GCP Professional Cloud Architect Certification Course

1. Exam Overview

The Google Cloud Professional Cloud Architect (PCA) exam tests whether you can design, plan, provision, secure, optimize, implement, and operate Google Cloud solutions that meet business goals. It is not mainly a memorization exam. It is a scenario exam: each question usually gives business constraints, technical requirements, risk tolerance, cost limits, migration context, and operational goals.

The exam expects you to think like an architect:

• Start from business requirements, not from favorite services.
• Prefer managed services when they reduce operational burden without violating requirements.
• Design for reliability, security, cost, performance, operational excellence, and sustainability together.
• Choose the simplest service that satisfies the requirements.
• Avoid over-engineering unless the scenario explicitly requires extra control.
• Recognize tradeoffs: consistency vs latency, cost vs RTO, serverless simplicity vs Kubernetes control, public access vs private connectivity, lift-and-shift speed vs modernization value.

The current standard exam format is approximately 50-60 multiple-choice and multiple-select questions, 2 hours, and includes case studies. Case-study questions commonly test whether you can apply architecture reasoning to a realistic company profile rather than choose a service from a keyword alone.

Use this course as follows:

1. Read the domain sections in order.
2. Memorize the service-selection tables.
3. Practice eliminating wrong answers using the trap patterns.
4. Revisit the final revision and checklist before exam day.

This guide was synthesized from the provided 1,051-row practice CSV and aligned to the latest official PCA exam domains and weights.

2. Exam Domains

Priority notes

• Domain 1 is the largest and most architecture-heavy. Spend the most time on tradeoffs and end-to-end designs.
• Domains 2 and 3 are equally important: infrastructure and security are frequent differentiators between plausible answers.
• Domains 4-6 often test process maturity: CI/CD, IaC, observability, SLOs, incident response, and business alignment.
• Google Cloud Well-Architected principles appear across all domains: operational excellence, security, reliability, performance, cost optimization, and sustainability.
• The latest guide includes modern AI/Gemini-related architecture topics. Know when to use managed AI products instead of building everything yourself.

3. Start-to-Finish Study Path

Foundation phase: build the mental map

Focus on what each service is for.

• Compute: Compute Engine, managed instance groups, GKE, Cloud Run, Cloud Run functions.
• Storage and databases: Cloud Storage, Filestore, Persistent Disk, Cloud SQL, Spanner, Firestore, Bigtable, Memorystore, BigQuery.
• Networking: VPC, subnets, routes, firewall rules, Cloud NAT, load balancing, Cloud CDN, Cloud VPN, Cloud Interconnect, Shared VPC, VPC peering, Private Service Connect.
• Security: IAM, service accounts, organization policy, Cloud KMS, Secret Manager, VPC Service Controls, Cloud Armor, IAP, Workload Identity Federation.
• Operations: Cloud Monitoring, Cloud Logging, Error Reporting, Trace, Profiler, SLOs, alerting, incident response.
• Delivery: Cloud Build, Cloud Deploy, Artifact Registry, Terraform, CI/CD, blue-green/canary releases.

Intermediate phase: learn service tradeoffs

Practice answering: why this service and not that one?

• Cloud Run vs GKE vs Compute Engine.
• Cloud SQL vs Spanner vs Firestore vs Bigtable.
• Pub/Sub vs direct synchronous API calls.
• Dataflow vs Dataproc vs BigQuery SQL.
• Cloud VPN vs Dedicated Interconnect.
• Shared VPC vs VPC peering vs Private Service Connect.
• IAM least privilege vs primitive roles.
• Cloud KMS vs default encryption vs Secret Manager.

Advanced phase: architecture scenarios

Work through complete designs:

• Global web application with CDN, global load balancing, autoscaling, Cloud Armor, and managed backend.
• Hybrid enterprise migration with Migration Center, dependency mapping, private connectivity, phased migration waves, and rollback.
• Event-driven analytics pipeline with Pub/Sub, Dataflow, BigQuery, Cloud Storage, and monitoring.
• Regulated healthcare/finance architecture with least privilege, CMEK, audit logs, VPC Service Controls, data residency, and separation of duties.
• AI solution using Gemini/Vertex AI/Agent Builder where the right answer favors managed services, governance, and secure data access.

Final review phase

• Review all service-selection tables.
• Drill exam traps: public IP exposure, primitive IAM roles, single-zone designs, unmanaged VMs, no monitoring, no rollback, no RTO/RPO testing.
• Practice case studies by extracting business and technical requirements before looking at answers.
• For multi-select questions, require each selected option to satisfy the scenario. One correct service plus one bad practice is still wrong.

4. Core Concepts by Domain

Domain 1: Designing and planning a cloud solution architecture

What this domain tests

This is the biggest domain. It tests whether you can translate business and technical requirements into a complete cloud architecture. You must balance availability, scalability, latency, security, cost, migration complexity, operational effort, and future growth.

Core concepts

• Requirement analysis: functional requirements, non-functional requirements, KPIs, ROI, regulatory constraints, operational constraints.
• Architecture tradeoffs: managed vs self-managed, regional vs global, synchronous vs asynchronous, relational vs NoSQL, serverless vs Kubernetes.
• High availability: multi-zone, multi-region, load balancing, autoscaling, health checks, failover design.
• DR planning: RTO, RPO, backup/restore, pilot light, warm standby, active-active.
• Migration planning: discovery, dependency mapping, migration waves, testing, rollback, licensing, network readiness.
• Cloud-first design: prefer managed and scalable services unless the scenario requires explicit control.
• Data movement: batch vs streaming, migration transfer tools, private connectivity, replication strategy.
• AI architecture: use Gemini/Vertex AI/Agent Builder/Model Garden for managed AI capabilities where appropriate.

