GCP Professional Architect Exam 2026

The following are my notes / thoughts and guide to passing the Google Cloud Architecture exam in 2026.

I am unable to post direct questions / examples / answers I can only talk through tips, advice, tricks and topics I found useful.

ANY Listed examples/answers are made by myself based on how I interpret Google’s documentation and how I would answer such a situation!

Helpful links:

As always please refer to the exam certification page for details and guidelines: https://cloud.google.com/learn/certification/cloud-architect

Sample Questions

Current Study Guide - 202

Case Studies - 2026 Altostrat Media Case Study - Cymbal Retail Case Study - EHR Healthcare Case Study - KnightMotives Automotive Case Study

Older Case Study Examples

Google Skills Boost - Professional Cloud Architect Certification Path Paid Google course content, updated frequently, great source of information, Google Customer Partners usually have free credits and sponsorships you can tap into, I recommend asking your employer or Google Partner Staff about it.

People have recommended the book series “Google Professional Cloud Architect Study Guide” By Dan Sullivan, personally I have not read it, currently with the newer Google Cloud Platform options around AI I think its hard to recommend a book from 2022.

Areas of Focus

A good strategy is to go through the Overview pages for the area’s of focus from the study guide and note down quick essential points of the relevant cloud technology discerning when they are the least suitable or the most suitable.

This will help create a grouping of quick wins in the exam for you to be able to filter in or out specific cloud services for each problem.

Networking

Types of Cloud Enterprise connectivity and when they are the best solution:

• Cloud VPN
  • Overview
  • HA VPN
    • 99.99% SLA target, Can provide zonal failure.
    • More than 1 tunnel
    • Dynamic Routing
    • Supports IPV6
  • Classic VPN
    • 9.99% SLA Target
    • Static Routing
    • Only IPV4
• Cloud Interconnect
  • Dedicated Interconnect -
    • Overview
    • Network must meet in a colocation - Google point of presence.
    • BYO Networking Equipment to support the connection.
    • This is the most common network option for Large Scale enterprise.
  • Partner Interconnect
    • Overview
    • Partner Interconnect for L2/L3 Networking
    • Allows for connection to Google without being at a colocation or Google point of presence.
  • Cross-Cloud Interconnect (New may be added later in the year)
    • Overview
    • AWS based partner connect still in preview, unlikely to be in the exam at the time of writing.
    • Provides Cloud‑to‑Cloud connectivity without additional configuration / 3rd parties.
  • VPN over Cloud Interconnect
    • Overview
    • Available for all options above, recommended whenever data egress through 3rd parties is concerned or when industry, regulatory or geo-political regulations require the data be encrypted while in transit.
    • VPN Gateway required rather than declaring a MACsec config with regular dedicated or partnered interconnects.
• Carrier Peering
  • Overview
  • Google Workspace access, no Google Cloud API routing or options!
• Direct Peering
  • Overview
  • Google Workspace access, no Google Cloud API routing or options!

Source: https://docs.cloud.google.com/network-connectivity/docs/how-to/choose-product

The difference between GCP’s Network Connectivity Centre (Hub & Spoke Topology) and the older Shared VPC Architecture most customers still use.

• Limitations of Shared VPCs
  • Overview
  • VPC Peering
  • Sharing Networks to Projects
• NCC Hub Spoke Topology
  • Overview
  • Cloud Router Options
  • NVA Design and Support
  • GCP Producer Spokes
  • Options for Non-RFC 1918 ranges
• VPC Firewall Rules
  • Overview
    • Default VPC Firewall Rules on Creation
    • Network Tags
    • Filtering
• Google Private Access
  • Overview
  • Subnets being able to access Google’s API without going via NAT.
• Private Service Connect (PSC)
  • Overview
  • Private Endpoint for Google APIs
  • Private Endpoint for 3rd Party Services
  • Private Endpoint for your own Services
• Loadbalancer Types
• How to choose
• External
• Internal
• Proxy LBs
• Passthrough LBs
• Application LBs
• Layer 4 vs Layer 7
• Cloud Armor
  • Overview
  • DDoS Protection
  • WAF
• Cloud NAT
  • Overview
  • Options for NAT Gateway
  • Use Cases for Cloud NAT
  • Limitations of Cloud NAT

AI

• Vertex AI
  • Overview
  • Pipelines
  • Lifecycle
  • Data ingestion
• AgentSpace (New may be added later in the year)
• Hosting/Serving Models

GCP Compute Options

• Google Kubernetes Engine (GKE)
  • Overview
  • Autopilot vs Standard
  • Node Pools
  • Cluster Autoscaler
  • Network Options
  • Authorised Networks and Protecting the Public Endpoint.
  • Binary Authorisation
  • Deployment strategies
• Google Compute Engine (GCE)
  • Overview
  • Machine Types
  • Custom Machine Types
  • Sole Tenant Nodes
  • Preemptable Instances
  • Scheduling Instances
  • OS Options
  • Disk
• App Engine
  • Overview
  • Standard vs Flexible
  • Supported Runtimes
  • Scaling Options
  • Deployment Options

Cloud Run Functions

• Overview
  • Fully Managed vs Anthos
  • Containerised vs Source Code
  • Scaling Options
  • Deployment Options
    • Rolling Updates
    • Canary Deployments
    • Blue/Green Deployments
  • Networking Options
    • VPC Connector
    • Ingress Options
    • Egress Options
    • Load Balancing Options
  • Security Options
  • Invocations
  • Limits

Cloud Build

• Overview
• Cloud Build worker pool
• Cloud Build Triggers
• Cloud Build and Cloud Run / GKE / GCE Deployments
• Deployment Strategies
• Connectivity to Private Resources
• SDLC - Software Delivery Lifecycle Control
  • General working knowledge of the DevOps workflow and how to integrate Cloud Build into it.

