Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
NO.1 You have successfully created a development environment in a project for an application. This
application uses Compute Engine and Cloud SQL. Now, you need to create a production environment
for this application. The security team has forbidden the existence of network routes between these
2 environments, and asks you to follow Google-recommended practices. What should you do?
A. Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate
the setup you have created in the development environment.
B. Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new
project, and replicate the setup you have in the development environment in that new project, in the
Shared VP
C. Ask the security team to grant you the Project Editor role in an existing production project used by
another division of your company. Once they grant you that role, replicate the setup you have in the
development environment in that project.
D. Create a new production subnet in the existing VPC and a new production Cloud SQL instance in
your existing project, and deploy your application using those resources.
Answer: A
NO.2 You are the team lead of a group of 10 developers. You provided each developer with an
individual Google Cloud Project that they can use as their personal sandbox to experiment with
different Google Cloud solutions. You want to be notified if any of the developers are spending above
$500 per month on their sandbox environment. What should you do?
A. Create a single billing account for all sandbox projects and enable BigQuery billing exports.
Create a Data Studio dashboard to plot the spending per project.
B. Create a separate billing account per sandbox project and enable BigQuery billing exports.
Create a Data Studio dashboard to plot the spending per billing account.
C. Create a budget per project and configure budget alerts on all of these budgets.
D. Create a single budget for all projects and configure budget alerts on this budget.
Answer: C
Explanation:
https://cloud.google.com/billing/docs/how-to/budgets
NO.3 You need to verify the assigned permissions in a custom IAM role. What should you do?
A. Use the GCP Console, IAM section to view the information.
B. Use the GCP Console, API section to view the information.
C. Use the GCP Console, Security section to view the information.
D. Use the "gcloud init" command to view the information.
Answer: A
Explanation:
A is correct because this is the correct console area to view permission assigned to a custom role in a
particular project.
B is not correct because 'gcloud init' will not provide the information required.
C and D are not correct because these are not the correct areas to view this information
NO.4 You are using Container Registry to centrally store your company's container images in a
separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster.
2 from Freecram.com.
Get Latest & Valid Google Exam's Question and Answers 1
https://www.freecram.com/exam/Associate-Cloud-Engineer-google-associate-cloud-engineer-exam-e10613.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
You want to ensure that Kubernetes can download images from Container Registry. What should you
do?
A. Create a service account, and give it access to Cloud Storage. Create a P12 key for this service
account and use it as an imagePullSecrets in Kubernetes.
B. When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under
`Access scopes'.
C. In the project where the images are stored, grant the Storage Object Viewer IAM role to the
service account used by the Kubernetes nodes.
D. Configure the ACLs on each image in Cloud Storage to give read-only access to the default
Compute Engine service account.
Answer: C
Explanation:
If the cluster is in a different project or if the VMs in the cluster use a different service account, you
must grant the service account the appropriate permissions to access the storage bucket used by
Container Registry.
For the service account used by Compute Engine VMs, including VMs in Google Kubernetes Engine
clusters, access is based on both Cloud IAM permissions and storage access scopes.
https://cloud.google.com/container-registry/docs/access-control
https://cloud.google.com/container-registry/docs/using-with-google-cloud-platform
NO.5 You are hosting an application on bare-metal servers in your own data center. The application
needs access to Cloud Storage. However, security policies prevent the servers hosting the application
from having public IP addresses or access to the internet. You want to follow Google- recommended
practices to provide the application with access to Cloud Storage. What should you do?
A. 1. Use nslookup to get the IP address for storage.googleapis.com.
2. Negotiate with the security team to be able to give a public IP address to the servers.
3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.
B. 1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP.
2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that
network to your on-premises network through the VPN tunnel.
3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME
to restricted.googleapis.com.
C. 1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to
Compute Engine.
2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend.
3. Configure your new instances to use this ILB as proxy.
D. 1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform
(GCP).
2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance.
3. Configure your servers to use that instance as a proxy to access Cloud Storage.
Answer: B
Explanation:
https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
NO.6 You have a Compute Engine instance hosting a production application. You want to receive an
3 from Freecram.com.
Get Latest & Valid Google Exam's Question and Answers 2
https://www.freecram.com/exam/Associate-Cloud-Engineer-google-associate-cloud-engineer-exam-e10613.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
email if the instance consumes more than 90% of its CPU resources for more than 15 minutes.
You want to use Google services. What should you do?
A. 1. In Stackdriver Logging, create a logs-based metric to extract the CPU usage by using this regular
expression: CPU Usage: ([0-9] {1,3})%
2. In Stackdriver Monitoring, create an Alerting Policy based on this metric.
3. Configure your email address in the notification channel.
B. 1. Create a Stackdriver Workspace, and associate your GCP project with it.
2. Write a script that monitors the CPU usage and sends it as a custom metric to Stackdriver.
3. Create an uptime check for the instance in Stackdriver.
C. 1. Create a Stackdriver Workspace, and associate your Google Cloud Platform (GCP) project with it.
2. Create an Alerting Policy in Stackdriver that uses the threshold as a trigger condition.
3. Configure your email address in the notification channel.
D. 1. Create a consumer Gmail account.
2. Write a script that monitors the CPU usage.
3. When the CPU usage exceeds the threshold, have that script send an email using the Gmail
account and smtp.gmail.com on port 25 as SMTP server.
Answer: A
NO.7 You have a project using BigQuery. You want to list all BigQuery jobs for that project. You want
to set this project as the default for the bq command-line tool. What should you do?
A. Use "gcloud config set project" to set the default project.
B. Use "gcloud generate config-url" to generate a URL to the Google Cloud Platform Console to set
the default project.
C. Use "bq generate config-url" to generate a URL to the Google Cloud Platform Console to set the
default project.
D. Use "bq config set project" to set the default project.
Answer: A
Explanation:
A is correct because you need to use gcloud to manage the config/defaults.
B is not correct because the bq command-line tool assumes the gcloud configuration settings and
can't be set through BigQuery.
C is not correct because entering this command will not achieve the desired result and will generate
an error.
D is not correct because entering this command will not achieve the desired result and will generate
an error.
https://cloud.google.com/bigquery/docs/reference/bq-cli-reference
https://cloud.google.com/sdk/gcloud/reference/config/set
NO.8 You want to deploy an application on Cloud Run that processes messages from a Cloud
Pub/Sub topic. You want to follow Google-recommended practices. What should you do?
A. 1. Create a service account.
2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.
3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run
application as the push endpoint.
B. 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.
4 from Freecram.com.
Get Latest & Valid Google Exam's Question and Answers 3
https://www.freecram.com/exam/Associate-Cloud-Engineer-google-associate-cloud-engineer-exam-e10613.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
2. Create a Cloud Pub/Sub subscription for that topic.
3. Make your application pull messages from that subscription.
C. 1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.
2. Call your application on Cloud Run from the Cloud Function for every message.
D. 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.
2. Create a Cloud Pub/Sub subscription for that topic.
3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes
the messages and sends them to your application.
Answer: A
NO.9 You are building a new version of an application hosted in an App Engine environment. You
want to test the new version with 1% of users before you completely switch your application over to
the new version.
What should you do?
A. Deploy a new version of your application in a Compute Engine instance instead of App Engine and
then use GCP Console to split traffic.
B. Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP
Console to split traffic between the two apps.
C. Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and
then use GCP Console to split traffic.
D. Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP
Console and split traffic between the current version and newly deployed versions accordingly.
Answer: D
Explanation:
https://cloud.google.com/appengine/docs/standard/python/splitting-traffic
NO.10 You are asked to set up application performance monitoring on Google Cloud projects A, B,
and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?
A. Enable API and then give the metrics.reader role to projects A, B, and C.
B. Enable API and then share charts from project A, B, and
C. Enable API, create a workspace under project A, and then add project B and
D. Enable API and then use default dashboards to view all projects in sequence.
Answer: D
NO.11 You want to verify the IAM users and roles assigned within a GCP project named my-project.
What should you do?
A. Run gcloud iam service-accounts list. Review the output section.
B. Navigate to the project and then to the Roles section in the GCP Console. Review the roles and
status.
C. Navigate to the project and then to the IAM section in the GCP Console. Review the members and
roles.
D. Run gcloud iam roles list. Review the output section.
Answer: C
Explanation:
5 from Freecram.com.
Get Latest & Valid Google Exam's Question and Answers 4
https://www.freecram.com/exam/Associate-Cloud-Engineer-google-associate-cloud-engineer-exam-e10613.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
IAM section provides the list of both Members and Roles.
Option A is wrong as it would provide information about the roles only.
Option B is wrong as it would provide only the service accounts.
Option D is wrong as it would provide information about the roles only.
NO.12 Your organization has strict requirements to control access to Google Cloud projects. You
need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud
support team when an SRE opens a support case. You want to follow Google-recommended
practices. What should you do?
A. Add your SREs to roles/iam.roleAdmin role.
B. Add your SREs to a group and then add this group to roles/iam roleAdmin role.
C. Add your SREs to a group and then add this group to roles/accessapproval approver role.
D. Add your SREs to roles/accessapproval approver role.
Answer: C
NO.13 You have been asked to set up Object Lifecycle Management for objects stored in storage
buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects
are not read again unless there is a special need. The object should be kept for three years, and you
need to minimize cost.
What should you do?
A. Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three
years.
B. Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and
then moves to Archive storage for two years.
C. Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and
then moves to Archive storage for two years.
D. Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three
years.
Answer: D
NO.14 Your company has a large quantity of unstructured data in different file formats. You want to
perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it
can be processed by a Dataflow job. What should you do?
A. Upload the data to Cloud Storage using the gsutil command line tool.
B. Upload the data into Cloud Spanner using the import function in the console.
C. Upload the data into Cloud SQL using the import function in the console.
D. Upload the data to BigQuery using the bq command line tool.
Answer: A
Explanation:
https://cloud.google.com/solutions/performing-etl-from-relational-database-into-bigquery
NO.15 You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications
will be in a dedicated configuration file. You want to follow Google's recommended practices. Which
method should you use?
6 from Freecram.com.
Get Latest & Valid Google Exam's Question and Answers 5
https://www.freecram.com/exam/Associate-Cloud-Engineer-google-associate-cloud-engineer-exam-e10613.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
A. Managed Instance Group
B. Deployment Manager
C. Cloud Composer
D. Unmanaged Instance Group
Answer: B
Explanation:
Google Cloud Deployment Manager allows you to specify all the resources needed for your
application in a declarative format using yaml. You can also use Python or Jinja2 templates to
parameterize the configuration and allow reuse of common deployment paradigms such as a load
balanced, auto-scaled instance group. Treat your configuration as code and perform repeatable
deployments.
https://cloud.google.com/deployment-manager
NO.16 You are hosting an application from Compute Engine virtual machines (VMs) in us-central1-a.
You want to adjust your design to support the failure of a single Compute Engine zone, eliminate
downtime, and minimize cost. What should you do?
A. - Create an HTTP(S) Load Balancer.
- Create one or more global forwarding rules to direct traffic to your VMs.
B. - Perform regular backups of your application.
- Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.
- Restore from backups when notified.
C. - Create a Managed Instance Group and specify us-central1-a as the zone.
- Configure the Health Check with a short Health Interval.
D. - Create Compute Engine resources in us-central1-b.
- Balance the load across both us-central1-a and us-central1-b.
Answer: C
Explanation:
https://github.com/GoogleCloudPlatform/puppet-google-compute
NO.17 You have been asked to automate the infrastructure deployment using Google Deployment
Manager service. Which all formats do Deployment manager template supports?
A. Python
B. YAML
C. Powershell
D. JSON
Answer: A,B
NO.18 You want to configure an SSH connection to a single Compute Engine instance for users in the
dev1 group. This instance is the only resource in this particular Google Cloud Platform project that
the dev1 users should be able to connect to. What should you do?
A.
Enable block project wide keysfor the instance. Generate an SSH key for each user in the dev1 group.
Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
B.
7 from Freecram.com.
Get Latest & Valid Google Exam's Question and Answers 6
https://www.freecram.com/exam/Associate-Cloud-Engineer-google-associate-cloud-engineer-exam-e10613.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
Set metadata to enable-oslogin=truefor the instance. Set the service account to no service accountfor
that instance. Direct them to use the Cloud Shell to ssh to that instance.
C.
Set metadata to enable-oslogin=truefor the instance. Grant the dev1 group the compute.osLoginrole.
Direct them to use the Cloud Shell to ssh to that instance.
D.
Enable block project wide keysfor the instance. Generate an SSH key and associate the key with that
instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.
Answer: C
8 from Freecram.com.
Get Latest & Valid Google Exam's Question and Answers 7
https://www.freecram.com/exam/Associate-Cloud-Engineer-google-associate-cloud-engineer-exam-e10613.html
