Domain 1: Digital Transformation with Google Cloud
Exam Context
Domain 1 accounts for approximately 17% of the Cloud Digital Leader exam (~9-10 questions out of ~50). This domain tests your understanding of why organizations adopt cloud technology, fundamental cloud concepts, and the cloud computing service models. It is the foundational domain -- concepts here underpin every other domain on the exam.
Exam format: 50-60 multiple-choice and multiple-select questions, 90 minutes, no prerequisites. The passing score is not publicly disclosed by Google but is generally understood to be around 70%.
Section 1.1: Why Cloud Technology is Transforming Business
Core Terminology
You must know these definitions precisely. The exam tests whether you can distinguish between them.
| Term | Definition |
|---|---|
| Cloud | On-demand delivery of computing resources (servers, storage, databases, networking, software) over the internet, with pay-as-you-go pricing. Resources are owned and maintained by the cloud provider. |
| Digital transformation | The process of using digital technology to create or modify business processes, culture, and customer experiences to meet changing business and market requirements. Not just moving servers -- it involves rethinking how the business operates. |
| Cloud-native | Applications designed from the ground up to exploit cloud computing advantages: microservices architecture, containers, dynamic orchestration, and continuous delivery. Cloud-native does NOT mean "hosted in the cloud" -- a VM running a monolith in the cloud is NOT cloud-native. |
| Open source | Software with source code made freely available for modification and redistribution. Google Cloud actively contributes to open-source projects (Kubernetes, TensorFlow, Go, Istio). |
| Open standard | Publicly available specifications that promote interoperability. Examples: HTTP, SQL, OAuth, OpenID Connect. Open standards prevent vendor lock-in and enable portability. |
Exam trap: "Cloud-native" and "cloud-based" are NOT synonyms. Cloud-native specifically implies designed for the cloud (microservices, containers, CI/CD). An application can be cloud-based (running in the cloud) without being cloud-native (e.g., a monolithic app lifted-and-shifted to a VM).
Why Organizations Choose Cloud
The exam tests six primary benefits. Know them and be able to map them to business scenarios.
| Benefit | What It Means | Business Impact |
|---|---|---|
| Scalability | Ability to increase or decrease resources to match demand | Handle traffic spikes without over-provisioning; scale globally without building data centers |
| Flexibility | Choose from a wide range of services and configurations | Pick the right tool for the job; change direction without sunk hardware costs |
| Agility | Speed of provisioning and deploying new resources | Launch new products faster; iterate quickly; reduce time-to-market from months to hours |
| Reliability | Built-in redundancy, failover, and SLAs | Reduce downtime; automatic backups; geographic distribution for disaster recovery |
| Cost-effectiveness | Pay only for what you use; eliminate idle capacity | No upfront capital investment; convert fixed costs to variable costs |
| Sustainability | Cloud providers operate at scale with energy-efficient infrastructure | Reduce carbon footprint; leverage provider investments in renewable energy |
On-Premises vs. Cloud Comparison
| Factor | On-Premises | Cloud |
|---|---|---|
| Provisioning time | Weeks to months (procurement, shipping, installation) | Minutes to hours |
| Scaling | Manual; requires purchasing and installing hardware | Automatic or on-demand; API-driven |
| Capital investment | High upfront (CapEx) | Low or zero upfront (OpEx) |
| Capacity planning | Must estimate future needs; risk of over/under-provisioning | Scale to actual demand; pay for what you use |
| Maintenance | Customer responsible for all hardware, power, cooling, patching | Provider handles infrastructure maintenance |
| Geographic reach | Limited to owned/leased facilities | Global deployment in minutes across 43 regions |
| Innovation speed | Constrained by hardware refresh cycles | Continuous access to latest services and features |
| Security staffing | Must hire and retain full security team | Shared responsibility; leverage provider's security investment |
CapEx vs. OpEx and Total Cost of Ownership (TCO)
This is a heavily tested concept. The exam asks you to explain how moving to cloud shifts the financial model.
Capital Expenditures (CapEx): Upfront costs to purchase physical assets -- servers, storage arrays, networking equipment, data center facilities. These are depreciated over 3-5 years. On-premises infrastructure is dominated by CapEx.
Operational Expenditures (OpEx): Ongoing costs for running services -- cloud subscription fees, pay-per-use charges, utility-style billing. Cloud computing converts CapEx to OpEx.
Total Cost of Ownership (TCO): The complete cost of owning and operating infrastructure over its lifetime. A proper TCO analysis includes:
- Hardware purchase and depreciation
- Software licensing
- Power and cooling
- Physical space (data center lease/build)
- Network connectivity
- Staff salaries (system admins, security, network engineers)
- Downtime costs
- Opportunity cost of slow deployment
Exam trap: A common mistake is comparing only the compute cost of cloud VMs against the purchase price of physical servers. This dramatically underestimates on-premises TCO because it ignores power, cooling, space, staffing, and opportunity costs. The exam may present scenarios where someone argues "cloud is more expensive" based on a naive cost comparison -- the correct answer recognizes that a proper TCO analysis includes all indirect costs.
