Professional Cloud Developer
Certification exam guide
A Professional Cloud Developer builds scalable and highly available applications using Google-recommended tools and best practices. This individual has experience with cloud-native applications, developer tools, managed services, and next-generation databases. A Professional Cloud Developer also has proficiency with at least one general-purpose programming language and instruments their code to produce metrics, logs, and traces.
The Professional Cloud Developer exam will transition to a new exam guide in mid-June 2024. If you plan to take the newer version of the exam, refer to the updated exam guide.
What’s new:
The new version of the Professional Cloud Developer exam that launches in mid-June focuses on the responsibilities of a developer who uses Google Cloud, and puts more emphasis on using GKE and serverless computing environments, Apigee, Cloud Run, Google Cloud orchestration tools, Workstations, and cost and resource considerations during app design than the previous exam. This exam puts less emphasis on infrastructure- and database-related tasks such as defining database schemas, data storage key structures, Compute Engine VM management, and typical DevOps/SRE tasks (e.g., container lifecycle management, monitoring and troubleshooting deployed apps, deployment strategies).
Section 1: Designing highly scalable, available,
and reliable cloud-native applications (~27% of the
exam) 1.1 Designing high-performing applications and
APIs. Considerations include: ● Microservices ● Scaling velocity
characteristics/tradeoffs of IaaS (infrastructure as
a service), CaaS (container as a service), PaaS
(platform as a service), and FaaS (function as a
service) ● Understanding how Google
Cloud services are geographically distributed (e.g.,
latency, regional services, zonal services) ● User session management ● Caching solutions ● HTTP REST versus gRPC (Google
Remote Procedure Call) ● Designing API services with
API Gateway and Cloud Endpoints ● Loosely coupled asynchronous
applications (e.g., Apache Kafka, Pub/Sub, Eventarc)
● Instrumenting code to produce
metrics, logs, and traces ● Graceful shutdown of
applications on platform termination ● Writing fault-tolerant code
1.2 Designing secure applications. Considerations
include: ● Implementing data lifecycle
and residency requirements relevant for applicable
regulations ● Security mechanisms that
protect services and resources ● Security mechanisms that
secure/scan application binaries and manifests ● Storing, accessing, and
rotating application secrets and keys (e.g., Secret
Manager, Cloud Key Management Service) ● Authenticating to Google
Cloud services (e.g., application default
credentials, JSON Web Token (JWT), OAuth 2.0) ● End-user account management
and authentication using Identity Platform ● IAM roles for users, groups,
and service accounts ● Securing service-to-service
communications (e.g., service mesh, Kubernetes
Network Policies, and Kubernetes namespaces) ● Running services with least
privileged access (e.g., Workload Identity) ● Certificate-based
authentication (e.g., SSL, mTLS) 1.3 Managing application data. Considerations
include: ● Defining database schemas for
Google-managed databases (e.g., Firestore, Cloud
Spanner, Bigtable, Cloud SQL) ● Defining a data storage key
structure for high-write applications ● Choosing data storage options
based on use case considerations, such as: ○
Time-limited access to objects ○ Data
retention requirements ○
Structured versus unstructured data ○ Strong
versus eventual consistency ○ Data
volume ○ Data
access patterns ○ Online
transaction processing (OLTP) versus data
warehousing Section 2: Building and testing applications (~20%
of the exam) 2.1 Setting up your local development environment.
Considerations include: ● Emulating Google Cloud
services for local application development ● Using the Google Cloud
Console, Google Cloud SDK, and Cloud Shell tools ● Using developer tooling
(e.g., Cloud Code, Skaffold) 2.2 Building. Considerations include: ● Source control management ● Creating secure container
images from code ● Developing a continuous
integration pipeline using services (e.g., Cloud
Build, Artifact Registry) that construct deployment
artifacts ● Code and test build
optimization 2.3 Testing. Considerations include: ● Unit testing (e.g.,
emulators) ● Integration testing ● Performance testing ● Load testing ● Failure testing/chaos
engineering Section 3: Deploying applications (~18% of the
exam) 3.1 Adopting appropriate feature rollout
strategies. Considerations include: ● A/B testing ● Feature flags ● Backward compatibility 3.2 Deploying applications to a serverless
computing environment. Considerations include: ● Sizing and scaling serverless
environments ● Deploying from source code
● Invocation via triggers ● Configuring event receivers
● Exposing and securing
application APIs (e.g., API Gateway, Cloud
Endpoints) 3.3 Deploying applications and services to Google
Kubernetes Engine (GKE). Considerations include: ● Deploying a containerized
application to GKE ● Integrating Kubernetes RBAC
with Identity and Access Management (IAM) ● Configuring Kubernetes
namespaces ● Defining workload
specifications (e.g., resource requirements) ● Building a container image
using Cloud Build ● Configuring application
accessibility to user traffic and other services ● Managing container lifecycle
Section 4: Integrating Google Cloud services (~20%
of the exam) 4.1 Integrating an application with data and
storage services. Considerations include: ● Managing connections to data
stores (e.g., Cloud SQL, Cloud Spanner, Firestore,
Bigtable, Cloud Storage) ● Reading/writing data to/from
various data stores ● Writing an application that
publishes/consumes data asynchronously (e.g., from
Pub/Sub) 4.2 Integrating an application with compute
services. Considerations include: ● Using service discovery
(e.g., Service Directory) ● Reading instance metadata to
obtain application configuration ● Graceful application startup
and shutdown 4.3 Integrating Cloud APIs with applications.
