1. Home
  2. Google
  3. ASSOCIATE-CLOUD-ENGINEER

Google ASSOCIATE-CLOUD-ENGINEER Online Practice Questions and Exam Preparation

ASSOCIATE-CLOUD-ENGINEER Exam Details

  • Exam Code
    :ASSOCIATE-CLOUD-ENGINEER
  • Exam Name
    :Associate Cloud Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :427 Q&As
  • Last Updated
    :May 24, 2026

Google ASSOCIATE-CLOUD-ENGINEER Online Questions & Answers

  • Question 111:

    You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

    A. Use permissions in your role that use the `supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
    B. Use permissions in your role that use the `supported' support level for role permissions. Set the role stage to BETA while testing the role permissions.
    C. Use permissions in your role that use the `testing' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
    D. Use permissions in your role that use the `testing' support level for role permissions. Set the role stage to BETA while testing the role permissions.

  • Question 112:

    You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account.

    What should you do?

    A. Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity- Aware Proxy to access the instance.
    B. Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.
    C. Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.
    D. Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant. Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.

  • Question 113:

    Your team uses a third-party monitoring solution. They've asked you to deploy it to the nodes in your Kubernetes Engine Cluster. What's the best way to do that?

    A. Deploy the monitoring pod as a DaemonSet.
    B. Deploy the monitoring pod as a Deployment.
    C. Use Deployment Manager to deploy the monitoring solution.
    D. Connect to each node via SSH and install the monitoring solution.

  • Question 114:

    Your company's infrastructure is on-premises, but all machines are running at maximum capacity. You want to burst to Google Cloud. The workloads on Google Cloud must be able to directly communicate to the workloads on-premises using a private IP range. What should you do?

    A. In Google Cloud, configure the VPC as a host for Shared VPC.
    B. In Google Cloud, configure the VPC for VPC Network Peering.
    C. Create bastion hosts both in your on-premises environment and on Google Cloud. Configure both as proxy servers using their public IP addresses.
    D. Set up Cloud VPN between the infrastructure on-premises and Google Cloud.

  • Question 115:

    The DevOps group in your organization needs full control of Compute Engine resources in your development project. However, they should not have permission to create or update any other resources in the project. You want to follow Google's recommendations for setting permissions for the DevOps group. What should you do?

    A. Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps group.
    B. Create an IAM policy and grant all compute.instanceAdmin.* permissions to the policy. Attach the policy to the DevOps group.
    C. Create a custom role at the folder level and grant all compute.instanceAdmin.* permissions to the role. Grant the custom role to the DevOps group.
    D. Grant the basic role roles/editor to the DevOps group.

  • Question 116:

    Your team has been working towards using desired state configuration for your entire infrastructure, which is why they're excited to store the Kubernetes Deployments in YAML. You created a Kubernetes Deployment with the kubectl apply command and passed on a YAML file. You need to edit the number of replicas. What steps should you take to update the Deployment?

    A. Edit the number of replicas in the YAML file and rerun the kubectl apply.
    B. Edit the YAML and push it to Github so that the git triggers deploy the change.
    C. Disregard the YAML file. Use the kubectl scale command.
    D. Edit the number of replicas in the YAML file and run the kubectl set image command.

  • Question 117:

    Your developers are trying to connect to an Ubuntu server over SSH to diagnose some errors. However, the connection times out. Which command should help solve the problem?

    A. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --allow tcp:22
    B. gcloud compute firewall-rules create "open-ssh"
    C. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --deny tcp:22
    D. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --allow tcp:3389

  • Question 118:

    You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?

    A. When creating the VM, use machine type n1-standard-96.
    B. When creating the VM, use Intel Skylake as the CPU platform.
    C. Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have 96 vCPUs.
    D. Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

  • Question 119:

    Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

    A. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.
    B. Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.
    C. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.
    D. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

  • Question 120:

    You have a development project with appropriate IAM roles defined. You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps. What should you do?

    A. Use gcloud iam roles copy and specify the production project as the destination project.
    B. Use gcloud iam roles copy and specify your organization as the destination organization.
    C. In the Google Cloud Platform Console, use the `create role from role' functionality.
    D. In the Google Cloud Platform Console, use the `create role' functionality and select all applicable permissions.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ASSOCIATE-CLOUD-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.