• Home
  • Articles
  • Associate-Cloud-Engineer Exam Dumps Pass with Updated 2026 Certified Exam Questions [Q95-Q116]

Associate-Cloud-Engineer Exam Dumps Pass with Updated 2026 Certified Exam Questions [Q95-Q116]

Share

Associate-Cloud-Engineer Exam Dumps Pass with Updated 2026 Certified Exam Questions

Associate-Cloud-Engineer Exam Questions - Real & Updated Questions PDF


Successful completion of the Google Associate-Cloud-Engineer exam demonstrates that an individual has the knowledge and skills necessary to deploy and manage applications on GCP. Associate-Cloud-Engineer exam covers a wide range of topics, including creating GCP projects, deploying applications, networking, storage, compute, and security. Candidates who pass the exam will be able to demonstrate their proficiency in using GCP services to design and deploy highly available, scalable, and secure applications. Google Associate Cloud Engineer Exam certification is highly valued in the industry and can open up new job opportunities for individuals seeking to advance their careers in cloud computing.


Google Associate Cloud Engineer Exam

An associated cloud engineer distributes applications, monitors operations and manages business solutions. This person can use the Google Cloud Console and the command-line interface to perform common platform-based activities to maintain one or more distributed solutions that take advantage of services managed or self-managed by Google in Google Cloud

The Google Cloud Certification Program offers Google Cloud users, customers and partners a way to demonstrate their technical skills in a specific role or technology. People are evaluated using a variety of rigorously developed standard methods to determine if they meet Google Cloud competition standards. The cost of certification exams varies. if you do not pass an exam, you can repeat it after 14 days. If you do not take it a second time, you must wait 60 days before you can take it a third time. If it fails a third time, you must wait a year before resuming it. You can try the test in several languages, but each attempt, regardless of language, counts the total number of attempts allowed and the waiting period between attempts remains valid. Payment is required each time an exam is taken. Avoiding this recovery policy by registering with a different name or any other means constitutes a violation of the terms and conditions of the exam and will result in the denial or revocation of a certification. Exams are designed to determine only if a person meets a minimum standard of approval or not. They are not meant to be diagnostic or spread people on a capacity scale. For this reason, numerical scores are not significant for the candidate and can be misunderstood. Google Cloud Certification Program recognizes that some other exam providers provide section comments on their exams. Google doesn't do it because it makes no sense and could be misleading. Google Cloud Certification tests are not designed to diagnose strengths and weaknesses. Google Cloud Certification exam sections are very broad categories of topics, and the range of specific questions that can be received for each section in a single exam session is extremely small in comparison. Based on such a small amount of data, there are no significant comments at the section level that we can provide responsibly. We follow the procedures accepted by the industry to ensure that our exams are valid and accurate. Our exam development process includes the following steps: A task analysis (JTA) is a formal study that begins with the identification of role representatives, technology experts and stakeholders. These experts are interviewed and interviewed in a seminar to obtain information about what people do in a particular job or role and what skills distinguish the skills. These skills are defined in the exam guides that we write on the web. Our question authors are subject matter experts who worked in the certified role. The question editors are trained in the exam standards and conventions that we apply to our exams. All questions are examined to determine if they meet the standards and are technically accurate. Once the questions have passed all warnings and approvals, they are published in a beta test. The purpose of the beta exam is to collect performance statistics related to the exam questions to determine which ones are the most effective. We review the statistics and comments on the questions and eliminate questions that do not meet our standards. The minimum score for each exam is reserved. It is determined by a group of internal and external experts in the field, following a process of setting standards accepted by the sector. The minimum score applies equally to all candidates. It is reevaluated when changes are made to the content of the exam. The delivery method for an exam depends on its format.

 

NEW QUESTION # 95
Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

  • A. Add your SREs to a group and then add this group to roles/iam roleAdmin role.
  • B. Add your SREs to roles/accessapproval approver role.
  • C. Add your SREs to roles/iam.roleAdmin role.
  • D. Add your SREs to a group and then add this group to roles/accessapproval approver role.

Answer: B


NEW QUESTION # 96
You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task.
You want to make sure the application runs in a similar environment on GCP. What should you do?

  • A. When creating the VM, use Intel Skylake as the CPU platform.
  • B. When creating the VM, use machine type n1-standard-96.
  • C. Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.
  • D. Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have 96 vCPUs.

Answer: B

Explanation:
Explanation
Ref: https://cloud.google.com/compute/docs/machine-types#n1_machine_type


NEW QUESTION # 97
You have just created a new project which will be used to deploy a globally distributed application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You want to perform the first step in preparation of creating the instance. What should you do?

  • A. Configure your Cloud Spanner instance to be multi-regional
  • B. Create a new VPC network with subnetworks in all desired regions
  • C. Enable the Cloud Spanner API
  • D. Grant yourself the IAM role of Cloud Spanner Admin

Answer: D

Explanation:
Explanation
https://cloud.google.com/spanner/docs/getting-started/set-up


NEW QUESTION # 98
Your company has an existing GCP organization with hundreds of projects and a billing account.
Your company recently acquired another company that also has hundreds of projects and its own billing account. You would like to consolidate all GCP costs of both GCP organizations onto a single invoice. You would like to consolidate all costs as of tomorrow. What should you do?

  • A. Migrate the acquired company's projects into your company's GCP organization. Link the migrated projects to your company's billing account.
  • B. Configure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset.
  • C. Create a new GCP organization and a new billing account. Migrate the acquired company's projects and your company's projects into the new GCP organization and link the projects to the new billing account.
  • D. Link the acquired company's projects to your company's billing account.

Answer: D

Explanation:
Projects are linked to another organization as well in the acquired company so migrating would need google cloud support.
We can not do ourselves. however, we can link other company projects to an existing billing account to generate total cost.


NEW QUESTION # 99
After a recent security incident, your startup company wants better insight into what is happening in the Google Cloud environment. You need to monitor unexpected firewall changes and instance creation. Your company prefers simple solutions. What should you do?

  • A. Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.
  • B. Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.
  • C. Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.
  • D. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage.Use BigQuery to periodically analyze log events in the storage bucket.

Answer: C

Explanation:
This answer is the simplest and most effective way to monitor unexpected firewall changes and instance creation in Google Cloud. Cloud Logging filters allow you to specify the criteria for the log entries that you want to view or export. You can use the Logging query language to write filters based on the LogEntry fields, such as resource.type, severity, or protoPayload.methodName. For example, you can filter for firewall-related events by using the following query:
resource.type="gce_subnetwork" logName="projects/PROJECT_ID/logs/compute.googleapis.com%2Ffirewall" You can filter for instance-related events by using the following query:
resource.type="gce_instance" logName="projects/PROJECT_ID/logs/compute.googleapis.com%2Factivity_log" You can create log-based metrics from these filters to measure the rate or count of log entries that match the filter. Log-based metrics can be used to create charts and dashboards in Cloud Monitoring, or to set up alerts based on the metric values. For example, you can create an alert policy that triggers when the log-based metric for firewall changes exceeds a certain threshold in a given time interval. This way, you can get notified of any unexpected or malicious changes to your firewall rules.
Option B is incorrect because it is unnecessarily complex and costly. Installing Kibana on a compute instance requires additional configuration and maintenance. Creating a log sink to forward Cloud Audit Logs to Pub/Sub also incurs additional charges for the Pub/Sub service. Analyzing the logs on Kibana in real time may not be feasible or efficient, as it requires constant monitoring and manual intervention.
Option C is incorrect because Google Cloud firewall rules logging is a different feature from Cloud Audit Logs. Firewall rules logging allows you to audit, verify, and analyze the effects of your firewall rules by creating connection records for each rule that applies to traffic. However, firewall rules logging does not log the insert, update, or delete events for the firewall rules themselves. Those events are logged by Cloud Audit Logs, which record the administrative activities in your Google Cloud project.
Option D is incorrect because it is not a real-time solution. Creating a log sink to forward Cloud Audit Logs to Cloud Storage requires additional storage space and charges. Using BigQuery to periodically analyze log events in the storage bucket also incurs additional costs for the BigQuery service. Moreover, this option does not provide any alerting mechanism to notify you of any unexpected or malicious changes to your firewall rules or instances.


NEW QUESTION # 100
You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below:

You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

  • A. Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.
  • B. Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.
  • C. Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.
  • D. Store the database password inside the Docker image of the container, not in the YAML file.

Answer: B

Explanation:
https://cloud.google.com/config-connector/docs/how-to/secrets#gcloud


NEW QUESTION # 101
You are hosting an application on bare-metal servers in your own data center. The application needs access to Cloud Storage. However, security policies prevent the servers hosting the application from having public IP addresses or access to the internet. You want to follow Google-recommended practices to provide the application with access to Cloud Storage. What should you do?

  • A. 1. Use nslookup to get the IP address for storage.googleapis.com.2. Negotiate with the security team to be able to give a public IP address to the servers.3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.
  • B. 1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform (GCP).2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance.3. Configure your servers to use that instance as a proxy to access Cloud Storage.
  • C. 1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP.2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel.3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.
  • D. 1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine.2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend.
    3. Configure your new instances to use this ILB as proxy.

Answer: C

Explanation:
Our requirement is to follow Google recommended practices to achieve the end result. Configuring Private Google Access for On-Premises Hosts is best achieved by VPN/Interconnect + Advertise Routes + Use restricted Google IP Range.
Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP
Using Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel.
In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com is the right answer right, and it is what Google recommends.
Ref: https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid You must configure routes so that Google API traffic is forwarded through your Cloud VPN or Cloud Interconnect connection, firewall rules on your on-premises firewall to allow the outgoing traffic, and DNS so that traffic to Google APIs resolves to the IP range youve added to your routes.
You can use Cloud Router Custom Route Advertisement to announce the Restricted Google APIs IP addresses through Cloud Router to your on-premises network. The Restricted Google APIs IP range is
199.36.153.4/30. While this is technically a public IP range, Google does not announce it publicly. This IP range is only accessible to hosts that can reach your Google Cloud projects through internal IP ranges, such as through a Cloud VPN or Cloud Interconnect connection. Without having a public IP address or access to the internet, the only way you could connect to cloud storage is if you have an internal route to it.
So Negotiate with the security team to be able to give public IP addresses to the servers is not right. Following Google recommended practices is synonymous with using Googles services (Not quite, but it is at least for the exam !!).
So In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance is not right.
Migrating the VM to Compute Engine is a bit drastic when Google says it is perfectly fine to have Hybrid Connectivity architectures https://cloud.google.com/hybrid-connectivity.
So,
Use Migrate for Compute Engine (formerly known as Velostrata) to migrate these servers to Compute Engine is not right.


NEW QUESTION # 102
You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

  • A. Automatic Scaling with min_idle_instances set to 3.
  • B. Basic Scaling with min_instances set to 3.
  • C. Basic Scaling with max_instances set to 3.
  • D. Manual Scaling with 3 instances.

Answer: A


NEW QUESTION # 103
You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection.
You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

  • A. Decrease the TCP window size on the machine initiating the transfer.
  • B. Use the GCP Console to transfer the file instead of gsutil.
  • C. Enable parallel composite uploads using gsutil on the file transfer.
  • D. Change the storage class of the bucket from Nearline to Multi-Regional.

Answer: C

Explanation:
https://cloud.google.com/storage/docs/gsutil/commands/cp#parallel-composite-uploads_1 Warning: Parallel composite uploads should not be used with NEARLINE, COLDLINE, or ARCHIVE storage class buckets, because doing so incurs an early deletion charge for each component object.
Warning: Parallel composite uploads should not be used in buckets that have a retention policy, because the component pieces cannot be deleted until each has met the bucket's minimum retention period.


NEW QUESTION # 104
Several employees at your company have been creating projects with Cloud Platform and paying for it with their personal credit cards, which the company reimburses. The company wants to centralize all these projects under a single, new billing account. What should you do?

  • A. Create a ticket with Google Support and wait for their call to share your credit card details over the phone.
  • B. In the Google Cloud Platform Console, create a new billing account and set up a payment method.
  • C. In the Google Platform Console, go to the Resource Manage and move all projects to the root Organization.
  • D. Contact [email protected] with your bank account details and request a corporate billing account for your company.

Answer: B

Explanation:
Reference:
https://www.whizlabs.com/blog/google-cloud-interview-questions/


NEW QUESTION # 105
You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

  • A. Select the latest available cluster version for your GKE cluster.
  • B. Select "Container-Optimized OS (cos)" as a node image for your GKE cluster.
  • C. Enable the Node Auto-Repair feature for your GKE cluster.
  • D. Enable the Node Auto-Upgrades feature for your GKE cluster.

Answer: D

Explanation:
Creating or upgrading a cluster by specifying the version as latest does not provide automatic upgrades. Enable node auto-upgrades to ensure that the nodes in your cluster are up-to-date with the latest stable version.
https://cloud.google.com/kubernetes-engine/versioning-and-upgrades
Node auto-upgrades help you keep the nodes in your cluster up to date with the cluster master version when your master is updated on your behalf. When you create a new cluster or node pool with Google Cloud Console or the gcloud command, node auto-upgrade is enabled by default.
Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades


NEW QUESTION # 106
Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to design the networking infrastructure on Google Cloud to match these requirements. What should you do?

  • A. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN.
    2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.
  • B. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN.
    2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.
  • C. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN.
    2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.
  • D. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN.
    2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

Answer: C

Explanation:
By default traffic between subnets on a VPC network is not allowed (except on the "default" network).
(This blocks traffic between all instances, not just traffic between subnets => FW rules must be defined to allow communications between all instances, regardless the subnets)
2 VPC will not work without peering.


NEW QUESTION # 107
You have been asked to build backend using Clojure and host it on Google Cloud with full freedom of choosing OS, applications, libraries, etc. Which service will you prefer?

  • A. Cloud Function
  • B. CloudRun
  • C. Compute Engine
  • D. App Engine Standard

Answer: C


NEW QUESTION # 108
You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you grant your colleagues?

  • A. Storage Object Admin
  • B. Storage Object Creator
  • C. Project Editor
  • D. Storage Admin

Answer: D


NEW QUESTION # 109
You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called What should you do?
proj-vm.

  • A. Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
  • B. When creating the VMs, set the service account's API scope for Compute Engine to read/write.
  • C. Download the private key from the service account, and add the private key to each VM's SSH keys.
  • D. Download the private key from the service account, and add it to each VMs custom metadata.

Answer: A

Explanation:
You create the service account in proj-sa and take note of the service account email, then you go to proj-vm in IAM > ADD and add the service account's email as new member and give it the Compute Storage Admin role.


NEW QUESTION # 110
You have a project using BigQuery. You want to list all BigQuery jobs for that project. You want to set this project as the default for the bq command-line tool. What should you do?

  • A. Use "gcloud config set project" to set the default project.
  • B. Use "bq config set project" to set the default project.
  • C. Use "gcloud generate config-url" to generate a URL to the Google Cloud Platform Console to set the default project.
  • D. Use "bq generate config-url" to generate a URL to the Google Cloud Platform Console to set the default project.

Answer: A

Explanation:
A is correct because you need to use gcloud to manage the config/defaults.
B is not correct because the bq command-line tool assumes the gcloud configuration settings and can't be set through BigQuery.
C is not correct because entering this command will not achieve the desired result and will generate an error.
D is not correct because entering this command will not achieve the desired result and will generate an error.
https://cloud.google.com/bigquery/docs/reference/bq-cli-reference
https://cloud.google.com/sdk/gcloud/reference/config/set


NEW QUESTION # 111
You need to create a new billing account and then link it with an existing Google Cloud Platform project.
What should you do?

  • A. Verify that you are Project Billing Manager for the GCP project. Update the existing project to link it to the existing billing account.
  • B. Verify that you are Billing Administrator for the billing account. Create a new project and link the new project to the existing billing account.
  • C. Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project.
  • D. Verify that you are Billing Administrator for the billing account. Update the existing project to link it to the existing billing account.

Answer: B


NEW QUESTION # 112
You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

  • A. Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.
  • B. Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.
  • C. Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.
  • D. Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.

Answer: B


NEW QUESTION # 113
You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection.
You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

  • A. Decrease the TCP window size on the machine initiating the transfer.
  • B. Use the GCP Console to transfer the file instead of gsutil.
  • C. Enable parallel composite uploads using gsutil on the file transfer.
  • D. Change the storage class of the bucket from Nearline to Multi-Regional.

Answer: C


NEW QUESTION # 114
You want to configure 10 Compute Engine instances for availability when maintenance occurs.
Your requirements state that these instances should attempt to automatically restart if they crash.
Also, the instances should be highly available including during system maintenance. What should you do?

  • A. Create an instance template for the instances.
    `Automatic Restart' to off. Set `On-host maintenance' to Terminate VM instances.
    Add the instance template to an instance group.
  • B. Create an instance group for the instances.
    Set the `Autohealing' health check to healthy (HTTP).
  • C. Create an instance template for the instances.
    Set the `Automatic Restart' to on. Set the `On-host maintenance' to Migrate VM instance.
    Add the instance template to an intsance group.
  • D. Create an instance group for the instance.
    Verify that the `Advanced creation options' setting for `do not retry machine creation' is set to off.

Answer: C

Explanation:
onHostMaintenance: Determines the behavior when a maintenance event occurs that might cause your instance to reboot.
[Default] MIGRATE, which causes Compute Engine to live migrate an instance when there is a maintenance event.
TERMINATE, which stops an instance instead of migrating it.
automaticRestart: Determines the behavior when an instance crashes or is stopped by the system.
[Default] true, so Compute Engine restarts an instance if the instance crashes or is stopped.
false, so Compute Engine does not restart an instance if the instance crashes or is stopped.
https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options


NEW QUESTION # 115
Your company uses Pub/Sub for event-driven workloads. You have a subscription named email-updates attached to the new-orders topic. You need to fetch and acknowledge waiting messages from this subscription. What should you do?

  • A. Use the gcloud pubsub topics describe new-orders command.
  • B. Use the gcloud pubsub topics list-subscriptions new-orders -1ilter="email-updates" command.
  • C. Use the gcloud pubsub subscriptions seek email-updates command.
  • D. Use the gcloud pubsub subscriptions pull email-updates -auto-ack command.

Answer: D

Explanation:
The goal is to pull (fetch) messages from a subscription and acknowledge them.
* The gcloud pubsub subscriptions **pull** command retrieves messages from a specified subscription.
* The --auto-ack flag instructs the command to automatically acknowledge the messages after they are successfully retrieved, combining the two required actions into one command.
Reference: Google Cloud Documentation - gcloud pubsub subscriptions pull:
"Pulls one or more messages from the specified subscription. To acknowledge the pulled messages, use the -- auto-ack flag."


NEW QUESTION # 116
......

Pass Guaranteed Quiz 2026 Realistic Verified Free Google: https://www.vceprep.com/Associate-Cloud-Engineer-latest-vce-prep.html

Free Google Cloud Certified Associate-Cloud-Engineer Ultimate Study Guide: https://drive.google.com/open?id=1Z3nF397ktpcsSQvQ0oDWH03l4dWA2fr2

Related Articles

more
Google Associate-Cloud-Engineer Certification Practice Exam