Back to learning centerHome

Master guide

Master Service List

Full PCA coverage checklist across compute, networking, storage, databases, security, analytics, AI, operations, DevOps, migration, and architecture concepts.

Google Cloud PCA
Master Service List

Professional Cloud Architect Exam Study Cheat Sheet

How to use this

• Use this as the master PCA coverage checklist.

• As you work practice questions, add your own use cases, gotchas, and confused-with notes.

• Prioritize the areas you do not already use at work: AI/GenAI, Google-specific identity, networking edge cases, database selection, migration, and Well-Architected tradeoffs.

High-Yield Study Focus

Area

What to drill

AI / GenAI

Vertex AI, Gemini Enterprise Agent Platform, Gemini models, Agent Builder, Model Garden, Model Armor, AI Hypercomputer

Identity & Governance

Resource hierarchy, Org Policy, IAM Conditions, service account impersonation, Workload Identity Federation, IAP, Context-Aware Access

Networking edge cases

PSC vs Private Google Access vs Cloud NAT, Shared VPC vs Peering, VPN vs Interconnect, Cloud Router/BGP, global vs regional load balancing

Database choices

Cloud SQL vs AlloyDB vs Spanner vs Bigtable vs Firestore vs BigQuery

Migration & Hybrid

Migration Center, GCVE, Bare Metal, Migrate to VMs, Migrate to Containers, DMS, GDC/GKE Enterprise

Well-Architected decisions

Availability, reliability, cost, performance, security, sustainability, and business tradeoffs

Section Index

#

Area

Items

1

Compute, Containers, and Serverless

23

2

Networking and Connectivity

35

3

Storage, Backup, and Data Transfer

23

4

Databases and Caching

14

5

Security, Identity, Governance, and Compliance

39

6

Data Analytics, BI, and Messaging

18

7

AI, ML, and GenAI

27

8

Application Integration and Serverless Orchestration

12

9

Operations, Observability, Reliability, and Cost

25

10

CI/CD, DevOps, IaC, and Software Supply Chain

24

11

Migration, Hybrid, and Multicloud

21

12

Business, Architecture, and Exam-Style Concepts

27

1. Compute, Containers, and Serverless

Focus: Google’s guide explicitly calls out mapping compute needs to GKE, Cloud Run, Cloud Run functions, spot VMs, custom machine types, specialized workloads, GCVE, and AI Hypercomputer.

Service / Concept

PCA Exam Trigger / Notes

Compute Engine / GCE

Core VM service

Managed Instance Groups / MIGs

Autoscaling, autohealing, rolling updates

Spot VMs / Preemptible VMs

Batch, fault-tolerant workloads

Custom machine types

Cost/performance tuning

Sole-tenant nodes

Licensing/compliance isolation

GPUs / TPUs / accelerators

AI/ML training and specialized compute

Google Kubernetes Engine / GKE

Managed Kubernetes

GKE Standard

More node/control flexibility

GKE Autopilot

More managed, less node management

Node auto-provisioning

GKE capacity automation

VPC-native GKE / alias IPs

Native pod/service IP design

Workload Identity for GKE

Secure GKE-to-Google API auth

GKE fleets / multi-cluster management

Important for enterprise/multicluster designs

Config Management / Config Sync

Policy/config consistency across clusters

Policy Controller

Governance/policy enforcement for GKE fleets

Cloud Run

Serverless containers, scale to zero

Cloud Run functions / Cloud Functions

Event-driven FaaS, now aligned with Cloud Run functions naming

App Engine Standard

PaaS, quick scale, opinionated runtime

App Engine Flexible

More flexible runtime/container options

Serverless VPC Access

Private VPC access from serverless

Google Cloud VMware Engine / GCVE

VMware lift-and-shift

Bare Metal Solution

Legacy/licensing-constrained workloads

AI Hypercomputer

AI infrastructure topic specifically called out in the exam guide

2. Networking and Connectivity

Focus: The exam guide specifically calls out VPC, peering, firewalls, load balancers, routing, container networking, Shared VPC, PSC, hybrid networking, multicloud networking, and security protection such as intrusion protection/access control/firewalls.

