GCP Associate Cloud Engineer Practice Exam

What the GCP Associate Cloud Engineer exam covers

• Setting Up a Cloud Solution Environment122 questions
• Planning and Configuring a Cloud Solution124 questions
• Deploying and Implementing a Cloud Solution152 questions
• Ensuring Successful Operation of a Cloud Solution133 questions
• Configuring Access and Security120 questions

Free GCP Associate Cloud Engineer sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 651.

1. Question 1Setting Up a Cloud Solution Environment

   A mid-sized company is starting its cloud journey on Google Cloud. The CTO wants to ensure that each department — engineering, marketing, and finance — has its own isolated set of resources with separate billing. Which approach should you recommend?

   • ACreate separate folders for each department but use a single shared project
   • BCreate separate projects for each department under an organization node and link each to its own billing accountCorrect
   • CCreate a single project and use labels to separate resources by department
   • DCreate separate VPCs within one project for each department
   ✓ Correct answer: B

   This option provides the best approach for the stated scenario. It delivers the necessary functionality while aligning with Google Cloud best practices and architectural patterns. Proper resource configuration ensures optimal performance and cost efficiency.

   Why the other options are wrong

   • ACreate separate folders for each department but use a single shared project is incorrect because it does not provide the optimal functionality required for this scenario.
   • CCreate a single project and use labels to separate resources by department is incorrect because it does not provide the optimal functionality required for this scenario.
   • DCreate separate VPCs within one project for each department is incorrect because it does not provide the optimal functionality required for this scenario.
2. Question 2Configuring Access and Security

   Your application running on Compute Engine needs to read objects from a Cloud Storage bucket and publish messages to a Pub/Sub topic. Currently, the application uses a service account key file for authentication. Your security team wants to eliminate the use of service account key files. What should you do?

   • AEmbed the credentials directly in the application code instead of using a key file
   • BUse a Cloud KMS key to encrypt the service account key file and store it on the VM
   • CCreate a custom service account with the required roles, attach it to the VM instance, and remove the key fileCorrect
   • DAssign the required roles to the Compute Engine default service account and rely on the instance's metadata server for credentials
   ✓ Correct answer: C

   This option provides the best approach for the stated scenario. It delivers the necessary functionality while aligning with Google Cloud best practices and architectural patterns. Proper resource configuration ensures optimal performance and cost efficiency.

   Why the other options are wrong

   • AEmbed the credentials directly in the application code instead of using a key file is incorrect because it does not provide the optimal functionality required for this scenario.
   • BUse a Cloud KMS key to encrypt the service account key file and store it on the VM is incorrect because it does not provide the optimal functionality required for this scenario.
   • DAssign the required roles to the Compute Engine default service account and rely on the instance's metadata server for credentials is incorrect because it does not provide the optimal functionality required for this scenario.
3. Question 3Ensuring Successful Operation of a Cloud Solution

   A company needs to perform a major version upgrade of their Cloud SQL for PostgreSQL instance from PostgreSQL 13 to PostgreSQL 15. The application team needs to test the upgrade before applying it to production. What approach should they take?

   • AExport the database to SQL, create a new PostgreSQL 15 instance, and import the data
   • BClone the production instance, perform the major version upgrade on the clone, test the application against it, and then upgrade productionCorrect
   • CUpgrade production directly during a maintenance window without testing
   • DCreate a read replica and upgrade the replica to the new version
   ✓ Correct answer: B

   This option provides the best approach for the stated scenario. It delivers the necessary functionality while aligning with Google Cloud best practices and architectural patterns. Proper resource configuration ensures optimal performance and cost efficiency.

   Why the other options are wrong

   • AExport the database to SQL, create a new PostgreSQL 15 instance, and import the data is incorrect because it does not provide the optimal functionality required for this scenario.
   • CUpgrade production directly during a maintenance window without testing is incorrect because it does not provide the optimal functionality required for this scenario.
   • DCreate a read replica and upgrade the replica to the new version is incorrect because it does not provide the optimal functionality required for this scenario.
4. Question 4Setting Up a Cloud Solution Environment

   FrostByte Computing needs to export billing data to BigQuery for detailed cost analysis. Which step is required to enable billing data export?

   • AEnable Cloud Billing export in the Billing section of the Cloud Console and specify a BigQuery datasetCorrect
   • BCreate a Cloud Function that queries the Billing API and writes to BigQuery
   • CUse Dataflow to stream billing data from Cloud Storage to BigQuery
   • DEnable the BigQuery Transfer Service to import billing data automatically
   ✓ Correct answer: A

   This option provides the best approach for the stated scenario. It delivers the necessary functionality while aligning with Google Cloud best practices and architectural patterns. Proper resource configuration ensures optimal performance and cost efficiency.

   Why the other options are wrong

   • BCreate a Cloud Function that queries the Billing API and writes to BigQuery is incorrect because it does not provide the optimal functionality required for this scenario.
   • CUse Dataflow to stream billing data from Cloud Storage to BigQuery is incorrect because it does not provide the optimal functionality required for this scenario.
   • DEnable the BigQuery Transfer Service to import billing data automatically is incorrect because it does not provide the optimal functionality required for this scenario.
5. Question 5Planning and Configuring a Cloud SolutionSelect all that apply

   You are selecting a compute option for a new microservices application. The team wants to use containers and needs automatic scaling. Which of the following Google Cloud services support running containerized workloads with autoscaling? (Choose three.)

