What does the Google Cloud Professional Cloud Architect exam cover?
The Google Cloud Professional Cloud Architect exam covers designing and implementing cloud solutions using Google Cloud services, including architecture design for reliability, security, compliance, and cost optimization. Candidates must analyze case studies describing business and technical requirements and select the appropriate GCP services and design patterns. The exam costs $200 USD and is one of the highest-paying cloud certifications.
The Google Cloud Professional Cloud Architect (PCA) certification validates expert-level ability to design enterprise cloud solutions on GCP. It is one of Google Cloud's most prestigious certifications and consistently ranks among the highest-paying IT certifications globally — Professional Cloud Architects earn an average of $175,000+ USD annually in the United States.
Unlike the Associate Cloud Engineer which tests administration skills, the PCA tests design thinking: understanding trade-offs between services, designing for resilience, security, and scale, and aligning technical solutions with business requirements. The exam includes case studies that candidates analyze ahead of time.
Exam Overview
| Detail | Information |
|---|---|
| Certification | Professional Cloud Architect |
| Provider | Google Cloud |
| Number of Questions | 50-60 |
| Time Limit | 2 hours |
| Passing Score | Not published |
| Cost | $200 USD |
| Prerequisites | ACE recommended (not required) |
| Validity | 2 years |
The exam covers four sections:
- Designing and planning a cloud solution architecture (26%)
- Managing and provisioning a solution infrastructure (22%)
- Designing for security and compliance (20%)
- Analyzing and optimizing technical and business processes (18%)
- Managing implementation (14%)
"The PCA exam is fundamentally about trade-offs. Every technical decision involves trade-offs between cost, performance, reliability, security, and operational complexity. The exam tests whether you can identify the scenario's primary constraint, eliminate architectures that violate that constraint, and choose the design that best satisfies the overall requirements. Knowing every GCP service is less important than knowing how to reason about architecture choices." -- Google Cloud Certified Professional Cloud Architect community
Case Study Analysis
Exam Case Studies
The PCA exam includes two case study companies that candidates can study before the exam:
Dress4Win: A fashion startup migrating from on-premises to Google Cloud, requiring scalable web infrastructure and data analytics capabilities.
Mountkirk Games: A mobile gaming company requiring a globally scalable game backend with low-latency multiplayer support.
TerramEarth: An equipment manufacturer needing IoT data processing and analytics for millions of connected devices.
Helicopter Racing League: A streaming sports organization requiring low-latency video streaming and analytics.
Case study questions ask which GCP services and architectural patterns best address the company's stated business and technical requirements.
How to Analyze Case Study Requirements
Business requirements → Technical requirements → GCP services
Business requirement: "Scale to 10 million concurrent users during events"
↓
Technical requirement: "Horizontally scalable compute with global distribution"
↓
GCP services: Cloud CDN + Cloud Load Balancing + GKE Autopilot or Cloud Run
Business requirement: "Process sensor data from 1 million devices in real time"
↓
Technical requirement: "Managed streaming ingest with low latency"
↓
GCP services: Pub/Sub → Dataflow → BigQuery (streaming inserts)
Compute and Container Architecture
Compute Selection Framework
| Scenario | Recommended Service | Reasoning |
|---|---|---|
| Existing VM-based application | Compute Engine | Lift-and-shift, full OS control |
| Containerized microservices | GKE or Cloud Run | Container orchestration |
| Event-driven functions | Cloud Functions | Serverless, event-triggered |
| Stateless HTTP services | Cloud Run | Serverless containers, scale to zero |
| Long-running batch jobs | Compute Engine or GKE batch | Custom resources, long duration |
GKE architecture patterns:
Multi-regional GKE for High Availability:
Cloud Load Balancing (global, anycast)
│
┌───────┴───────┐
│ │
GKE us-central1 GKE europe-west1
(Regional cluster) (Regional cluster)
│ │
Pods Pods
│ │
Cloud Spanner (Multi-regional, synchronous replication)
Data Architecture
Choosing the Right Database
| Database | Type | Use Case | Key Feature |
|---|---|---|---|
| Cloud SQL | Relational (MySQL, PostgreSQL, MSSQL) | OLTP, web apps | Managed relational |
| Cloud Spanner | Relational + globally distributed | Global OLTP | Horizontal scale + ACID |
| Firestore | Document NoSQL | Mobile/web apps | Real-time sync, offline |
| Cloud Bigtable | Wide-column NoSQL | Time-series, IoT, AdTech | Petabyte scale, low latency |
| BigQuery | Analytical warehouse | OLAP, data analysis | Serverless, SQL at scale |
| Memorystore | In-memory (Redis/Memcached) | Caching, sessions | Sub-millisecond latency |
Decision tree for databases:
Is it relational?
Yes → Need global scale with strong consistency?
Yes → Cloud Spanner
No → Cloud SQL
No → Is it time-series or high-throughput (>1TB writes/day)?
Yes → Cloud Bigtable
No → Is it analytical (batch queries, reporting)?
Yes → BigQuery
No → Is it document-based with real-time sync?
Yes → Firestore
No → Need caching?
Yes → Memorystore
Data Pipeline Architecture
Batch:
Raw data → Cloud Storage → Dataflow (Apache Beam) → BigQuery
Streaming:
Pub/Sub → Dataflow (streaming) → BigQuery (streaming inserts)
→ Bigtable (real-time serving)
ML Pipeline:
BigQuery → Vertex AI Datasets → Vertex AI Training → Model Registry → Prediction
High Availability and Disaster Recovery
Availability Zones and Regions
Zone: A single failure domain within a region (us-central1-a, us-central1-b) Region: A geographic area with multiple zones (us-central1) Multi-region: Geographically distributed locations (US, EU, ASIA)
HA design patterns:
| Pattern | RPO | RTO | Cost | Use Case |
|---|---|---|---|---|
| Multi-zone | Near zero | < 5 min | Low | Most production workloads |
| Multi-region (active-passive) | Minutes | 15-60 min | Medium | DR requirements |
| Multi-region (active-active) | Near zero | < 5 min | High | Global applications |
Cloud Spanner multi-region provides synchronous replication across regions with no data loss and automatic failover — the only database offering this at global scale.
Security Architecture
Defense in Depth on GCP
Network security layers:
Internet
│
[Cloud Armor] (WAF, DDoS protection)
│
[Cloud Load Balancing] (SSL termination)
│
[VPC Firewall Rules] (stateful L4 filtering)
│
[Private Google Access] (internal services only)
│
[Service Account + IAM] (identity-based access)
│
[CMEK / Cloud KMS] (encryption at rest)
VPC Service Controls: Create perimeters around GCP resources to prevent data exfiltration, even by authenticated users:
VPC Service Perimeter: "production-perimeter"
Restricted services: BigQuery, Cloud Storage, Cloud SQL
Allowed access: only from corp network + service accounts
Enforced policy: deny access from outside perimeter even with valid credentials
Encryption Architecture
Customer-managed encryption keys (CMEK):
- Store encryption keys in Cloud KMS (Key Management Service)
- Rotate keys on schedule (90-day rotation policy)
- Destroy key → data becomes unreadable (crypto-shredding for data deletion)
Cloud HSM: Hardware Security Module for keys requiring FIPS 140-2 Level 3 compliance.
Frequently Asked Questions
What is the difference between Professional Cloud Architect and Professional Cloud DevOps Engineer? Professional Cloud Architect focuses on designing scalable, secure, and reliable cloud solutions — selecting the right GCP services for business requirements and making architecture trade-off decisions. Professional Cloud DevOps Engineer focuses on implementing CI/CD pipelines, SLOs, monitoring, and operational excellence. Both are professional-level certifications; the Architect is more design-focused and the DevOps Engineer is more operational. Many GCP professionals hold both.
Do I need to memorize all GCP services for the PCA exam? You need sufficient familiarity with GCP's core service categories to reason about which service fits a given scenario. You do not need to memorize API details, pricing specifics, or obscure feature flags. The most important areas are: compute options and when to use each, database selection criteria, data pipeline architecture (Pub/Sub, Dataflow, BigQuery), networking (VPC, load balancing, Cloud CDN), security (IAM, VPC Service Controls, Cloud Armor), and HA/DR design patterns.
How much GCP hands-on experience do I need for the PCA exam? Most successful PCA candidates have 6-12 months of hands-on GCP experience. Google Cloud Skill Boost (formerly Qwiklabs) provides structured learning paths and hands-on labs that build the necessary experience. Working through the ACE certification first provides foundational hands-on experience. The case study portion of the exam tests reasoning about architectures you may not have built personally but can analyze based on your understanding of service capabilities.
References
- Google Cloud. (2025). Professional Cloud Architect Certification. https://cloud.google.com/certification/cloud-architect
- Google Cloud. (2025). Cloud Architecture Center. https://cloud.google.com/architecture
- Google Cloud. (2025). Professional Cloud Architect Exam Guide. https://cloud.google.com/certification/guides/professional-cloud-architect
- Lakshmanan, V. (2022). Data Science on the Google Cloud Platform. O'Reilly Media.
- Google Cloud. (2025). Case Studies. https://cloud.google.com/certification/cloud-architect
- Geewax, J.J. (2021). Google Cloud in Action. Manning Publications.