



















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A practice exam for the google cloud infrastructure core services certification. It includes multiple-choice questions covering key concepts and services, along with detailed explanations for each answer. This practice exam is designed to help individuals prepare for the certification exam by testing their knowledge and understanding of google cloud infrastructure core services. It covers topics such as resource hierarchy, iam, security models, compute engine, vpc, and cloud storage. The questions are structured to simulate the actual exam format, providing valuable practice and insights into the types of questions to expect. By reviewing these questions and answers, candidates can identify areas where they need further study and improve their overall readiness for the certification.
Typology: Exams
1 / 91
This page cannot be seen from the preview
Don't miss anything!




















































































Question 1. Which component of the Google Cloud resource hierarchy is the top‑most container for all other resources? A) Folder B) Project C) Organization D) Billing Account Answer: C Explanation: The Organization node sits at the root of the hierarchy and contains all folders, projects, and resources. Question 2. In IAM, which type of member represents a non‑human identity used by applications to call Google Cloud APIs? A) Google Group B) Service account C) Cloud Identity domain D) Google Workspace user Answer: B Explanation: Service accounts are intended for applications and services, not for individual users. Question 3. Which IAM role provides the broadest set of permissions? A) Viewer B) Owner C) Editor D) Custom role with “*” permissions Answer: B
Explanation: The primitive Owner role includes all permissions on a resource, including permission to modify IAM policies. Question 4. Which of the following is a best practice for managing service‑account keys? A) Store keys in source‑code repositories B) Create a single key per service account and never rotate it C) Use short‑lived keys and rotate them regularly D) Disable IAM audit logging for service accounts Answer: C Explanation: Short‑lived keys reduce exposure risk; regular rotation is recommended. Question 5. IAM Conditions enable which type of access control? A) Time‑based only B) Attribute‑based and temporary access C) Network‑based only D) Role‑based only Answer: B Explanation: Conditions allow policies to be scoped by attributes such as request time, resource name, or IP address. Question 6. Which Google Cloud security model principle states that users should receive only the permissions they need to perform their job? A) Defense in depth B) Least privilege C) Shared responsibility D) Zero trust
C) custom machine type D) f1‑micro Answer: C Explanation: Custom machine types allow you to define precise CPU and memory amounts. Question 10. What happens when you stop a Compute Engine VM that uses a local SSD? A) The SSD data persists and can be re‑attached later B) The SSD is automatically deleted C) The SSD is detached but data remains intact D) The SSD is detached and data is lost Answer: D Explanation: Local SSD data is lost when the instance is stopped; it is not persistent. Question 11. Which of the following boot disk types offers the highest IOPS per GB? A) Standard persistent disk B) Balanced persistent disk C) SSD persistent disk D) Local SSD Answer: D Explanation: Local SSD provides the highest performance but is not persistent across stops. Question 12. How can you provide instance‑level metadata to a VM at launch? A) Using a firewall rule B) Adding a startup script in the metadata field C) Assigning a service account
D) Creating a custom role Answer: B Explanation: Metadata entries, including startup scripts, are supplied when creating the instance. Question 13. Which VPC component is regional rather than global? A) VPC network itself B) Subnet C) Firewall rule D) Cloud Router Answer: B Explanation: Subnets are created in a specific region, while VPCs span globally. Question 14. What does a VPC firewall rule with direction INGRESS control? A) Outbound traffic from VPC to Internet B) Traffic entering a VM from other sources C) Traffic between two subnets in the same VPC D) Traffic from a VPN tunnel to the VPC Answer: B Explanation: Ingress rules filter incoming traffic to VM instances. Question 15. Which tag is used to apply a firewall rule to a specific set of instances? A) Service account tag B. Network tag C) Project tag
D) Kubernetes Engine Answer: C Explanation: App Engine abstracts away infrastructure and handles scaling automatically. Question 19. Which deployment option is best suited for running containerized workloads that need to scale to zero when idle? A) Compute Engine Managed Instance Group B) App Engine Flexible Environment C) Cloud Run (fully managed) D) GKE Autopilot Answer: C Explanation: Cloud Run can scale down to zero instances when no requests are received. Question 20. Managed Instance Groups (MIGs) provide which of the following capabilities? A) Automatic load balancing and autoscaling of identical VM instances B) Serverless execution of functions C) Global DNS routing for multi‑regional services D) Container orchestration without Kubernetes Answer: A Explanation: MIGs manage a homogeneous set of VMs, providing health checks, autoscaling, and load balancing. Question 21. Which Google Cloud service offers a fully managed, horizontally scalable relational database with global consistency? A) Cloud SQL B) Cloud Spanner
C) Cloud Bigtable D) Firestore Answer: B Explanation: Cloud Spanner is a globally distributed relational database with strong consistency. Question 22. In Cloud Storage, which storage class is optimized for infrequently accessed data with lower retrieval costs? A) Standard B) Nearline C) Coldline D) Archive Answer: C Explanation: Coldline is intended for data accessed less than once a year, offering lower storage cost but higher retrieval fees. Question 23. How does Object Versioning affect objects in a bucket? A) It permanently deletes old versions after 30 days B) It creates a new generation for each overwrite, preserving prior data C) It encrypts each version with a different key automatically D) It moves older versions to Nearline storage automatically Answer: B Explanation: Versioning retains each generation of an object, allowing recovery of previous states. Question 24. Which Cloud Storage access control method allows fine‑grained permissions on individual objects?
A) Disaster recovery across regions B) Scaling read‑heavy workloads by offloading queries from the primary C) Enabling point‑in‑time recovery D) Providing write scalability Answer: B Explanation: Read replicas handle read traffic, reducing load on the primary instance. Question 28. Which NoSQL database is best suited for large‑scale, low‑latency analytics with a wide‑column data model? A) Firestore B) Cloud Bigtable C) Cloud Spanner D) Memorystore Answer: B Explanation: Bigtable is a wide‑column store optimized for high‑throughput analytical workloads. Question 29. Firestore operates in which two modes? A) Native and Datastore mode B) Standard and Enterprise mode C) Regional and Multi‑regional mode D) SQL and NoSQL mode Answer: A Explanation: Firestore can run in Native mode (new) or Datastore mode (legacy compatibility).
Question 30. Which Google Cloud service provides an in‑memory data store compatible with Redis? A) Cloud SQL B) Memorystore for Redis C) Cloud Bigtable D) Cloud Spanner Answer: B Explanation: Memorystore offers managed Redis (and Memcached) instances. Question 31. Which feature of labels helps with cost allocation across departments? A) Labels can be used to enforce IAM policies B) Labels are automatically billed to the associated department C) Labels enable grouping of resources in billing reports for chargeback D) Labels restrict network traffic between resources Answer: C Explanation: Labels appear in Billing export data, allowing cost analysis per label. Question 32. An Organization Policy can be used to prevent which of the following? A) Creation of new projects in a folder B) Assignment of IAM roles at the project level C) Use of external IP addresses on VM instances D) All of the above Answer: D Explanation: Organization policies can restrict resource creation, IAM, and networking configurations.
Answer: B Explanation: The CPU utilization metric shows the percentage of CPU used. Question 36. In Cloud Logging, what is a Log Sink used for? A) Filtering logs before they appear in Logs Explorer B) Exporting selected logs to another destination such as Cloud Storage, Pub/Sub, or BigQuery C) Deleting logs after a retention period D) Encrypting logs at rest automatically Answer: B Explanation: Sinks define export destinations for log entries matching a filter. Question 37. Which type of log is generated automatically when a user changes IAM policies? A) System log B) Audit log (Admin Activity) C) Error log D) Access log Answer: B Explanation: Admin Activity audit logs capture IAM policy changes. Question 38. What does Error Reporting aggregate for you? A) All logs from Cloud Logging B) Stack‑trace information from uncaught exceptions in supported services C) Metrics from Cloud Monitoring D) Billing errors from the Billing API
Answer: B Explanation: Error Reporting collects and groups error events with stack traces. Question 39. Which of the following is a valid way to create a custom IAM role? A) Using the gcloud iam roles create command B) Editing the predefined role JSON file directly in the console C) Adding a new permission to an existing primitive role D) Assigning a service account as a role Answer: A Explanation: Custom roles are created via gcloud, the console UI, or the IAM API. Question 40. Which VPC feature lets you control egress traffic to the Internet for a set of instances? A) Firewall rule with direction INGRESS B) Cloud NAT C) VPC Service Controls D) Private Google Access Answer: B Explanation: Cloud NAT provides outbound Internet access for instances without external IPs, allowing egress control. Question 41. What is the effect of enabling Uniform bucket-level access on a Cloud Storage bucket? A) ACLs are disabled; IAM controls all access B) Object versioning is automatically turned on C) All objects become publicly readable
