4. Core Concepts by Domain
Domain 1: Digital Transformation with Google Cloud
1.1 Digital transformation
Digital transformation is the use of technology to redesign processes, customer experiences, and business models. It is broader than migrating an application to a new hosting location.
| Concept |
Meaning |
Exam clue |
| Digital transformation |
Business redesign enabled by technology |
New customer experience, faster delivery, new operating model |
| Cloud-native |
Design that intentionally uses cloud capabilities |
Managed services, elasticity, automation, microservices |
| Open source |
Source code can be inspected, used, and modified under its license |
Flexibility, ecosystem, portability |
| Open standard |
Publicly available standard supporting interoperability |
Freedom of choice, reduced unnecessary dependency |
| Transformation cloud |
Cloud capabilities accelerating organization-wide change |
Modernization, data democratization, collaboration, trusted transactions |
Exam rule: Moving an unchanged application to a VM is usually a rehost, not automatically a cloud-native transformation.
1.2 Cloud value concepts
| Concept |
Definition |
Common trap |
| Scalability |
Ability to handle increased workload demand |
Do not confuse with dynamic adjustment |
| Elasticity |
Increase or decrease resources as demand changes |
Often paired with unpredictable demand |
| Agility |
Ability to experiment and deliver changes faster |
Not the same as network latency |
| Flexibility |
Ability to adapt technology choices to needs |
Often linked to cloud service options |
| Reliability |
Ability to perform consistently |
Improved by resilient architecture |
| Total cost of ownership (TCO) |
Lifecycle cost including infrastructure, staffing, maintenance, and operations |
Do not compare list prices only |
| CapEx |
Upfront capital expenditure, such as owned hardware |
Traditional data-center purchases |
| OpEx |
Operating expenditure aligned more closely to usage |
Typical cloud-consumption model |
Decision rule: When the scenario mentions seasonal spikes or avoiding idle servers, think elasticity and usage-aligned cost.
1.3 Deployment models
| Model |
Description |
Best-fit scenario |
Top trap |
| Public cloud |
Shared provider infrastructure consumed as services |
Speed, scale, managed capabilities |
Not always the right answer for every constraint |
| Private cloud |
Cloud-like environment dedicated to one organization |
Greater dedicated control |
May reduce access to public-cloud economies of scale |
| Hybrid cloud |
Combination of on-premises or private environment and public cloud |
Regulated system stays on-premises while selected cloud services are used |
Do not confuse with multicloud |
| Multicloud |
Services from more than one cloud provider |
Specialized capabilities, resilience strategy, concentration-risk management |
Does not necessarily include on-premises infrastructure |
Memory rule:
Hybrid = home plus cloud.
Multicloud = multiple cloud providers.
1.4 Regions, zones, and network basics
| Term |
Meaning |
| IP address |
Numeric identifier used for network communication |
| ISP |
Internet service provider supplying connectivity |
| DNS |
Resolves human-readable domain names to network addresses |
| Region |
Geographic area containing cloud infrastructure |
| Zone |
Deployment area within a region |
| Latency |
Delay before data travels between points |
| Bandwidth |
Amount of data transferred over time |
| Fiber optics |
High-speed data transmission medium |
| Subsea cable |
Undersea network cable connecting geographies |
| Network edge data center |
Infrastructure closer to users to improve reach and performance |
Exam rule: Regions and zones improve placement choices for latency, resilience, and geographic requirements. They do not guarantee zero downtime by themselves.
1.5 IaaS, PaaS, and SaaS
| Model |
Customer focuses on |
Provider manages more of |
Best-fit clue |
| IaaS |
VMs, guest OS, installed software, application configuration |
Physical infrastructure |
Maximum VM and operating-system control |
| PaaS |
Application code and data |
More of runtime, platform, and infrastructure |
Deploy code without managing operating systems |
| SaaS |
Using the finished application |
Application stack and infrastructure |
Complete subscription application |
Exam rule: As you move from IaaS to PaaS to SaaS, the provider manages more of the stack. The customer still retains responsibilities appropriate to the service model.
