Google cloud certified Associate Cloud Engineer Exam

50 FREE Questions on Google Associate Cloud Engineer Certification Exam

In this article, you will be getting access to free questions on the Google Cloud Certified Associate Cloud Engineer exam. These cloud engineer questions are prepared by Google-certified cloud experts and are very similar to Associate Cloud Engineer practice exams. Learning the exam objectives through these free google cloud engineer exam questions can boost your confidence in taking real exams.

What does a Google Associate Cloud Engineer do?

Associate Cloud Engineers administer corporate solutions, implement apps, and monitor operations. They utilize the Google Cloud Console and the command-line interface to do typical platform-based operations to maintain one or more host systems on Google Cloud that use Google-managed or self-managed technologies.

What to expect in Google Associate Cloud Engineer exam questions?

The Google Cloud Certified Associate Engineer questions evaluate your abilities to:

  • Configure a cloud solution infrastructure.
  • Create a cloud solution and manage it.
  • Install and configure a cloud solution.
  • Ensure that a cloud solution is running smoothly.
  • Configure authentication and accessibility.

How difficult is the Google Associate Cloud Engineer exam questions?

If you’re considering taking the Google Associate Cloud Engineer exam, you might be wondering how difficult it is and how difficult the google cloud certification sample questions. After all, it’s not an easy exam to pass. However, with the right preparation, you can definitely pass the exam.

Here are a few tips to help you prepare for the exam:

1. Understand the exam objectives. Before you start studying, make sure you understand what the exam is testing. This will help you focus your studies and know what to expect.

2. Use study resources. There are many great study resources and google cloud certification sample questions available. Take advantage of them!

3. Practice, practice, practice. Take Google Associate Cloud Engineer practice exams and do lots of hands-on exercises. The more you practice, the better you’ll do on the actual exam.

4. Get plenty of rest. Make sure you’re well-rested before taking the exam. You’ll be able to think more clearly and do your best if you’re well-rested.

5. Stay positive. Believe in yourself and don’t get discouraged. If you prepare properly, you can definitely pass the Google Associate Cloud Engineer exam.

Also Read: Top Hands-on Labs for Google Cloud Associate Cloud Engineer Certification

Google Associate Cloud Engineer Exam Questions

We have created Google Associate Cloud Engineer (GCP-ACE) certification practice questions to familiarize you with the exam’s characteristics and requirements. This Google Cloud Certified Associate Engineer free practice questions set contains details about the Associate Cloud Engineer exam pattern, question format, question difficulty level, and time required to answer each question.

This set of 50 Google Cloud Certified Associate Engineer sample questions will offer you a good sense of how the GCP Associate Cloud Engineer test is designed, what types of questions will be asked, and how to pass the google associate cloud engineer exam in the first attempt.

GCP Certified Associate Engineer Certification Exam Details

Setting up a cloud solution environment

Q 1. What is the gcloud command to set default zone for compute engine server using gcloud cli?

A. gcloud config set compute/zone us-east-1
B. gcloud config configurations set compute/zone us-east-1a
C. gcloud config set compute/zone us-east1-a
D. gcloud defaults set compute/zone us-east-1

Correct Answer – C
The gcloud command to set default zone for compute engine is gcloud config set compute/zone us-east1-a. Hence, C is the correct answer.
Options A, B, and D are incorrect since these are not the valid gcloud commands to set default compute engine zone.

Q 2. As a cloud engineer, you have been asked to upgrade the free trial of your account and rename it to a production-inventory system. You are getting permission denied error while making the changes. Which of the following permissions will solve the problem?

A. Billing.accounts.update
B. Billing.account.upgrade
C. Billing.account.update
D. Billing.accounts.upgrade

Correct Answer: A
A is correct: The required permission is billing.accounts.update on Billing Account resource.
B, C, and D are invalid choices or commands

Q 3. Which of the following role provide granular access for a specific service and is managed by GCP?

A. Custom
B. Predefined
C. Admin
D. Primitive

Correct Answer: B
B is correct: Predefined roles are managed roles and provide service-specific access.
A is incorrect: Provide granular access for a specific service but managed by users
C is incorrect: Invalid role type
D is incorrect: Concrete roles, existed prior to IAM

Q 4. Your company has 5 TB of testing data stored in the production database of a testing tool name Quality Center. The data is being used to create a real-time analytics system which is causing the slow response to the tester while using the tool. What should you do the improve the load on the database?

A. Set up Multi-AZ
B. Set up a read replica
C. Scale the database instance
D. Run the analytics query only weekends

Correct Answer: B
B is correct: Read replica can be used to run all the queries related to Analytics system.
A is incorrect: Mutli AZ would improve the availablility of the data
C is incorrect: This will not add any value
D is incorrect: The analytics will not be realtime.

google cloud read replica

Q 5. You have been asked to list the name of active account using gcloud CLI. Which of the following command will you use?

A. Gcloud config list
B. Gcloud auth list
C. Gcloud account list
D. Gcloud project list

Correct Answer: B
B is correct: To list the active account name, we use gcloud auth list.
A is incorrect: config list is used to list all the properties of active configurations
C is incorrect: account list is an invalid command
D is incorrect: project list is used to list all active projects

Planning and configuring a cloud solution

Q 6. What does the CIDR 10.0.2.0/26 correspond to?

A. 10.0.2.0 – 10.0.2.26
B. 10.0.2.0 – 10.0.2.63
C. 10.0.0.0 – 10.0.63.0
D. 10.0.2.0 – 10.0.0.26

Correct Answer: B
B is correct: /26 means 64 IPs (=2^(32-26) = 2^6), means only the last digit can change.
A, C and D are incorrect CIDR choices.

Q 7. A cloud engineer wants to create a VM named whiz-server-1 with four CPUs. Which of the following commands would he use to create the VM whiz-server-1?

