• Home
  • Articles
  • Updated Feb-2026 Test Engine to Practice Associate-Cloud-Engineer Test Questions [Q191-Q211]

Updated Feb-2026 Test Engine to Practice Associate-Cloud-Engineer Test Questions [Q191-Q211]

Share

Updated Feb-2026 Test Engine to Practice Associate-Cloud-Engineer Test Questions

Associate-Cloud-Engineer Real Exam Questions Test Engine Dumps Training With 345 Questions


Google Associate-Cloud-Engineer Certification Exam is a vendor-neutral certification that can help you stand out in the competitive job market. It demonstrates your proficiency in GCP services and your ability to design, develop, and manage cloud-based solutions using GCP tools and technologies. Google Associate Cloud Engineer Exam certification is suitable for developers, system administrators, and IT professionals who want to enhance their skills and advance their careers in the cloud computing industry.

 

NEW QUESTION # 191
You need to enable traffic between multiple groups of Compute Engine instances that are currently running two different GCP projects. Each group of Compute Engine instances is running in its own VPC. What should you do?

  • A. Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.
  • B. Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.
  • C. Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.
  • D. Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.

Answer: C

Explanation:
Shared VPC allows an organization to connect resources from multiple projects to a common Virtual Private Cloud (VPC) network, so that they can communicate with each other securely and efficiently using internal IPs from that network. When you use Shared VPC, you designate a project as a host project and attach one or more other service projects to it. The VPC networks in the host project are called Shared VPC networks.
Eligible resources from service projects can use subnets in the Shared VPC network
https://cloud.google.com/vpc/docs/shared-vpc
"For example, an existing instance in a service project cannot be reconfigured to use a Shared VPC network, but a new instance can be created to use available subnets in a Shared VPC network."


NEW QUESTION # 192
You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

  • A. In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
  • B. Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
  • C. Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
  • D. When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.

Answer: A

Explanation:
Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account. is not right. As mentioned above, Container Registry ignores permissions set on individual objects within the storage bucket so this isnt going to work.
Ref: https://cloud.google.com/container-registry/docs/access-control


NEW QUESTION # 193
You have a single binary application that you want to run on Google Cloud Platform. You decided to automatically scale the application based on underlying infrastructure CPU usage. Your organizational policies require you to use virtual machines directly. You need to ensure that the application scaling is operationally efficient and completed as quickly as possible. What should you do?

  • A. Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring.
  • B. Create an instance template, and use the template in a managed instance group with autoscaling configured.
  • C. Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day.
  • D. Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application.

Answer: B

Explanation:
Managed instance groups offer autoscaling capabilities that let you automatically add or delete instances from a managed instance group based on increases or decreases in load (CPU Utilization in this case). Autoscaling helps your apps gracefully handle increases in traffic and reduce costs when the need for resources is lower.
You define the autoscaling policy and the autoscaler performs automatic scaling based on the measured load (CPU Utilization in this case). Autoscaling works by adding more instances to your instance group when there is more load (upscaling), and deleting instances when the need for instances is lowered (downscaling).
Ref:https://cloud.google.com/compute/docs/autoscaler


NEW QUESTION # 194
You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?

  • A. Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.
  • B. Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity- Aware Proxy to access the instance.
  • C. Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant.Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.
  • D. Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant.Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

Answer: D

Explanation:
The best option is to instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Then, add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key. This way, you can grant theconsultant access to the instance without requiring a Google account or exposing the instance's public IP address. This option also follows the best practice of using user-managed SSH keys instead of service account keys for SSH access1.
Option A is not feasible because the external consultant does not have a Google account, and therefore cannot use Identity-Aware Proxy (IAP) to access the instance. IAP requires the user to authenticate with a Google account and have the appropriate IAM permissions to access the instance2. Option B is not secure because it exposes the instance's public IP address, which can increase the risk of unauthorized access or attacks. Option D is not correct because it reverses the roles of the public and private keys. The public key should be added to the instance, and the private key should be kept by the consultant. Sharing the private key with anyone else can compromise the security of the SSH connection3.
1: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
2: https://cloud.google.com/iap/docs/using-tcp-forwarding
3: https://cloud.google.com/compute/docs/instances/connecting-advanced#sshbetweeninstances


NEW QUESTION # 195
You need to manage a Cloud Spanner Instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

  • A. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.
  • B. Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches
    45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage
  • C. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.
  • D. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

Answer: B

Explanation:
Explanation
https://cloud.google.com/spanner/docs/cpu-utilization#recommended-max


NEW QUESTION # 196
Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?