Cloud Monitoring and Logging

• Cloud Logging
  • Overview
  • Log Sinks
  • Log Exports
  • Log Based Metrics
• Cloud Monitoring
  • Overview
  • Custom Metrics
  • Uptime Checks
  • Alerting Policies
• Cloud Trace
  • Overview
  • Distributed Tracing
  • Latency Analysis
• Cloud Profiler
  • Overview
  • Continuous Profiling
• Dashboarding
  • Custom Dashboards
  • Shared Dashboards
• Site Reliability Engineering (SRE) Principles
  • SLOs, SLIs, SLAs
  • Error Budgets
  • Incident Management

Databases

• CloudSQL
  • Overview
  • Supported Database Engines (MySQL, PostgreSQL, SQL Server)
  • IOPS performance vary based on SKU, not just CPU/RAM.
  • High Availability Options
• Spanner
  • Overview
  • Global Scale Relational Database
  • Strong Consistency
  • High Availability
  • Expensive, best for large scale relational database use cases.
• BigTable
  • Overview
  • Great for IOT or Timestamp data
  • Not a relational database, no SQL support, not great for transactional data.
  • Large Scale, Low Latency, High Throughput use cases.

Analytics

• Bigquery
  • Overview
  • Data Warehousing
  • Data Lakes
  • Querying
• DataFlow
  • Overview
  • Transformation of Data
  • Data Ingestion to Bigquery or Vertex
• PubSub
  • Overview
  • Event Management
  • DeadLetter Queues
  • Publish and Subscribe options
• Dataloss Prevention API
  • Overview
  • Data Classification
  • Data Masking
  • Data Tokenization

Cloud Storage

• Buckets
  • Access Control Options
    • Overview
    • Fine-Grained access
    • Uniform access
    • Access Control Lists (ACLs)
  • Object Versioning
  • Object Lifecycle
  • Retention options
  • Bucket locking
  • Log Buckets
  • Storage Classes - Archive / Nearline / Coldline / Standard
  • gsutil options
• Google Fuze
  • Mounting GCS Buckets as a filesystem
  • Multiple readers, only 1-writer to 1 object at a time.
• Disk Options
  • Choose a Disk Type
  • Persistent Disks
  • Local SSD
  • Please make note of when the disks are temporary or long term!
• Storage Transfer Service
  • Overview
  • Supported Data Sources/Destinations
  • Scheduling
  • Options for transfer
• Transfer Appliance
  • Overview
  • When to use over traditional networking options for data ingestion, migration, or backup.
  • Supported Data Sources/Destinations
  • Options for transfer

Security / IAM

• Identity and Access Management (IAM)
  • Overview
  • Roles
  • Service Accounts
  • IAM Conditions
  • IAM Recommender
• Project Hierarchy
  • Organization object
  • Folders
  • Projects
  • Resources
• Organization Policies
  • Overview
  • Policy Types
  • Constraints
  • Custom Constraints
• Organization Tags
  • Overview
  • Tag Keys and Values
  • Tag Inheritance
• VPC Service Controls
  • Overview
  • Dry run options for testing perimeters and access levels
  • Configuration for Google Cloud services to be protected by VPC Service Controls
• VPC Perimeter
  • Overview
• Resource Manager
  • Overview
  • Asset Inventory & reporting
• Cloud Security Command Center
  • Overview
  • Vulnerability Scanning & Reporting
  • Misconfiguration Detection & Reporting
  • Threat Detection & Reporting

How to answer the question:

Every question for the cloud architect exam will have 1 answer that is the MOST SUITABLE answer for the prompt, the best recommendation here is to briefly skim most questions for the product group or knowledge, the objective and the constraints eg.

Cloud Infra Heaven wants to connect their datacentre to Google Cloud, the data centre is over 200km from a google owned point of presence. The owner is cheap and has denied new hardware but they have a fancy firewall from that one vendor who brought the networking team dinner.

Cloud Infra servers need connectivity to CloudSQL Instances Both on-premises servers and cloud resources are configured with private non-overlapping RFC 1918 IP Addresses, flat earth networks team. The ISP has informed them that connectivity is best efforts with no recourse if offline.

• GCP Knowledge Area: Networking
• Objective Connect on-premises datacentre to Google Cloud with the best connectivity option.
• Constraints:
  • Direct Connectivity for GCP APIs.
  • No Route Specific Hardware required.
  • 200km distance from Google Owned point of Presence.
  • Google Workspace not mentioned.

A Provision Carrier Peering will only allow forwarding for Google Workspace APIs not Google Cloud APIs.

Cloud VPN won’t be sufficient as we are still dependent on our Internet Service Provider (ISP).

a dedicated Interconnect would require us to place new hardware in our datacentre and meet with Google’s colocation over 200 km away which would not be feasible.

This limits down the options to Provision a Partner Interconnect to bridge them from their Service Provider to the closest Google Owned Point of Presence.

Given the mention for Database connectivity and that we are going from DataCentre I would lock in Partner Interconnect and see if another Service Provider like MegaPort can provide the connection.

Time.

With a 2hr timer and 60 questions a lot of people look to rush down answers in order to save time, while this can work it makes it more likely that you miss key details or phrases that are important to consider in order to fully answer the question.

While I did have the experience that I was able to answer questions quickly and move on, I recommend:

• Take a breath every five questions to slow/assess pace.
• Try to knock questions down to the 2 or 3 most likely answers (Right‑click to strikethrough the answer)
• Mark as many questions for review as needed, place an answer in them as best you can to review later if time permits otherwise it will have an answer.
• Read the case Studies before going in, create Architecture for each of them for how you would map/resolve their cloud journies.

These tips will save you time!

Finally, Best of Luck.