- Supports Docker images, language packages (Maven, npm, Python, etc.), and OS packages.
- Integrates with Cloud Build for CI/CD pipelines and provides vulnerability scanning.
Developer Tools
- Google Cloud Build
- Cloud Build is a serverless CI/CD platform that integrates with GitHub, GitLab, and Bitbucket (Cloud Source Repositories is no longer available to new customers as of June 2024; Secure Source Manager is the replacement).
- Cloud Build can import source code, execute build to specifications, and produce artifacts such as Docker containers or Java archives.
- Cloud Build build config file specifies the instructions to perform, with steps defined for each task like test, build, and deploy.
- Cloud Build supports custom images as well for the steps.
- Cloud Build uses a directory named
/workspaceas a working directory and the assets produced by one step can be passed to the next one via the persistence of the/workspacedirectory. - Cloud Build 2nd gen repositories provide improved integration with GitHub and GitLab.
- Google Cloud Code
- Cloud Code helps write, debug, and deploy cloud-based applications for IntelliJ, VS Code, or in the browser.
- Google Cloud Client Libraries
- Google Cloud Client Libraries provide client libraries and SDKs in various languages for calling Google Cloud APIs.
- If the language is not supported, Cloud REST APIs can be used.
- Deployment Techniques
- Recreate deployment — fully scale down the existing application version before you scale up the new application version.
- Rolling update — update a subset of running application instances instead of simultaneously updating every application instance.
- Blue/Green deployment — (also known as a red/black deployment), perform two identical deployments of your application.
- GKE supports Rolling and Recreate deployments.
- Rolling deployments support
maxSurge(new pods would be created) andmaxUnavailable(existing pods would be deleted).
- Rolling deployments support
- Managed Instance Groups support Rolling deployments using
maxSurgeandmaxUnavailableconfigurations. - Cloud Run supports traffic splitting for gradual rollouts (route percentages between revisions).
- Testing Strategies
- Canary testing — partially roll out a change and then evaluate its performance against a baseline deployment.
- A/B testing — test a hypothesis by using variant implementations. A/B testing is used to make business decisions (not only predictions) based on the results derived from data.
Data Services
- Bigtable
- Bigtable is a sparsely populated NoSQL table that can scale to billions of rows and thousands of columns.
- Know Bigtable best practices for schema design.
- Cloud Pub/Sub
- Understand Cloud Pub/Sub as an asynchronous messaging service.
- Know patterns for One to Many, Many to One, and Many to Many.
roles/publisherandroles/pubsub.subscriberprovides applications with the ability to publish and consume.
- Cloud SQL
- Cloud SQL is a fully managed service that provides MySQL, PostgreSQL, and Microsoft SQL Server.
- HA configuration provides data redundancy and failover capability with minimal downtime when a zone or instance becomes unavailable.
- Read replicas help scale horizontally the use of data in a database without degrading performance.
- Cloud Spanner
- is a fully managed relational database with unlimited scale, strong consistency, and up to 99.999% availability.
- Can read and write up-to-date strongly consistent data globally.
- Multi-region instances give higher availability guarantees (99.999% availability) and global scale.
- Cloud Spanner’s table interleaving is a good choice for many parent-child relationships where the child table’s primary key includes the parent table’s primary key columns.
Monitoring & Observability
- Google Cloud Monitoring (part of Google Cloud Observability, formerly Stackdriver)
- Provides monitoring, alerting, error reporting, metrics, and diagnostics.
- Cloud Monitoring helps gain visibility into the performance, availability, and health of your applications and infrastructure.
- Google Cloud Logging
- Cloud Logging provides real-time log management and analysis.
- Cloud Logging allows ingestion of custom log data from any source.
- Logs can be exported by configuring log sinks to BigQuery, Cloud Storage, or Pub/Sub.
- Cloud Logging Agent (Ops Agent) can be installed for logging and capturing application logs.
- Cloud Error Reporting
- Counts, analyzes, and aggregates the crashes in the running cloud services.
- Cloud Trace
- is a distributed tracing system that collects latency data from the applications and displays it in the Google Cloud Console.
- Supports OpenTelemetry Protocol (OTLP) for sending trace data — the recommended approach for new and existing users.
Cloud Debugger-
⚠️ DEPRECATED: Cloud Debugger was deprecated on May 16, 2022 and shut down on May 31, 2023. It is no longer available.
Alternative: Use Snapshot Debugger (open-source) or standard logging/tracing with Cloud Logging and Cloud Trace for application debugging.
-
All the Best !!