  • A. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.
  • B. 1. Go to the GKE console, and delete existing clusters.
    2. Recreate a new cluster.
    3. Clear the option to enable legacy Stackdriver Logging.
  • C. 1. Go to the GKE console, and delete existing clusters.
    2. Recreate a new cluster.
    3. Clear the option to enable legacy Stackdriver Monitoring.
  • D. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

Answer: A


NEW QUESTION # 197
You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?

  • A. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.
  • B. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.
  • C. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.
  • D. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Answer: A

Explanation:
If for any reason VM crashes autoscaling set as OFF wont spin another instance in its place which would defeat the purpose of always running VM(tough there will be some disruption) as -- Max-num-Instance is set to 1.
There is no mention of auto-healing is set or not which is disable by default.
B - Incorrect - Does not fit the requirement because AFTER the deletion of the instance, no other instance was created.


NEW QUESTION # 198
You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment.
What should you do?

  • A. Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.
  • B. Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.
  • C. Use gcloud to create the new project, and then deploy your application to the new project.
  • D. Use gcloud to create the new project and to copy the deployed application to the new project.

Answer: C

Explanation:
gcloud can be used to create a new project and the gcloud app deploy can point to the new project.


NEW QUESTION # 199
Your finance team is working with the engineering team to try and determine your spending for each service by day and month across all projects used by the billing account. What is the easiest and most flexible way to aggregate and analyze the data?

  • A. Export the data for the billing account(s) to File, import the files into a SQL database; then use BigQuery to analyze the service data for the desired projects, by day and month.
  • B. Use the built-in reports which already show this data.
  • C. Export the data for the billing account(s) involved to a JSON File; use a Cloud Function to listen for a new file in the Storage bucket; code the function to analyze the service data for the desired projects, by day and month.
  • D. Export the data for the billing account(s) involved to BigQuery; then use BigQuery to analyze the service data for the desired projects, by day and month.

Answer: D


NEW QUESTION # 200
Your company wants to standardize the creation and management of multiple Google Cloud resources using Infrastructure as Code. You want to minimize the amount of repetitive code needed to manage the environment What should you do?

  • A. Create a bash script that contains all requirement steps as gcloud commands
  • B. Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.
  • C. Develop templates for the environment using Cloud Deployment Manager
  • D. Use the Cloud Console interface to provision and manage all related resources

Answer: C

Explanation:
Explanation
You can use Google Cloud Deployment Manager to create a set of Google Cloud resources and manage them as a unit, called a deployment. For example, if your team's development environment needs two virtual machines (VMs) and a BigQuery database, you can define these resources in a configuration file, and use Deployment Manager to create, change, or delete these resources. You can make the configuration file part of your team's code repository, so that anyone can create the same environment with consistent results.
https://cloud.google.com/deployment-manager/docs/quickstart


NEW QUESTION # 201
You've deployed a microservice called myapp1to a Google Kubernetes Engine cluster using the YAML file specified below:

You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

  • A. Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.
  • B. Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.
  • C. Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.
  • D. Store the database password inside the Docker image of the container, not in the YAML file.

Answer: A


NEW QUESTION # 202
You need to create a new development Kubernetes cluster with 4 nodes. The cluster will be named linux- academy-dev-cluster. Which of the following truncated commands will create a cluster?