Service / Concept

PCA Exam Trigger / Notes

VPC

Global VPC, regional subnets

Subnets

Regional subnet design

Routes

Custom routes, dynamic routing

Firewall rules

Instance/network access control

Hierarchical firewall policies

Org/folder/project-level firewall governance

Shared VPC

Centralized network host project

Service projects

Workloads use host project network

VPC Network Peering

Private VPC-to-VPC, non-transitive

Private Service Connect / PSC

Private access to Google/third-party/producer services

Private Google Access

Private VM access to Google APIs without external IPs

Cloud NAT

Outbound internet for private instances

Cloud Router

Dynamic BGP for VPN/Interconnect

Cloud VPN

IPsec over public internet

HA VPN

99.99% SLA design, BGP

Classic VPN

Legacy/static lower priority

Cloud Interconnect

Private physical connectivity

Dedicated Interconnect

Direct physical link

Partner Interconnect

Through service provider

Network Connectivity Center / NCC

Hub-and-spoke hybrid/multicloud networking

Cloud Load Balancing

Global/regional, external/internal

External HTTP(S) Load Balancer

Global L7 web load balancing

Internal Load Balancer

Private app/database tier traffic

SSL Proxy / TCP Proxy Load Balancing

Non-HTTP global proxy use cases

Cloud DNS

Public/private DNS

Cloud DNS private zones / forwarding

Hybrid DNS resolution

Cloud CDN

Cache web/static content

Media CDN

Large media/video delivery

Cloud Armor

WAF/DDoS/geoblocking on edge LB

Network Intelligence Center

Network observability suite

Connectivity Tests

Route/firewall troubleshooting

Firewall Insights

Firewall rule optimization

Cloud IDS

Intrusion detection/protection style topic

Container networking

GKE networking, pods, services, ingress

Hybrid networking patterns

VPN vs Interconnect vs NCC

Multicloud networking patterns

GCP-to-other-cloud connectivity

3. Storage, Backup, and Data Transfer

Focus: The guide calls out choosing storage types, data retention/lifecycle management, data growth planning, and data protection such as backup and recovery.

Service / Concept

PCA Exam Trigger / Notes

Cloud Storage / GCS

Object storage

Standard storage class

Hot/frequent access

Nearline

30-day minimum

Coldline

90-day minimum

Archive

365-day minimum

Lifecycle policies

Automated tiering/deletion

Object versioning

Recovery/protection

Retention policies / Bucket Lock

Compliance retention

Persistent Disk / PD

VM block storage

Standard PD

HDD-backed

Balanced PD

General purpose

SSD PD

Higher performance

Extreme PD

High-performance block

Hyperdisk

Modern high-performance block storage

Local SSD

Ephemeral, high IOPS

Filestore

Managed NFS

Google Cloud NetApp Volumes

Enterprise file workloads

Google Cloud Managed Lustre

HPC/AI file workloads

Backup and DR Service

Backup/recovery architecture

Storage Transfer Service

Online transfer into GCS

Transfer Appliance

Physical large-scale data transfer

Data retention / lifecycle design

Exam likes cost/compliance tradeoffs

Backup and recovery design

Explicit PCA topic

4. Databases and Caching

Focus: This is one of the most important PCA decision areas. You need to know Cloud SQL vs AlloyDB vs Spanner vs Bigtable vs Firestore vs BigQuery cold.

Service / Concept

PCA Exam Trigger / Notes

Cloud SQL

Managed MySQL/PostgreSQL/SQL Server

Cloud SQL HA

Regional failover

Cloud SQL read replicas

Read scale

AlloyDB

High-performance PostgreSQL-compatible

Cloud Spanner

Global relational, strong consistency

Cloud Bigtable

Wide-column, low-latency, high write throughput

Firestore

Serverless document DB

Memorystore for Redis

In-memory cache/session store

Memorystore for Memcached

Managed Memcached

BigQuery

Analytics warehouse, not OLTP DB

Database Migration Service / DMS

DB migration/replication

Backup/PITR/replication choices

PCA-style DB architecture question

Regional vs multi-regional DB design

Availability/latency/cost tradeoff

SQL vs NoSQL decisioning

Common exam pattern

5. Security, Identity, Governance, and Compliance

Focus: The current guide specifically calls out IAM, resource hierarchy, key/encryption/secret management, VPC-SC, context-aware access, org policy, hierarchical firewall policy, IAP, service account impersonation, Chrome Enterprise Premium, Workload Identity Federation, software supply chain, Model Armor, Sensitive Data Protection, and secure model deployment.

Service / Concept

PCA Exam Trigger / Notes

IAM

Access control

IAM allow policies

Standard IAM binding model

Custom roles

Least privilege

Predefined roles

Prefer over primitive roles

Basic/primitive roles

Avoid unless necessary

IAM Conditions

Conditional access

Service accounts

Machine identity

Service account impersonation

Secure delegated access

Workload Identity Federation

External identity to Google Cloud without long-lived keys

Workload Identity for GKE

GKE workload-to-Google API auth

Resource hierarchy

Organization, folders, projects

Organization Policy Service

Guardrails

Policy constraints

Restrict locations, external IPs, etc.

VPC Service Controls / VPC-SC

Data exfiltration perimeter

Identity-Aware Proxy / IAP

Zero-trust app/SSH/RDP access

Context-Aware Access

Access based on identity/context/device

BeyondCorp Enterprise

Zero-trust model/product family

Chrome Enterprise Premium

Secure remote access/context-aware access topic in guide

Cloud Identity

Identity management for Google Cloud/Workspace orgs

Managed Service for Microsoft AD

Managed AD for Windows workloads

Cloud Armor

WAF/DDoS

Cloud KMS

Key management

CMEK

Customer-managed encryption keys

CSEK

Customer-supplied keys, lower priority

Cloud HSM

Hardware-backed keys

Cloud External Key Manager / EKM

External key custody

Secret Manager

Secrets/password/API key storage

Cloud DLP

Now generally referred to as Sensitive Data Protection

Sensitive Data Protection

Data discovery, classification, masking

Security Command Center / SCC

Security posture, findings

Cloud Audit Logs

Admin/data access/system audit logs

Cloud Asset Inventory

Asset inventory/history/search

Assured Workloads

Compliance/data residency controls

Binary Authorization

Only trusted signed images deploy

Artifact Analysis / Container Analysis

Image/package vulnerability metadata

Model Armor

AI prompt/response protection

Separation of duties

PCA security design pattern

Data sovereignty

Compliance/regulatory design

Auditability/log retention

Compliance requirement

6. Data Analytics, BI, and Messaging

Focus: Focus on the decision patterns around streaming vs batch, warehouse vs lakehouse, and when to use BigQuery, Pub/Sub, Dataflow, Dataproc, Looker, Dataplex, and BigLake.

Service / Concept

PCA Exam Trigger / Notes

BigQuery

Serverless data warehouse

BigQuery partitioning

Cost/performance

BigQuery clustering

Cost/performance

Pub/Sub

Global async messaging

Pub/Sub Lite

Regional, lower-cost streaming alternative

Dataflow

Apache Beam stream/batch processing

Dataproc

Managed Hadoop/Spark

Cloud Composer

Managed Airflow orchestration

Cloud Data Fusion

GUI ETL/ELT

Datastream

Change Data Capture

Looker

BI/semantic layer/dashboards

Dataplex

Data governance/lake management

BigLake

Lakehouse/unified analytics over lake data

Analytics Hub

Data sharing/exchange

Data Catalog concepts

Metadata/governance, now often tied into Dataplex

Batch vs streaming analytics

Dataflow/Pub/Sub/BigQuery decisioning

Hadoop lift-and-shift

Dataproc trigger

Real-time CDC

Datastream trigger

7. AI, ML, and GenAI

Focus: Focus on Vertex AI, Gemini Enterprise Agent Platform, Gemini models/LLMs, Agent Builder, Model Garden, AI Hypercomputer, AI Agents, NotebookLM, and Google AI APIs such as Search, Conversation, Vision, Image, Video, and Audio.

Service / Concept

PCA Exam Trigger / Notes

Vertex AI

Unified ML platform

Gemini Enterprise Agent Platform

Google says PCA naming is moving toward Agent Platform

Gemini Enterprise app

Create/run/govern enterprise AI agents

Gemini models / Gemini LLMs

GenAI model selection/use

Agent Builder / AI Agents

Agentic workflows

Model Garden

Discover/use foundation and partner models

Vertex AI Pipelines / Agent Platform Pipelines

ML lifecycle orchestration

AI Hypercomputer

Large AI training/serving infrastructure

GPUs / TPUs for ML

Training/serving acceleration

Pre-trained ML APIs

Use when custom training unnecessary

Vision AI

Image/object/text detection

Natural Language AI

Text/entity/sentiment

Speech-to-Text

Speech transcription

Text-to-Speech

Speech synthesis

Translation AI

Translation/glossary

Document AI

Document extraction/classification

Google AI Search API

Current guide calls out Search AI API category

Google AI Conversation API

Conversation/contact-center style AI

Google AI Image API

Image generation/processing category

Google AI Video API

Video AI category

Google AI Audio API

Audio AI category

NotebookLM in Gemini Enterprise

Guide specifically mentions NotebookLM

Model Armor

Secure AI prompts/responses

Sensitive Data Protection for AI

Protect PII/sensitive data in AI workflows

Secure model deployment

Security/compliance around AI

Data integration for AI/ML

Feeding models/pipelines

Consumption models for AI

Cost/performance tradeoff

8. Application Integration and Serverless Orchestration

Focus: The exam guide explicitly calls out integration patterns with external systems, API management best practices such as Apigee, and movement of data.

Service / Concept

PCA Exam Trigger / Notes

Eventarc

Event routing to Cloud Run/functions

Workflows

API/service orchestration

Cloud Tasks

Async task queue with rate/retry control

Cloud Scheduler

Managed cron

API Gateway

Lightweight serverless API front door

Apigee

Enterprise API management

Application Integration

Integration workflows/connectors

Cloud Endpoints

Older API management option

Pub/Sub

Decoupled event/messaging backbone

External system integration patterns

Explicit PCA architecture topic

Retry/backoff/idempotency

Common serverless architecture pattern

Synchronous vs asynchronous design

Workflows/API Gateway vs Pub/Sub/Tasks

9. Operations, Observability, Reliability, and Cost

Focus: The guide calls out Monitoring, Logging, profiling, benchmarking, alerting strategies, deployment/release management, support, quality controls, reliability testing, chaos engineering, penetration testing, and load testing.

Service / Concept

PCA Exam Trigger / Notes

Cloud Monitoring

Metrics, dashboards, alerting

Cloud Logging

Logs, sinks, retention

Log sinks

Export to BigQuery/GCS/Pub/Sub

Cloud Trace

Distributed tracing

Cloud Profiler

Code profiling

Error Reporting

Exception grouping

Managed Service for Prometheus

GKE/Kubernetes metrics

Cloud Audit Logs

Compliance/audit trail

Cloud Service Health

Google Cloud incident/status awareness

Recommender

Cost/security/performance recommendations

Active Assist

Recommendations/optimization family

Cloud Quotas

Limits/capacity planning

Cloud Billing

Billing, budgets, cost visibility

Budgets and alerts

Cost control

Pricing Calculator

Cost estimation

Gemini Cloud Assist

Explicitly listed in the guide

SLOs / SLIs

Reliability measurement

Alerting strategy

Explicit guide topic

Backup and recovery

Explicit guide topic

Disaster recovery / DR

RPO/RTO, failover

Chaos engineering

Explicit guide topic

Penetration testing

Explicit guide topic

Load testing

Explicit guide topic

Performance benchmarking

Explicit guide topic

Well-Architected operational excellence

Major guide topic

10. CI/CD, DevOps, IaC, and Software Supply Chain

Focus: The guide specifically calls out Cloud Shell Editor, Cloud Code, Cloud Shell Terminal, gcloud, gsutil, bq, Cloud Emulators, Terraform/IaC, API best practices, and Google API client libraries.

Service / Concept

PCA Exam Trigger / Notes

Cloud Build

CI/build automation

Artifact Registry

Container/package registry

Cloud Deploy

Continuous delivery to GKE/Cloud Run/etc.

Binary Authorization

Enforce signed/trusted container deployments

Cloud Source Repositories

Legacy/private Git option

Terraform

IaC

Cloud Deployment Manager

Legacy-ish GCP IaC

Infrastructure Manager

Google-managed Terraform deployment service

Cloud Code

IDE tooling

Cloud Shell Editor

Browser-based editor

Cloud Shell Terminal

Browser shell

Google Cloud SDK

CLI tooling

gcloud

Main CLI

gsutil

Storage CLI

bq

BigQuery CLI

Cloud Emulators

Local testing for Bigtable/Spanner/Pub/Sub/Firestore

Google API client libraries

Programmatic API access

Google API best practices

Explicit guide topic

Artifact Analysis / Container Analysis

Vulnerability metadata/scanning

Container image signing/attestations

Supply-chain security

SDLC

Explicit guide topic

CI/CD process design

Explicit guide topic

Release management

Explicit guide topic

Testing frameworks

Load/unit/integration tests

11. Migration, Hybrid, and Multicloud

Focus: The exam guide explicitly calls out Migration Center, migration methodologies, workload testing, network planning, dependency planning, software license implications, and financial impact.

Service / Concept

PCA Exam Trigger / Notes

Google Cloud Migration Center

Explicitly called out in guide

Storage Transfer Service

Online object/data transfer

Transfer Appliance

Physical transfer

Database Migration Service / DMS

Database migration

Migrate to Virtual Machines

VM lift-and-shift

Migrate to Containers

VM/app modernization to containers

Google Cloud VMware Engine / GCVE

VMware migration

Bare Metal Solution

Specialized legacy workloads

Google Distributed Cloud / GDC

On-prem/edge/cloud-adjacent workloads

GKE Enterprise

Multi-cluster enterprise Kubernetes management

Fleets

Multi-cluster grouping/management

Config Sync

Config consistency

Policy Controller

Policy enforcement

Hybrid connectivity

VPN/Interconnect/NCC

Multicloud connectivity

GCP to AWS/Azure/etc.

Workload disposition

Build, buy, modify, deprecate

Dependency mapping

Migration planning

Network planning

Migration prerequisite

Workload testing

Migration validation

Licensing implications

GCVE/Bare Metal/sole-tenant triggers

Financial impact / TCO

Migration business case

12. Business, Architecture, and Exam-Style Concepts

Focus: These are not “services,” but PCA absolutely tests them.

Service / Concept

PCA Exam Trigger / Notes

Google Cloud Well-Architected Framework

Major exam requirement

Operational excellence

Well-Architected pillar

Security

Well-Architected pillar

Reliability

Well-Architected pillar

Performance optimization

Well-Architected pillar

Cost optimization

Well-Architected pillar

Sustainability

Well-Architected pillar

Functional requirements

What system must do

Non-functional requirements

Availability, latency, scale, compliance

Business continuity plan

BCP/DR

KPIs / ROI / success metrics

Business outcome mapping

Design tradeoffs

Cost vs reliability vs complexity

High availability

Regional/multiregional/failover

Failover design

Active/passive, active/active

Scalability

Autoscaling, queues, managed services

Performance and latency

Region, CDN, caching, DB choice

Observability

Logs/metrics/traces/SLOs

Security and compliance

Controls mapped to requirements

Stakeholder management

PCA has business/process questions

Change management

Adoption/implementation

Team skills readiness

Migration/ops planning

Customer success management

Explicit guide topic

CapEx vs OpEx

Cost model

Service catalog/provisioning

Enterprise governance

Root cause analysis

Ops/process

Quality control

Testing and validation

Case studies

Exam includes case-study questions