Google Cloud Professional Cloud Architect
Validates ability to design, develop, and manage robust, secure, scalable, and cost-effective cloud solutions using Google Cloud technologies. Covers solution architecture design, infrastructure provisioning, security and compliance, process optimization, implementation management, and operations excellence. Includes case-study-based questions. 50-60 questions in 2 hours. Recommended 3+ years industry experience; 2-year validity.
Exam domains
- Designing and planning a cloud solution architecture25%
Designing a solution infrastructure that meets business requirements (business use cases and product strategy, cost optimization, supporting application design, integration with external systems, movement of data, design decision trade-offs, build/buy/modify/deprecate, success measurements - KPIs, ROI, business continuity and disaster recovery, compliance and observability). Designing a solution infrastructure that meets technical requirements (high availability and failover design, elasticity of cloud resources with respect to quotas and limits, scalability to meet growth requirements, performance and latency). Designing network/storage/compute resources (integration with on-premises - hybrid, multi-cloud architecture; selection of quotas and reservations; choosing data processing technologies; choosing appropriate storage types; choosing compute resources). Creating a migration plan - documents and architectural diagrams; mapping out application dependencies; selecting an appropriate compute migration tool (Migrate to Virtual Machines, BigQuery Migration Service); identifying network design considerations, security design considerations, performance design considerations.
- Designing for security and compliance18%
Designing for security - identity and access management (IAM), Cloud Identity, resource hierarchy (organizations, folders, projects); data security (key management, encryption, secret management); separation of duties (SoD); security controls (auditing, VPC Service Controls, organization policy); managing customer-managed encryption keys with Cloud Key Management Service; remote access. Designing for compliance - legislation (e.g., HIPAA, COPPA, GDPR), commercial (e.g., sensitive data such as credit card information handling, PII), industry certifications (e.g., SOC 2 Type 2, ISO 27001, FedRAMP), audits (including logs). Threat detection with Security Command Center, Cloud Armor for DDoS protection, Cloud Logging audit logs.
Sources
Questions are grounded in 150 references from official and authoritative materials.