I'm the proud owner of a new certification! The Google Cloud Professional Cloud Architect certificate is the newest shiny badge I get to add to my arsenal, and I wanted to write more about the Exam and what I learned along the way, including any tips I can share to help you be more prepared if you're thinking of taking this exam in the future.
Why I took the PCA Exam
Throughout my career, I've been lucky enough to dip my feet into most of the major clouds. I learned what the cloud was and what it could do on Microsoft Azure at my very first job out of school, and then really cut my teeth and became an expert on day-to-day work within AWS. However, I never really had to touch the Google Cloud Platform. Of course, you see the pitch desks on why you should use Google Cloud (AI/ML, GKE AutoPilot, etc.) but sadly, I never had the opportunity to work on it professionally. The extent of my Google Cloud knowledge was "I hear it's best for Machine Learning workloads"
This made going into this exam rather daunting. I needed to learn the best architecture practices around Google Cloud and all their services and how to use them. On top of my lack of knowledge, our company has a lot of AWS and Azure experts, but few had real experience or knowledge in GCP. This left a major knowledge gap within our organization, and I took it upon myself to learn more and help fill this gap in any way I could.
How to Study
Primarily, the exam is a knowledge-based one, not practical. There are no labs, instead a 50 question, multiple-choice exam where they present you with what I consider two sets of questions:
Architecture based questions
General knowledge questions
Architecture-based questions are what you would come to expect in most high-level Solutions Architect exams. They usually include some case study that describes a business, their current Cloud footprint, what they do, and what they want to do. They then ask you how you'd best help their problem. These are the harder questions of the exam and the more important ones. It helps to gauge your problem-solving skills and your general knowledge of Google's Architecture Best Practices.
They're designed in a way not to necessarily trick you, but to hide nuggets of information that are vital to your answer.
For example, they may ask you:
"Anonymous users from all over the world access a public health information website hosted in an on-premises EHR data center. The servers that host this website are older, and users are complaining about sluggish response times. There has also been a recent increase of distributed denial-of-service attacks toward the website. The attacks always come from the same IP address ranges. EHR management has identified the public health information website as an easy, low risk application to migrate to Google Cloud. You need to improve access latency and provide a security solution that will prevent the denial-of-service traffic from entering your Virtual Private Cloud (VPC) network. What should you do?"
And give you the following answers:
"A. Deploy an external HTTP(S) load balancer, configure VPC firewall rules, and move the applications onto Compute Engine virtual machines.
B. Deploy an external HTTP(S) load balancer, configure Google Cloud Armor, and move the application onto Compute Engine virtual machines.
C. Containerize the application and move it into Google Kubernetes Engine (GKE). Create a GKE service to expose the pods within the cluster, and set up a GKE network policy.
D. Containerize the application and move it into Google Kubernetes Engine (GKE). Create an internal load balancer to expose the pods outside the cluster, and configure Identity-Aware Proxy (IAP) for access."
Most of these answers seem like they could work and be correct, however, B is correct because anytime Google refers to DDOS attacks, they want you to use their Cloud Armor service. The above question is part of a set of practice questions you can find for free from Google here. I highly recommend going through these multiple times to ensure you understand the intricacies of each of the case studies.
General knowledge questions are what you would expect on any exam and are used to reflect your knowledge of what Google Services do at a high level or when you would use them. These are questions like:
"This Google Storage Service gives you a shared filesystem that can be accessed by multiple compute engine instances at once?"
Which would be Filestore since it's the only storage solution that uses a shared filesystem structure underneath.
These will be mostly straightforward and require you to study what each service does and why.
I chose to study mainly by using this Udemy course that went over all of the GCP services and their best practices. It helped me gain a greater understanding of when to use specific services and included a practice test at the end with more sample questions like the one above.
When it comes to studying for any exam, I'm a firm believer that the best way to learn any cloud is to get hands-on experience. I was lucky enough to have access to a course through work that gave me labs I could work through. This allowed me to get my hands dirty doing things like provisioning GKE clusters, setting up IAM policies and Roles within GCP, and working with Compute Engine and their load balancing offerings. I'd highly recommend trying to get some lab access or even utilizing the Google Cloud Free Tier outlined here to get some more practical experience.
In the end, I learned a great deal from this exam. Most cloud knowledge is easily transferrable after you can map a new service to something you already are comfortable with (EC2 instances -> Compute Engine VMs), but I learned more about where GCP might be a better fit for a client than AWS or Azure. Their GKE Autopilot offering is one of the coolest managed Kubernetes offerings I've seen in a while, and I'm hoping to get to use this out in the field soon.
I'm not the biggest "Certifications mean everything" kind of guy, but I feel more comfortable working in GCP after earning it and would recommend it to any Architect wishing to enhance their skills in a new cloud.