Exam trap: Cloud is NOT always cheaper in raw compute terms. For steady, predictable workloads running 24/7, on-premises can have lower per-unit compute cost. The cloud advantage is in agility, scaling, and eliminating undifferentiated heavy lifting -- not in being universally cheaper per CPU-hour.
Risk of Not Adopting Cloud
The exam may ask about consequences of avoiding digital transformation:
- Inability to scale with market demand
- Slower time-to-market than competitors
- Higher operational costs from maintaining aging infrastructure
- Difficulty attracting technical talent (engineers prefer modern tooling)
- Security vulnerabilities from outdated, unpatched systems
- Missed opportunities in AI/ML, data analytics, and automation
Section 1.2: Fundamental Cloud Concepts
Cloud Deployment Models
This is one of the most frequently tested topics. Know the four models, when to use each, and the tradeoffs.
| Model | Definition | Use When | Tradeoffs |
|---|---|---|---|
| Public cloud | Resources owned and operated by a third-party provider, delivered over the internet. Multiple tenants share underlying infrastructure. | Default choice for most workloads; startups; variable demand; global reach needed | Least control over infrastructure; shared tenancy (logical isolation, not physical); potential data residency concerns |
| Private cloud | Cloud infrastructure operated solely for a single organization, either on-premises or hosted by a third party. | Strict regulatory/compliance requirements; sensitive data handling; need for maximum control | Highest cost; limited scalability; requires in-house expertise; defeats many cloud benefits |
| Hybrid cloud | Combination of on-premises (or private cloud) and public cloud, with orchestration between them. Workloads move between the two environments. | Migration phases; burst capacity; keep sensitive data on-prem while using cloud for compute; legacy system integration | Increased complexity; requires networking between environments; more difficult to manage consistently |
| Multicloud | Using services from multiple public cloud providers simultaneously (e.g., Google Cloud + AWS + Azure). | Avoid vendor lock-in; best-of-breed services from each provider; regulatory requirements across regions; M&A integration | Most complex to manage; skills across multiple platforms; inconsistent tooling; higher networking costs |
Exam trap: Hybrid cloud and multicloud are NOT the same thing. Hybrid = on-prem + cloud. Multicloud = multiple cloud providers. An organization can be both (on-prem + Google Cloud + AWS), but the terms are distinct. The exam will test whether you can correctly identify which model applies to a given scenario.
Google Cloud differentiator: Google Cloud positions itself as the "open cloud" and is the strongest proponent of multicloud and hybrid strategies among the major providers. GKE Enterprise (formerly Anthos) is Google's platform for managing workloads across on-premises, Google Cloud, AWS, and Azure from a single control plane. This is a key exam topic -- know that GKE Enterprise enables consistent management across environments.
Google Cloud Global Infrastructure
As of February 2026, Google Cloud's infrastructure consists of:
| Component | Count/Detail |
|---|---|
| Regions | 43 (across Americas, Europe, Asia-Pacific, Middle East, Africa) |
| Zones | 130 (typically 3 per region) |
| Network edge locations | 200+ |
| Countries and territories served | 200+ |
| Fiber network | 7.75 million km (terrestrial and subsea cables) |
Key definitions:
Region: An independent geographic area (e.g.,
us-central1in Iowa,europe-west1in Belgium). Each region is completely independent of other regions for fault isolation. Choose regions based on latency to users, data residency requirements, and service availability.Zone: A deployment area within a region (e.g.,
us-central1-a,us-central1-b). Zones provide isolation from physical infrastructure failures within a region. Most regions have 3 zones. Deploy across multiple zones for high availability.Network edge location (Point of Presence): Locations where Google's network connects to the rest of the internet. These cache content close to users and reduce latency. Google has 200+ edge locations in 200+ countries.
Resource scopes (know which resources exist at which level):
| Scope | Examples | Implication |
|---|---|---|
| Global | VPC networks, disk images, snapshots | Available across all regions |
| Regional | Static external IP addresses, regional disks | Available within a single region |
| Zonal | VM instances, persistent disks | Available within a single zone; zone failure affects these resources |
Exam trap: A single zone failure should NOT take down your application if properly architected. The exam will test whether you understand that deploying across multiple zones (and potentially multiple regions) provides fault tolerance. If you deploy everything in a single zone, you have a single point of failure.
Google's Network
Google operates one of the largest private networks in the world. Key facts for the exam:
- Private fiber backbone: Google's network connects its data centers globally via private fiber optic cables, including multiple subsea cables. Traffic between Google Cloud services stays on Google's private network, not the public internet.
