Google Cloud Associate Cloud Engi...

GOOGLE CLOUD
A S S O C I AT E E N G I N E E R
100 PRACTICE
QUESTIONS WITH
A N S W E R S / E X P L A N AT I O N S
Get Certified Efficiently
Joseph Holbrook
TechCommanders, LLC
Copyright © 2020 Joseph Holbrook
Copyright © 2020 Techcommanders, LLC
All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any
form or by any means, including photocopying, recording, or other electronic or mechanical methods,
without the prior written permission of the publisher, except in the case of brief quotations embodied in
critical reviews and certain other noncommercial uses permitted by copyright law. For permission
requests, write to the publisher, addressed “Attention: Permissions Coordinator,” at the address below.
Any references to historical events, real people, or real places are used fictitiously. Names, characters,
and places are products of the author’s imagination.
Front cover image by Self.

Book design by Self
Printed by Techcommanders, LLC., in the United States of America.
First printing edition 2020.
Techcommanders, LLC
Jacksonville, FL 32256
www.TechCommanders.com
Book Dedication
This book is dedicated to my soulmate and wife, Frida, my daughter

Destiny, and my stepson Lenin for their full support during this writing
process. The book took significant effort to assemble and publish which
took away hours of family time.
CONTENTS
Title Page
Copyright
Dedication
Introduction
Disclosure
GCP Associate Cloud Engineer Practice Exams
GCP Associate Cloud Engineer Practice Exam One - Questions W/O
Answer/Explanations
GCP Associate Cloud Engineer Practice Exam One - With
Answers/Explanations
GCP Associate Cloud Engineer Practice Exam Two - Questions W/O
answers/Explanations
GCP Associate Cloud Engineer Practice Exam Two - With
Answers/Explanations
About The Author
INTRODUCTION
Google Cloud Associate Cloud Engineer 100 Practice Questions has been
developed as a guide to help you gauge your knowledge and readiness for the
Google Cloud Associate Cloud Engineer Exam.
The practice exams should be a guide to determine if your ready for the
exam.
The exam is very challenging and I wish you much success in your careers.
DISCLOSURE
TechCommanders, LLC is an independent entity from Google and Google
Cloud. This publication may be used in assisting candidates, students and
readers to better prepare for the Google Cloud Associate Cloud Engineer
exam.
Neither TechCommanders, LLC nor Google and or Google Cloud warrant
this publication will ensure passing the Google Cloud Associate Cloud
Engineer exam.
The Google Cloud and Google Cloud Associate Cloud Engineer are
trademarks or registered trademarks of Google in the United States and/or
other countries. All other trademarks are trademarks of their respective
owners.
GCP ASSOCIATE CLOUD
ENGINEER PRACTICE
EXAMS
BEFORE YOU BEGIN
The main objective of these mock exams is to validate you have understand
the objectives for the exam.
Answers with explanations are on the following pages.
If you do well on these exams (Over 75%) you should feel confident to sit
for and pass the Associate Cloud Exam immediately! Good Luck!
Additional FREE practice Questions are available online at

https://TechCommanders.net/GCPFreepractice
GCP ASSOCIATE CLOUD
ENGINEER PRACTICE
EXAM ONE - QUESTIONS
W/O
ANSWER/EXPLANATIONS
This practice exam is followed with the same practice exam with answers and
explanation.
Good Luck. These questions are more difficult than on the exam. If you do
well here. you should feel confident on sitting for the exam.
1. You have downloaded the SDK kit from Google and now would like to
manage containers on GKE with gcloud. What command would be typed to
install kubectl in the CLI?
A. Gcloud components install kubectl

B. Gcloud components kubectl install
C. Gcloud components install kubernetes
D. Gcloud components install components kubectl
2. A recent software update to your enterprises e-commerce website that is

running on Google Cloud has caused the website to crash for several hours.
Your CTO decides that all critical changes must now have a back-out/roll-
back plan. The website is deployed on hundreds of virtual machines (VMs),
and critical changes are frequent.
Which two actions should you take to implement the back-out/roll-back
plan??
A. Use managed instance groups with the "update-instances"

command when starting a rolling update
B. Enable object versioning on the website's static data files stored
in Google Cloud Storage
C. Create a new instance template with applied fixes and roll out
via A/B test
D. Use unmanaged instance groups with the "update-instances"
3. Your company uses a third-party monitoring solution for your

enterprise apps. You are using Kubernetes Engine for your container
deployments and would like to enable this internal monitoring app for
Kubernetes clusters. What would be the best approach? (Select One)
A. Deploy the monitoring pod as a DaemonSet.