Key services

• Compute: Cloud Run, GKE, Compute Engine, managed instance groups, Cloud Run functions.
• Storage and data: Cloud Storage, BigQuery, Cloud SQL, Spanner, Firestore, Bigtable, Filestore, Memorystore.
• Integration: Pub/Sub, Dataflow, Cloud Scheduler, Workflows, Eventarc.
• Networking: Cloud Load Balancing, Cloud CDN, Cloud Armor, Cloud NAT, Cloud VPN, Interconnect, Private Service Connect, Shared VPC.
• Migration: Migration Center, Migrate to Virtual Machines, Storage Transfer Service, Database Migration Service.

Frequently tested patterns

• Stateless web app: Cloud Run or GKE/managed instance group behind global external Application Load Balancer. Use Cloud CDN for static content.
• Petabyte analytics: BigQuery, not self-managed databases.
• Event streaming: Pub/Sub + Dataflow + BigQuery/Cloud Storage.
• Global relational consistency: Spanner.
• Simple relational app: Cloud SQL with HA and backups.
• Low-latency key-value or document app: Firestore.
• Wide-column high-throughput time-series: Bigtable.
• Private managed service access: Private Service Connect.
• Enterprise migration: assess first, map dependencies, migrate in waves, validate, rollback.

Traps

• Choosing a single VM with snapshots for high availability.
• Choosing Cloud SQL single-zone for critical production workloads requiring HA.
• Choosing GKE when the scenario asks for minimal operations and does not require Kubernetes.
• Choosing self-managed PostgreSQL or Hadoop when BigQuery/Dataflow/Dataproc better match scale and operational requirements.
• Migrating everything at once without dependency discovery.
• Ignoring RTO/RPO and assuming backups alone equal disaster recovery.
• Using public IP allowlists when the requirement asks for private connectivity.

Decision framework

1. Is the workload stateless and HTTP-based? Think Cloud Run first.
2. Does it require Kubernetes APIs, custom controllers, service mesh, or portability? Think GKE.
3. Does it require legacy OS, custom agents, or full VM control? Think Compute Engine.
4. Is it analytics SQL at huge scale? Think BigQuery.
5. Is it globally distributed relational OLTP with strong consistency? Think Spanner.
6. Is it a managed MySQL/PostgreSQL/SQL Server workload? Think Cloud SQL.
7. Is it event-driven or decoupled? Think Pub/Sub.
8. Is it streaming or batch transformation? Think Dataflow.
9. Is it a migration question? Think assessment, dependencies, waves, testing, rollback.

Domain 2: Managing and provisioning a cloud solution infrastructure

What this domain tests

This domain tests whether you can configure the infrastructure that supports a solution: networking, storage, compute, container platforms, serverless, hybrid connectivity, and AI/ML infrastructure.

Core concepts

• VPC design: custom mode VPCs, subnet planning, routes, firewall rules, hierarchical firewall policies.
• Hybrid and multicloud: Cloud VPN, Dedicated Interconnect, Partner Interconnect, HA VPN, Cloud Router, BGP.
• Load balancing: global vs regional, external vs internal, HTTP(S) vs TCP/UDP, health checks.
• Private connectivity: Private Google Access, Private Service Connect, VPC peering, Shared VPC.
• Compute provisioning: machine types, managed instance groups, autoscaling, Spot VMs, custom machine types, GPUs/TPUs.
• Container orchestration: GKE Standard vs Autopilot, Workload Identity, Binary Authorization, network policies.
• Serverless networking: VPC connectors, ingress/egress controls, Cloud Run service-to-service patterns.
• Storage provisioning: lifecycle management, retention, backup, replication, latency, growth planning.
• AI/ML infrastructure: Vertex AI pipelines, Model Garden, Gemini, GPUs/TPUs, AI Hypercomputer concepts.

Key services

• Network: VPC, Cloud Router, Cloud VPN, Dedicated/Partner Interconnect, Cloud NAT, Cloud Load Balancing, Cloud CDN, Cloud Armor, Private Service Connect.
• Compute: Compute Engine, MIGs, Spot VMs, GKE, Cloud Run, Cloud Run functions.
• Storage: Cloud Storage, Persistent Disk, Hyperdisk, Filestore, Cloud SQL, Spanner, Bigtable, Firestore.
• AI/ML: Vertex AI, Vertex AI Pipelines, Model Garden, Gemini, GPUs, TPUs.

Frequently tested patterns

• Outbound internet from private VMs: Cloud NAT.
• Inbound global HTTP app: global external Application Load Balancer.
• Static global content: Cloud Storage + Cloud CDN, or backend buckets.
• Private services across VPC/projects: Private Service Connect.
• Shared enterprise network: Shared VPC with host and service projects.
• Hybrid high-throughput low-latency: Dedicated Interconnect.
• Hybrid encrypted lower-cost connectivity: HA VPN.
• Fault-tolerant batch: Spot VMs with checkpointing/retries.
• Kubernetes with lower ops: GKE Autopilot.
• Kubernetes with maximum node/control flexibility: GKE Standard.

Traps

• Using Cloud NAT for inbound access. NAT is for outbound connections from private resources.
• Using VPC peering when transitive routing or centralized service publishing is required.
• Choosing VPN for guaranteed high throughput and low latency when Interconnect is required.
• Choosing unmanaged instance groups when managed instance groups provide autoscaling and autohealing.
• Using Spot VMs for non-interruptible critical workloads.
• Choosing Filestore for object storage or Cloud Storage for POSIX file semantics.