1. Home
  2. Google
  3. ASSOCIATE-CLOUD-ENGINEER

Google ASSOCIATE-CLOUD-ENGINEER Online Practice Questions and Exam Preparation

ASSOCIATE-CLOUD-ENGINEER Exam Details

  • Exam Code
    :ASSOCIATE-CLOUD-ENGINEER
  • Exam Name
    :Associate Cloud Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :427 Q&As
  • Last Updated
    :Jun 01, 2026

Google ASSOCIATE-CLOUD-ENGINEER Online Questions & Answers

  • Question 321:

    You have a Compute Engine instance hosting an application used between 9 AM and 6 PM on weekdays. You want to back up this instance daily for disaster recovery purposes. You want to keep the backups for 30 days. You want the Google-recommended solution with the least management overhead and the least number of services. What should you do?

    A. 1. Update your instances' metadata to add the following value: snapshot-schedule: 0 1 * * * 2. Update your instances' metadata to add the following value: snapshot-retention: 30
    B. 1. In the Cloud Console, go to the Compute Engine Disks page and select your instance's disk. 2. In the Snapshot Schedule section, select Create Schedule and configure the following parameters: -Schedule frequency: Daily -Start time: 1:00 AM - 2:00 AM -Autodelete snapshots after 30 days
    C. 1. Create a Cloud Function that creates a snapshot of your instance's disk. 2.Create a Cloud Function that deletes snapshots that are older than 30 days. 3.Use Cloud Scheduler to trigger both Cloud Functions daily at 1:00 AM.
    D. 1. Create a bash script in the instance that copies the content of the disk to Cloud Storage. 2.Create a bash script in the instance that deletes data older than 30 days in the backup Cloud Storage bucket. 3.Configure the instance's crontab to execute these scripts daily at 1:00 AM.

  • Question 322:

    You are designing an application that uses WebSockets and HTTP sessions that are not distributed across the web servers. You want to ensure the application runs properly on Google Cloud Platform. What should you do?

    A. Meet with the cloud enablement team to discuss load balancer options.
    B. Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.
    C. Review the encryption requirements for WebSocket connections with the security team.
    D. Convert the WebSocket code to use HTTP streaming.

  • Question 323:

    You are configuring Cloud DNS. You want !to create DNS records to point home.mydomain.com, mydomain.com. and www.mydomain.com to the IP address of your Google Cloud load balancer. What should you do?

    A. Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.
    B. Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.
    C. Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.
    D. Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

  • Question 324:

    Your company is migrating its workloads to Google Cloud due to an expiring data center contract. The on- premises environment and Google Cloud are not connected. You have decided to follow a lift-and-shift approach, and you plan to modernize the workloads in a future project. Several old applications connect to each other through hard-coded internal IP addresses. You want to migrate these workloads quickly without modifying the application code. You also want to maintain all functionality. What should you do?

    A. Migrate your DNS server first. Configure Cloud DNS with a forwarding zone to your migrated DNS server. Then migrate all other workloads with ephemeral internal IP addresses.
    B. Create a VPC with non-overlapping CIDR ranges compared to your on-premises network. When migrating individual workloads, assign each workload a new static internal IP address.
    C. Create a VPC with the same CIDR ranges as your on-premises network. When migrating individual workloads, assign each workload the same static internal IP address.
    D. Migrate all workloads to a single VPC subnet. Configure Cloud NAT for the subnet and manually assign a static IP address to the Cloud NAT gateway.

  • Question 325:

    You are the organization and billing administrator for your company. The engineering team has the Project Creator role on the organization. You do not want the engineering team to be able to link projects to the billing account. Only the finance team should be able to link a project to a billing account, but they should not be able to make any other changes to projects. What should you do?

    A. Assign the finance team only the Billing Account User role on the billing account.
    B. Assign the engineering team only the Billing Account User role on the billing account.
    C. Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.
    D. Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

  • Question 326:

    You are deploying an application to Google Kubernetes Engine (GKE). The application needs to make API calls to a private Cloud Storage bucket. You need to configure your application Pods to authenticate to the Cloud Storage API, but your organization policy prevents the usage of service account keys. You want to follow Google-recommended practices. What should you do?

    A. Create the GKE cluster with Workload Identity Federation. Configure the default node service account to access the bucket. Deploy the application into the cluster so the application can use the node service account permissions. Use Identity and Access Management (IAM) to grant the service account access to the bucket.
    B. Create the GKE cluster with Workload Identity Federation. Create a Google service account and a Kubernetes ServiceAccount, and configure both service accounts to use Workload Identity Federation. Attach the Kubernetes ServiceAccount to the application Pods and configure the Google service account to access the bucket with Identity and Access Management (IAM).
    C. Create the GKE cluster and deploy the application. Request a security exception to create a Google service account key. Set the constraints/iam.serviceAccountKeyExpiryHours organization policy to 24 hours.
    D. Create the GKE cluster and deploy the application. Request a security exception to create a Google service account key. Set the constraints/iam.serviceAccountKeyExpiryHours organization policy to 8 hours.

  • Question 327:

    Your company completed the acquisition of a startup and is now merging the IT systems of both companies. The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is billed lo your organization. You want to accomplish this task with minimal effort. What should you do?

    A. Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.
    B. Ensure that you have an Organization Administrator Identity and Access Management (1AM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.
    C. Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup's production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company's project.
    D. Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

  • Question 328:

    You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

    A. Use the GCP Console to transfer the file instead of gsutil.
    B. Enable parallel composite uploads using gsutil on the file transfer.
    C. Decrease the TCP window size on the machine initiating the transfer.
    D. Change the storage class of the bucket from Nearline to Multi-Regional.

  • Question 329:

    You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?

    A. Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.
    B. Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.
    C. Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.
    D. Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.

  • Question 330:

    You are hosting an application on bare-metal servers in your own data center. The application needs access to Cloud Storage. However, security policies prevent the servers hosting the application from having public IP addresses or access to the internet. You want to follow Google-recommended practices to provide the application with access to Cloud Storage. What should you do?

    A. 1. Use nslookup to get the IP address for storage.googleapis.com. 2.Negotiate with the security team to be able to give a public IP address to the servers. 3.Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.
    B. 1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform (GCP). 2.In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance. 3.Configure your servers to use that instance as a proxy to access Cloud Storage.
    C. 1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine. 2.Create an internal load balancer (ILB) that uses storage.googleapis.com as backend. 3.Configure your new instances to use this ILB as proxy.
    D. 1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP. 2.Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel. 3.In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ASSOCIATE-CLOUD-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.