1. Home
  2. Google
  3. ASSOCIATE-CLOUD-ENGINEER

Associate Cloud Engineer

Exam Details

  • Exam Code
    :ASSOCIATE-CLOUD-ENGINEER
  • Exam Name
    :Associate Cloud Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :377 Q&As
  • Last Updated
    :May 19, 2025

Google Google Certifications ASSOCIATE-CLOUD-ENGINEER Questions & Answers

  • Question 91:

    Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure. You need to assign minimum permissions to these team members and you want to follow Google-recommended practices. What should you do?

    A. Add the users to roles/browser role.

    B. Add the users to roles/iam.roleViewer role.

    C. Add the users to a group, and add this group to roles/browser role.

    D. Add the users to a group, and add this group to roles/iam.roleViewer role.

  • Question 92:

    Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?

    A. Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.

    B. Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

    C. Create a custom role by removing delete permissions, and add users to that role only.

    D. Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.

  • Question 93:

    Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

    A. Add your SREs to roles/iam.roleAdmin role.

    B. Add your SREs to roles/accessapproval approver role.

    C. Add your SREs to a group and then add this group to roles/iam roleAdmin role.

    D. Add your SREs to a group and then add this group to roles/accessapproval approver role.

  • Question 94:

    You need to host an application on a Compute Engine instance in a project shared with other teams. You want to prevent the other teams from accidentally causing downtime on that application. Which feature should you use?

    A. Use a Shielded VM.

    B. Use a Preemptible VM.

    C. Use a sole-tenant node.

    D. Enable deletion protection on the instance.

  • Question 95:

    You have a developer laptop with the Cloud SDK installed on Ubuntu. The Cloud SDK was installed from the Google Cloud Ubuntu package repository. You want to test your application locally on your laptop with Cloud Datastore. What should you do?

    A. Export Cloud Datastore data using gcloud datastore export.

    B. Create a Cloud Datastore index using gcloud datastore indexes create.

    C. Install the google-cloud-sdk-datastore-emulator component using the apt get install command.

    D. Install the cloud-datastore-emulator component using the gcloud components install command.

  • Question 96:

    Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?

    A. Add the group for the finance team to roles/billing user role.

    B. Add the group for the finance team to roles/billing admin role.

    C. Add the group for the finance team to roles/billing viewer role.

    D. Add the group for the finance team to roles/billing project/Manager role.

  • Question 97:

    You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:

    What is the most likely cause?

    A. The pending Pod's resource requests are too large to fit on a single node of the cluster.

    B. Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

    C. The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

    D. The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods' status. It is currently being rescheduled on a new node.

  • Question 98:

    You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

    A. Open the Cloud Spanner console to review configurations.

    B. Open the IAM and admin console to review IAM policies for Cloud Spanner roles.

    C. Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

    D. Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

  • Question 99:

    Your company implemented BigQuery as an enterprise data warehouse. Users from multiple business units run queries on this data warehouse. However, you notice that query costs for BigQuery are very high, and you need to control costs. Which two methods should you use? (Choose two.)

    A. Split the users from business units to multiple projects.

    B. Apply a user- or project-level custom query quota for BigQuery data warehouse.

    C. Create separate copies of your BigQuery data warehouse for each business unit.

    D. Split your BigQuery data warehouse into multiple data warehouses for each business unit.

    E. Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

  • Question 100:

    You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods. What should you do?

    A. Use Binary Authorization and whitelist only the container images used by your customers' Pods.

    B. Use the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods.

    C. Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers' Pods.

    D. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ASSOCIATE-CLOUD-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.