A. gcloud compute instances create –machine-type=n1-standard-4 whiz-server-1
B. gcloud compute instances create –cpus=4 whiz-server-1
C. gcloud compute instances create –machine-type=n1-standard-4 –instancename whiz-server-1
D. gcloud compute instances create –machine-type=n1-4-cpu whiz-server-1

Correct Answer – A
To create a google cloud engine virtual machine instance, gcloud compute instances create command is used. The number of CPUs is specified with the machine type parameter. For this, use gcloud compute machine-types list to get a list of available machine types. If not specified, the default type is n1-standard-1. Here, the cloud engineer is using 4 CPUs so it will be n1-standard-4 followed by the VM name.
Option A is correct. gcloud compute instances create –machine-type=n1-standard-4 whiz-server-1 is the correct command to create VM with 4 CPUs. It includes a correct machine type and specifies the name of the instance properly.
Option B is incorrect. The command gcloud compute instances create –cpus=4 whiz-server-1 is wrong. This command includes cpus parameter that does not exist in a google cloud command.
Option C is incorrect. The command gcloud compute instances create –machine-type=n1-standard-4 –instance-name whiz-server-1 is not correct to create a VM instance.This command uses the instance-name parameter that does not exist in a google cloud command. The instance name is passed as an argument and it does not require any parameter name.
Option D is incorrect. gcloud compute instances create –machine-type=n1-4-cpu whiz-server-1 is not a correct command to create a VM instance. The machine type specified here is n1-4-cpu which is an invalid machine type. It should be n1-standard-4.

Q 8. You have set a firewall rule that will permit inbound connections to a VM instance named whizserver-2. You want to apply this rule only if there is not another rule that would deny that traffic. What priority would you give to this rule?

A. 1000
B. 1
C. 65535
D. 0

Correct Answer – Option C
If the rule will have the lowest priority, it will permit inbound traffic/ connections to the VM instance whizserver-2. The large will be the number, the low will be the priority. The lowest priority will ensure that the other rules that match will apply. So, the largest number should be selected to make the priority lowest.
Option A is incorrect. 1000 is not the largest number from the given options. For the lowest priority, it is required to choose the largest number.
Option B is incorrect. 1 is a very small number, it will increase the priority. So, it is not the correct answer.
Option C is correct. 65535 is the largest number that is allowed in the range of value for priorities.
Option D is incorrect. Lower the number, higher will be the priority. The number 0 will result in higher priority while the priority should be the lowest.

Q 9. You want your application hosted on a VM to fetch metadata of that instance. Which command will help you to fetch it?

A. curl metadata.google.internal/compute-metadata/v1/
B. curl <instance-private-ip>/metadata/v1/
C. curl metadata.google.internal/computeMetadata/v1/
D. curl internal.googleapi.com/computeMetadata/v1/

Correct Answer – C
The right command to fetch metadata is curl metadata.google.internal/computeMetadata/v1/. Hence, C is the correct answer.
Options A, B, and D are incorrect since these are not the valid gcloud commands.

Q 10. You have 100TB of non-relational data and want to run analytics on it to see previous year net sales. Which tool suits best to your requirement?

A. BigQuery
B. BigTable
C. Datastore
D. GCS

Correct Answer – B
Option B is correct: BigTable is a managed NoSQL DB service designed for handling and processing large amounts of data.
Option A is incorrect: BigQuery is a relational database service, hence cannot be used to store non-relational data.
Option C is incorrect: Datastore is NoSQL managed DB service but the amount of data we are looking at is quite big for Datastore to efficiently process.
Option D is incorrect: GCS is only used for storing files. It does not support relational or non-relational data.

Google Cloud Bigtable
Source: cloud.google.com

Q 11. You are hired by an oil company that wants you to lead the migration of Oracle DB and DB2 to Google Cloud. Which of the following is the best option?

A. CloudSQL for Oracle and VM for DB2
B. CloudSQL for both Oracle and DB2
C. VM for both Oracle and DB2
D. Google App Engine for both Oracle and DB2

Correct Answer – C
Option C is correct: As there is no managed service for both Oracle and DB2, the only option is to install both of them on a VM.
Option A is incorrect: CloudSQL only supports MySQL, SQL Server and Postgres. Therefore, it does not fit our requirement.
Option B is incorrect: CloudSQL neither supports Oracle, not DB2. Hence, cannot be used to fulfill our requirement.
Option D is incorrect: Google App Engine is only used to deploy applications.

Q 12. A client of yours want you to migrate its on-premise MySQL data to Google Cloud without any downtime. Which service will you use for migrating SQL data to Cloud?

A. Cloud Migration
B. Anthos
C. CloudSQL
D. Cloud Run

Correct Answer: C
Option C is correct: CloudSQL provides database migration service as well as MySQL managed DB service.
Option A is incorrect: There is no such service provided by GCP.
Option B is incorrect: Anthos is used to migrate Kubernetes workloads.
Option D is incorrect: Cloud Run is used to run stateless HTTP containers on a fully managed environment or in your own GKE cluster.

Q 13. You are starting to work on a client’s project who is looking for a database service within Google Cloud which is horizontally scalable, supports gigabyte size of relational data and even supports ACID for reliable storage of data. Which service will you recommend?

A. Datastore
B. BigQuery
C. CloudSQL
D. Cloud Spanner

Correct Answer: D
Option D is correct: Cloud Spanner is a global SQL database service that can scale across the globe horizontally and even supports ACID transactions.
Option A is incorrect: Datastore also supports ACID transactions but is not horizontally scalable and is a NoSQL database.
Option B is incorrect: BigQuery is also a regional service and cannot be scaled horizontally.
Option C is incorrect: CloudSQL supports ACID transactions but supports only vertical scaling.

Google cloud spanner

Q 14. You are distributing the traffic between a fleet of VMs within your VPC using Internal TCP/UDP Load Balancer. Which of the following specification does not support the selected Load Balancing Type?

