2026.06.24 2026.06.24

Cloud Digital Leader Part 2: Infrastructure, Security, and Operations

swiftwand

Part 1 secured the scoring base with Cloud Digital Leader’s front three domains. This second part maps the back three — infrastructure and application modernization, trust and security, and scaling through operations — which together carry roughly half the exam. Clear these and you are in passing range.

A map of the back three domains — build, protect, and operate
Domain 4 — modernizing infrastructure and applications (~17%)
Domain 5 — trust and security (~17%)
Domain 6 — scaling through operations (~17%)
Using your AWS knowledge to clear the back three domains
Where AWS veterans stumble on the back three domains
Conclusion — clear all six domains into the passing zone
References

忍者AdMax

A map of the back three domains — build, protect, and operate

Domains 4, 5, and 6 each carry about 17% of the score. They move from raw concepts to how Google Cloud is actually built, secured, and run, so the questions reward knowing which product solves which operational problem.

Domain 4 — modernizing infrastructure and applications (~17%)

The core decision here is how to run a workload: as a virtual machine, in containers, or serverless. Match the execution model to the scenario and the answer follows.

Execution model	Representative products	Best fit
Virtual machine	Compute Engine	Rehosting existing systems, OS-level control needed
Containers	Google Kubernetes Engine (GKE), Cloud Run	Microservices, portability, scalable operations
Serverless	Cloud Run, App Engine, Cloud Functions	Event-driven work, minimal operating overhead

Domain 5 — trust and security (~17%)

Google’s security story is defense in depth: layered controls, encryption by data state, and identity at the center. Keep the key points distinct rather than blurring them together.

Security lens	CDL key point
Access management	Least privilege via IAM and 2-step verification (2SV)
Encryption	Protection by data state: at rest and in transit
DDoS / network defense	Google Cloud Armor
AuthN / AuthZ / audit	Understand the three as distinct concepts
Assuring trust	Transparency reports, third-party audits, data sovereignty

Domain 6 — scaling through operations (~17%)

The final domain is about running cloud at scale: observability, cost governance, reliability practices, and the support model. Expect questions on monitoring and logging, on keeping spend visible with billing reports and budget thresholds, and on the cultural side of reliability such as site reliability engineering. The theme is continuous improvement — measure, control cost, and operate predictably.

Using your AWS knowledge to clear the back three domains

As in Part 1, most of this is translation rather than new study.

AWS knowledge	CDL equivalent
EC2	Compute Engine
ECS / EKS	GKE / Cloud Run
Lambda	Cloud Functions
WAF / Shield (DDoS)	Google Cloud Armor
IAM / MFA	Cloud IAM / 2-step verification (2SV)
Organizations / OU	Resource hierarchy
Cost Explorer / Budgets	Cloud Billing Reports / budget thresholds
Trusted Advisor / Support	Google Cloud Customer Care
6R migration strategy	Migration terms: rehost / replatform / refactor

Where AWS veterans stumble on the back three domains

Two traps stand out. The container layer splits across GKE and Cloud Run, and the exam expects you to choose by how much control versus how little operations you want, rather than mapping everything to a single ECS-shaped answer. And on security, Google leans on a small set of named building blocks — Cloud Armor for DDoS, IAM plus 2SV for access — so learn the Google names rather than answering with AWS service names.

Conclusion — clear all six domains into the passing zone

The back three domains turn concepts into product choices: execution models for workloads, named security building blocks, and operations for scale and cost. Combine them with the front three from Part 1 and you cover the full Cloud Digital Leader blueprint with comfortable margin.