  • A. gcloud container clusters create linux-academy-dev-cluster 4
  • B. gcloud container clusters create linux-academy-dev- cluster --num-nodes 4
  • C. kubectl clusters create linux-academy-dev-cluster --num-nodes 4
  • D. kubectl clusters create linux-academy-dev-cluster 4

Answer: B


NEW QUESTION # 203
You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?

  • A. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.listpermission.Direct the auditor to also review the logs for changes to Cloud IAM policy.
  • B. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.listpermission.
    Perform the export of logs to Cloud Storage.
  • C. Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.
  • D. Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.

Answer: D

Explanation:
Google Cloud provides Cloud Audit Logs, which is an integral part of Cloud Logging. It consists of two log streams for each project: Admin Activity and Data Access, which are generated by Google Cloud services to help you answer the question of who did what, where, and when? within your Google Cloud projects.
Ref: https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors


NEW QUESTION # 204
You created several resources in multiple Google Cloud projects. All projects are linked to different billing accounts. To better estimate future charges, you want to have a single visual representation of all costs incurred. You want to include new cost data as soon as possible. What should you do?

  • A. Configure Billing Data Export to BigQuery and visualize the data in Data Studio.
  • B. Fill all resources in the Pricing Calculator to get an estimate of the monthly cost.
  • C. Visit the Cost Table page to get a CSV export and visualize it using Data Studio.
  • D. Use the Reports view in the Cloud Billing Console to view the desired cost information.

Answer: A

Explanation:
Reference:
https://cloud.google.com/billing/docs/how-to/visualize-data


NEW QUESTION # 205
(You are developing an internet of things (IoT) application that captures sensor data from multiple devices that have already been set up. You need to identify the global data storage product your company should use to store this data. You must ensure that the storage solution you choose meets your requirements of sub- millisecond latency. What should you do?)

  • A. Store the IoT data in Cloud Storage. Implement caching by using Cloud CDN.
  • B. Store the IoT data in Bigtable.
  • C. Store the IoT data in Spanner. Use caches to speed up the process and avoid latencies.
  • D. Capture IoT data in BigQuery datasets.

Answer: B

Explanation:
Let's evaluate each option based on the requirement of sub-millisecond latency for globally stored IoT data:
A: Spanner with Caching: While Spanner offers strong consistency and global scalability, the base latency might not consistently be sub-millisecond for all read/write operations globally. Introducing caching adds complexity and doesn't guarantee sub-millisecond latency for all initial reads or cache misses.
B: Bigtable: Bigtable is a highly scalable NoSQL database service designed for low-latency, high-throughput workloads. It excels at storing and retrieving large volumes of time-series data, which is typical for IoT sensor data. Its architecture is optimized for single-key lookups and scans, providing consistent sub-millisecond latency, making it a strong candidate for this use case.
C: BigQuery: BigQuery is a fully managed, serverless data warehouse designed for analytical queries on large datasets. While it's excellent for analyzing IoT data in batch, it's not optimized for the low-latency, high- throughput ingestion and retrieval required for real-time IoT applications with sub-millisecond latency needs.
D: Cloud Storage with Cloud CDN: Cloud Storage is object storage and is not designed for low-latency transactional workloads. Cloud CDN is a content delivery network that caches content closer to users for faster delivery, but it's not suitable for the primary storage of rapidly incoming IoT sensor data requiring sub- millisecond write latency.
Google Cloud Documentation References:
Cloud Bigtable Overview: https://cloud.google.com/bigtable/docs/overview - This document highlights Bigtable's suitability for low-latency and high-throughput applications, including IoT. It mentions its ability to handle massive amounts of data with consistent performance.
Spanner Overview: https://cloud.google.com/spanner/docs/overview - While Spanner offers low latency, Bigtable is generally preferred for extremely high-throughput, low-latency use cases like raw sensor data ingestion due to its optimized architecture for such workloads.
BigQuery Overview: https://cloud.google.com/bigquery/docs/introduction - This emphasizes BigQuery's analytical capabilities rather than low-latency operational workloads.
Cloud Storage Overview: https://cloud.google.com/storage/docs/overview - This describes Cloud Storage as object storage, not ideal for sub-millisecond latency reads and writes required for real-time IoT data.


