GCP Professional Cloud Architect Practice Question
Your team needs CI integration tests for a Terraform module that provisions a Cloud Run service, a Pub/Sub topic, and IAM bindings. For each GitHub pull request the pipeline must: 1) create the stack in an isolated Google Cloud environment, 2) run a smoke test that invokes the new Cloud Run HTTP endpoint, and 3) delete all resources afterward. The production GCS state bucket must remain untouched, costs kept low, and IAM impact limited to the test. Which approach best meets these goals?
Use Cloud Build with Cloud Deploy to push the module to a shared staging project where resources remain permanently, run tests there, and skip the destroy step to save time.
Have Cloud Build apply each resource in the production project with -target, run tests, and then re-apply the main branch state to roll back the changes.
Use a Cloud Build pull-request trigger that creates a temporary project with a least-privilege service account, overrides the Terraform backend to a per-PR GCS bucket, runs terraform apply, invokes gcloud run services invoke for the smoke test, then runs terraform destroy and deletes the project.
Trigger a Cloud Function that deploys the module with Deployment Manager in the production project, runs tests, and removes the Deployment Manager deployment afterward.
Running the tests in Cloud Build with an ephemeral project provides full isolation. The build creates a temporary project using a least-privilege service account, overrides the Terraform backend to point at a per-PR GCS bucket, and executes terraform apply. A subsequent step calls gcloud run services invoke (or curl) to hit the endpoint, then terraform destroy tears everything down and the project is deleted. This avoids touching production state, limits IAM scope, and incurs only short-lived resource costs. Alternatives either deploy to the production project, leave resources behind, or rely on tools that do not satisfy the isolation and cleanup requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Cloud Build and how does it help in CI/CD workflows?
Open an interactive chat with Bash
Why is an isolated temporary project needed for CI integration tests?
Open an interactive chat with Bash
What does Terraform backend overriding to a per-PR GCS bucket achieve?
Open an interactive chat with Bash
Why is creating a temporary project with a least-privilege service account necessary in this setup?
Open an interactive chat with Bash
How does overriding the Terraform backend to a per-PR GCS bucket help in this setup?
Open an interactive chat with Bash
What are the advantages of using `terraform destroy` and deleting the project afterward?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Managing implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .