Google Cloud Associate Cloud Engineer Practice Exam Questions, Exams of Technology

Practice exam questions and answers for the google cloud associate cloud engineer certification. It covers various topics, including google cloud hierarchy, project creation, iam roles, compute engine, cloud billing, cloud shell, vm instances, cloud run, gke autopilot, app engine, cloud storage, cloud sql, cloud spanner, bigtable, data transfer, vpc subnets, firewall rules, and load balancing. The questions are designed to help candidates prepare for the certification exam and assess their knowledge of google cloud services and concepts. Each question includes a detailed explanation of the correct answer, enhancing the learning experience and providing valuable insights into the subject matter. This resource is ideal for individuals seeking to validate their expertise in google cloud technologies and advance their careers in cloud computing.

Typology: Exams

2025/2026

Available from 12/21/2025

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 93

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Preparing for the Google Cloud Associate Cloud
Engineer Certificate Practice Exam
Question 1. Which hierarchy level in Google Cloud contains folders, projects, and resources?
A) Organization
B) Billing Account
C) Service Account
D) VPC Network
Answer: A
Explanation: The toplevel container is the Organization, which can contain folders, projects,
and resources.
Question 2. When creating a new project via the gcloud CLI, which flag specifies the project ID?
A) --name
B) --project-id
C) --id
D) --set-project
Answer: B
Explanation: The `--project-id` flag assigns the unique identifier for the new project.
Question 3. What happens when you delete a Google Cloud project from the Cloud Console?
A) Resources are instantly removed and cannot be recovered.
B) The project is placed in a 30day grace period during which it can be restored.
C) Only billing is stopped; resources remain active.
D) The project is archived and can be reactivated at any time.
Answer: B
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d

Partial preview of the text

Download Google Cloud Associate Cloud Engineer Practice Exam Questions and more Exams Technology in PDF only on Docsity!

Engineer Certificate Practice Exam

Question 1. Which hierarchy level in Google Cloud contains folders, projects, and resources? A) Organization B) Billing Account C) Service Account D) VPC Network Answer: A Explanation: The top‑level container is the Organization, which can contain folders, projects, and resources. Question 2. When creating a new project via the gcloud CLI, which flag specifies the project ID? A) --name B) --project-id C) --id D) --set-project Answer: B Explanation: The --project-id flag assigns the unique identifier for the new project. Question 3. What happens when you delete a Google Cloud project from the Cloud Console? A) Resources are instantly removed and cannot be recovered. B) The project is placed in a 30‑day grace period during which it can be restored. C) Only billing is stopped; resources remain active. D) The project is archived and can be re‑activated at any time. Answer: B

Engineer Certificate Practice Exam

Explanation: Deleted projects enter a 30‑day recovery window before permanent deletion. Question 4. Which IAM role provides the minimum permissions required to view billing account information? A) roles/billing.viewer B) roles/billing.admin C) roles/billing.user D) roles/viewer Answer: A Explanation: roles/billing.viewer grants read‑only access to billing data without edit rights. Question 5. To enforce that all Compute Engine instances in a folder must use a specific OS image, you would apply a ________ at the folder level. A) Service Perimeter B) Organization Policy C) VPC Service Control D) IAM Condition Answer: B Explanation: Organization policies can restrict resources, such as enforcing a particular OS image. Question 6. Which Cloud Billing feature automatically notifies you when spend exceeds a defined amount? A) Budget alerts B) Cost breakdown reports C) Billing export schedule

Engineer Certificate Practice Exam

D) e2-micro Answer: C Explanation: High‑memory machine types provide a larger RAM‑to‑CPU ratio for memory‑heavy jobs. Question 10. What is the primary benefit of using a Regional Persistent Disk over a Zonal Persistent Disk? A) Lower latency B) Automatic replication across zones in the same region C) Higher IOPS per GB D) Cheaper storage cost Answer: B Explanation: Regional disks replicate data across two zones in the same region, increasing durability. Question 11. Which Compute Engine feature allows you to automatically replace unhealthy VM instances in a managed instance group? A) Autoscaling B) Auto‑healing C) Preemptible VMs D) Instance templates Answer: B Explanation: Auto‑healing uses health checks to recreate unhealthy instances. Question 12. Which of the following is NOT a valid use case for Cloud Run? A) Running containerized microservices with HTTP requests

Engineer Certificate Practice Exam

B) Event‑driven background jobs triggered by Pub/Sub C) Long‑running batch jobs that exceed 24‑hour execution limit D) Stateless APIs with automatic scaling Answer: C Explanation: Cloud Run has a maximum request timeout of 60 minutes; it cannot run jobs longer than that. Question 13. In GKE Autopilot mode, who is responsible for managing node pools? A) The GKE user B) Google Cloud (Autopilot) C) The cluster administrator via Terraform D) No one; nodes are not used in Autopilot Answer: B Explanation: Autopilot abstracts node management; Google automatically provisions and manages nodes. Question 14. Which App Engine environment provides automatic scaling without needing to manage underlying infrastructure and supports only specific runtimes? A) Standard B) Flexible C) Managed D) Custom Answer: A Explanation: The App Engine Standard environment offers automatic scaling and a limited set of runtimes.

Engineer Certificate Practice Exam

Explanation: HA configuration creates a synchronous standby instance for automatic failover. Question 18. When would you choose Cloud Spanner over Cloud SQL? A) When you need a relational database with horizontal scalability across regions. B) When you need a simple MySQL‑compatible database. C) When you need a document‑oriented NoSQL store. D) When you need a small, embedded database. Answer: A Explanation: Cloud Spanner offers globally distributed, strongly consistent relational storage. Question 19. Which NoSQL database is optimized for high‑throughput time‑series data and wide rows? A) Firestore B) Cloud SQL C) Bigtable D) Cloud Datastore Answer: C Explanation: Bigtable is a wide‑column store ideal for large analytical workloads and time‑series data. Question 20. Which service would you use to move 10 TB of on‑premises data to Google Cloud with minimal network impact? A) Transfer Appliance B) Storage Transfer Service C) gsutil rsync D) Cloud Dataflow

Engineer Certificate Practice Exam

Answer: A Explanation: Transfer Appliance is a physical device for large data migrations, reducing network usage. Question 21. Which VPC subnet type automatically assigns IP addresses to resources in the same region without requiring a CIDR block? A) Custom subnet B) Auto mode subnet C) Legacy subnet D) Private subnet Answer: B Explanation: Auto mode VPC automatically creates one subnet per region with predefined CIDR ranges. Question 22. What is the purpose of a firewall rule with direction set to EGRESS? A) Controls inbound traffic to instances. B) Controls outbound traffic from instances. C) Defines NAT translation. D) Creates VPN tunnels. Answer: B Explanation: Egress rules filter traffic leaving instances. Question 23. Which feature enables VMs without external IPs to reach Google APIs and services? A) Cloud NAT B) Private Google Access

Engineer Certificate Practice Exam

A) gcloud compute instances create B) gcloud compute instance-templates create C) gcloud compute instances create‑from‑template D) gcloud compute instance-groups managed create Answer: C Explanation: gcloud compute instances create-from-template launches an instance based on a template. Question 27. In a startup script for a VM, which metadata key must be used to provide the script content? A) startup-script-url B) startup-script C) init-script D) boot-script Answer: B Explanation: The startup-script metadata key contains the script that runs on boot. Question 28. Which tool is recommended for storing and serving container images for GKE deployments? A) Docker Hub B) Artifact Registry C) Cloud Storage D) Cloud Functions Answer: B Explanation: Artifact Registry is Google’s managed container image repository, integrated with GKE.

Engineer Certificate Practice Exam

Question 29. Which command pushes a local Docker image to Artifact Registry? A) gcloud artifacts docker push B) docker push REGION-docker.pkg.dev/PROJECT/REPO/IMAGE:TAG C) gcloud docker push D) docker upload Answer: B Explanation: docker push with the Artifact Registry repository URL uploads the image. Question 30. When deploying a Cloud Run service, which flag specifies that the service should be internal (only accessible within the VPC)? A) --ingress internal B) --allow-unauthenticated false C) --vpc-connector D) --no-traffic Answer: A Explanation: --ingress internal restricts Cloud Run to internal traffic only. Question 31. Which App Engine scaling type adjusts instance count based on request latency rather than request count? A) Automatic scaling B) Basic scaling C) Manual scaling D) Dynamic scaling Answer: A

Engineer Certificate Practice Exam

Answer: C Explanation: Firestore in Datastore mode is backward compatible with the Cloud Datastore API. Question 35. Which service would you use to stream real‑time analytics data from IoT devices into BigQuery? A) Cloud Dataflow B) Cloud Pub/Sub C) Cloud Storage Transfer Service D) Cloud Composer Answer: B Explanation: Pub/Sub provides a durable, low‑latency messaging system ideal for streaming into BigQuery. Question 36. Which feature of VPC Peering allows two VPC networks to communicate using internal IP addresses? A) Shared VPC B) Private Service Connect C) VPC Peering D) Cloud VPN Answer: C Explanation: VPC Peering connects two VPCs so that resources can reach each other via internal IPs. Question 37. What is the primary difference between a Global HTTP(S) Load Balancer and a Regional TCP Proxy Load Balancer? A) Protocol support and scope of distribution. B) Only one can be used per project.

Engineer Certificate Practice Exam

C) Global LB uses Cloud CDN; Regional does not. D) Regional LB supports only UDP traffic. Answer: A Explanation: Global HTTP(S) LB works at layer 7 and distributes globally, while Regional TCP Proxy LB works at layer 4 within a region. Question 38. Which Terraform resource type is used to create a Google Cloud Storage bucket? A) google_storage_bucket B) google_compute_bucket C) google_cloud_storage_bucket D) google_storage_bucket_instance Answer: A Explanation: The google_storage_bucket resource defines a Cloud Storage bucket in Terraform. Question 39. In Deployment Manager, which file format is used to define the configuration of resources? A) JSON only B) YAML only C) Either YAML or Jinja2 templates D) XML Answer: C Explanation: Deployment Manager accepts YAML configuration files and can use Jinja2 or Python templates for resource definitions. Question 40. Which command creates a new Cloud Function that triggers on changes to a Cloud Storage bucket?

Engineer Certificate Practice Exam

Question 43. Which storage class should you select for a bucket that stores logs accessed daily for the first month and then rarely thereafter? A) Nearline B) Coldline C) Standard D) Archive Answer: A Explanation: Nearline is cost‑effective for data accessed less than once a month, but still more frequently than Coldline. Question 44. Which Cloud SQL flag must be set to enable logical replication for read replicas? A) log_bin_trust_function_creators B) cloudsql.enable_ha C) cloudsql.logical_replication D) log_bin Answer: D Explanation: Enabling log_bin (binary logging) is required for logical replication. Question 45. When configuring a GKE node pool, which parameter defines the maximum number of pods that can run on each node? A) maxPodsPerNode B) pod-cidr-size C) --max-pods-per-node D) --node-pod-cidr Answer: C Explanation: The --max-pods-per-node flag sets the pod limit per node.

Engineer Certificate Practice Exam

Question 46. Which of the following is NOT a valid way to authenticate to Google Cloud APIs from a Compute Engine VM? A) Service account attached to the VM B) User’s OAuth 2.0 token stored in a file C) Application Default Credentials (ADC) D) Metadata server token exchange Answer: B Explanation: Storing a user’s OAuth token on the VM is not a recommended or supported authentication method. Question 47. Which feature of Cloud Run automatically scales the number of container instances to zero when there is no traffic? A) Autoscaling B) Concurrency limit C) Minimum instances setting D) CPU allocation mode Answer: A Explanation: Cloud Run’s autoscaling can scale down to zero instances when idle. Question 48. Which Cloud IAM condition operator checks if a request originates from a specific IP address range? A) IN B) HAS C) IP_ADDRESS D) REQUEST_IP

Engineer Certificate Practice Exam

D) A deprecated VM type no longer available. Answer: B Explanation: Custom machine types let you specify exact vCPU and memory values within allowed ranges. Question 52. Which Cloud DNS policy can be used to block DNS queries for known malicious domains? A) DNSSEC B) Private DNS Zone C) DNS Policy with response policy zones (RPZ) D) Forwarding zone Answer: C Explanation: RPZ allows you to rewrite or block DNS responses for specific domains. Question 53. Which of these is a benefit of enabling “Automatic backups” on a Cloud SQL instance? A) Reduces storage cost. B) Guarantees zero data loss. C) Allows point‑in‑time recovery within the backup window. D) Enables cross‑region replication automatically. Answer: C Explanation: Automated backups combined with binary logs enable point‑in‑time recovery. Question 54. What does the --no-user-output-enabled flag do when running a gcloud command? A) Suppresses all output, including errors.

Engineer Certificate Practice Exam

B) Hides only informational messages, keeping errors visible. C) Disables interactive prompts. D) Forces the command to run in quiet mode without progress bars. Answer: B Explanation: The flag hides user‑visible informational output while still showing errors. Question 55. Which of the following best describes “preemptible VMs”? A) VMs that can be paused and resumed at will. B) VMs that are automatically terminated after 24 hours or when capacity is needed elsewhere. C) VMs that guarantee 99.99% availability. D) VMs that run only on dedicated hardware. Answer: B Explanation: Preemptible VMs are short‑lived, lower‑cost instances that can be reclaimed by Google. Question 56. Which Cloud service provides a managed, highly available Redis instance? A) Cloud Memorystore B) Cloud Bigtable C) Cloud Spanner D) Cloud SQL Answer: A Explanation: Cloud Memorystore offers managed Redis (and Memcached) services. Question 57. Which of the following is a valid reason to use a Shared VPC? A) To allow multiple projects to use the same VPC network resources centrally.