A. Preserved Client IP
B. Global Availability
C. Internal Load Balancing
D. Any Destination Ports

Correct Answer: B
B is correct: Internal TCP/UDP Load Balancer are available within a Region and not Globally
A is incorrect: Internal TCP/UDP Load Balancer preserves client IP address
C is incorrect: Internal TCP/UDP Load Balancer are internally faced
D is incorrect: Internal TCP/UDP Load Balancer allow access to any destination port

Deploying and implementing a cloud solution

Q 15. A developer has asked you to create a single nginx server for dev environment. Which service would allow you to launch VM using predefined images?

A. GKE
B. GAE
C. CloudSQL
D. Marketplace

Correct Answer – D
Option D is correct: Marketplace provides you with pre-built images which can be launched with just a few clicks without doing any configuration.
Option A is incorrect: GKE is used to launch the Kubernetes cluster instead of a single server.
Option B is incorrect: GAE does not provide you with nginx predefined image.
Option C is incorrect: CloudSQL is used to launch MySQL or Postgres database service.

Q 16. Your company has received a new project where it needs to migrate on-premise servers and data to Google Cloud gradually but until then you need to setup a VPN tunnel between on-premise and Google Cloud. Which service will you use in conjunction with Cloud VPN for a smooth setup?

A. Cloud CDN
B. Cloud NAT
C. Cloud Run
D. Cloud Router

Correct Answer: D
Option D is correct: Google Cloud Router enables you to dynamically exchange routes between your Virtual Private Cloud (VPC) and on-premises networks by using Border Gateway Protocol (BGP). The Cloud Router automatically learns new subnets in your VPC network and announces them to your on-premises network.
Option A is incorrect: Cloud CDN leverages Google’s globally distributed edge points of presence to accelerate content delivery for websites and applications served out of Google Compute Engine and Google Cloud Storage. Cloud CDN lowers network latency, offloads origins, and reduces serving costs.
Option B is incorrect: Cloud NAT enables you to provision your application instances without public IP addresses while also allowing them to access the internet for updates, patching, config management, and more in a controlled and efficient manner.
Option C is incorrect: Cloud Run is a managed compute platform that automatically scales your stateless containers.

Q 17. Your company is running a high availability deployment “hello-server” in Kubernetes Engine on port 8080 which needs to be exposed to public internet using a load balancer on port 80. Which of the following commands will help to accomplish this deployment?

A. kubectl expose deployment hello-server –type LoadBalancer –port 8080 –target-port 80
B. kubectl run deployment hello-server –type LoadBalancer –port 80 –target-port 8080
C. kubectl expose deployment hello-server –type LoadBalancer –port 80 –target-port 8080
D. kubectl run deployment hello-server –type LoadBalancer –port 8080 –target-port 80

Correct Answer: C
Option C is correct: You can expose the deployment on port 80 by routing the request to target port 8080 using this command.
Option A is incorrect: The request is getting generated at port 8080 and routed to deployment at port 80 which is not correct.
Option B and D are incorrect: run command does not support the type argument and is used to create a deployment.

Q 18. Which of the following gcloud command lets you view the details of a custom subnet you created in a particular region?

A. gcloud compute networks subnets view [SUBNET_NAME] –region us-central1
B. gcloud compute networks subnets describe [SUBNET_NAME] –region us-central1
C. gcloud compute networks subnets list [SUBNET_NAME] –region us-central1
D. gcloud compute networks subnets read [SUBNET_NAME] –region us-central1

Correct Answer: B
B is correct: describe flag gives a detailed description of the subnet mentioned in the command.
A, C and D are incorrect: view and read flags are not valid gcloud flag. List is used to list the number of subnets in a private cloud.

Ensuring successful operation of a cloud solution

Q 19. You were inspecting the containers running on a VM and found out that a pod is running which is no more required. You try to delete it but every time a new pod is created. What do you need to delete now for removing that pod?

A. ReplicaSet
B. VM
C. Container
D. Service

Correct Answer: A
Option A is correct: ReplicaSet is responsible for maintain the desired number of pods hence, deleting it will delete the pod as well.
Option B is incorrect: Straight away deleting a VM is not a good option as this will delete all other containers as well.
Option C is incorrect: Deleting a container is same as deleting a pod.
Option D is incorrect: Deleting a Service will not delete pod.

Q 20. Your company was bidding on a big data project form last few months and they have finally received the project. The project wants you to deploy Apache Spark clusters on Google Cloud. Which service will you use?

A. DataFlow
B. DataProc
C. BigTable
D. Cloud Composer

Correct Answer: B
Option B is correct: Cloud Dataproc is a fast, easy-to-use, fully managed cloud service for running Apache Spark and Apache Hadoop clusters in a simpler, more cost-efficient way.
Option A is incorrect: Cloud Dataflow is a fully-managed service for transforming and enriching data in stream (real time) and batch (historical) modes with equal reliability and expressiveness.
Option C is incorrect: A petabyte-scale, fully managed NoSQL database service for large analytical and operational workloads. It supports the open source industry standard HBase API.
Option D is incorrect: Cloud Composer is a fully managed workflow orchestration service that empowers you to author, schedule, and monitor pipelines that span across clouds and on-premises data centers. It is built on the popular Apache Airflow open source project.

Q 21. Your client wants to migrate their 30 TB of Hadoop or Spark cluster from a RHEL 6.5 on-premise servers to Google Cloud Platform. Which of the following service can be used at GCP end?

A. Compute Engine
B. App Engine
C. Dataproc
D. Big Query

Correct Answer: C
C is correct: A faster, easier, more cost-effective way to run Apache Spark and Apache Hadoop
A is incorrect: Can be used but would require high compute and cost.
B is incorrect: App Engine is not an effective way to this purpose
D is incorrect: Big query is a data warehouse and not suitable to run spark commands.

