Free Practice Questions•CDL-Cloud Digital Leader•30 Questions with Answers•Free Practice Questions•CDL-Cloud Digital Leader•30 Questions with Answers•
FREE QUESTIONS
CDL-Cloud Digital Leader Practice Questions
30 free questions with correct answers and detailed explanations.
30Free Questions
2Free Exams
100%With Explanations
CDL Practice Set-01
15 questions
Q1
Your organization needs to plan its cloud infrastructure expenditures. Which should your organization do?
Review cloud resource costs frequently, because costs change often based on use
B
Review cloud resource costs annually as part of planning your organization's overall budget
C
If your organization uses only cloud resources, infrastructure costs are no longer part of your overall budget
D
Involve fewer people in cloud resource planning than your organization did for on-premises resource planning
Correct Answer
Review cloud resource costs frequently, because costs change often based on use
Explanation
Cloud costs are variable and consumption-based, so frequent review is essential. Unlike fixed on-premises budgets, cloud costs shift with usage. Learn more: https://cloud.google.com/docs/cost-management
Q2
The operating systems of some of your organization's virtual machines may have a security vulnerability. How can your organization most effectively identify all virtual machines that do not have the latest security update?
View the Security Command Center to identify virtual machines running vulnerable disk images
B
View the Compliance Reports Manager to identify and download a recent PCI audit
C
View the Security Command Center to identify virtual machines started more than 2 weeks ago
D
View the Compliance Reports Manager to identify and download a recent SOC 1 audit
Correct Answer
View the Security Command Center to identify virtual machines running vulnerable disk images
Explanation
Security Command Center provides centralized visibility into VM vulnerabilities and threats, including identifying VMs running outdated or vulnerable images. Learn more: https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview
Q3
You are currently managing workloads running on Windows Server for which your company owns the licenses. Your workloads are only needed during working hours, which allows you to shut down the instances during the weekend. Your Windows Server licenses are up for renewal in a month, and you want to optimize your license cost. What should you do?
A
Renew your licenses for an additional period of 3 years. Renew your licenses for an additional period of 3 years. Negotiate a cost reduction with your current hosting provider wherein infrastructure cost is reduced when workloads are not in use
B
Renew your licenses for an additional period of 2 years. Negotiate a cost reduction by committing to an automatic renewal of the licenses at the end of the 2 year period
C
Migrate the workloads to Compute Engine with a bring-your-own-license (BYOL) model
Migrate the workloads to Compute Engine with a pay-as-you-go (PAYG) model
Correct Answer
Migrate the workloads to Compute Engine with a pay-as-you-go (PAYG) model
Explanation
Migrating workloads to Compute Engine with a pay-as-you-go (PAYG) model eliminates upfront license costs and lets you pay only when instances are running — ideal when workloads are shut down on weekends. Learn more: https://cloud.google.com/compute/docs/instances/windows/ms-licensing
Q4
Your organization runs a distributed application in the Compute Engine virtual machines. Your organization needs redundancy, but it also needs extremely fast communication (less than 10 milliseconds) between the parts of the application in different virtual machines. Where should your organization locate this virtual machines?
A
In a single zone within a single region
In different zones within a single region
C
In multiple regions, using one zone per region
D
In multiple regions, using multiple zones per region
Correct Answer
In different zones within a single region
Explanation
Placing VMs in the same Google Cloud zone ensures ultra-low latency (sub-10ms) inter-VM communication while maintaining redundancy across multiple machines. Learn more: https://cloud.google.com/compute/docs/regions-zones
Q5
An organization decides to migrate their on-premises environment to the cloud. They need to determine which resource components still need to be assigned ownership. Which two functions does a public cloud provider own?
Hardware maintenance
B
Infrastructure architecture
C
Infrastructure deployment automation
Hardware capacity management
E
Fixing application security issues
Correct Answers
Hardware maintenance
Hardware capacity management
Explanation
In the shared responsibility model, the public cloud provider owns physical infrastructure (servers, networking, datacenters) and the virtualization layer. Learn more: https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate
Q6
You are a program manager within a Software as a Service (SaaS) company that offers rendering software for animation studios. Your team needs the ability to allow scenes to be scheduled at will and to be interrupted at any time to restart later. Any individual scene rendering takes less than 12 hours to complete, and there is no service-level agreement (SLA) for the completion time for all scenes. Results will be stored in a global Cloud Storage bucket. The compute resources are not bound to any single geographical location. This software needs to run on Google Cloud in a cost-optimized way. What should you do?
Deploy the application on Compute Engine using preemptible instances
B
Develop the application so it can run in an unmanaged instance group
C
Create a reservation for the minimum number of Compute Engine instances you will use
D
Start more instances with fewer virtual centralized processing units (vCPUs) instead of fewer instances with more vCPUs
Correct Answer
Deploy the application on Compute Engine using preemptible instances
Explanation
Spot (preemptible) VMs are ideal for interruptible, batch workloads like rendering with no SLA. They provide significant cost savings and can be restarted after interruption. Learn more: https://cloud.google.com/compute/docs/instances/spot
Q7
Your manager wants to restrict communication of all virtual machines with internet access; with resources in another network; or with a resource outside Compute Engine. It is expected that different teams will create new folders and projects in the near future. How would you restrict all virtual machines from having an external IP address?
Define an organization policy at the root organization node to restrict virtual machine instances from having an external IP address
B
Define an organization policy on all existing folders to define a constraint to restrict virtual machine instances from having an external IP address
C
Define an organization policy on all existing projects to restrict virtual machine instances from having an external IP address
D
Communicate with the different teams and agree that each time a virtual machine is created, it must be configured without an external IP address
Correct Answer
Define an organization policy at the root organization node to restrict virtual machine instances from having an external IP address
Explanation
The Organization Policy constraint "constraints/compute.vmExternalIpAccess" enforced at org or folder level prevents VMs from having external IPs, applying automatically to all future projects. Learn more: https://cloud.google.com/resource-manager/docs/organization-policy/restricting-resources
Q8
An organization is training a machine learning model to predict extreme weather events in their country. How should they collect data to maximize prediction accuracy?
Collect all weather data evenly across all cities
B
Collect all weather data primarily from at-risk cities
C
Collect extreme weather data evenly across all cities
D
Collect extreme weather data primarily from at-risk cities
Correct Answer
Collect all weather data evenly across all cities
Explanation
Training accurate ML models for weather prediction requires comprehensive, high-quality historical data from diverse sources. Broad, representative datasets reduce bias and improve model accuracy. Learn more: https://cloud.google.com/vertex-ai/docs/training/overview
Q9
Your organization needs a large amount of extra computing power within the next two weeks. After those two weeks, the need for the additional resources will end. Which is the most cost-effective approach?
A
Use a committed use discount to reserve a very powerful virtual machine
B
Purchase one very powerful physical computer
Start a very powerful virtual machine without using a committed use discount
D
Purchase multiple physical computers and scale workload across them
Correct Answer
Start a very powerful virtual machine without using a committed use discount
Explanation
Renting on-demand Compute Engine instances for a short-term burst (two weeks) is the most cost-effective approach — you pay only for what you use, with no long-term commitments. Learn more: https://cloud.google.com/compute/docs/instances/create-start-instance
Q10
Your multinational organization has servers running mission-critical workloads on its premises around the world. You want to be able to manage these workloads consistently and centrally, and you want to stop managing infrastructure. What should your organization do?
Migrate the workloads to a public cloud
B
Migrate the workloads to a central office building
C
Migrate the workloads to multiple local co-location facilities
D
Migrate the workloads to multiple local private clouds
Correct Answer
Migrate the workloads to a public cloud
Explanation
Google Distributed Cloud and Anthos let organizations manage on-premises and multi-cloud workloads centrally from Google Cloud using a consistent control plane, reducing manual infrastructure management. Learn more: https://cloud.google.com/anthos/docs/concepts/overview
Q11
Your organization stores highly sensitive data on-premises that cannot be sent over the public internet. The data must be processed both on-premises and in the cloud. What should your organization do?
A
Configure Identity-Aware Proxy (IAP) in your Google Cloud VPC network
B
Create a Cloud VPN tunnel between Google Cloud and your data center
Order a Partner Interconnect connection with your network provider
D
Enable Private Google Access in your Google Cloud VPC network
Correct Answer
Order a Partner Interconnect connection with your network provider
Explanation
Cloud Interconnect provides a private, dedicated connection between on-premises infrastructure and Google Cloud without traversing the public internet, enabling secure hybrid processing of sensitive workloads. Learn more: https://cloud.google.com/network-connectivity/docs/interconnect/concepts/overview
Q12
Your company's development team is building an application that will be deployed on Cloud Run. You are designing a CI/CD pipeline so that any new version of the application can be deployed in the fewest number of steps possible using the CI/CD pipeline you are designing. You need to select a storage location for the images of the application after the CI part of your pipeline has built them. What should you do?
A
Create a Compute Engine image containing the application
Store the images in Container Registry
C
Store the images in Cloud Storage
D
Create a Compute Engine disk containing the application
Correct Answer
Store the images in Container Registry
Explanation
Artifact Registry is the recommended container image repository on Google Cloud, integrating natively with Cloud Run and Cloud Build for seamless CI/CD pipelines. Learn more: https://cloud.google.com/artifact-registry/docs/overview
Q13
Each of the three cloud service models - infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) - offers benefits between flexibility and levels of management by the cloud provider and the customer. Why would SaaS be the right choice of service model?
A
You want a balance between flexibility for the customer and the level of management by the cloud provider
You want to minimize the level of management by the customer
C
You want to maximize flexibility for the customer.
D
You want to be able to shift your emphasis between flexibility and management by the cloud provider as business needs change
Correct Answer
You want to minimize the level of management by the customer
Explanation
SaaS is the right model when an organization wants ready-made applications without managing infrastructure or platforms. The cloud provider manages everything; users simply access the software. Learn more: https://cloud.google.com/learn/what-is-saas
Q14
As your organization increases its release velocity, the VM-based application upgrades take a long time to perform rolling updates due to OS boot times. You need to make the application deployments faster. What should your organization do?
A
Migrate your VMs to the cloud, and add more resources to them
Convert your applications into containers
C
Increase the resources of your VMs
D
Automate your upgrade rollouts
Correct Answer
Convert your applications into containers
Explanation
Migrating from VM-based deployments to containers (GKE or Cloud Run) dramatically reduces deployment times by eliminating OS boot overhead — containers start in seconds vs. minutes for VMs. Learn more: https://cloud.google.com/kubernetes-engine/docs/concepts/kubernetes-engine-overview
Q15
Your organization uses Active Directory to authenticate users. Users' Google account access must be removed when their Active Directory account is terminated. How should your organization meet this requirement?
A
Configure two-factor authentication in the Google domain
B
Remove the Google account from all IAM policies
C
Configure BeyondCorp and Identity-Aware Proxy in the Google domain
Configure single sign-on in the Google domain
Correct Answer
Configure single sign-on in the Google domain
Explanation
Google Cloud Directory Sync (GCDS) synchronizes Active Directory users with Google accounts. When an AD account is deprovisioned, the corresponding Google account access is automatically revoked. Learn more: https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-introduction
CDL Practice Set-02
15 questions
Q1
Your company has recently acquired three growing startups in three different countries. You want to reduce overhead in infrastructure management and keep your costs low without sacrificing security and quality of service to your customers. How should you meet these requirements?
A
Host all your subsidiaries' services on-premises together with your existing services.
Host all your subsidiaries' services together with your existing services on the public cloud.
C
Build a homogenous infrastructure at each subsidiary, and invest in training their engineers.
D
Build a homogenous infrastructure at each subsidiary, and invest in hiring more engineers.
Correct Answer
Host all your subsidiaries' services together with your existing services on the public cloud.
Explanation
Google Cloud's resource hierarchy (organization, folders, projects) combined with IAM policies lets enterprises manage acquired companies consistently while enforcing security policies without heavy infrastructure overhead. Learn more: https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
Q2
What is the difference between Standard and Coldline storage?
A
Coldline storage is for data for which a slow transfer rate is acceptable.
B
Standard and Coldline storage have different durability guarantees.
C
Standard and Coldline storage use different APIs.
Coldline storage is for infrequently accessed data.
Correct Answer
Coldline storage is for infrequently accessed data.
Explanation
Cloud Storage Standard class is optimized for frequently accessed (hot) data, while Coldline is designed for data accessed at most once per 90 days. Coldline offers lower storage costs but higher retrieval fees. Learn more: https://cloud.google.com/storage/docs/storage-classes
Q3
What would provide near-unlimited availability of computing resources without requiring your organization to procure and provision new equipment?
Public cloud
B
Containers
C
Private cloud
D
Microservices
Correct Answer
Public cloud
Explanation
Public cloud computing provides near-unlimited, on-demand computing resources that can be provisioned in minutes without organizations needing to purchase, install, or manage physical hardware. Learn more: https://cloud.google.com/docs/overview
Q4
You are a program manager for a team of developers who are building an event-driven application to allow users to follow one another's activities in the app. Each time a user adds himself as a follower of another user, a write occurs in the real-time database. The developers will develop a lightweight piece of code that can respond to database writes and generate a notification to let the appropriate users know that they have gained new followers. The code should integrate with other cloud services such as Pub/Sub, Firebase, and Cloud APIs to streamline the orchestration process. The application requires a platform that automatically manages underlying infrastructure and scales to zero when there is no activity. Which primary compute resource should your developers select, given these requirements?
A
Google Kubernetes Engine
Cloud Functions
C
App Engine flexible environment
D
Compute Engine
Correct Answer
Cloud Functions
Explanation
Pub/Sub is a fully managed, asynchronous messaging service ideal for event-driven architectures like follower-activity feeds. It decouples producers from consumers, enabling scalable and reliable event delivery. Learn more: https://cloud.google.com/pubsub/docs/overview
Q5
Your organization is developing an application that will capture a large amount of data from millions of different sensor devices spread all around the world. Your organization needs a database that is suitable for worldwide, high-speed data storage of a large amount of unstructured data. Which Google Cloud product should your organization choose?
A
Firestore
B
Cloud Data Fusion
C
Cloud SQL
Cloud Bigtable
Correct Answer
Cloud Bigtable
Explanation
Cloud Bigtable is a fully managed, scalable NoSQL database designed for massive workloads from IoT sensor data. It handles millions of reads/writes per second with low latency and scales seamlessly to petabytes. Learn more: https://cloud.google.com/bigtable/docs/overview
Q6
Your organization needs to build streaming data pipelines. You don't want to manage the individual servers that do the data processing in the pipelines. Instead, you want a managed service that will automatically scale with the amount of data to be processed. Which Google Cloud product or feature should your organization choose?
A
Pub/Sub
Dataflow
C
Data Catalog
D
Dataprep by Trifacta
Correct Answer
Dataflow
Explanation
Dataflow is a fully managed, serverless service for building streaming and batch data pipelines. It automatically scales workers and eliminates the need to manage individual servers. Learn more: https://cloud.google.com/dataflow/docs/overview
Q7
Your organization is building an application running in Google Cloud. Currently, software builds, tests, and regular deployments are done manually, but you want to reduce work for the team. Your organization wants to use Google Cloud managed solutions to automate your build, testing, and deployment process. Which Google Cloud product or feature should your organization use?
A
Cloud Scheduler
B
Cloud Code
Cloud Build
D
Cloud Deployment Manager
Correct Answer
Cloud Build
Explanation
Cloud Build is a fully managed CI/CD platform that automates software builds, tests, and deployments on Google Cloud, reducing manual effort and enabling consistent and repeatable release pipelines. Learn more: https://cloud.google.com/build/docs/overview
Q8
Which Google Cloud product can report on and maintain compliance on your entire Google Cloud organization to cover multiple projects?
A
Cloud Logging
B
Identity and Access Management
C
Google Cloud Armor
Security Command Center
Correct Answer
Security Command Center
Explanation
Security Command Center (SCC) at the organization level provides compliance reporting, vulnerability assessment, and threat detection across all projects in a Google Cloud organization from a single dashboard. Learn more: https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview
Q9
Your organization needs to establish private network connectivity between its on-premises network and its workloads running in Google Cloud. You need to be able to set up the connection as soon as possible. Which Google Cloud product or feature should you use?
A
Cloud Interconnect
B
Direct Peering
Cloud VPN
D
Cloud CDN
Correct Answer
Cloud VPN
Explanation
Cloud VPN provides an encrypted IPsec tunnel over the public internet for private connectivity between on-premises networks and Google Cloud. It can be set up quickly and is ideal when speed of deployment is critical. Learn more: https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview
Q10
Your organization is developing a mobile app and wants to select a fully featured cloud-based compute platform for it. Which Google Cloud product or feature should your organization use?
A
Google Kubernetes Engine
Firebase
C
Cloud Functions
D
App Engine
Correct Answer
Firebase
Explanation
Firebase is Google's fully featured mobile and web application platform, providing authentication, real-time databases, cloud storage, hosting, and serverless functions tailored for mobile app development. Learn more: https://firebase.google.com/docs/overview
Q11
Your company has been using a shared facility for data storage and will be migrating to Google Cloud. One of the internal applications uses Linux custom images that need to be migrated. Which Google Cloud product should you use to maintain the custom images?
A
App Engine flexible environment
Compute Engine
C
App Engine standard environment
D
Google Kubernetes Engine
Correct Answer
Compute Engine
Explanation
Cloud Storage allows you to import custom Linux VM images using the image import tool (gcloud compute images import), enabling migration of on-premises Linux workloads to Compute Engine. Learn more: https://cloud.google.com/compute/docs/import/importing-virtual-disks
Q12
Your organization wants to migrate its data management solutions to Google Cloud because it needs to dynamically scale up or down and to run transactional SQL queries against historical data at scale. Which Google Cloud product or service should your organization use?
A
BigQuery
B
Cloud Bigtable
C
Pub/Sub
Cloud Spanner
Correct Answer
Cloud Spanner
Explanation
BigQuery is a fully managed, serverless data warehouse that supports ANSI SQL queries and can dynamically scale to handle petabytes of historical transactional data with high performance and low cost. Learn more: https://cloud.google.com/bigquery/docs/introduction
Q13
Your organization needs to categorize objects in a large group of static images using machine learning. Which Google Cloud product or service should your organization use?
A
BigQuery ML
B
AutoML Video Intelligence
Cloud Vision API
D
AutoML Tables
Correct Answer
Cloud Vision API
Explanation
Cloud Vision API uses pre-trained ML models to classify, label, and detect objects in images at scale, without requiring any ML expertise. It is ideal for categorizing large batches of static images. Learn more: https://cloud.google.com/vision/docs/labels
Q14
Your organization runs all its workloads on Compute Engine virtual machine instances. Your organization has a security requirement: the virtual machines are not allowed to access the public internet. The workloads running on those virtual machines need to access BigQuery and Cloud Storage, using their publicly accessible interfaces, without violating the security requirement. Which Google Cloud product or feature should your organization use?
A
Identity-Aware Proxy
B
Cloud NAT (network address translation)
C
VPC internal load balancers
Private Google Access
Correct Answer
Private Google Access
Explanation
Cloud NAT (Network Address Translation) allows VM instances without external IPs to initiate outbound connections to the internet while remaining unreachable from the public internet, maintaining security. Learn more: https://cloud.google.com/nat/docs/overview
Q15
Which Google Cloud product is designed to reduce the risks of handling personally identifiable information (PII)?
A
Cloud Storage
B
Google Cloud Armor
Cloud Data Loss Prevention
D
Secret Manager
Correct Answer
Cloud Data Loss Prevention
Explanation
Cloud Data Loss Prevention (DLP) API automatically discovers, classifies, and de-identifies sensitive and personally identifiable information (PII) to reduce the risk of accidental exposure. Learn more: https://cloud.google.com/dlp/docs/dlp-overview
Want More Practice?
These are just the free questions. Unlock the full CDL-Cloud Digital Leader exam library with hundreds of additional questions, timed practice mode, and progress tracking.