NEW QUESTION # 206
You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

  • A. Select "Container-Optimized OS (cos)" as a node image for your GKE cluster.
  • B. Select the latest available cluster version for your GKE cluster.
  • C. Enable the Node Auto-Upgrades feature for your GKE cluster.
  • D. Enable the Node Auto-Repair feature for your GKE cluster.

Answer: C

Explanation:
Explanation
Creating or upgrading a cluster by specifying the version as latest does not provide automatic upgrades. Enable node auto-upgrades to ensure that the nodes in your cluster are up-to-date with the latest stable version.
https://cloud.google.com/kubernetes-engine/versioning-and-upgrades
Node auto-upgrades help you keep the nodes in your cluster up to date with the cluster master version when your master is updated on your behalf. When you create a new cluster or node pool with Google Cloud Console or the gcloud command, node auto-upgrade is enabled by default.
Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades


NEW QUESTION # 207
Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.
What should you do?

  • A. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.
  • B. Create a private zone on Cloud DNS, and configure the applications with the DNS name.
  • C. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.
  • D. Configure the IP of the database as custom metadata for each instance, and query the metadata server.

Answer: B

Explanation:
Explanation
Forwarding zones Cloud DNS forwarding zones let you configure target name servers for specific private zones. Using a forwarding zone is one way to implement outbound DNS forwarding from your VPC network.
A Cloud DNS forwarding zone is a special type of Cloud DNS private zone. Instead of creating records within the zone, you specify a set of forwarding targets. Each forwarding target is an IP address of a DNS server, located in your VPC network, or in an on-premises network connected to your VPC network by Cloud VPN or Cloud Interconnect.
https://cloud.google.com/nat/docs/overview
DNS configuration Your on-premises network must have DNS zones and records configured so that Google domain names resolve to the set of IP addresses for either private.googleapis.com or restricted.googleapis.com. You can create Cloud DNS managed private zones and use a Cloud DNS inbound server policy, or you can configure on-premises name servers. For example, you can use BIND or Microsoft Active Directory DNS.
https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-domain


NEW QUESTION # 208
You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?

  • A. 1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
  • B. 1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
  • C. 1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.
  • D. 1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

Answer: C


NEW QUESTION # 209
You're attempting to install the kubectl component on an Ubuntu server, though, you're getting an error. The error indicates that the component manager is disabled. What is the most likely cause for the error?

  • A. The Cloud SDK was installed using apt.
  • B. The Cloud SDK is using the wrong configuration.
  • C. The Cloud SDK was not installed with root permissions.
  • D. The Cloud SDK is running inside a Docker container.

Answer: A


NEW QUESTION # 210
An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination.
What should you do?

  • A. View the Admin Activity log in Stackdriver. Search for the service account associated with the user.
  • B. View System Event Logs in Stackdriver. Search for the user's email as the principal.
  • C. View Data Access audit logs in Stackdriver. Search for the user's email as the principal.
  • D. View System Event Logs in Stackdriver. Search for the service account associated with the user.

Answer: D


NEW QUESTION # 211
......


The Google Associate-Cloud-Engineer exam consists of multiple-choice questions and is designed to test the candidate's practical knowledge and understanding of the Google Cloud Platform. Associate-Cloud-Engineer exam is two hours long, and the candidate needs to score a minimum of 70% to pass. Associate-Cloud-Engineer exam fee is $125, and the certification is valid for two years.

 

Associate-Cloud-Engineer Actual Questions Answers PDF 100% Cover Real Exam Questions: https://www.validtorrent.com/Associate-Cloud-Engineer-valid-exam-torrent.html

Associate-Cloud-Engineer Exam questions and answers: https://drive.google.com/open?id=1BlR8fdp0OtKz9WXViE29FvM-dymYhTcx 

Related Articles

more
Google Associate-Cloud-Engineer Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy