GCP Interview Questions: What to Expect in Google Cloud Roles

GCP interview questions have a distinct character compared to AWS or Azure interviews — partly because of how GCP organises its services, and partly because of who hires for GCP roles. Understanding the landscape before you walk into an interview makes a real difference.

Who Actually Hires for GCP Roles#

GCP’s market position shapes who you’ll interview with. The platform has strong adoption in:

Data and analytics companies — BigQuery is a flagship product. Companies that process large volumes of data often run on GCP specifically because of BigQuery’s performance and pricing model. If the job description mentions data engineering or analytics infrastructure, GCP is a common fit.

Gaming and media companies — Google Cloud has historically attracted game studios and streaming platforms. Spanner, Bigtable, and GKE appear frequently in these environments.

Startups backed by Google or using Google products — Firebase, Google Workspace integration, and Google Cloud credits for startups create clusters of GCP usage in the startup world.

Google Cloud partners — Consultancies and system integrators with Google Cloud partner status hire GCP practitioners to serve client needs.

Enterprise organisations with mixed clouds — Many large companies run multi-cloud. A GCP role at an enterprise might involve working alongside AWS or Azure environments.

This matters for interview prep because GCP roles are less common than AWS roles overall. If you’re applying to a data company, expect BigQuery and data engineering to dominate. If you’re applying to a startup, expect Kubernetes and Cloud Run to feature heavily.

How GCP Organises Things Differently from AWS#

One GCP concept that consistently catches AWS engineers off-guard is the resource hierarchy. Where AWS uses accounts and organisations, GCP uses projects as the fundamental unit of resource grouping and billing. IAM policies apply at the organisation, folder, or project level, and they inherit downward.

Understanding the project model is important: resources in different projects cannot communicate by default. You need VPC sharing or peering to connect them. IAM bindings are project-scoped unless set at a higher level.

Other conceptual differences:

• GCP’s service accounts map roughly to AWS IAM roles, but the mechanics differ
• GCP VPC networks are global by default (a subnet is regional, but the VPC spans regions) — this is the inverse of AWS where a VPC is regional
• GCP IAM uses a binding model (member + role attached to a resource) rather than policy documents with explicit allow/deny statements

Core GCP Services Tested in Interviews#

Compute Engine — GCP’s equivalent of EC2. Interviewers test knowledge of machine types, persistent disks vs local SSDs, instance templates, and managed instance groups.

Google Kubernetes Engine (GKE) — GCP’s flagship managed Kubernetes service. GKE is heavily used and frequently tested. Interviewers at GCP shops often assume baseline Kubernetes knowledge and go straight to GKE-specific features: Autopilot mode, node pools, Workload Identity.

Cloud Storage — Object storage, comparable to S3. Bucket locations (regional vs multi-regional), storage classes (Standard, Nearline, Coldline, Archive), and IAM vs ACL access control.

BigQuery — Serverless data warehouse. Appears in interviews far more often for GCP than for any other platform. Even cloud engineering roles at data companies will include BigQuery questions.

Cloud Run — Fully managed serverless container platform. Questions focus on when to use Cloud Run vs GKE, cold start behaviour, and concurrency configuration.

Pub/Sub — Managed messaging service. Often tested in the context of event-driven architectures and data pipelines.

Cloud IAM and Service Accounts — Core to almost every interview. The difference between service account keys (avoid) and Workload Identity (preferred) is a common question.

VPC and networking — Firewall rules, VPC peering, Private Service Connect, Cloud Interconnect basics.

GCP Interview Questions with What Interviewers Are Probing#

Compute Engine and Infrastructure#

“What is a managed instance group? How does it differ from an unmanaged instance group?” Probing for: Whether you understand auto-healing, auto-scaling, and rolling updates — the features that make MIGs operationally useful. Unmanaged groups are rarely the right answer.

“How would you connect a VM in a private subnet to the internet for outbound traffic without giving it a public IP?” Probing for: Knowledge of Cloud NAT. Candidates who suggest giving the VM a public IP or say “you can’t do that” fail to demonstrate real networking knowledge.

“What’s the difference between a regional and a zonal persistent disk?” Probing for: Understanding that regional persistent disks replicate across two zones and support failover — relevant for high-availability designs.

“How do custom machine types work in GCP, and when are they useful?” Probing for: Awareness that GCP lets you specify exact vCPU and memory combinations. Useful when predefined types are over- or under-provisioned.

GKE and Containers#

“What is Workload Identity in GKE, and why is it preferred over service account key files?” Probing for: Security thinking. Workload Identity binds a Kubernetes service account to a GCP service account without any long-lived credentials. Key files are a security risk and an operational headache. This is a high-signal question.

“What is GKE Autopilot mode, and what responsibility does it take away from you?” Probing for: Understanding that Autopilot manages node provisioning, scaling, and security hardening. The trade-off is less control over node configuration.

