50 Cloud Developer Practice Questions: Question Bank 2025

You are building a Cloud Run service that processes user-uploaded images. During traffic spikes, requests occasionally time out while downloading images from Cloud Storage. You want the service to remain responsive and handle spikes without manual intervention. What should you do?

Your team uses Cloud Build to run unit tests and build a container image. You want every pull request to run tests automatically before merging, and you want the result reported back to the repository. What is the recommended approach?

A microservice running on GKE needs to call a Google Cloud API (for example, Pub/Sub) without managing service account keys. What is the best practice?

You deploy a new revision of a Cloud Run service and want to gradually shift traffic to it while monitoring errors. Which deployment strategy should you use?

A Cloud Run service publishes messages to Pub/Sub. In production, you see intermittent PERMISSION_DENIED errors, but only for some requests. The service uses Application Default Credentials. What is the most likely cause?

Your application uses Cloud SQL (PostgreSQL). During load tests, you observe many short-lived connections and increased latency. You want to improve scalability and reduce connection overhead from Cloud Run instances. What should you do?

You want to add automated integration tests that deploy a candidate build to a temporary environment, run tests against it, and then tear it down. You are using Cloud Build and Cloud Run. What is the most appropriate approach?

A GKE-based API must serve global users with low latency and withstand zonal failures. The API is stateless, and you want to minimize operational burden. Which design best meets the requirement?

Your Cloud Run service consumes messages from Pub/Sub via push subscriptions. You notice duplicate processing when the service experiences transient errors. You need to ensure each message results in exactly-once business action (for example, charging a customer), even if Pub/Sub delivers duplicates. What should you do?

You operate a multi-service application on Cloud Run behind an external HTTP(S) Load Balancer. A new release caused a sharp increase in tail latency (p99). You need to quickly identify whether the latency is coming from the load balancer, the Cloud Run service, or a downstream call between services, with minimal code changes. What should you do?

You are developing a Cloud Run service that is occasionally invoked with bursts of traffic. During bursts, some requests are failing because the service cannot start instances fast enough. You want to reduce cold-start impact while controlling cost. What should you do?

A Cloud Run service needs to call a Google Cloud API (for example, Secret Manager) without storing long-lived keys. What is the recommended approach?

Your team wants to ensure all new commits to a Cloud Run service are automatically built and tested before deployment. You want an opinionated, managed CI/CD approach on Google Cloud. Which solution fits best?

A Cloud Run service is subscribed to a Pub/Sub push subscription. You observe duplicated processing of some messages when the service is under load. You need to reduce the impact of duplicates at the application layer. What should you do?

You are implementing a multi-step workflow that coordinates several services (Cloud Run + Pub/Sub + HTTP calls). You need retries, timeouts, and the ability to inspect executions for debugging. Which Google Cloud product is most appropriate?

Your Cloud Run service should accept requests only from an external HTTPS load balancer and reject direct public access. What is the best configuration?

A microservice writes user events to BigQuery for analytics. The workload is spiky, and you want to avoid hammering the BigQuery streaming API from the service. You also want resilient ingestion with retries. What should you do?

You want to do contract testing for a REST API deployed on Cloud Run. Your CI pipeline should fail if the OpenAPI spec and implementation drift. Which approach is most appropriate?

Your Cloud Run service makes outbound calls to a third-party API that intermittently returns 429 and 503 responses. You want to improve reliability and avoid amplifying failures during outages. What should you implement?

You operate a globally used application and need to store user profile data with strong consistency and high availability across regions. The application must continue reading/writing during a zonal outage and you want minimal operational overhead. Which storage option best fits?

You run a Cloud Run service that processes Pub/Sub messages. You notice some messages are processed twice when the service scales rapidly. You need to ensure correctness without preventing autoscaling. What should you do?

Your team is building a containerized web API. You want every merge to main to run unit tests, build a container image, and store it in Artifact Registry for later deployment. Which approach is most appropriate?

You deploy a service to Cloud Run and want to route 10% of traffic to a new revision for a canary test while keeping 90% on the current revision. What should you do?

A Cloud Run service must call a Google Cloud API and authenticate securely without storing long-lived service account keys. What is the recommended approach?

You have a microservice on GKE that reads configuration values at startup. Configuration changes are frequent and must not require rebuilding images. The service should be able to roll back configs. What should you use?

Your application writes structured JSON logs from Cloud Run. You want to quickly troubleshoot latency spikes by correlating a single request across multiple services. What should you implement?

You are building a data ingestion API that receives bursts of traffic and must buffer requests reliably for later processing. You need to decouple ingestion from processing and avoid dropping requests during downstream outages. Which design is best?

Your CI pipeline runs integration tests against a Cloud Run service. Tests intermittently fail because requests time out during cold starts, but you cannot increase the client timeout. You need a solution that improves responsiveness while keeping costs reasonable. What should you do?

A Cloud Run service needs to access a private service hosted on a Compute Engine VM without exposing the VM to the public internet. The VM is in a VPC network. What is the recommended approach?

A distributed application uses Pub/Sub to trigger processing. You must prevent a poison message (always failing) from being retried indefinitely and blocking progress, while preserving failed messages for later analysis. What should you implement?

You are building a Cloud Run service that receives Pub/Sub push messages. During load tests, you notice occasional duplicate processing when Cloud Run scales or when the service returns a transient error. You need to ensure each message is processed exactly once from an application perspective. What should you do?

A Node.js API on Cloud Run needs to call a third-party service that occasionally becomes slow. You want to prevent request threads from piling up and to fail fast when the dependency is unhealthy, without changing infrastructure. What is the best application-level pattern?

You maintain a microservice deployed to GKE. You need a Kubernetes-native way to verify the app is ready to serve traffic and to automatically restart it if it becomes unhealthy. What should you configure?

Your team wants consistent, automated builds for a containerized application. Each pull request should run unit tests and build a container image, but only merges to the main branch should push the image to Artifact Registry. Which approach best meets this requirement on Google Cloud?

A Cloud Run service experiences intermittent latency spikes. You need to break down end-to-end latency across services and identify where time is spent (client, service, downstream calls). What should you implement?

You need to roll out a new version of an API on Cloud Run with minimal risk. Initially, only 5% of traffic should go to the new revision, with the ability to quickly roll back if errors increase. What is the best deployment approach?

A service stores user-generated images in Cloud Storage and writes metadata to Firestore. When a new object is uploaded, you need to generate a thumbnail and update the Firestore document. The solution should be event-driven and minimize custom infrastructure. What should you use?

Your CI pipeline runs integration tests against a managed service that requires Google Cloud authentication (for example, calling a protected Cloud Run endpoint). You want to avoid storing long-lived service account keys. What is the recommended approach?

You operate a multi-tenant API on Cloud Run. A misbehaving tenant can generate a burst of requests that increases error rates for other tenants. You need to enforce per-tenant rate limits at the edge with minimal application changes. What should you do?

You are deploying a stateful service on GKE that writes to a mounted volume. The service must preserve stable network identities and stable persistent storage across pod rescheduling. Which Kubernetes workload type should you use?

You are building a Cloud Run service that must call a third-party API. The API key must not be stored in the container image or source repository, and the key must be rotatable without redeploying the service. What should you do?

Your team uses Cloud Build to run unit tests and build containers. You want every pull request to automatically trigger a build, run tests, and report status back to the repository. Which solution is most appropriate?

A Cloud Run service intermittently fails with HTTP 504 errors during traffic spikes. Logs show requests are waiting for an available instance. Which configuration change most directly addresses this issue?

Your application in App Engine standard needs to process long-running background jobs that can take several minutes and may need retries. The jobs are triggered by user actions and must not block HTTP requests. What is the best approach?

A microservice deployed on GKE needs to call Google Cloud APIs without distributing service account keys. The service should use a distinct identity per Kubernetes service account and have least-privilege access. What should you implement?

You are deploying a new version of a Cloud Run service. You must ensure that 100% of traffic continues to be served by the previous revision if the new revision's error rate exceeds a threshold in the first 10 minutes. What is the most robust approach?

Your API uses Cloud Endpoints (or API Gateway) in front of Cloud Run. Clients must authenticate using Google-issued JWTs, and you want to enforce per-method authorization without changing your application code significantly. What should you do?

A Cloud Run service reads from Firestore and experiences high latency due to repeated reads of the same reference data. You want to reduce read latency and cost while keeping data reasonably fresh (updates are rare but must propagate within minutes). What is the best solution?

You operate a multi-region active-active application on GKE that uses Cloud SQL. A regional outage must not prevent writes. You need a relational database with cross-region write availability and minimal application changes. What should you choose?

You are troubleshooting a GKE-based service that calls an external partner API. During incidents, requests hang and eventually time out, causing thread exhaustion and cascading failures. You need to improve resiliency using cloud-native patterns with minimal code changes. What should you do?