Configure access and security

Q 22. Your company has purchased a threat detection service from a third party and have asked you to upload all network logs to the application. Which of the following service will meet your requirements?

A. Activity Logs
B. Flow Logs
C. Network Logs
D. System Logs

Correct Answer – B
B is correct: Flow logs capture each and every packet flowing within your network. It will record details like source IP, destination IP, source port, destination port, timestamp, etc.
A is incorrect: Activity logs record API activities such as launching of instance, creating firewall, attaching it to instance, creating bucket, etc.
C is incorrect: There is no such type of log available with Google Cloud. Network logs are called Flow logs.
D is incorrect: There is no such type of log available with Google Cloud.

Q 23. One of your team members had accidentally included a service account private JSON key while pushing code to GitHub. What steps should you immediately perform?

A. Delete the JSON file from GitHub.
B. Delete the project and all its resources.
C. Delete the JSON file from GitHub, remove the key from Google Cloud IAM and generate a new key for use.
D. None of the above

Correct Answer – C
Option C is correct: Private keys are meant to be kept safe and if they are uploaded to repositories, you must immediately delete them from the source and repository as well.
Option A is incorrect: Mere deleting it from GitHub does not ensure complete safety. You will have to delete it from GCP IAM as well.
Option B is incorrect: Deleting projects and resources is not an ideal option. If you have 10s or 100s of resources running, deleting and recreating them is not feasible.
Option D is incorrect: The best practice for such a scenario is option C. Hence, this option is incorrect.

Q 24. Your project manager wants to create a user for Aston Smith who is the new cloud SQL administrator in your organization. Which of the following role would give him the ability to manage specific instances but no ability to import or restore data from backups?

A. Cloud SQL Editor
B. Cloud SQL Admin
C. Cloud SQL Viewer
D. Cloud SQL Client

Correct Answer: A
Option A is correct: SQL Editor allows users to Manage specific instances. No ability to see or modify permissions, nor modify users or SSL certs. No ability to import data or restore from a backup, nor clone, delete, or promote instances.
Option B is incorrect: Full control for all Cloud SQL resources.
Option C is incorrect: Read-only access to all Cloud SQL resources.
Option D is incorrect: Connectivity access to Cloud SQL instances from App Engine and the Cloud SQL Proxy. Not required for accessing an instance using IP addresses.

Q 25. Your company has uploaded some business-critical documents to Cloud Storage and your project manager wants you to restrict access to the objects by using ACLs. Which of the following permission would allow you to update the object ACLs?

A. Storage.objects.update
B. Storage.objects.setIamPolicy
C. Storage.objects.create
D. Storage.objects.getIamPolicy

Correct Answer: B
B is correct: As per google docs, storage.objects.setIamPolicy allowss user to update object ACLs.
A is incorrect: Update object metadata, excluding ACLs
C is incorrect: Add new objects to the bucket
D is incorrect: Read object ACLs returned as IAM policies

Reference Links:

Domain : Setting up a cloud solution environment

Q26 : As per your manager’s instruction, you created a custom VPC with a subnet mask of 24 which provides 256 IP addresses but are only able to use 252 addresses out of it. You manager is trying to figure out what’s going wrong and approaches you for the answer. What will you answer to your manager?

A. Inform manager that you will recreate the VPC because you feel something went wrong while creating a subnet
B. GCP reserves four IP addresses in each primary subnet range, because of which the usable IP count is 252
C. It’s because your account has reached a soft limit for the number of private IP address space. Raise a request for a quota increase
D. None of the above

Correct Answer: B

Explanation

Option B is correct. Google Cloud always reserves 4 IP addresses for every subnet you create. Reason for this is:

  • First IP is a network address
  • Second is reserved for the default gateway
  • Second-to-last is reserved for future use
  • Last address is the broadcast address

Option A is incorrect: Subnet creation process has nothing to do with a smaller number of the available IP addresses
Option C is incorrect: Soft limit has nothing to do in this case
Option D is incorrect: The correct answer is B, hence this is invalid

Reference: https://cloud.google.com/vpc/docs/vpc

 

Domain : Planning and configuring a cloud solution

Q27 : You work for a retail company that has a busy online store. As you are approaching New Year, you find that your e-store is getting more and more traffic. You ensure that your web servers are behind a managed instance group. However, you notice that the web tier is frequently scaling, sometimes multiple times in an hour. You need to prevent the instance group from scaling up and down so rapidly. Which of the following options would help you to achieve this?

A. Change the auto scaling metric to use multiple metrics instead of just one metric
B. Reduce the number of maximum instance count
C. Associate a health check with instance group
D. Increase the cool down period

Correct Answer: D

Explanation

Option D is correct: Increasing the cool down period will make the scaling policy wait for a slightly longer period before taking the next action of either scale up or down
Option A is incorrect: This will not be beneficial in anything except creating a complex scaling policy
Option B is incorrect: Just reducing the VM count will stop scaling policy to launch VMs more than threshold and won’t help us control rapid scaling up and down behaviour
Option C is incorrect: Health check only provides information whether an instance is responding or not

Reference: https://cloud.google.com/compute/docs/autoscaler/#cool_down_period

 

Domain : Deploying and implementing a cloud solution

Q28 : A developer accidentally deleted some of the files from a bucket. Luckily, the files were not critical and were re-created soon. Because of this, your team lead has asked you to enable versioning on bucket. Which command would help you enable the same?

A. gsutil versioning enable gs://whizlabs-bucket
B. gsutil gs://whizlabs-bucket enable versioning
C. gsutil enable versioning gs://whizlabs-bucket
D. gsutil versioning set on gs://whizlabs-bucket

Correct Answer: D

Explanation

The CLI command to enable versioning is gsutil versioning set on gs://whizlabs-bucket. Hence, D is the correct answer
Options A, B and C are incorrect because these are invalid CLI commands

Reference: https://cloud.google.com/storage/docs/using-object-versioning

 

Domain : Deploying and implementing a cloud solution

Q29 : A bug has been identified within your Python application which is hosted using App Engine and you are about to rollout a new version of the application to resolve the bug, but do not want the traffic to automatically shift to new version just to make sure the new version does not break anything. How would you achieve it?

A. Pass a custom version ID so that App Engine does not send traffic to new version
B. Pass –no-promote flag while deploying new version
C. Pass –no-active flag while deploying new version
D. Use –inactive-mode flag while deploying new version of the app

Correct Answer: B

Explanation

Option B is correct: Using –no-promote flag while deploying new version of the app will not automatically send traffic to new version
Option A is incorrect: Passing version ID will be not serve the purpose
Option C is incorrect: –no-active flag is an invalid flag
Option D is incorrect: –inactive-mode is an invalid flag

Reference: https://cloud.google.com/sdk/gcloud/reference/app/deploy

 

Domain : Configure access and security

Q30 : You are trying to fetch metadata of a VM using “curl metadata.google.internal/computeMetadata/v1/” command but are constantly receiving 403 Forbidden. What could be the possible reason?

A. Service account is missing
B. Metadata-Flavor: Google header is missing
C. Metadata-Access: Google header is missing
D. Firewall rule attached to the VM is blocking the request

Correct Answer: B

Explanation

Option B is correct: While querying metadata of an instance you must provide the header “Metadata-Flavor: Google”. This header indicates that the request was sent with the intention of retrieving metadata values, rather than unintentionally from an insecure source, and allows the metadata server to return the data you requested. If you do not provide this header, the metadata server denies your request
Option A is incorrect: Service account has nothing to do with the retrieval of metadata
Option C is incorrect: Metadata-Access: Google is an invalid header
Option D is incorrect: Firewall rule has nothing to do with metadata querying permission. If it would have been a firewall, we would not even receive a response but in this case, we are receiving 403 Forbidden responses from the server

Reference: https://cloud.google.com/compute/docs/storing-retrieving-metadata

Q31 : What is the command for creating a storage bucket that has once per month access and is named ‘archive_bucket’?

A. gsutil rm -coldline gs://archive_bucket
B. gsutil mb -c coldline gs://archive_bucket
C. gsutil mb -c nearline gs://archive_bucket
D. gsutil mb gs://archive_bucket

Correct Answer: C

Explanation

mb is to make the bucket. Nearline buckets are for once per month access. Coldline buckets require only accessing once per 90 days and would incur additional charges for greater access

Further Explanation

Synopsis

gsutil mb [-c class] [-l location] [-p proj_id] url…

If you don’t specify a -c option, the bucket is created with the default storage class Standard Storage, which is equivalent to Multi-Regional Storage or Regional Storage, depending on whether the bucket was created in a multi-regional location or regional location, respectively

If you don’t specify a -l option, the bucket is created in the default location (US). -l option can be any multi-regional or regional location

Reference: mb – Make buckets: https://cloud.google.com/storage/docs/gsutil/commands/mb

 

Q32 : You need to deploy an update to an application in Google App Engine. The update is risky, but it can only be tested in a live environment. What is the best way to introduce the update to minimize risk?

A. Deploy a new version of the application but use traffic splitting to only direct a small number of users to the new version
B. Deploy the application temporarily and be prepared to pull it back if needed
C. Warn users that a new app version may have issues and provide a way to contact you if there are problems
D. Create a new project with the new app version, then redirect users to the new version

Correct Answer: A

Explanation

Option A (Correct Answer) – Deploying a new version without assigning it as the default version will not create downtime for the application. Using traffic splitting allows for easily redirecting a small amount of traffic to the new version and can also be quickly reverted without application downtime
Option B – Deploy the application temporarily and be prepared to pull it back if needed. Deploying the application’s new version as default requires moving all traffic to the new version. This could impact all users and disable the service during the new version’s live time
Option C – Warn users that a new app version may have issues and provide a way to contact you if there are problems. We won’t recommend this practice
Option D – Create a new project with the new app version, then redirect users to the new version. Deploying a second project requires data synchronization and having an external traffic splitting solution to direct traffic to the new application. While this is possible, with Google App Engine, these manual steps are not required

 

Q33 : You have created a Kubernetes engine cluster named ‘mycluster’. You’ve realized that you need to change the machine type for the cluster from n1-standard-1 to n1-standard-4. What is the command to make this change?

A. You must create a new node pool in the same cluster and migrate the workload to the new pool
B. gcloud container clusters update mycluster –machine-type n1-standard-4
C. This action is not possible
D. gcloud container clusters resize mycluster –machine-type n1-standard-4

Correct Answer: A

Explanation

Option A (Correct answer) – You must create a new node pool in the same cluster and migrate the workload to the new pool. You cannot change the machine type for an individual node pool after creation. You need to create a new pool and migrate your workload over.Here are the steps for “Migrating workloads to different machine types” https://cloud.google.com/kubernetes-engine/docs/tutorials/migrating-node-pool
Option B – gcloud container clusters update mycluster –machine-type n1-standard-4 updates cluster settings for an existing container cluster. You can use this command to specify –max-nodes –min-nodes for autoscaling purpose not for changing machines type https://cloud.google.com/sdk/gcloud/reference/container/clusters/update
Option C – This action is not possible. It’s possible to migrate workloads running on a Kubernetes Engine cluster to a new set of nodes without incurring downtime for your application. See “Migrate the workloads” https://cloud.google.com/kubernetes-engine/docs/tutorials/migrating-node-pool#step_4_migrate_the_workloads
Option D – gcloud container clusters resize mycluster –machine-type n1-standard-4. Resizes an existing cluster for running containers not for changing machine type https://cloud.google.com/sdk/gcloud/reference/container/clusters/resize

 

Domain : Setting up a cloud solution environment

Q34 : You have recently joined a startup and have been asked to create a new Google Cloud account for the company along with setting up budget alarm of $100. You have setup an alarm with 40%, 60%, 90% and 100% threshold. What will happen once the threshold of 100% is reached?

A. A notification will be sent to Project Owner & Billing Admins
B. Your project will deleted because you have depleted all your budget
C. All VMs will be stopped so that you don’t exceed your budget
D. A notification will be sent to Billing Admins and Billing Users

Correct Answer: D

Explanation

Option D is correct: When billing costs exceed a percentage of your budget, based on the rules you set, alert notifications are sent to billing administrators and billing account users
Option A is incorrect: Billing alerts are not sent to the Project owner
Option B is incorrect: GCP will never delete any resources on its own if you clear your dues regularly
Option C is incorrect: GCP will not stop your VMs or any other resource on crossing the budget

Reference: https://cloud.google.com/billing/docs/how-to/budgets

 

Domain : Planning and configuring a cloud solution

Q35 : Your company is hosting 10TB of customer data in BigQuery. The CTO of the company has decided to use this data and build some analytics on top of data which they have. At the end of the first month there was a huge spike in the bill due to use of BigQuery and CFO was not happy with the same. He has asked you to cut down the cost. How can you achieve this?

A. Use GROUP BY clause
B. Use composite keys to query the data
C. Instead of using SELECT *, query only required columns
D. Use JOINS in the query to fetch data

Correct Answer: C

Explanation

Option C is correct: By limiting the number of columns to required ones you will be able to reduce the amount of data processed by BigQuery thus saving cost
Option A is incorrect: Grouping query result does not help in reducing cost. It just groups result depending on the column specified
Option B is incorrect: Composite key will not help in reducing cost. This is only used to create unique records in a table
Option D is incorrect: JOINS are used when you are querying data from more than one table

Reference: https://cloud.google.com/bigquery/pricing

 

Domain : Deploying and implementing a cloud solution

Q36 : There are 15 VMs in your company’s Google Cloud account which have public IP address but are ephemeral. Your manager asked you to assign static public IP to each instance. During the process you were able to assign IPs to only 5 of the VMs and were receiving error of all other instances. What can be the reason?

A. You have reached the hard limit of using static IP addresses
B. Your quota has been exhausted and you can raise a request to increase it
C. Not all OS supports static public IP so check if the OS on VM supports static IP
D. You need to first remove existing public IP attached to VMs and then attach static IP to them

Correct Answer: B

Explanation

Option B is correct: Cloud providers have soft limits of some of the resources to prevent uncontrolled usage of resources. Likewise, even GCP has it for static public IPs. You can simply raise request for increasing the limit
Option A is incorrect: 5 static public IP is not the hard limit because it is very low
Option C is incorrect: This has nothing to do which OS your VM is hosting
Option D is incorrect: Removing existing public IP will not help with assigning static public IP to the VM

Reference: https://cloud.google.com/compute/quotas

 

Domain : Ensuring successful operation of a cloud solution

Q37 : You are trying to get Google Kubernetes server configuration of a project by running the command gcloud container get-server-config, when you hit enter, you get an error message: “There was a problem refreshing your current auth tokens: invalid_grant: Bad Request”. What would you do to successfully run this command and get the server configuration from Kubernetes?

A. gcloud auth login
B. gcloud config set account [ACCOUNT]
C. gcloud config set project [PROJECT_ID]
D. gcloud components update

Correct Answer: A

Explanation

The error is produced when the user’s gcloud sdk access has expired.

Option A is correct: gcloud auth login allows you to obtain new google cloud credentials using your existing email id and password to activate your gcloud sdk. Once the login is successful, you can run gcloud container get-server-config
Option B is incorrect: If the account token has expired then you cannot set the account id to access the gcloud SDK. You need to login and set up a new token
Option C is incorrect: If the account token has expired then you cannot set the project id to access the gcloud SDK. You need to login and set up a new token
Option D is incorrect: This command is used to update the SDK to its latest version and is invalid to this question

Reference: https://cloud.google.com/sdk/gcloud/reference/auth/login

 

Domain : Ensuring successful operation of a cloud solution

Q38 : You have an application running on Google Cloud VM written in C#.Net from last few weeks. Suddenly you experience elevated latency and poor performance among application endpoints. Which service can help you troubleshoot this issue?

A. Stackdriver Profiler
B. Stackdriver Monitoring
C. Activity Logs
D. Stackdriver Trace

Correct Answer: D

Explanation

Option D is correct: Stackdriver Trace is a distributed tracing system that collects latency data from your applications and displays it in the Google Cloud Platform Console. You can track how requests propagate through your application and receive detailed near real-time performance insights
Option A is incorrect: Profiler helps you continuously monitor CPU and heap profiling
Option B is incorrect: Stackdriver Monitoring provides visibility into the performance, uptime, and overall health of cloud-powered applications
Option C is incorrect: Activity logs records each and every activity performed by a user or resources like creating, deleting a VM

Reference: https://cloud.google.com/trace/

 

Domain : Configure access and security

Q39 : Steve & sons has appointed a new devops engineer with experience in Google Cloud Platform, you have been asked to create a user which would allow him to call “builds.cancel()” API only. Which of the following permission would you consider completing this task?

