Associate Cloud Engineer

Here you have the best Google Associate Cloud Engineer practice exam questions

You have 304 total questions to study from
Each page has 5 questions, making a total of 61 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on October 28, 2025
This site is not affiliated with or endorsed by Google.

Question 1 of 304

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.

Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.

Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Correct Answer: C

To manage a large number of instances and ensure operational efficiency while maintaining security, each team member should generate their own SSH key pair and add the public key to their Google account. By granting the 'compute.osAdminLogin' role to the Google group corresponding to the team, you utilize Google Cloud's IAM feature to manage permissions centrally. This approach allows easy addition and removal of team members and ensures each access can be accurately tracked to the respective individual thanks to IAM logging, meeting the security team's requirements.

Question 2 of 304

You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible. Which range should you use?

0.0.0.0/0

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

Correct Answer: B

To create a custom VPC with a single subnet with the largest possible range, you should use 10.0.0.0/8. This is because 10.0.0.0/8 is a private IP range as defined by RFC 1918 and allows for the largest possible subnet within that range. The /8 subnet mask means that only the first 8 bits of the address are used for network identification, leaving 24 bits for host addresses, which provides the largest number of available IP addresses. The other options, 172.16.0.0/12 and 192.168.0.0/16, provide progressively smaller ranges. Option 0.0.0.0/0 is not valid for this purpose as it represents all IP addresses and is not a private IP range suitable for a VPC subnet.

Question 3 of 304

You want to select and configure a cost-effective solution for relational data on Google Cloud Platform. You are working with a small set of operational data in one geographic location. You need to support point-in-time recovery. What should you do?

Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.

Select Cloud SQL (MySQL). Select the create failover replicas option.

Select Cloud Spanner. Set up your instance with 2 nodes.

Select Cloud Spanner. Set up your instance as multi-regional.

Correct Answer: A

To select a cost-effective solution for relational data on Google Cloud Platform, especially for a small set of operational data in one geographic location, Cloud SQL (MySQL) is appropriate. Cloud SQL supports point-in-time recovery, which requires enabling binary logging. This feature allows you to restore your database to a specific moment in time, which satisfies the need for point-in-time recovery.

Question 4 of 304

You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps.
You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?

Create an HTTP load balancer with a backend configuration that references an existing instance group. Set the health check to healthy (HTTP)

Create an HTTP load balancer with a backend configuration that references an existing instance group. Define a balancing mode and set the maximum RPS to 10.

Create a managed instance group. Set the Autohealing health check to healthy (HTTP)

Create a managed instance group. Verify that the autoscaling setting is on.

Correct Answer: C

To configure autohealing for a group of Compute Engine instances with a requirement to recreate VMs if they are unresponsive after a specified number of attempts, you need to use a managed instance group (MIG) with an autohealing policy. By setting the Autohealing health check to healthy (HTTP), the MIG can automatically recreate instances that fail the specified health checks. This setup ensures that instances are monitored and recreated if they are unresponsive, meeting the described criteria for autohealing without needing additional load balancer configurations.

Question 5 of 304

You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

Use gcloud config configurations describe to review the output.

Use gcloud config configurations activate and gcloud config list to review the output.

Use kubectl config get-contexts to review the output.

Use kubectl config use-context and kubectl config view to review the output.

Correct Answer: A

To review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps, you should use the gcloud command-line tool. The command 'gcloud config configurations describe' allows you to directly review the details of a specific configuration, including the Kubernetes Engine cluster configuration, without needing to activate the configuration or switch contexts. This approach is the most efficient and accurate, avoiding unnecessary steps.