1.6 Shared responsibility
The provider secures the underlying cloud infrastructure. The customer remains responsible for appropriate configuration, identities, access, and data handling depending on the service.
| Environment |
Provider responsibility |
Customer responsibility |
| On-premises |
Minimal or none for the customer's infrastructure |
Physical security, hardware, software, identities, configurations, data |
| IaaS |
Physical data centers and underlying infrastructure |
Guest OS, applications, identities, configurations, data |
| PaaS |
Infrastructure and more of the platform |
Application logic, identities, data, appropriate configuration |
| SaaS |
Full application stack and infrastructure |
Users, access, data usage, configuration options |
Trap: “The cloud provider is responsible for all security” is almost always wrong.
Domain 2: Exploring Data Transformation with Google Cloud
2.1 Data creates business value
Data can:
- Support faster and better decisions
- Reveal customer and operational patterns
- Improve processes
- Enable automation
- Create new products and services
- Unlock previously unused unstructured information
2.2 Structured and unstructured data
| Type |
Description |
Examples |
| Structured data |
Defined schema, commonly rows and columns |
Orders, invoices, inventory tables |
| Unstructured data |
Does not naturally follow a fixed tabular model |
Images, audio recordings, scanned documents, free-form text |
2.3 Database, warehouse, and lake
| Concept |
Primary purpose |
Exam clue |
| Database |
Operational storage for applications |
Transactions, application reads and writes |
| Data warehouse |
Analytics on curated data |
Historical analysis, BI, large-scale queries |
| Data lake |
Large volumes of raw or varied data |
Store diverse data before later processing |
2.4 Data governance
Data governance is essential for trustworthy data use. It covers:
- Quality
- Ownership
- Access
- Accountability
- Metadata
- Policies
- Compliance
- Responsible use
Trap: More data does not remove the need for governance. It increases the need for governance.
2.5 Google Cloud data management services
| Service |
Data model and purpose |
Choose it when |
Do not choose it when |
| Cloud Storage |
Object storage |
Images, documents, media, backups, files |
The primary requirement is relational transactions |
| Cloud SQL |
Managed relational database |
Conventional SQL application workload |
The requirement is global horizontal scaling with strong consistency |
| Cloud Spanner |
Globally scalable relational database with strong consistency |
Global transactional applications requiring relational semantics |
A simple regional relational application is enough |
| Cloud Bigtable |
Wide-column NoSQL database |
Large, low-latency, high-throughput workloads such as time-series data |
The goal is ad hoc BI analytics |
| Firestore |
NoSQL document database |
Flexible mobile and web application data |
The requirement is relational joins and traditional SQL |
| BigQuery |
Serverless managed data warehouse and analytics engine |
Large-scale analytics, historical data, BI, multicloud analytics use cases |
The workload is a low-latency operational transaction database |
2.6 Cloud Storage classes
| Storage class |
Typical access pattern |
Use case |
| Standard |
Frequent access |
Website assets, active files |
| Nearline |
About monthly access |
Backups or infrequently used content |
| Coldline |
About quarterly access |
Rarely accessed data with occasional retrieval |
| Archive |
Less than once a year |
Long-term retention and lowest-cost rare access |
Memory rule:
Standard = active. Nearline = monthly. Coldline = quarterly. Archive = yearly or rarer.
2.7 Analytics, BI, and streaming
| Service |
Purpose |
Exam clue |
| BigQuery |
Serverless analytics warehouse |
Analyze large datasets |
| Looker |
Governed self-service BI and dashboards |
Business users need accessible reports and insights |
| Pub/Sub |
Asynchronous messaging and event ingestion |
Receive events continuously |
| Dataflow |
Batch and streaming data processing |
Transform or process event streams |
Common architecture:
Event source → Pub/Sub → Dataflow → BigQuery → Looker
Trap: Looker visualizes and democratizes access to insights. It is not the ingestion system or streaming-processing engine.
Domain 3: Innovating with Google Cloud Artificial Intelligence
3.1 AI, ML, analytics, and BI
| Concept |
Focus |
| AI |
Broad field of systems performing tasks associated with intelligence |
| ML |
Systems learn patterns from data to predict, classify, recommend, or automate |
| Data analytics |
Investigate data for insight |
| BI |
Dashboards, reports, and decision support |
Decision rule: BI often explains what happened. ML can learn patterns to predict or automate.
3.2 Data quality and responsible AI
A model is only as useful as its data, evaluation, and governance. Important considerations include:
- Accuracy
- Representativeness
- Bias
- Explainability
- Fairness
- Monitoring
- Accountability
- Appropriate human review
Trap: Managed AI services do not automatically fix poor-quality or biased data.
3.3 Select the right AI approach
| Approach |
Speed |
Customization |
Required expertise |
Best-fit scenario |
| Pre-trained API |
Highest |
Low |
Low |
Common capability such as translation or image labeling |
| AutoML |
Medium |
Medium |
Medium |
Train a model on your data with reduced specialist effort |
| Custom model with Vertex AI |
Lower initial speed |
Highest |
Higher |
Proprietary use case where differentiation justifies the effort |
Decision rule: Select the simplest approach that satisfies the business requirement.
3.4 BigQuery ML
Use BigQuery ML when analysts want to create and execute ML models in BigQuery using SQL.
Exam clue: Data is already in BigQuery, and the team has SQL skills.
3.5 Pre-trained APIs
| API |
Input |
Output or purpose |
Exam clue |
| Vision API |
Images |
Labels, objects, image analysis |
Analyze photographs |
| Natural Language API |
Text |
Sentiment, entities, text insights |
Analyze support tickets |
| Cloud Translation API |
Text |
Translated text |
Convert content between languages |
| Speech-to-Text API |
Audio |
Written transcript |
Transcribe calls |
| Text-to-Speech API |
Text |
Spoken audio |
Generate accessible audio |
Memory rule:
Speech-to-Text listens. Text-to-Speech speaks.
3.6 TensorFlow and Cloud TPU
| Term |
Meaning |
| TensorFlow |
Open source set of tools for building and training ML models |
| Cloud TPU |
Google hardware optimized for ML workloads and TensorFlow performance |
Domain 4: Modernize Infrastructure and Applications with Google Cloud
4.1 Migration paths
Different workloads should follow different migration paths.
| Path |
Meaning |
Scenario clue |
| Retire |
Remove application |
No longer used or valuable |
| Retain |
Keep application in current environment for now |
Constraint prevents migration |
| Rehost |
Move with minimal change; lift and shift |
Fast move, legacy application, deadline |
| Replatform |
Move and improve with targeted changes |
Managed platform with modest changes |
| Refactor |
Redesign architecture substantially |
Cloud-native microservices, agility |
| Reimagine |
Build a fundamentally new digital experience |
New product or customer journey |
Memory rule:
Rehost = relocate. Replatform = improve. Refactor = redesign. Reimagine = reinvent.
4.2 VMs, containers, and serverless
| Compute style |
What it provides |
Best-fit clue |
| VM |
Full machine abstraction with guest OS |
Need OS-level control or specialized legacy environment |
| Container |
Packaged application and dependencies |
Portability, microservices, consistent deployments |
| Serverless |
Provider abstracts infrastructure operations |
Minimal administration, event-driven workload, usage-based scaling |
4.3 Compute services
| Service |
Choose it when |
Closest alternative and why it fails |
| Compute Engine |
You need VMs and guest-OS control |
Cloud Run abstracts the VM layer |
| Cloud Run |
You want a managed serverless platform for containerized HTTP applications |
GKE is more appropriate when Kubernetes control is required |
| Cloud Functions |
You need event-driven serverless code, such as reacting to a file upload |
Compute Engine adds unnecessary VM management |
| App Engine |
You want a managed application platform for deploying web applications |
Compute Engine requires more infrastructure administration |
| Google Kubernetes Engine (GKE) |
You need managed Kubernetes for complex container orchestration |
Cloud Run is simpler but does not provide a Kubernetes environment |
4.4 Supporting concepts
| Concept |
Meaning |
| Microservices |
Smaller services that can often be deployed independently |
| Kubernetes |
Container orchestration platform |
| Autoscaling |
Adjusts capacity based on demand |
| Load balancing |
Distributes traffic across serving resources |
| Preemptible VMs |
Lower-cost compute for fault-tolerant workloads that can tolerate interruption |
4.5 APIs and Apigee
An API is a controlled interface through which systems, developers, or partners access capabilities or data.
APIs can support:
- System integration
- Partner ecosystems
- Reusable digital services
- New distribution channels
- Monetization
Use Apigee API Management to manage, secure, publish, analyze, and potentially monetize APIs.
4.6 Anthos
Use Anthos when a question asks for a single control plane or management approach for hybrid or multicloud infrastructure.
Domain 5: Trust and Security with Google Cloud
5.1 Common threats
| Threat |
Description |
| Phishing |
Deceptive messages trick users into revealing credentials or taking unsafe actions |
| Ransomware |
Malicious software locks or encrypts data and demands payment |
| DDoS attack |
Traffic overwhelms a service to reduce availability |
5.2 CIA triad
| Principle |
Goal |
| Confidentiality |
Prevent unauthorized disclosure |
| Integrity |
Prevent unauthorized modification |
| Availability |
Ensure services and data remain accessible when needed |
5.3 Identity and evidence
| Concept |
Meaning |
Exam clue |
| Authentication |
Verify identity |
Who are you? |
| Authorization |
Determine allowed actions |
What may you do? |
| Auditing |
Record activities |
Who changed what and when? |
| Two-step verification (2SV) |
Add a second verification step |
Reduce risk if password is compromised |
| IAM |
Control access to cloud resources |
Least privilege, identities, permissions |
Memory rule:
Authenticate identity. Authorize actions. Audit evidence.
5.4 Encryption and defense in depth
Encryption protects data exposed to risks in different states, especially:
Google's multilayered defense-in-depth approach includes its own data-center design, purpose-built servers, networking, and security hardware and software.
Trap: Strong provider infrastructure does not eliminate customer responsibility for identity, data, and service configuration.
5.5 Cloud Armor and SecOps
| Service or practice |
Purpose |
| Cloud Armor |
Protect applications against network and web attacks, including DDoS |
| SecOps |
Continuously detect, investigate, and respond to threats |
5.6 Trust and compliance
| Concept |
Meaning |
| Transparency reports |
Help customers understand relevant provider practices and requests |
| Independent third-party audits |
Provide external assurance evidence |
| Data residency |
Geographic location where data is stored |
| Data sovereignty |
Legal and governmental authority that applies to data based on jurisdiction |
| Compliance resource center |
Information for industry and regional compliance needs |
| Compliance Reports Manager |
Access to compliance reports and documentation |
Memory rule:
Residency = where data rests. Sovereignty = which jurisdiction rules.
Domain 6: Scaling with Google Cloud Operations
6.1 Financial governance
Cloud cost control requires visibility, accountability, and guardrails.
| Tool or concept |
Purpose |
Trap |
| Resource hierarchy |
Organize resources and apply access policies consistently |
A larger VM does not create governance |
| Resource quota policies |
Limit resource consumption |
Not the same as a spending alert |
| Budget threshold rules |
Notify stakeholders when spend approaches a configured level |
Alerts do not directly stop consumption |
| Cloud Billing Reports |
Visualize spending and investigate cost drivers |
Not a security product |
Memory rule:
Quota limits usage. Budget alerts on spend. Billing Reports explain spend.
6.2 Reliability and resilience
| Concept |
Meaning |
Exam clue |
| Scalability |
Handle increased workload demand |
Growth |
| Fault tolerance |
Continue operating despite component failure |
Component failure |
| High availability |
Minimize downtime |
Service continuity |
| Disaster recovery |
Restore operations after a major incident |
Recovery plan |
| Monitoring and observability |
Understand system state and detect issues |
Evidence-based operations |
Trap: High availability and disaster recovery are related but not identical. High availability reduces disruption; disaster recovery restores operations after significant incidents.
6.3 DevOps and SRE
| Practice |
Focus |
| DevOps |
Collaboration and automation across development and operations |
| Site Reliability Engineering (SRE) |
Apply software-engineering principles to reliable operations |
6.4 Customer Care
Google Cloud Customer Care provides support options for adoption and operational issues.
When opening a support case, provide:
- Business impact
- Symptoms
- Relevant context
- Diagnostic information
- Timeline
- Steps already attempted
6.5 Sustainability
Cloud architecture and operational choices can support sustainability goals. Look for options that improve utilization, reduce waste, and provide information for more efficient decisions.