- Software-defined networking: Google's network is managed by software, enabling rapid changes and optimization.
- Low-latency design: Zones within a region are connected by high-bandwidth, low-latency links. This matters for applications requiring fast inter-service communication.
- Premium vs. Standard network tiers: Premium tier routes traffic over Google's private network for lower latency. Standard tier uses the public internet and is cheaper but higher latency.
- 7x WAN bandwidth increase from 2020 to 2025, with AI-powered network management for resilience.
Sustainability
Google Cloud's sustainability commitments are an exam topic, particularly when the question asks about reasons to choose cloud over on-premises.
| Commitment | Detail |
|---|---|
| Carbon neutral since 2007 | Google has been carbon neutral across all operations since 2007 |
| 100% renewable energy matching | Since 2017, Google has matched 100% of its global electricity consumption with renewable energy purchases on an annual basis |
| 24/7 carbon-free energy by 2030 | Goal to run on carbon-free energy every hour of every day in every data center |
| Industry-leading PUE | Power Usage Effectiveness of 1.09 (industry average is 1.56). PUE of 1.0 means all energy goes to computing; no overhead |
| Low-CO2 regions | Multiple regions designated as low-CO2, including Oregon, Iowa, Montreal, Toronto, and several South American regions |
| Carbon footprint tool | Customers can track their Google Cloud carbon footprint by region and service |
Exam tip: When a question asks about benefits of moving to the cloud and "sustainability" or "environmental impact" is an answer choice, it is often correct -- especially in the context of comparing on-premises (where organizations run their own power and cooling) vs. cloud (where Google operates at massive scale with optimized efficiency).
Section 1.3: Cloud Computing Models and Shared Responsibility
IaaS vs. PaaS vs. SaaS
This is one of the most critical exam topics. You must be able to classify Google Cloud services into these categories and understand what you manage vs. what Google manages.
| Attribute | IaaS | PaaS | SaaS |
|---|---|---|---|
| What you get | Virtual machines, storage, networking -- raw infrastructure | A platform to build and deploy applications without managing infrastructure | Ready-to-use software applications |
| You manage | Applications, data, runtime, middleware, OS | Applications, data | Data, user access |
| Google manages | Virtualization, servers, storage, networking | Runtime, middleware, OS, virtualization, servers, storage, networking | Everything except data and user access |
| Flexibility | Highest -- full control over OS, runtime, configuration | Medium -- limited to platform capabilities | Lowest -- use the application as designed |
| Management overhead | Highest -- you patch OS, configure networking, manage scaling | Medium -- platform handles infrastructure, you manage code | Lowest -- just use the application |
| Scaling | Manual or auto-scaling configuration required | Often automatic | Fully managed by provider |
| Google Cloud examples | Compute Engine, Cloud Storage, Cloud VPN | App Engine, Cloud Run, BigQuery, Cloud Functions | Google Workspace, Google Security Operations, Looker |
| Best for | Full control needed; lift-and-shift migrations; custom OS/networking requirements | Application development; focus on code not infrastructure; rapid prototyping | End-user productivity; no development/infrastructure team available |
Exam trap: BigQuery is PaaS, not SaaS. Even though BigQuery is fully managed and requires no infrastructure setup, it is a platform on which you build queries and analytics -- it is not a ready-to-use end-user application. Similarly, Cloud Run is PaaS (you deploy your containerized code; Google manages everything else).
Exam trap: GKE (Google Kubernetes Engine) is sometimes classified as a "managed IaaS" or "container platform." The exam may test whether you understand that GKE abstracts more than raw IaaS (Google manages the Kubernetes control plane) but gives you more control than pure PaaS (you manage containers, deployments, and configurations).
The Shared Responsibility Model
The shared responsibility model defines who is responsible for security at each layer of the stack. This changes depending on the service model.
Universal constants (regardless of IaaS/PaaS/SaaS):
- Google is ALWAYS responsible for: physical data center security, hardware, network infrastructure, and the underlying cloud platform
- The customer is ALWAYS responsible for: their data, access policies, and identity management decisions
Responsibility by service model:
| Layer | IaaS (Compute Engine) | PaaS (App Engine) | SaaS (Google Workspace) |
|---|---|---|---|
| Data | Customer | Customer | Customer |
| Access & Identity | Customer | Customer | Customer |
| Application | Customer | Customer | |
| Runtime | Customer | ||
| Middleware | Customer | ||
| Operating System | Customer | ||
| Virtualization | |||
| Hardware | |||
| Network | |||
| Physical Security |
Key insight: As you move from IaaS to PaaS to SaaS, the customer's security burden decreases and Google's increases. This is a tradeoff -- you get less responsibility but also less control.