Considerations include: ● Enabling a Cloud API ● Making API calls using
supported options (e.g., Cloud Client Library, REST
API or gRPC, API Explorer) taking into
consideration: ○ Batching
requests ○
Restricting return data ○
Paginating results ○ Caching
results ○ Error
handling (e.g., exponential backoff) ● Using service accounts to
make Cloud API calls Section 5: Managing deployed applications (~15% of
the exam) 5.1 Managing cloud compute services (e.g., Google
Kubernetes Engine, serverless). Considerations
include: ● Analyzing lifecycle events
● Using external metrics and
corresponding alerts ● Configuring workload
autoscaling 5.2 Troubleshooting applications. Considerations
include: ● Using Debugger ● Using Cloud Logging ● Using Cloud Monitoring ● Using Cloud Profiler ● Using Cloud Trace ● Using Error Reporting ● Using documentation, forums,
and Google Cloud support
Section 1: Designing highly scalable, available,
and reliable cloud-native applications (~33% of the
exam) 1.1 Designing high-performing applications and
APIs. Considerations include: ● Microservices architecture
● Choosing the appropriate
platform based on the use case and requirements
(e.g., IaaS [infrastructure as a service], CaaS
[container as a service], PaaS [platform as a
service], FaaS [function as a service]) ● Application modernization
(e.g., containerization) ● Understanding how Google
Cloud services are geographically distributed (e.g.,
latency, regional services, zonal services) ● User session management ● Caching solutions ● HTTP REST versus gRPC (Google
Remote Procedure Call) ● Incorporating Service Control
capabilities offered by API services (e.g. Apigee)
● Loosely coupled asynchronous
applications (e.g., Apache Kafka, Pub/Sub, Eventarc)
● Instrumenting code to produce
metrics, logs, and traces ● Cost optimization and
resource optimization ● Graceful handling of errors,
disasters, and scaling events 1.2 Designing secure applications. Considerations
include: ● Implementing data lifecycle
and residency for applicable regulatory requirements
● Security mechanisms that
identify vulnerabilities and protect services and
resources (e.g., Identity-Aware Proxy [IAP], Web
Security Scanner) ● Security mechanisms that
secure/scan application binaries, dependencies, and
manifests (e.g., Container Analysis) ● Storing, accessing, and
rotating application secrets and encryption keys
(e.g., Secret Manager, Cloud Key Management Service)
● Authenticating to Google
Cloud services (e.g., application default
credentials, JSON Web Token [JWT], OAuth 2.0) ● End-user account management
and authentication by using Identity Platform ● Identity and Access
Management (IAM) roles for users, groups, and
service accounts ● Securing service-to-service
communications (e.g., service mesh, Kubernetes
Network Policies, Kubernetes namespaces) ● Running services with keyless
and least privileged access (e.g., Workload
Identity, Workload identity federation) ● Certificate-based
authentication (e.g., SSL, mTLS) ● Supply-chain Levels for
Software Artifacts (SLSA) 1.3 Choosing storage options for application data.
Considerations include: ● Time-limited access to
objects ● Data retention requirements
● Structured versus
unstructured data (e.g., SQL versus NoSQL) ● Strong versus eventual
consistency ● Data volume ● Data access patterns ● Online transaction processing
(OLTP) versus data warehousing Section 2: Building and testing applications (~26%
of the exam) 2.1 Setting up your local development environment.
Considerations include: ● Emulating Google Cloud
services for local application development ● Using the Google Cloud
console, Google Cloud SDK, Cloud Shell, and Cloud
Workstations ● Using developer tooling
(e.g., common IDEs, Cloud Code, Skaffold) ● Authenticating to Google
Cloud services (e.g., Cloud SQL Auth proxy, AlloyDB
Auth proxy) 2.2 Building. Considerations include: ● Source control management ● Creating secure container
images from code ● Developing a continuous
integration pipeline by using services (e.g., Cloud
Build, Artifact Registry) that construct deployment
artifacts ● Code and test build
optimization 2.3 Testing. Considerations include: ● Unit testing ● Integration testing including
the use of emulators ● Performance testing ● Load testing ● Failure testing/chaos
engineering Section 3: Deploying applications (~19% of the
exam) 3.1 Adopting appropriate feature rollout
strategies. Considerations include: ● A/B testing ● Feature flags ● Backward compatibility ● Versioning APIs (e.g.,
Apigee) 3.2 Deploying applications to a serverless
computing environment. Considerations include: ● Deploying applications from
source code ● Using triggers to invoke
functions ● Configuring event receivers
(e.g., Eventarc, Pub/Sub) ● Exposing and securing
application APIs (e.g., Apigee) 3.3 Deploying applications and services to Google
Kubernetes Engine (GKE). Considerations include: ● Deploying a containerized
application to GKE ● Integrating Kubernetes
role-based access control (RBAC) with IAM ● Defining workload
specifications (e.g., resource requirements) ● Building a container image by
using Cloud Build Section 4: Integrating an application with Google
Cloud services (~22% of the exam) 4.1 Integrating an application with data and
storage services. Considerations include: ● Managing connections to
datastores (e.g., Cloud SQL, Firestore, Bigtable,
Cloud Storage) ● Reading/writing data to or
from various datastores ● Writing an application that
publishes or consumes data asynchronously (e.g.,
from Pub/Sub or streaming data sources) ● Orchestrate application
services with Workflows, Eventarc, Cloud Tasks, and
Cloud Scheduler 4.2 Integrating an application with Google Cloud
APIs. Considerations include: ● Enabling Google Cloud
services ● Making API calls by using
supported options (e.g., Cloud Client Library, REST
API or gRPC, API Explorer) taking into
consideration: ○ Batching
requests ○
Restricting return data ○
Paginating results ○ Caching
results ○ Error
handling (e.g., exponential backoff) ● Using service accounts to
make Cloud API calls ● Integrating with Google
Cloud’s operations suite