A. Cloudbuild.builds.create
B. Cloudbuild.builds.update
C. Cloudbuild.builds.get
D. Cloudbuild.builds.list

Correct Answer: B

Explanation

Option B is correct: cloudbuild.builds.update allows users to cancel builds during execution. The following permission is a part of the primitive role Cloud Build Editor hence you need to create a custom user and add the specific permission to this
Option A is incorrect: The following permission allows the user to create, patch, delete the builds
Option C is incorrect: The following permission allows the user to get the builds and triggers only
Option D is incorrect: The following permission allows the user to list the builds and triggers only

Reference: https://cloud.google.com/iam/docs/understanding-roles#primitive_roles

 

Domain : Configure access and security

Q40 : Your project manager wants to create a user for Aston Smith who is the new cloud SQL administrator in your organization. Which of the following role would give him the ability to manage specific instances but no ability to import or restore data from backups?

A. Cloud SQL Editor
B. Cloud SQL Admin
C. Cloud SQL Viewer
D. Cloud SQL Client

Correct Answer: A

Explanation

Option A is correct: SQL Editor allows users to Manage specific instances. No ability to see or modify permissions, nor modify users or SSL certs. No ability to import data or restore from a backup, nor clone, delete, or promote instances
Option B is incorrect: Full control for all Cloud SQL resources
Option C is incorrect: Read-only access to all Cloud SQL resources
Option D is incorrect: Connectivity access to Cloud SQL instances from App Engine and the Cloud SQL Proxy. Not required for accessing an instance using IP addresses

Reference: https://cloud.google.com/sql/docs/mysql/project-access-control

 

Q41 : You have about 20TB of data which is not accessed and the data team decided to archive them in the cloud. The team is looking for a storage solution that is highly available with minimum costs. On the other hand, the data may be accessed a couple of times a year for reconciliation purposes.
Which of the following choices best satisfy data team’s requirements?

A. Google Storage Standard
B. Google Storage Nearline
C. Google Storage Coldline
D. BigQuery

Correct Answer: C

Explanation

Google Cloud Storage Coldline is a low-cost, highly durable storage service for storing infrequently accessed data. Coldline Storage is ideal for data you plan to read or modify on average once a quarter or less.

Option A is incorrect: Google Storage Standard is not a cheap option for storing archive data. There are other options to store archive data cheaper
Option B is incorrect: Scenario mentions the need to access the data a couple of times a year. Hence, Nearline is not a suitable option because Nearline is to plan archive data accessed at most once a month
Option D is incorrect: BigQuery does not have cheaper cost for storing data than Nearline for the first 90 days until it’s moved to long-term storage

Reference: Google Storage Classes: https://cloud.google.com/storage/docs/storage-classes

 

Q42 : You have an on-premises MySQL database that you have been asked to move to Google Cloud. Users should run SQL queries to fetch data from the database. Your solution should be cost-effective and allow increasing read capacities in the future. Which of the following Google Cloud products is the best for this scenario?

A. Cloud Storage
B. Cloud Spanner
C. Cloud SQL
D. Cloud Datastore

Correct Answer: C

Explanation

Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.

Option A is incorrect: Google Storage is blob storage. It does not work as an RDMS
Option B is incorrect: Cloud Spanner is a very sophisticated and expensive approach for this scenario. Cloud SQL is enough to cover the requirements
Option D is incorrect: Datastore is a schemaless NoSQL database. Migration is from a structured SQL database so Datastore is not a viable choice

Reference: Cloud SQL: https://cloud.google.com/sql/

 

Domain : Deploying and implementing a cloud solution

Q43 : You have created a pre-populated PersistentVolume disk as ReadOnlyMany, when you try to mount the volume to a POD, you fail to mount error, what could be the most likely reason for this failure?

A. You created a PersistentVolume but did not create a PersistentVolumeClaim
B. You have not specified the correct mount point in your pod.yaml file
C. You entered an incorrect PersistentVolume name in the pod.yaml file
D. The pod.yaml file doesn’t have permission to mount the volume as it is created with ReadOnlyMany access

Correct Answer: A

Explanation

Option A is correct: In order to mount a persistent disk, you need to create a PersistentVolumeClaim after creating a PersistentVolume and then attach the PersistentVolumeClaim to the pod
Option B is incorrect: A mount point is a user defined attribute and could be anything
Option C is incorrect: You cannot give a PersistentVolume name in pod.yaml, it should always be PersistentVolumeClaim
Option D is incorrect: ReadOnlyMany permissions does not derive the pod.yaml

Reference: https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/readonlymany-disks

 

Domain : Deploying and implementing a cloud solution

Q44 : There are 5 VPC networks in your staging project created for 5 different applications. Each network has its own CIDR range and firewall rules. You are asked to list the firewall rules of network 3 to perform an update. Select the appropriate response.

A. gcloud compute firewall-rules list –filter network=network 3
B. gcloud vpc network=network 3 –list firewall-rules
C. gcloud compute network=network 3 –list firewall-rules
D. gcloud vpc firewall-rules list –filter network=network 3

Correct Answer: A

Explanation

Option A is correct: The firewall-rules are defined under VPC but when using gcloud, they can only be accessed by calling compute api and thus the following command lists the firewall-rules for the given network
Option B, C & D is incorrect: These commands are invalid

Reference: https://cloud.google.com/vpc/docs/using-firewalls

 

Q45 : Configure access and securityYou company has developed an application to accelerate the efficiency in making sales calls about the product of your client. Everytime a recipient is called, log sink is used to export the record to a destination. Which of the following destinations are supported? Choose any 2.

A. BigQuery
B. Cloud Spanner
C. Pub/Sub
D. Cloud Bigtable

Correct Answers: A and C

Explanation

Options A and C are correct: Log sinks can be exported to Cloud Storage, Pub/Sub and BigQuery only
Options B and D are incorrect: Log sinks cannot be exported to either of the two

Reference: https://cloud.google.com/logging/docs/export/

 

Domain : Planning and configuring a cloud solution

Q46 : You updated the metadata of an object stored in Reports-PDF bucket using google cloud SDK. You want to ensure that the metadata has been updated for that object before you confirm the changes to the development team. Which of the following google cloud SDK command would you use?