“How would you route traffic to different versions of an application in GKE?” Probing for: Ability to reason about Kubernetes Services, Ingress controllers, and traffic splitting strategies. A strong answer might mention Istio, GKE Gateway, or a canary deployment approach.

“What is a node pool, and when would you use multiple node pools in a GKE cluster?” Probing for: Knowledge of how to separate workloads with different resource or scheduling requirements — for example, GPU node pools for ML workloads alongside general-purpose pools.

BigQuery and Data Engineering#

“How does BigQuery charge for queries, and what can you do to control costs?” Probing for: Understanding that BigQuery charges by bytes processed (in on-demand mode), not by time. Cost controls include: partitioned tables, clustered tables, column selection, and approximate aggregation functions. Companies spend real money here, and interviewers want to know you’re aware of it.

“What is partitioning in BigQuery and how does it affect query performance?” Probing for: Understanding that partitioning allows BigQuery to skip scanning irrelevant partitions — a significant performance and cost optimisation for large tables. Partition by date is the most common pattern.

“What’s the difference between BigQuery and Cloud Spanner?” Probing for: Conceptual clarity. BigQuery is an analytics/OLAP database — fast for large aggregations, not suitable for high-frequency transactional writes. Cloud Spanner is a globally consistent OLTP database. Conflating them is a meaningful gap.

“How would you load data into BigQuery from Cloud Storage?” Probing for: Practical knowledge. Batch load jobs, streaming inserts, and BigQuery Data Transfer Service are all valid options with different use cases and cost profiles.

Cloud Run and Serverless#

“When would you choose Cloud Run over GKE for deploying a containerised application?” Probing for: Trade-off reasoning. Cloud Run is simpler, scales to zero, and requires no cluster management. GKE offers more control, handles stateful workloads better, and suits applications with complex networking requirements.

“What does ‘concurrency’ mean in Cloud Run, and why does it matter?” Probing for: Understanding that Cloud Run allows multiple concurrent requests per container instance. Higher concurrency means fewer cold starts and lower cost — but requires your application to be thread-safe.

IAM and Security#

“What is the difference between a primitive role, a predefined role, and a custom role in GCP IAM?” Probing for: Security maturity. Primitive roles (Owner, Editor, Viewer) are overly broad and should rarely be used in production. Predefined roles scope permissions to specific services. Custom roles allow fine-grained control when predefined options don’t fit.

“How would you audit who has access to what in a GCP project?” Probing for: Knowledge of tools: IAM policy viewer, Policy Analyzer, Cloud Audit Logs, and Security Command Center. Candidates who can only describe manually clicking through the console are limited.

Pub/Sub and Event-Driven Architecture#

“What is the difference between a Pub/Sub subscription and a topic?” Probing for: Basic messaging architecture knowledge. Topics receive published messages; subscriptions are how consumers receive them. A topic can have multiple subscriptions, each independently consuming the message stream.

“What happens if a Pub/Sub subscriber doesn’t acknowledge a message?” Probing for: Understanding of message retention and redelivery. Unacknowledged messages are redelivered up to the message retention duration, which creates at-least-once delivery semantics. Idempotent consumers are important.

Realistic GCP Scenario Question#

“A media company ingests 50 million events per day from a mobile app. They want to store the raw events, process them within an hour of arrival, and make aggregated data available for analysts to query interactively. Design the GCP data pipeline.”

A strong answer:

• Pub/Sub to ingest high-volume event streams
• Dataflow (or Cloud Run) for near-real-time processing and transformation
• Cloud Storage for raw event archival (partitioned by date)
• BigQuery as the analytical layer, with partitioned tables on event date and clustering on key dimensions
• IAM with least-privilege service accounts for each component

The interviewer is watching for whether you understand the latency requirements, why Dataflow fits streaming better than batch jobs, and why BigQuery is the right analytics layer (not Cloud SQL or Spanner).

Common Mistakes GCP Candidates Make#

Treating GCP IAM like AWS IAM. The binding model is different. Candidates who try to write AWS-style policy documents for GCP questions reveal that they haven’t actually worked with GCP IAM.

Not knowing the GCP project hierarchy. Talking about “accounts” instead of “projects” is a small tell. More importantly, not understanding how IAM inheritance across projects/folders/organisations works can undermine architecture answers.

Ignoring BigQuery. Even for non-data-engineering roles at GCP shops, BigQuery often comes up. At minimum, understand what it is, how it’s billed, and when you’d use it.

Over-recommending Compute Engine for everything. GCP’s managed services — Cloud Run, GKE Autopilot, Cloud SQL — are generally preferable to running things manually on VMs. Defaulting to “spin up a VM” suggests limited GCP exposure.