GCP Professional Cloud Architect Practice Question
Your organization manages 50 Google Cloud projects that follow a hub-and-spoke VPC design. Network engineers currently bootstrap each new project with gcloud commands from their laptops, which has resulted in configuration drift and inconsistent IAM role assignment. Leadership now mandates that infrastructure changes be 1) defined as code in a single source-of-truth, 2) subjected to peer review before execution, and 3) automatically halt the pipeline and surface an alert if the apply step fails so engineers can remediate quickly. In line with the operational excellence pillar of the Google Cloud Well-Architected Framework, which implementation best meets these goals?
Store Deployment Manager templates in Cloud Storage and have engineers manually launch deployments from Cloud Shell when new projects are created.
Create reusable Terraform modules for the shared VPC and IAM policies, store them in a Git repository, and configure Cloud Build to run terraform plan on pull requests and terraform apply after a manual approval, using Cloud Storage as the remote state backend so any apply failure stops the pipeline and triggers alerts.
Maintain bash scripts with gcloud commands in Cloud Source Repositories and instruct engineers to run the scripts locally after emailing their changes for peer review.
Enable VPC Service Controls and enforce an Organization Policy that blocks manual network changes; recreate resources through the Cloud Console when updates are needed.
Storing Terraform modules in a version-controlled repository establishes a single source-of-truth and eliminates ad-hoc local scripts. A Cloud Build trigger that runs terraform plan on every pull request allows peers to review the planned changes before they are applied. After a manual approval, Cloud Build can execute terraform apply using a Cloud Storage remote state backend, ensuring that all state is centralized and auditable across the 50 projects. If the apply step fails, Cloud Build marks the build as failed and sends notifications, stopping the pipeline so engineers can investigate and remediate. The other options either rely on manual execution, perpetuate local script usage, or fail to provide a peer-reviewed, code-based workflow.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Terraform?
Open an interactive chat with Bash
Why is Cloud Storage used as a remote state backend in this implementation?
Open an interactive chat with Bash
How does Cloud Build enforce peer review in this workflow?
Open an interactive chat with Bash
What is Terraform, and why is it recommended for managing infrastructure in this scenario?
Open an interactive chat with Bash
Why is Cloud Build used, and how does it improve the deployment workflow?
Open an interactive chat with Bash
Why is Cloud Storage chosen as the remote state backend for Terraform?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Ensuring solution and operations excellence
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .