Google Professional Cloud Architect Cert Exam Notes

7 Big Exam topics

I took and passed the Google Cloud Architect certification exam today for the third time. This test was similar to my previous two takes (in 2021, and 2019) with a few changes in service naming and emphasis, and it reflects some new features that have been added over the years, but the core idea remains the same: know how to architect, deploy, and manage resources in Google Cloud.

I finished the test in 65 minutes. As with other certification exams I’ve taken, I don’t use 3rd party courses for studying, and instead read through the official documentation that pertains to the topics in the exam overview. Also, the sample test is extremely valuable both to gauge your understanding and as a self-contained study guide. Hint: read through the explanations of the incorrect answers, and follow documentation links.

The exam includes two of the four case studies. While reading through these in advance is probably helpful and may save you some time, it doesn’t change the basic scope of material that is covered. You’ll still need to reason about the case study questions in the same way you’d reason about the other scenario questions in the test.

Here’s a non-exhaustive list of topics that you’ll need to know, roughly in order of importance:

1. IAM and Resource Manager are simple and straightforward concepts to understand, but they are everywhere on the test — any gaps in knowledge here will cost you. Understand best practices around org policies, folders, and projects; know how permission inheritance works (and how it doesn’t work); and know service accounts inside-out. A lot of questions involve preventing users from doing stuff they aren’t supposed to (e.g. modifying Project resources, accessing restricted data).
2. Hybrid Connectivity is a heavily-covered topic on the exam. Know when to use partner vs. direct interconnect, know Classic vs. HA Cloud VPNs, and know the advantages and limitations to each approach — especially concerning how each method deals with IP address ranges, availability requirements, and cost.
3. Cloud Storage Buckets are another deceptively simple concept that feature prominently in test questions. Understand permissioning and how to restrict public access. Know when to use retention, versioning, and lifecycle policies — especially as they relate to regulatory compliance.
4. Compute Engine— make sure you understand the differences between instance vs. persistent disks (as well as regional PDs). MIGs vs. unmanaged instance groups. Most GCE questions were not straightforwardly academic, but instead tested your knowledge through real-world scenarios.
5. Networking is another pervasive concept that is imbued into many scenario questions, and is occasionally tested directly. Load Balancers will come up in the test. Understand firewall rules (including rules logging) and network tags. Understand VPCs and subnets, especially as they relate to Hybrid Connectivity.
6. Security and Compliance will often appear as a constraint in scenario questions, and you’ll need to know how to get something done within security or compliance constraints. For all exam questions, always assume the principle of least privilege. Security will relate closely to IAM as well as Networking. Make sure you know when to use Cloud KMS and how to set up key rotation and understand when to use DLP (usually to remove PII from something).
7. Logging and Monitoring — make sure you understand logging exports, alerts, and best practices around monitoring and debugging both inside of GKE and in general. You usually want to create a dedicated project for log aggregation and analysis, and don’t export to a Storage Bucket if someone needs to do detailed analysis.

There are also a few bits of what I’ll call “trivia” that I’ve seen come up in each test:

• know that Billing Exports to BigQuery only captures billing data that is produced after it’s been enabled
• Bigtable keys need to be evenly spaced to prevent hotspots
• To lift-and-shift a Spark cluster with minimal changes, use Dataproc
• make sure you know how to do parallel GCS uploads using gsutil
• Firebase Test Lab is a thing that exists

I hope this was helpful to anyone who is studying for the latest Google Cloud Professional Architect certification exam. Good luck!