How I Completed 3 Google Cloud Certifications in 2 Months?

Sharing experience of my preparation and of the exams.

Sat, 28 Mar 2020

In just around 2 months from when I first started preparing for my first GCP Certification - the Professional Cloud Developer Certification, I now have 3 GCP certifications (in the order that I got them):

  1. GCP Certified Professional Cloud Developer
  2. GCP Certified Professional Cloud Architect
  3. GCP Certified Professional Cloud Security Engineer

GCP Certification Badges

Preparing for these exams in such a short time was a challenging exercise, but it was definitely more than worth it. Since I got the certifications, I have been receiving messages from many people asking for advice on how to prepare for these certifications. The Professional Cloud Developer certification seems to be the most popular one, presumably because it is considered the entry level Professional Google Cloud Certification (they offer an associate certification as well). So I decided to write this post to share my approach for preparing for these certifications and the resources that I used.

Many people say that to pass any GCP certification, you have to study for all of them. This is true to a large extent, but the certifications still vary in how deep which certification goes in which area. Let me share some how I prepared for each certification and also the areas that these certifications focus on.

Certification 1: Professional Cloud Developer

The Professional Cloud Developer Certification is aimed at people who develop and deploy applications on GCP. This certification tests your ability to develop applications hands-on using GCP tools and services.

I started preparing for the Cloud Developer certification around the second week of December. At the time, my production experience on GCP included Google Kubernetes Engine (GKE), Stackdriver Logging, Google Datastore, Cloud Pub/Sub, and Google Cloud Storage (GCS). This, along with few quests that I had done on Google’s hands-on lab platform Qwiklabs earlier meant that I was familiar and comfortable with the Google Cloud Console (the web UI) and to some extent, with the gcloud CLI command.

My primary source for preparation was the excellent coursera specialization for developing applications on GCP. The official Google Cloud documentation is also very helpful when you want a deeper dive. The documentation also includes best practices to be followed for most of GCP’s services.

I am briefly summarizing below the different areas that the exam focuses on:

  • Identify when to use which database / storage service. Every database service and storage class in GCP has it’s unique features and while any use case might have more than one possible solution, most of the times, only one will be an ideal fit.
  • Similarly, you should be able to identify which compute service to use. GCP offers IaaS (Compute Engine Kubernetes Engine), PaaS (App Engine), as well as Serverless (Cloud Functions) compute services.
  • Schema definition considerations for different database services. For eg: how to avoid hotspots in Cloud Bigtable and Cloud Spanner
  • User and Permissions Management: Google Cloud Directory Sync and Identity and Access Management (IAM)
  • Stackdriver (recently rebranded to ”Operations Suite”)- make sure you spend enough time around this as stackdriver gets a very heavy focus across all GCP certifications
  • Cloud Pub/Sub and different ways we can use it - aynchronous data ingestion, IoT, maintaining constant speed of processing while ingesting large amounts of data, etc.
  • Cloud Dataflow
  • Cloud Dataproc
  • CI/CD Pipline using GCP tools and best practices
  • Different deployment methodologies (blue/green, rolling, canary)
  • gcloud v/s gsutil v/s bq CLI tools
  • Service Accounts
  • ML APIs: Cloud Vision AI, Video AI, Natural Language, Cloud Data Loss Prevention API, Cloud speech-to-text API etc.

And not to miss, do study the official case study included in the exam guide beforehand and try to design a solution for it before going for the exam. At least 15% questions in my exam were based on the case study. Keep in mind that in no way is the above list an exhaustive list of everything that is covered. The exam is very wide in terms of the topics and areas it covers.

Certification 2: Professional Cloud Architect

After the first certification, I took a little unintended break from preparing for the next one and ended up taking the Cloud Architect exam in early February. I followed the GCP Architecture Coursera specialization for this certificate and followed it up with this amazing course prepared specifically for the exam. Big shoutout to Tom Stern for the course!

This certification is aimed at testing individuals who can design solutions using GCP tools and services keeping in mind the business and technical objectives along with cost, compliance, security, reliability, and scalibility considerations. As with the Cloud Developer certification, make sure to spend time studying and designing solutions for the three case studies in the exam guide. The exam will include quite a lot of questions based on the case studies. Below I am summarizing few other areas that this certification focuses on.

  • Designing solutions. Think of designs in layers, eg: business layer, data layer, network layer, security layer, cost etc.
  • Build, buy, or modify - based on business and technical objectives, you should be able to make decisions whether you want to go with an off-the-shelf solution, build something from scratch, or modify an existing solution
  • Stateful v/s stateless applications - always prefer stateless designs as much as possible
  • Understand networking services well - VPC, peering on-prem with GCP network, firewalls, shared VPC etc.
  • Since a cloud architect is expected to give high focus on security, you should understand how to securely have networking b/w VMs, networking b/w subnets, networking b/w different VPCs, and networking b/w different projects
  • Planning migrations from on-prem to cloud
  • Zonal resources v/s regional resources v/s global resources
  • Data ingestion into GCP - your ingestion solution will highly depend on the volume & location of your data, and the associated costs with the migration
  • Key management and rotation (CMEK, CSEK)
  • Disaster recovery
  • And the one to always be included - Stackdriver

Certification 3: Professional Cloud Security Engineer

By the time I was done with my last two certifications, I also had a fair idea of managing and ensuring security in Google Cloud, but going through the GCP Security specialization, I realized that there’s much more that I still had to learn. This certification goes much deeper into the security best practices and various security features offered by GCP.

Below are few areas that the certification covers:

  • Cloud Identity
  • Cloud Directory Sync
  • Resource hierarchy in GCP - remember, any GCP resource takes the least restrictive permissions assigned on the resource or any of it’s parent
  • User lifecycle management
  • Service accounts
  • Key management and rotation (CMEK and CSEK)
  • Primitive, predefined, and custom roles
  • IAM v/s ACLs
  • VPC networks, peering, shared VPC, and firewall
  • Load balancing in GCP (global, network, HTTP(S), SSL proxy, and TCP proxy load balancers)
  • Data Loss Prevention (DLP) API to redact Personally Identifiable Information (PII) and sensitive information
  • Log sinks and audit logs
  • Common vulnerabilities and exposures (CVEs) and security scanning in CI/CD pipelines
  • Virtual image hardening
  • Web Security Scanner: features, impact on running on live application etc.
  • Shared responsibility model
  • Data localization (compliance) considerations and managing application data for the same
  • Managing permissions in Bigquery on table level, row-level, and column level

I finally received the Cloud Security Engineer certification on 10th February, 2020, almost at the two month mark when I started preparation for my first GCP certification.

The certifications boosted my GCP expertise and enabled me to design applications as well as develolp migration plans from on-prem to GCP in a much more effective and informed manner.

For any GCP certification, also make sure that you attempt the practice questions included with the respective exam guides. They will prepare you for the kind of questions you get in the actual exam. The exams are of 2 hours duration, and if you prepare well, you should be done with the questions pretty comfortably with a lot of time left on your hand.

As for the study schedule, I dedicated a major chunk of my after-office hours as well as weekends to prepare for the certifications. On most weekdays, I would study from 8 PM to 2 AM after regular working hours. Ensure to take care of your health if you plan to follow an aggressive study routine.

All the best!


Ankur is a technical lead at Prismberry Technologies and a Cloud Solutions Architect. He has expertise in business functions including requirements gathering and product design as well as deep technical experience in designing, developing, and maintaining stable, scalable, resillient, robust, and secure applications.