Google Cloud · PCD
Validates expertise in building and deploying scalable, secure, and highly available applications using Google Cloud tools and best practices.
Questions
600
Duration
120 minutes
Passing Score
Not disclosed
Difficulty
ProfessionalLast Updated
Jan 2026
Use this PCD practice exam to prepare for Google Cloud Certified - Professional Cloud Developer (PCD) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 600 questions for Google Cloud PCD, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to patterns in your missed answers. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The Google Cloud Certified Professional Cloud Developer (PCD) certification validates a practitioner's ability to design, build, test, deploy, and manage scalable, secure, and highly available cloud-native applications on Google Cloud. The exam covers the full application development lifecycle on Google Cloud, assessing proficiency with compute platforms such as Cloud Run, Google Kubernetes Engine (GKE), App Engine, and Cloud Functions, as well as managed data stores including Cloud SQL, AlloyDB, Spanner, Firestore, Bigtable, and Cloud Storage. Candidates must demonstrate fluency in integrating Google Cloud services—such as Pub/Sub, Eventarc, Cloud Tasks, Cloud Scheduler, API Gateway, and Cloud Endpoints—into event-driven and API-centric architectures.
The certification also tests knowledge of modern DevOps practices, including CI/CD pipeline construction with Cloud Build and Cloud Deploy, container image management via Artifact Registry, supply chain security with Binary Authorization, and application security using IAM, Identity-Aware Proxy, Secret Manager, and Cloud KMS. Observability skills—covering Cloud Monitoring, Cloud Logging, Cloud Trace, and Cloud Profiler—are also assessed, reflecting Google Cloud's emphasis on instrumenting applications to produce actionable metrics, logs, and traces.
This certification is designed for software engineers and developers who build and deploy applications on Google Cloud as part of their day-to-day responsibilities. Ideal candidates have hands-on experience with cloud-native patterns such as microservices, containerization, and serverless computing, and are comfortable with at least one general-purpose programming language. The exam is equally relevant to full-stack developers, backend engineers, and DevOps engineers who own the deployment and operational health of cloud-hosted applications.
Professionals transitioning from on-premises or other cloud environments who want to formalize their Google Cloud development skills will also benefit. Google recommends candidates have at least three years of industry experience, including one or more years of designing and managing solutions on Google Cloud.
Google Cloud does not enforce formal prerequisites for the Professional Cloud Developer exam; any candidate may register directly. However, Google recommends a minimum of three years of industry software development experience, with at least one year spent designing and managing solutions on Google Cloud. Candidates should be comfortable working with cloud-native application architectures, container orchestration, RESTful and gRPC APIs, managed databases, and serverless platforms before attempting the exam.
A strong practical foundation is more valuable than theoretical study alone. Candidates without significant hands-on Google Cloud experience are advised to complete the Professional Cloud Developer learning path on Google Cloud Skills Boost, which includes guided labs covering Cloud Run, GKE, Cloud Build, Cloud Functions, and core data services before sitting for the exam.
The Professional Cloud Developer exam consists of 50–60 multiple-choice and multiple-select questions and must be completed within 120 minutes. The registration fee is $200 USD plus applicable taxes. The exam is available in English and Japanese and can be taken either via online proctoring (remote, from any location with a webcam and stable internet connection) or in person at an authorized Kryterion testing center worldwide.
Google does not publicly disclose a specific passing score for this exam. Scoring uses a compensatory model in which overall performance across all domains determines the outcome, rather than requiring minimum scores in each individual section. The certification is valid for two years, after which candidates must recertify through the renewal process.
The Professional Cloud Developer certification is recognized by organizations that run production workloads on Google Cloud, making it a strong differentiator for software engineers, DevOps practitioners, and cloud architects operating in GCP environments. Certified professionals typically pursue roles such as Cloud Application Developer, Site Reliability Engineer, Cloud Solutions Engineer, and DevOps Engineer. The certification demonstrates mastery of the full cloud-native development lifecycle—from architecture design through deployment and observability—which aligns with the skillsets most in demand at enterprises undergoing cloud modernization.
Salary data from multiple industry sources places certified Google Cloud Professional Cloud Developer professionals in the $140,000–$180,000 USD range in the United States, varying by role, seniority, and geography. Compared to associate-level Google Cloud certifications, the PCD signals hands-on production experience and is often weighted alongside certifications like the AWS Certified Developer – Associate or Microsoft Azure Developer Associate, though the PCD's scope—covering security, CI/CD pipelines, and multi-service integration in depth—is generally considered broader.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 600 questions.
Preview — answers shown1. You're implementing blue-green deployments on GKE for a stateless web application. Both blue and green environments must run simultaneously, and traffic should switch instantly from blue to green after validation. Which implementation approach provides the cleanest traffic cutover?
Explanation
The Service selector approach is the cleanest Kubernetes-native blue-green implementation. Both Deployments run simultaneously with different labels (e.g., version: blue and version: green), and switching traffic is instantaneous by updating the Service selector. This requires no external tools and provides atomic cutover. Cloud Deploy is useful for managing deployments but adds complexity for a simple blue-green pattern. Separate clusters introduce significant operational overhead and cost for a stateless application. Istio weighted routing is more appropriate for canary deployments with gradual rollout - blue-green deployments require instant cutover, not gradual traffic shifting.
2. A media streaming company is implementing chaos engineering to test their GKE application's resilience. They want to randomly terminate pods, introduce network latency, and simulate node failures during business hours without affecting production traffic. Which solution meets these requirements?
Explanation
Chaos engineering frameworks like Chaos Mesh or Litmus provide controlled, reproducible experiments with precise targeting capabilities, safety controls, and integration with observability tools. Targeting non-production namespaces or specific deployments ensures you test resilience without risking customer experience. Manual pod deletion lacks reproducibility, automation, and proper controls. Preemptible nodes introduce random failures but don't provide controlled experiments for network latency, CPU stress, or other failure modes that chaos engineering tests. Alert-based pod deletion is dangerous and unpredictable, lacking the safety mechanisms and experimental rigor that proper chaos engineering tools provide.
3. A development team uses service accounts for Cloud Build to deploy applications to GKE. They need to follow security best practices and avoid using service account keys. How should Cloud Build authenticate to the GKE cluster?
Explanation
Short-lived credentials from the Service Account Credentials API provide time-limited access tokens (default 1 hour) for service account authentication without requiring long-lived keys. Cloud Build can generate these credentials during the build process using gcloud or API calls, eliminating key management risks. This is the recommended secure alternative to service account keys. Using the default service account works if it has proper permissions, but the question emphasizes avoiding keys and following best practices for authentication. Storing keys in Secret Manager improves key security but doesn't eliminate the fundamental risk of long-lived credentials. Keys should be avoided when alternatives exist. Workload Identity is for GKE pods accessing Google Cloud services, not for Cloud Build (which doesn't run in GKE) accessing GKE. Short-lived credentials provide the secure, keyless authentication the question requires.
4. A Cloud Function experiences occasional failures that are difficult to reproduce. You need to capture the complete application state when failures occur without adding extensive logging code. What should you implement?
Explanation
Cloud Debugger allows setting logpoints and snapshots that capture complete application state including variable values when specific code locations are reached, without modifying or redeploying code. This provides deep visibility into application behavior during failures. Try-catch blocks with logging require code changes and may not capture all relevant state. Cloud Error Reporting captures stack traces but not variable values or application state. Cloud Trace records timing and request flow but does not capture application state or variable values during failures.
5. A GKE application uses ConfigMaps to store configuration data. The security team requires that sensitive configuration values like API keys must be encrypted at rest and rotated regularly. What should you do?
Explanation
Secret Manager is purpose-built for storing sensitive credentials with encryption at rest, access controls, rotation capabilities, and audit logging. Storing sensitive values in Secret Manager while keeping non-sensitive configuration in ConfigMaps provides appropriate security for each data type. GKE Secrets are base64 encoded, not encrypted, and do not provide rotation capabilities. Application-layer encryption adds complexity and does not provide centralized secret management. Manually encrypting with Cloud KMS before storing in ConfigMaps requires custom key management and does not leverage Secret Manager's built-in features.
Google Cloud Certified - Professional Cloud Architect (PCA)
PCA · 1397 questions
Google Cloud Certified - Professional Cloud DevOps Engineer (PCDOps)
PCDOps · 1132 questions
Google Cloud Certified - Professional Machine Learning Engineer (PMLE)
PMLE · 1100 questions
Google Cloud Certified - Associate Data Practitioner (ADP)
ADP · 1089 questions
Google Cloud Certified - Professional Security Operations Engineer (PSOE)
PSOE · 1089 questions
Google Cloud Certified - Professional Cloud Security Engineer (PCSE)
PCSE · 1075 questions
$17.99
One-time access to this exam