A. gsutil stat gs://Reports-PDF/[OBJECT_NAME]
B. gsutil getmeta gs://Reports-PDF/[OBJECT_NAME]
C. gsutil setmeta gs://Reports-PDF/[OBJECT_NAME]
D. gsutil meta gs://Reports-PDF/[OBJECT_NAME]

Correct Answer: A

Explanation

Option A is correct: The stat command will output details about the specified object URLs
Option B is incorrect: getmeta is not a valid GCP command
Option C is incorrect: setmeta is used to update the metadata of an object with additional flags
Option D is incorrect: meta is not a valid GCP command

Reference: https://cloud.google.com/storage/docs/viewing-editing-metadata

 

Domain : Ensuring successful operation of a cloud solution

Q47 : A health care company that provides medical service to the users want to track their network forensics, real-time security analysis and optimize the expense. The manager would like to track the network sent from and received by VM instances. What do you suggest they do?

A. Pub/Sub
B. VPC Flow Logs
C. VPC Monitoring
D. Cloud Storage

Correct Answer: B

Explanation

Option B is correct. Flow Logs are used to track network related findings
Option A is incorrect: Pub/Sub is used to stream log data to other services
Option B is incorrect: VPC Monitoring is an invalid option
Option D is incorrect: Cloud Storage is used to push/storage objects

Reference: https://cloud.google.com/vpc/docs/using-flow-logs

 

Domain : Ensuring successful operation of a cloud solution

Q48 : A development team works with two Cloud Functions using node.js code. Each function corresponds to environments for development and production. The code is same except for the Cloud SQL database values used in each function. Team wants to maintain code in a clean and reusable fashion and decides to pass the database value during function execution. Which feature will allow you to do this?

A. Timeouts
B. Service Accounts
C. Environment Variables
D. Metadata

Correct Answer: C

Explanation

Option C is correct: Environment variables for cloud functions enable you to dynamically pass settings to your function code and libraries, without making changes to your code
Option A is incorrect: Is the duration for which the function will execute
Option B is incorrect: Allows you to configure appropriate permissions
Option D is incorrect: Metadata is an invalid option wrt to Cloud Function

Reference: https://cloud.google.com/functions/docs/env-var

 

Domain : Configure access and security

Q49 : Your client hosts a static website on Cloud Storage written in HTML, CSS, JavaScript. The site targets users in North America, the usage of website has grown worldwide and hundreds of thousands of visitors access it monthly. Visitors from different parts of the world are experiencing slow performance due to latency while users in the United States experience normal response times. What service can mitigate this issue?

A. Load Balancer
B. Cloud DNS
C. Cloud CDN
D. Storage Caching

Correct Answer: C

Explanation

Option C is correct: Google Cloud CDN leverages Google’s globally distributed edge points of presence to accelerate content delivery for websites and applications served out of Google Compute Engine and Google Cloud Storage
Option A is incorrect: Distributed loads between 2 or more instances
Option B is incorrect: Google Cloud DNS is a scalable, reliable, and managed authoritative Domain Name System (DNS) service running on the same infrastructure as Google
Option D is incorrect: The service doesn’t offer Caching

Reference: https://cloud.google.com/storage/docs/hosting-static-website

 

Domain : Planning and configuring a cloud solution

Q50 : You have been hired as a contractor by one of the travel technology company who is planning to containerize their existing applications in such a way that they can perform a lift and shift very easily in future if they plan to move away from Google Cloud. Which service will best suit this case?

A. Cloud Function
B. App Engine Standard
C. Kubernetes Engine
D. CloudRun

Correct Answer: C

Explanation

Option C is correct: Kubernetes is an open-source solution supported by major cloud platforms and will be very easy for companies to move out at a later stage if required because they can use the same config files with very minor changes
Option A is incorrect: With Cloud Function you will have to make changes to your function as per the requirement of the vendor
Option B is incorrect: Moving out of App Engine Standard will require you to use either Docker Swarm or Kubernetes for managing your containers
Option D is incorrect: CloudRun is a service used to run stateless and serverless kube containers at scale. This could have been the option but as this service does not require you to write config files and when you plan to move out of GCP you will have to create them hence, consuming more time and efforts to migrate

Reference: https://cloud.google.com/kubernetes-engine/

FAQs

How difficult is Google Associate Cloud Engineer exam?
The GCP Associate Cloud Engineer exam is considered to be moderate difficulty. To pass this exam, candidate require a good understanding of GCP services, concepts, best practices, and hands-on experience with the GCP platform.
Is GCP exam is easier than AWS?
Both AWS and GCP are equally easy and challenging. There is no specified answer exists that one may look easier than the other. There is a learning curve associated with the Google Cloud, but one must not consider only AWS-certified engineers have high scope due to market share.
What is the salary of Google Certified Associate Cloud Engineer ?
The average salary of Google Cloud Certified Associate Engineer in the US will be $ 158,000 per year.
What is the validity of Google Associate Cloud Engineer certification?
The Google Associate Cloud Engineer Certification may valid upto three years.
Is there negative marking in Google Associate Cloud Engineer exam?
No, there is no negative mark for the Google Associate Cloud Engineer exam.
Summary:

In this blog, you have learned the questions which you need to focus more for the actual test. Also, you might have learned the exam objectives clearly through these Google Cloud Certified Associate Engineer free practice questions. The Associate Cloud Engineer certification exam is recommended for professionals who deal with Google Cloud Services on a daily basis. It is aimed at a Cloud Engineer who maintains organizational solutions, delivers apps, and monitors operations.

These Google Cloud Certified Associate Engineer sample questions will acquaint you with the sorts of questions you will see on the certification exam and will help you assess if you are ready or whether you need more practice and/or experience to get a high score on the real deal. You may look through these Google Cloud Certified Associate Engineer questions and try out practice tests before taking the actual exam!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top