DEV Community

ExamCert.App
ExamCert.App

Posted on

GCP Professional Cloud Developer Exam: A Domain-by-Domain Breakdown

Google Cloud Professional Cloud Developer

If you searched for gcp-professional-cloud-developer practice questions free and landed here, good — you're in the right place. Before you grind through questions, it helps to understand exactly what each domain is testing. The PCD exam trips up a lot of engineers who code every day but have never thought deliberately about which GCP primitives solve which problems at scale.

This post breaks down the five core domains, explains what the exam is actually probing within each one, and flags where most candidates lose points.

Start by locking in some free GCP Professional Cloud Developer practice questions so you have a baseline before reading this — the domain map will make a lot more sense if you have already seen the question style.

Domain 1 — Designing Highly Scalable, Available, and Reliable Cloud-Native Applications

This domain sits at the top of the blueprint for a reason. Google wants to know whether you can architect for failure before you write a single line of code.

Key concepts the exam drills:

  • Microservices decomposition: When to split services and what the coupling cost is. The exam loves questions where a monolith migration is presented and you must choose the least disruptive decomposition path.
  • 12-factor app principles: Stateless processes, config via environment, port binding — expect scenarios that ask you to spot a violation and recommend a fix.
  • Data consistency models: Strong vs. eventual consistency, when to use Spanner (globally consistent) vs. Firestore (eventually consistent by default). Wrong choice here usually means wrong answer.
  • Resilience patterns: Circuit breakers, retry with exponential backoff, bulkheads. The exam frames these as real service-to-service communication failures.
  • API design: REST vs. gRPC trade-offs, versioning strategies, and what to do when a downstream API changes.

Most candidates underestimate this domain. It looks theoretical but the questions are almost always grounded in a specific GCP service choice. "You need a globally consistent, transactional database for a financial ledger" almost always maps to Spanner, not Firestore.

Domain 2 — Building and Testing Applications

This is where the exam gets hands-on. You need to know the compute options cold.

Cloud Run is the star of this domain now. Expect questions about:

  • Container requirements (must listen on PORT env var, must start within the configured startup timeout)
  • Concurrency settings and when to tune them
  • Min instances vs. max instances trade-offs (cold starts vs. cost)
  • Connecting Cloud Run to VPC using Serverless VPC Access connector

GKE questions focus on:

  • Workload identity (replacing node service accounts with per-pod identity)
  • Horizontal Pod Autoscaler vs. Vertical Pod Autoscaler vs. Cluster Autoscaler — knowing which layer to pull
  • Liveness vs. readiness vs. startup probes and what breaks when you misconfigure them
  • Spot/Preemptible node pools and when they are appropriate

Cloud Functions (both gen 1 and gen 2):

  • Trigger types: HTTP, Pub/Sub, Cloud Storage events, Eventarc
  • Cold start mitigation: minimum instances, concurrency (gen 2 only)
  • Execution environment lifecycle and why you cannot rely on in-memory state across invocations

App Engine still appears in legacy migration scenarios. Know the difference between Standard (sandbox, limited runtimes, fast scale) and Flexible (Docker, slower spin-up, more control). The exam occasionally asks which you migrate to — usually Standard unless the workload needs a custom runtime.

Testing: The exam expects you to know the difference between unit tests (mock all GCP clients), integration tests (test against emulators — Firestore emulator, Pub/Sub emulator), and load tests (use Cloud Load Testing or Artillery against a staging environment). A question pattern: "Which testing approach validates that your Cloud Run service correctly writes to Firestore under concurrent load?" The answer involves integration tests with the Firestore emulator, not unit tests with mocks.

Domain 3 — Deploying Applications

The deployment domain is heavily weighted toward CI/CD on GCP native tooling.

Cloud Build is central. You need to understand:

  • cloudbuild.yaml structure: steps, substitutions, artifacts, images
  • Triggering builds from Cloud Source Repositories, GitHub, or Bitbucket
  • Build-time secret injection via Secret Manager (NOT hardcoded in the YAML)
  • Build triggers: push to branch, pull request, tag

Here is a minimal cloudbuild.yaml pattern the exam might reference:

steps:
  - name: 'gcr.io/cloud-builders/docker'
    args: ['build', '-t', 'us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA', '.']
  - name: 'gcr.io/cloud-builders/docker'
    args: ['push', 'us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA']
images:
  - 'us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA'
Enter fullscreen mode Exit fullscreen mode

Artifact Registry has replaced Container Registry for new workloads. Know the difference between the two, the repository format types (Docker, Maven, npm, Python), and how IAM roles (Artifact Registry Reader vs. Writer) are applied.