D) TCP Proxy Load Balancer Answer: A Explanation: The external HTTP(S) load balancer distributes traffic globally. Question 45. Which of the following is a true statement about Cloud Run (fully managed) pricing? A) You are charged for the number of VMs provisioned regardless of usage B) Billing is based on CPU, memory, and request count while the container is handling requests C) You must pay for a minimum of 24 hours per container instance D) Pricing includes a flat monthly fee per project Answer: B Explanation: Cloud Run charges per request‑time resources (CPU, memory, requests) only while the container processes. Question 46. What does the --no-address flag do when creating a Compute Engine instance via gcloud? A) Assigns a static internal IP only B) Prevents the instance from receiving any IP address (no external or internal) C) Creates the instance without an external IP address D) Disables the instance’s network interface entirely Answer: C Explanation: The flag creates the VM with only an internal IP; no external IP is allocated. Question 47. Which of the following can be used to grant a service account permission to read objects from a specific bucket? A) Adding the service account to the bucket’s ACL with READER role
B) Assigning the service account the Owner role at the project level C) Giving the service account the Compute Engine default service account role D) Adding the service account to the organization’s IAM policy as Viewer Answer: A Explanation: ACLs can grant read access to a specific bucket for a service account. Question 48. In Cloud Spanner, what does TrueTime provide? A) Automatic backup scheduling B) Global ordering of transactions with bounded uncertainty C) Real‑time metrics for monitoring D) Time‑based IAM conditions Answer: B Explanation: TrueTime combines atomic clocks and GPS to give a globally consistent timestamp with a known uncertainty interval. Question 49. Which of the following is an advantage of using VPC Service Controls? A) It provides DDoS protection for Compute Engine instances B) It helps prevent data exfiltration from Google Cloud services by defining a security perimeter C) It automatically encrypts all data at rest with customer‑managed keys D) It replaces IAM for all access decisions Answer: B Explanation: VPC Service Controls create a service perimeter to limit data movement. Question 50. Which Cloud Monitoring feature allows you to automatically create a chart for a metric without writing a query?
Question 53. Which of the following cannot be used as a member in an IAM policy? A) user:[email protected] B) serviceAccount:my‑svc@my‑project.iam.gserviceaccount.com C) domain:example.com D) ip:192.168.1.0/ Answer: D Explanation: IP addresses are not valid IAM members; they can be used in firewall rules. Question 54. When you enable Object Lifecycle Management with a rule to delete objects older than 365 days, what happens to newly uploaded objects? A) They are immediately deleted B) They are marked for deletion after 365 days from the bucket’s creation date C) They will be deleted 365 days after their own creation date D) They are never deleted because lifecycle rules apply only to existing objects Answer: C Explanation: Lifecycle rules evaluate each object’s age relative to its own creation timestamp. Question 55. Which of the following is a characteristic of regional Cloud Storage buckets? A) Data is stored in a single location and cannot be accessed from other regions B) Data is automatically replicated across multiple continents C) Data is stored in multiple zones within the same region for redundancy D) Objects are encrypted with a regional key that cannot be changed Answer: C Explanation: Regional buckets store data redundantly across zones in the same region.
Question 56. What does the --preemptible flag do when creating a Compute Engine VM? A) Guarantees the VM will never be terminated by Google B) Creates a lower‑cost VM that can be stopped at any time with a 30‑second warning C) Enables automatic backup of the VM’s disks D) Assigns a static external IP address automatically Answer: B Explanation: Preemptible VMs are cheaper but can be reclaimed by Google at any time. Question 57. Which of the following best describes Cloud NAT? A) A firewall that blocks inbound traffic to the internet B) A service that provides outbound Internet connectivity for resources without external IPs C) A VPN solution for connecting on‑premises networks to GCP D) A load balancer for TCP traffic Answer: B Explanation: Cloud NAT enables instances without public IPs to reach the Internet. Question 58. In Cloud Logging, what does the severity field indicate? A) The size of the log entry in bytes B) The importance level of the log (e.g., INFO, WARNING, ERROR) C) The region where the log originated D) The IAM role that generated the log Answer: B Explanation: Severity categorizes logs by importance, such as DEBUG, INFO, WARNING, ERROR, CRITICAL.