ASSOCIATE-CLOUD-ENGINEER Exam Details

  • Exam Code
    :ASSOCIATE-CLOUD-ENGINEER
  • Exam Name
    :Associate Cloud Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :427 Q&As
  • Last Updated
    :Jul 14, 2026

Google ASSOCIATE-CLOUD-ENGINEER Online Questions & Answers

  • Question 41:

    You have a Bigtable instance that consists of three nodes that store personally identifiable information (PII) data. You need to log all read or write operations, including any metadata or configuration reads of this database table, in your company's Security Information and Event Management (SIEM) system. What should you do?

    A. Navigate to Cloud Monitoring in the Google Cloud console, and create a custom monitoring job for the Bigtable instance to track all changes. Create an alert by using webhook endpoints, with the SIEM endpoint as a receiver.
    B. Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the Bigtable instance. Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.
    C. Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read, Data Write and Admin Read logs for the Bigtable instance. Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.
    D. Install the Ops Agent on the Bigtable instance during configuration. Create a service account with read permissions for the Bigtable instance. Create a custom Dataflow job with this service account to export logs to the company's SIEM system.

  • Question 42:

    You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate your application to the API. You want to make sure your application can use Cloud Pub/Sub. What should you do?

    A. Enable the Cloud Pub/Sub API in the API Library on the GCP Console.
    B. Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.
    C. Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.
    D. Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.

  • Question 43:

    Which of the following is a valid use case for Flow Logs?

    A. Blocking instances from communicating over certain ports.
    B. Network forensics.
    C. Proxying SSL traffic.
    D. Serving as a UDP relay.

  • Question 44:

    You recently discovered an issue with your rolling update in Google Kubernetes Engine (GKE). You now need to roll back a rolling update. What should you do?

    A. Delete the deployment.
    B. Use the kubectl rollout restart command to revert the deployment.
    C. Use the kubectl rollout undo command.
    D. Manually scale down the new Pods and scale up the old Pods.

  • Question 45:

    You are deploying a web application using Compute Engine. You created a managed instance group (MIG) to host the application. You want to follow Google-recommended practices to implement a secure and highly available solution. What should you do?

    A. Use a proxy Network Load Balancer for the MIG and an A record in your DNS private zone with the load balancer's IP address.
    B. Use a proxy Network Load Balancer for the MIG and a CNAME record in your DNS public zone with the load balancer's IP address.
    C. Use an Application Load Balancer for the MIG and a CNAME record in your DNS private zone with the load balancer's IP address.
    D. Use an Application Load Balancer for the MIG and an A record in your DNS public zone with the load balancer's IP address.

  • Question 46:

    You need to enable traffic between multiple groups of Compute Engine instances that are currently running two different GCP projects. Each group of Compute Engine instances is running in its own VPC. What should you do?

    A. Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.
    B. Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.
    C. Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.
    D. Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.

  • Question 47:

    What's the easiest way to ensure that the nodes in your Kubernetes cluster are always up-to-date with the latest stable version of Kubernetes?

    A. Opt into the Kubernetes Node Update program from the quotas page.
    B. Run the kubectl nodes update command.
    C. Run the kubectl nodes upgrade command.
    D. Enable the automatic node upgrades setting.

  • Question 48:

    The storage costs for your application logs have far exceeded the project budget. The logs are currently being retained indefinitely in the Cloud Storage bucket myapp-gcp-ace-logs. You have been asked to remove logs older than 90 days from your Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?

    A. Write a script that runs gsutil Is -| gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.
    B. Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config- json-file.
    C. Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml- file.
    D. Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

  • Question 49:

    You want to select and configure a cost-effective solution for relational data on Google Cloud Platform. You are working with a small set of operational data in one geographic location. You need to support point-in-time recovery. What should you do?

    A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.
    B. Select Cloud SQL (MySQL). Select the create failover replicas option.
    C. Select Cloud Spanner. Set up your instance with 2 nodes.
    D. Select Cloud Spanner. Set up your instance as multi-regional.

  • Question 50:

    You work for a financial services company that operates as a stock market broker. Your company is planning to migrate to Google Cloud. You need to plan the network design in Google Cloud.

    Your design must:

    1.Minimize the latency between all production systems.

    2.Minimize costs related to your development environment.

    What should you do?

    A. Create a VPC in the Standard Tier and one in the Premium Tier. Deploy production workloads in the Standard Tier and development workloads in the Premium Tier.
    B. Create a VPC in the Standard Tier and one in the Premium Tier. Deploy development workloads in the Standard Tier and production workloads in the Premium Tier.
    C. Create a VPC in the Premium Tier, and deploy both production and development workloads on this VPC.
    D. Create a VPC in the Standard Tier, and deploy both production and development workloads on this VPC.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ASSOCIATE-CLOUD-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.