Google Cloud's Shared Fate Model
Google Cloud goes beyond the traditional shared responsibility model with a concept called shared fate. This is a differentiator from other cloud providers and may appear on the exam.
Shared responsibility says: "Here is the line. Your side, our side. Good luck."
Shared fate says: "We will actively help you secure your side." Google provides:
- Secure-by-default configurations: Default encryption at rest and in transit for all services
- Security blueprints: Infrastructure-as-code templates with security best practices built in
- Security Command Center: Centralized threat detection and security posture management
- Assured Workloads: Compliance controls for regulated industries
- Policy Intelligence tools: Recommendations to tighten overly permissive IAM policies
- Risk Protection Program: Collaboration with cyber insurance providers (Munich Re, Allianz)
Exam tip: When a question asks what differentiates Google Cloud's security approach, "shared fate" is a key concept. Google does not just draw a line -- it actively invests in tools and guidance to help customers secure their workloads.
Google Cloud's Transformation Pillars
Google Cloud defines its value proposition through five pillars. These appear on the exam as reasons to choose Google Cloud.
| Pillar | What It Means |
|---|---|
| Intelligence | Built-in AI/ML capabilities across the platform; BigQuery ML, pre-trained APIs, Vertex AI. Google's AI heritage (search, translation, image recognition) is embedded into cloud services. |
| Freedom | Open-source commitment (Kubernetes originated at Google), multi-cloud support via GKE Enterprise, open standards, no vendor lock-in. Ability to run workloads anywhere. |
| Collaboration | Google Workspace integration, real-time collaboration tools, APIs and integration platforms (Apigee). Connect people and systems. |
| Trust | Encryption by default (at rest and in transit), compliance certifications, transparency reports, zero-trust security model (BeyondCorp). Google's infrastructure security built over 20+ years. |
| Sustainability | Carbon-neutral operations, renewable energy matching, 24/7 CFE goal by 2030, industry-leading PUE, carbon footprint tools for customers. |
How Google Cloud differs from competitors:
| Differentiator | Detail |
|---|---|
| Open cloud / multi-cloud | GKE Enterprise runs on Google Cloud, AWS, Azure, and on-prem. No other major provider offers this level of multi-cloud management. |
| AI/ML leadership | Google invented the Transformer architecture (foundation of modern LLMs), TensorFlow, and operates leading AI research (DeepMind). This translates to more advanced AI services. |
| Data analytics | BigQuery pioneered serverless, petabyte-scale analytics. It remains the benchmark for cloud data warehousing. |
| Network | Google's private global fiber network provides consistently low latency. Data stays on Google's network rather than traversing the public internet. |
| Security heritage | Google has protected billions of users (Gmail, Chrome, Android) for decades. BeyondCorp zero-trust model was developed internally before being offered as a product. |
| Kubernetes originator | Google created Kubernetes and donated it to the CNCF. GKE is the most mature managed Kubernetes offering. |
Exam Tips and Common Traps
"Cloud-native" is not "cloud-based" -- Cloud-native means designed for the cloud (microservices, containers, CI/CD). A monolith on a VM is cloud-based but NOT cloud-native.
Hybrid is not multicloud -- Hybrid = on-prem + cloud. Multicloud = multiple cloud providers. A company can use both strategies simultaneously.
TCO includes everything -- Staff, power, cooling, space, opportunity cost, not just hardware purchase price. Never accept a TCO comparison that only includes compute costs.
Cloud is not always cheaper per unit -- It is more cost-effective when you factor in agility, scaling, and total operational costs. For stable, predictable 24/7 workloads, raw per-hour cost may favor on-premises.
Zone failure should not equal application failure -- If a question describes deploying in a single zone, it is describing a poorly architected system. Multi-zone or multi-region deployment provides resilience.
IaaS gives most control, SaaS gives least -- And the reverse for management burden. The exam loves questions that test whether you understand this tradeoff.
BigQuery is PaaS, not SaaS -- You build analytics on it; it is not an end-user application.
Google Distributed Cloud (formerly Anthos) = multi-cloud management -- This is Google's key differentiator for hybrid and multicloud scenarios.
Shared fate goes beyond shared responsibility -- Google does not just define the boundary; it provides tools, blueprints, and programs to help customers secure their side.
Sustainability is a legitimate business reason to choose cloud -- Especially Google Cloud, which leads in PUE efficiency and renewable energy commitment.
References
- Cloud Digital Leader Certification Exam Guide
- Google Cloud Overview Documentation
- Google Cloud Global Infrastructure and Locations
- Google Cloud Shared Responsibility and Shared Fate
- Google Cloud Sustainability
- Google Cloud Carbon-Free Energy Blog
- Google Cloud Region Carbon Data
- Google Data Centers: Operating Sustainably
- Google Distributed Cloud Overview