Deployment strategies: Blue/green vs. canary vs. rolling. Cloud Run makes traffic splitting straightforward with --traffic flags. GKE deployments use RollingUpdate or Recreate strategy in the Deployment spec. The exam asks you to pick the strategy with the lowest blast radius or zero downtime constraint.

# Split 10% of traffic to new revision in Cloud Run
gcloud run services update-traffic my-service \
  --to-revisions my-service-v2=10,LATEST=0 \
  --region us-central1
Enter fullscreen mode Exit fullscreen mode

Binary Authorization: A cluster policy that enforces only attested images run in GKE. The exam tests whether you know where attestation happens (in Cloud Build, by an attestor) and what happens when an image fails the policy (pod is rejected at admission).

Domain 4 — Integrating Google Cloud Services

This domain tests breadth. You need to know the integration layer services well enough to pick the right one for a given architectural constraint.

Pub/Sub: The exam's most-tested messaging service. Know push vs. pull delivery, subscription types (standard vs. exactly-once), message ordering keys, dead-letter topics, and retry policies. A common trap: "Which configuration guarantees message ordering for a single supplier?" — answer is ordered delivery with a message ordering key enabled on the subscription, not standard pull.

Firestore: Document database with strong consistency (in Datastore mode) or multi-document transactions (in Native mode). The exam asks when you choose Native mode (mobile/web SDKs, real-time listeners) vs. Datastore mode (existing App Engine apps, server-side workloads). Know indexes — composite indexes are required for queries with multiple field filters plus an order-by.

Cloud SQL vs. Cloud Spanner: SQL questions usually resolve to scale and geography. Cloud SQL is managed PostgreSQL/MySQL/SQL Server — single region, vertical scaling, read replicas. Spanner is horizontally scalable, globally distributed, 99.999% SLA. If the question says "global", "financial", "transactional", and "scale to millions of rows", it is Spanner.

Cloud Storage: Know the storage classes (Standard, Nearline, Coldline, Archive) and their retrieval SLAs and costs. Object lifecycle policies, signed URLs for temporary access, and HMAC keys for service account authentication to the XML API all appear.

Eventarc has grown in exam weight as the unified eventing layer connecting Cloud Run, Cloud Functions (gen 2), and GKE to GCP events and Pub/Sub topics.

Domain 5 — Managing Application Performance Monitoring

The ops domain. You are expected to know Google Cloud's observability stack end to end.

Cloud Logging: Structured vs. unstructured logs, log-based metrics, log sinks to BigQuery/Pub/Sub/Cloud Storage, exclusion filters, retention policies. Know how to write structured JSON logs from your application so they parse correctly in the Logs Explorer.

Cloud Monitoring: Uptime checks, alerting policies, notification channels, custom metrics via the Monitoring API or OpenTelemetry. The exam tests metric descriptor creation and what GAUGE vs. CUMULATIVE vs. DELTA metric kinds mean.

Error Reporting: Automatic grouping of application exceptions. Supports Node.js, Python, Go, Java, Ruby, PHP. Know that it integrates with Cloud Logging — if you write a properly formatted stack trace to stdout, Error Reporting picks it up automatically on Cloud Run.

Cloud Trace: Distributed tracing. Know how trace context propagates between services (via X-Cloud-Trace-Context header or W3C Trace Context), what latency data a trace captures, and how to identify bottlenecks across a microservices call chain.

Cloud Profiler: Continuous CPU and heap profiling with minimal overhead. The exam distinguishes it from Trace — Trace answers "where did latency come from across services," Profiler answers "which function inside this service is burning CPU."

How to Study This Efficiently

Work domain by domain, not question by question. For each domain: read the official Google documentation for the services listed, then immediately run practice questions scoped to that domain. The GCP Professional Cloud Developer exam page on ExamCert has mapped questions by topic area so you can drill weaknesses without rehashing what you already know.

The PCD is not a memorization exam. Every question presents a scenario and a constraint — cost, latency, consistency, scale, zero downtime — and asks you to pick the service and configuration that satisfies it. If you understand why each service exists and what trade-off it makes, you will outperform candidates who only drilled flashcards.

Go build something on GCP this week. Deploy it with Cloud Build. Then take a practice test. That combination closes the gap faster than reading alone.

Top comments (0)