Passing the Google Cloud professional developer exam

It was my 2nd time taking the exam. The 1st time was 2 years ago while the exam was beta with roughly 118 questions within 2 hours. The exam I took had 60 questions with the case study. I was surprised to see the questions related to the case study has decreased to [4,5] and were not that related to the case study. I am guessing the new exam format is all 60 questions now. I’m listing the topics that you should study to succeed in the exam:

1. Cloud pub/sub: how to architect publishing and the subscribing model where the publisher IAM role can be bound at the topic to service accounts. Cloud dataflow has the feature to achieve efficient deduplication and is the best option compared to writing code to deduplicate in Dataproc, compute engine, or BigQuery. Understand when to design 1 topic per microservice such as the payment service should not share the same topic as the inventory service. Know the differences between pull vs push subscriptions.
2. Understand the purpose and features of Cloud endpoints such as quota, metrics, authentication with Google ID tokens.
3. Study customer supplied encryption key vs customer managed encryption key. Different methods to encrypt or decrypt file objects in Cloud storage such has the REST method requires passing the SHA256 hash in the header or the boto configuration file.
4. Learn how to design failure retry logic with exponential backoff in Cloud Storage.
5. Understand the steps to create and submit cloud builds with cloudbuild.yaml. Remember storing secrets such as passwords or service account keys in source control is always the wrong option.
6. Understand the scaling and cost differences between Cloud run, app engine standard, flexible. When to choose app engine standard vs flexible.
7. Understand database schema design principles such as avoiding hotspot in Firestore, Spanner, and BigTable. Design the rowKey schema per the query parameters in BigTable on data reported from IoT devices. Put the query irrelevant fields in the least significant part of the rowKey if the field needs to appear in the rowKey. Do not put the DateTime timestamp in the front part of the rowKey.
8. Understand basic gcloud commands to list database instances such as gcloud redis instances, gcloud sql databases list --instance= with filter arguments
9. Between cloud build steps, use /workspace or volumes to persiste files.
10. Understand blue, green OR red, black deployment where 2 identical environments running 2 different versions of software. Tests are conducted in the blue environment first. Once certified, the production traffic from load balancing is switched from green to blue environment. When having 2 environments isn’t possible, use canary rollout to monitor errors and metrics on the new version.
11. Common gsutil command such as the -r option.
12. Why GKE workload identity is better than storing service account keys in GKE secrets.
13. When to use Cloud Trace (microservice latency), Profiling (system memory usage, time spent in methods), Monitoring (metrics, service level indicators, objectives), Debug (production debug snapshot), Logging (different log export options where pub/sub is for third-party real time log analysis).
14. Understand how to collect application logs in compute engine instances with installation of the logging agent. Learn how to configure third party application logs with fluentd such as nginx or apache’s logs. Manually copying such log contents is almost always the wrong answer.
15. When to use GKE horizontal vs vertical pod autoscaling.
16. Store environment specific configurations such as database connection strings in compute engine custom metadata instead of hard coding them in the source control.
17. Study when to use Kubernetes [Daemonset, deployment, statefulset], [Service of ClusterIP, LoadBalancer, NodePort]
18. How to query BigQuery date partitioned table.
19. Why is it better to store user session in cloud Memorystore, user shopping cart data in Firestore vs storing them in Cloud Storage.
20. When to use private Google access, VPC service control’s service perimeter.
21. How to encrypt traffic between GKE deployed microservices with Anthos service mesh’s mTLS feature.
22. How to integrate container analysis and vulnerability scanning in automated CI,CD pipelines using analysis notes, binary authorization’s attestations.
23. Learn how Cloud IAP secures services in App engine, compute engine, GKE, on-premises with Google sign-in.
24. Understand how to use infrastructure as code with git such as deployment manager, terraform to create infrastructure. gcloud commands don’t maintain the current state of infrastructure in git.

There are some other study guides which could be helpful: sathish vj, Ivam Luz.