Google Associate Cloud Engineer Exam Questions Instant Access

Question 1

You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

AAssign appropriate access for Google services to the service account used by the Compute Engine VM.

BCreate a service account with appropriate access for Google services, and configure the application to use this account.

CStore credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

DStore credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Answer : B

In general, Google recommends that each instance that needs to call a Google API should run as a service account with the minimum permissions necessary for that instance to do its job. In practice, this means you should configure service accounts for your instances with the following process: Create a new service account rather than using the Compute Engine default service account. Grant IAM roles to that service account for only the resources that it needs. Configure the instance to run as that service account. Grant the instance the https://www.googleapis.com/auth/cloud-platform scope to allow full access to all Google Cloud APIs, so that the IAM permissions of the instance are completely determined by the IAM roles of the service account. Avoid granting more access than necessary and regularly check your service account permissions to make sure they are up-to-date.https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices

Question 2

You want to permanently delete a Pub/Sub topic managed by Config Connector in your Google Cloud project. What should you do?

AUse kubect1 to delete the topic resource.

BUse gcloud CLI to delete the topic.

CUse kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

DUse gcloud CLI to update the topic label managed-by-cnrm to false.

Answer : C

Question 3

Youare configuring Cloud DNS. You want !to create DNS records to pointhome.mydomain.com,mydomain.com. andwww.mydomain.comto the IP address of your Google Cloud load balancer. What should you do?

ACreate one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

BCreate one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

CCreate one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

DCreate one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Answer : C

Question 4

Your team maintains the infrastructure for your organization. The current infrastructure requires changes. You need to share your proposed changes with the rest of the team. You want to follow Google's recommended best practices. What should you do?

AUse Deployment Manager templates to describe the proposed changes and store them in a Cloud Storage bucket.

BUse Deployment Manager templates to describe the proposed changes and store them in Cloud Source Repositories.

CApply the change in a development environment, run gcloud compute instances list, and then save the output in a shared Storage bucket.

DApply the change in a development environment, run gcloud compute instances list, and then save the output in Cloud Source Repositories.

Answer : B

Showing Deployment Manager templates to your team will allow you to define the changes you want to implement in your cloud infrastructure. You can use Cloud Source Repositories to store Deployment Manager templates and collaborate with your team. Cloud Source Repositories are fully-featured, scalable, and private Git repositories you can use to store, manage and track changes to your code.

https://cloud.google.com/source-repositories/docs/features

Question 5

You need to update a deployment in Deployment Manager without any resource downtime in the deployment. Which command should you use?

Agcloud deployment-manager deployments create --config <deployment-config-path>

Bgcloud deployment-manager deployments update --config <deployment-config-path>

Cgcloud deployment-manager resources create --config <deployment-config-path>

Dgcloud deployment-manager resources update --config <deployment-config-path>

Answer : B

Question 6

You are running multiple VPC-native Google Kubernetes Engine clusters in the same subnet. The IPs available for the nodes are exhausted, and you want to ensure that the clusters can grow in nodes when needed. What should you do?

ACreate a new subnet in the same region as the subnet being used.

BAdd an alias IP range to the subnet used by the GKE clusters.

CCreate a new VPC, and set up VPC peering with the existing VPC.

DExpand the CIDR range of the relevant subnet for the cluster.

Answer : A

gcloud compute networks subnets expand-ip-range NAME gcloud compute networks subnets expand-ip-range - expand the IP range of a Compute Engine subnetworkhttps://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/expand-ip-range

Question 7

(Your company is modernizing its applications and refactoring them to containerized microservices. You need to deploy the infrastructure on Google Cloud so that teams can deploy their applications. The applications cannot be exposed publicly. You want to minimize management and operational overhead. What should you do?)

AProvision a Standard zonal Google Kubernetes Engine (GKE) cluster.

BProvision a fleet of Compute Engine instances and install Kubernetes.

CProvision a Google Kubernetes Engine (GKE) Autopilot cluster.

DProvision a Standard regional Google Kubernetes Engine (GKE) cluster.

Answer : C

GKE Autopilot is a mode of operation in GKE where Google manages the underlying infrastructure, including nodes, node pools, and their upgrades. This significantly reduces the management and operational overhead for the user, allowing teams to focus solely on deploying and managing their containerized applications. Since the applications are not exposed publicly, the zonal or regional nature of the cluster primarily impacts availability within Google Cloud, and Autopilot is available for both. Autopilot minimizes the operational burden, which is a key requirement.

Option A: A Standard zonal GKE cluster requires you to manage the nodes yourself, including sizing, scaling, and upgrades, increasing operational overhead compared to Autopilot.

Option B: Manually installing and managing Kubernetes on a fleet of Compute Engine instances involves the highest level of management overhead, which contradicts the requirement to minimize it.

Option D: A Standard regional GKE cluster provides higher availability than a zonal cluster by replicating the control plane and nodes across multiple zones within a region. However, it still requires you to manage the underlying nodes, unlike Autopilot.

Reference to Google Cloud Certified - Associate Cloud Engineer Documents:

The different modes of GKE operation, including Standard and Autopilot, and their respective management responsibilities and benefits, are clearly outlined in the Google Kubernetes Engine documentation, a core topic for the Associate Cloud Engineer certification. The emphasis on reduced operational overhead with Autopilot is a key differentiator.