   • AApp Engine Flexible environmentCorrect
   • BCloud Functions (2nd gen)
   • CCloud RunCorrect
   • DCompute Engine sole-tenant nodes
   • EGoogle Kubernetes Engine (GKE)Correct
   ✓ Correct answer: A, C, E

   This option provides the best approach for the stated scenario. It delivers the necessary functionality while aligning with Google Cloud best practices and architectural patterns. Proper resource configuration ensures optimal performance and cost efficiency.

   Why the other options are wrong

   • BCloud Functions (2nd gen) is incorrect because it does not provide the optimal functionality required for this scenario.
   • DCompute Engine sole-tenant nodes is incorrect because it does not provide the optimal functionality required for this scenario.
6. Question 6Deploying and Implementing a Cloud SolutionSelect all that apply

   You are deploying an application on Compute Engine that needs to interact with Cloud Storage and BigQuery. Which two steps should you take to securely provide access without using key files? (Choose two.)

   • AGrant the default service account the Project Owner role
   • BCreate a custom service account with only the required IAM rolesCorrect
   • CAssign the custom service account to the Compute Engine instanceCorrect
   • DDownload a JSON key file and store it on the instance
   ✓ Correct answer: B, C

   This option provides the best approach for the stated scenario. It delivers the necessary functionality while aligning with Google Cloud best practices and architectural patterns. Proper resource configuration ensures optimal performance and cost efficiency.

   Why the other options are wrong

   • AGrant the default service account the Project Owner role is incorrect because it does not provide the optimal functionality required for this scenario.
   • DDownload a JSON key file and store it on the instance is incorrect because it does not provide the optimal functionality required for this scenario.
7. Question 7Deploying and Implementing a Cloud SolutionSelect all that apply

   Which two deployment strategies does Cloud Run support for updating services? (Choose two.)

   • ABlue-green deployment by routing 100% traffic to the new revisionCorrect
   • BIn-place updates that modify running containers
   • CCanary deployments using pod labels
   • DGradual traffic splitting between revisionsCorrect
   ✓ Correct answer: A, D

   Blue-green deployment by routing 100% traffic to the new revision and Gradual traffic splitting between revisions represents the correct deployment approach for this application type. This deployment method aligns with GCP best practices and ensures proper application lifecycle management. Selecting the appropriate deployment mechanism is fundamental to cloud solution design.

   Why the other options are wrong

   • BIn-place updates that modify running containers is incorrect because this service is not designed for the specified requirements.
   • CCanary deployments using pod labels is incorrect because this service is not designed for the specified requirements.
8. Question 8Ensuring Successful Operation of a Cloud SolutionSelect all that apply

   You need to troubleshoot connectivity issues for a Compute Engine instance that cannot reach the internet. Which two tools in Google Cloud can help you diagnose the problem? (Choose two.)

   • ACloud Profiler to analyze network performance
   • BConnectivity Tests to check network paths and firewall rulesCorrect
   • CVPC Flow Logs to analyze network traffic patternsCorrect
   • DCloud Build to rebuild the network stack
   ✓ Correct answer: B, C

   Connectivity Tests to check network paths and firewall rules and VPC Flow Logs to analyze network traffic patterns is the appropriate networking configuration for this scenario. This approach ensures proper connectivity and network isolation based on GCP network architecture. Understanding VPC design and network connectivity patterns is essential for secure cloud solutions.

   Why the other options are wrong

   • ACloud Profiler to analyze network performance is incorrect because this approach does not correctly implement the required network connectivity.
   • DCloud Build to rebuild the network stack is incorrect because this approach does not correctly implement the required network connectivity.
9. Question 9Configuring Access and SecuritySelect all that apply

   FortiCloud Inc. wants to implement network security best practices. Which two firewall rule features in Google Cloud VPC allow granular traffic control? (Choose two.)

   • AUsing IAM roles to define firewall rule priorities
   • BUsing Cloud Storage bucket policies to filter network traffic
   • CUsing service accounts as source or target filters in firewall rulesCorrect
   • DUsing network tags to apply firewall rules to specific VM instancesCorrect
   ✓ Correct answer: C, D

   Using service accounts as source or target filters in firewall rules and Using network tags to apply firewall rules to specific VM instances is the appropriate networking configuration for this scenario. This approach ensures proper connectivity and network isolation based on GCP network architecture. Understanding VPC design and network connectivity patterns is essential for secure cloud solutions.

   Why the other options are wrong

   • AUsing IAM roles to define firewall rule priorities is incorrect because this approach does not correctly implement the required network connectivity.
   • BUsing Cloud Storage bucket policies to filter network traffic is incorrect because this approach does not correctly implement the required network connectivity.
10. Question 10Planning and Configuring a Cloud Solution

    When implementing Configuring practices in Planning and Configuring a Cloud Solution, which approach is recommended?

    • AReview logs once per quarter in a manual audit
    • BSet up continuous monitoring with proactive alertingCorrect
    • CDisable monitoring to reduce resource overhead
    • Dcheck systems only when users report problems
    ✓ Correct answer: B

    Set up continuous monitoring with proactive alerting is the correct choice for this scenario. This approach aligns with GCP best practices and properly addresses the stated requirements. Understanding when and how to apply different GCP services is essential for the ACE certification.

    Why the other options are wrong

    • AReview logs once per quarter in a manual audit is incorrect because this option does not meet the requirements specified in the scenario.
    • CDisable monitoring to reduce resource overhead is incorrect because this option does not meet the requirements specified in the scenario.
    • Dcheck systems only when users report problems is incorrect because this option does not meet the requirements specified in the scenario.

GCP Associate Cloud Engineer practice exam FAQ