B. Deploy the monitoring pod as a cluster
C. Deploy the monitoring extension for Stackdriver Trace
D. Deploy a solution from the Cloud Marketplace
4. App Engine services are specified(designed) to be _________?
A. Regional
B. Global
C. Multi-regional
D. Zonal
5. The Monitoring agent, ________________, is based on the original

collectd system statistics collection daemon? (Select One)
A. Stackdriver-agent
B. Stackdriver-agent-collectd
C. Stackdriver-collectd
D. Stackdriver-statsd
6. You are currently deploying an application on a Kubernetes cluster.
Your aware that a Deployment’s rollout is triggered if and only if the
Deployment’s pod template is changed, for example if the labels or
container images of the template are updated. Other updates, such as scaling
the Deployment, do not trigger a rollout. What is the file name that would
need to be changed? (Select One)
A. .spectemplate.yaml
B. App.py
C. .template.yaml
D. .spec.template
7. You are currently looking at your GCP platform with gcloud and
would like to list all the instances in GCP Compute Engine. What command
would you use? (Select One)
A. gcloud compute instances grep

B. gcloud grep compute instances
C. gcloud compute list instances
D. gcloud compute instances list
8. __________________is a unified programming model and also a

managed service for developing and executing a wide range of data
processing patterns including ETL, batch computation, and continuous
computation. What is the service? (Select One)
A. Cloud Datalab
B. Cloud Dataflow
C. Cloud Dataproc
D. Cloud Spanner
9 Your considering placing your Infrastructure as code processes on Cloud

Deployment Manager. What would be a risk of doing this? (Select One)
A. Cloud Deployment Manager requires a Google APIs service
account to run.
B. Cloud Deployment Manager APIs could be deprecated in the
future.
C. Cloud Deployment Manager can be used to permanently delete
cloud resources.
D. Cloud Deployment Manager takes some training to use.
10 You are currently reviewing your project in GCP using gcloud. You
would like to confirm what the DNS related info is for a project. What is the
command to do this? Select One
(Select One)
A. gcloud dns project-info describe

B. gcloud dns project-info list
C. gcloud dns project-info show
D. gcloud dns project-info grep
11. You are evaluating new GCP services and would like to use tools to
help you evaluate the costs of using GCP. What are two tools available from
GCP to help analyse costs. (Select Two)
A. Pricing Calculator
B. ROI Calculator
C. TCO Tool
D. Cost Optimization Tool
12. You would like to create a new container repository with Cloud Source
Repositories using gcloud. What would be the command to create a repo
called "devops" (Select One)
A. gcloud source repo create devops

B. gcloud source repos create devops
C. gcloud create source repos "devops"
D. gcloud create source repos devops
13. Your currently ready to deploy some Cloud Deployment Manager
templates and you will need to ensure specific requirements ("explicit") exists
before the templates deploy. What would be the option you would add to
your templates or configuration files? (Select One)
A. dependsOn
B. properties
C. variables
D. deployON
14. By default you can create up to _______ networks per project. (Select
One)
A. 10
B. 100
C. 5
D. 50
15. You would like to deploy a LAMP stack for your development team.
The only issue is you’re not sure how to configure this LAMP stack. You
would like to use a solution that has readymade templates to deploy. What
GCP service could you use (Select One)
A. Cloud Deployment Manager

B. Cloud Marketplace
C. Cloud Endure
D. Cloud DataFlow
16. You would like to create a file structure for Cloud Storage that can be
mounted to Compute Engine. What would be the best option? (Select One)
A. Fuse Tool
B. Samba
C. NFS
D. Use Filestore
17. The__________ Tier delivers traffic over Google’s well-provisioned,
low latency, highly reliable global network. (Select One)
A. Standard
B. Premium
C. Cloud VPN
D. Cloud Interconnect
18. You are designing a CD Pipeline and would like to have your source
code hosted on GKE, Build Automation and Artifact Management with
GCP Services. Your currently using Spinnaker for your code deployment.
Refer to the diagram and place in the proper sequence for A, B, C to design
your initial CD Pipeline.
(Select One)
A. Cloud Source Repositories, Cloud Build, GKE

B. Cloud Build, Cloud Source Repositories, Container
Registry
C. Cloud Source Repositories, Cloud Build, Container
Registry
D. Kubernetes Engine, Cloud Source Repositories, Container
Registry
19. You have just started your cluster and deployed your pods. You now
need to view all the running pods. What is the proper CLI syntax to
accomplish this task? (Select One)
A. kubectl get pods

B. kubectl list pods
C. gcloud get pods
D. gcloud list pods
20. You have been contacted by the enterprise support team which has told
you there have reports of significant latency at specific times for an
application running on GCP. They would like you to review the issue and
provide them insight into why the application is latent at specific times?
What Google Cloud service could you use to inspect latency data that has
been collected in near real time? (Select One)
A. Stackdriver Debug
B. Stackdriver Trace
C. VPC Trace Logs
D. Stackdriver Profiler
21. The Organization resource is the root node in the Google Cloud Platform
hierarchy and is the hierarchical super node of projects. What are the types of
customers an organization resource is available for? Select Two (Select
Two)
A. GSuite
B. Gmail
C. Google for Education
D. Cloud Identity
22 . In GCP there are two types of managed instance groups. (Select Two)
A. Zonal
B. Regional
C. Global
D. GDPR
23. Which of the following features are supported by GCP Cloud Storage?
(Select Two)
A. Object Versioning
B. Object Lifecycle Management
C. Object Analysis Management
D. Object Antivirus Scanning
24. You’re currently being summoned to the CIO office and he would like to
have a copy of the billing reports from Google Cloud Platform. What answer
has the correct formats you can export billing info to? (Select One)
A. CSV or JSON
B. CSV or XML
C. JSON or XML
D. JSON or .Doc
25. Which of the following is not possible using primitive roles in GCP?
(Select One)
A. Allows a user access to view all datasets in a project, but

not run queries on them.
B. Allows Development owner access and Production editor
access for all datasets in a project.
C. Allows a user access to view all datasets in a project only
D. None of the above
26. You are getting to migrate VMS from your onsite datacenter to GCP
Compute Engine. What is the gcloud command to import images and create a
bootable image? (Select One)
A. gcloud compute images import

B. gcloud compute import images
C. gcloud compute images "import"
D. gcloud compute import "images"
27. You’re currently considering moving your on-premises CI pipeline from
on premises to Google Cloud Platform. You would like to have code
maintained in a private Git repository which is hosted on the Google Cloud
Platform. What service would you choose? (Select One)
A. Container Registry
B. Kubernetes Engine
C. Cloud Source Repositories
D. Cloud Build
E. Cloud Run
28. Google Cloud has both types of services that are "ops and no-ops"
management requirements when as referring to customizability with compute
services. How would you rank the four compute services on a scale ranging
from the fewest management requirements and lowest customizability to the
most management requirements and highest customizability? (Select One)
A. Cloud Functions, Compute Engine, Kubernetes Engine,

App Engine
B. Cloud Functions, Kubernetes Engine, App Engine Compute
Engine
C. Cloud Functions, App Engine, Kubernetes Engine,
Compute Engine
D. Cloud Functions, App Engine, Compute Engine,
Kubernetes Engine
29. You have been contacted by your CIO to improve your application
availability. You have decided to use instance groups by spreading your
instances across three zones. What type of instance group do you select?
(Select One)
A. Multi-Regional managed groups

B. Multi-Zonal managed groups
C. Regional managed groups
D. Zonal managed groups
30. Cloud SQL is a fully managed database service. What three variations of
SQL does Cloud SQL Support? (Select Three)
A. MYSQL
B. NewSQL
C. MS SQL
D. Oracle SQL
E. Postgres SQL
31. You have just deployed your application on App Engine standard in the
following region.
us-east4 (Northern Virginia)
What is the required process to change your App Engine instance from
Northern Virginia to?
europe-west (Belgium)
Select the best answer. (Select One)
A. App Engine is a regional service so if you move it has to be

in the same region
B. App Engine is a global service so just
run http://[YOUR_PROJECT_ID].appspot.com.
C. App Engine is a regional service so just
D. App Engine is a regional service so the region can’t be
changed or moved after its set
32. You’re currently working with several contractors. They are using Cloud
Storage buckets for dropping files for review and your company’s approval.
Which of the following should you NOT perform? (Select One)
A. Create a separate bucket for each vendor.

B. Give each vendor the roles/storage.objectAdmin for their
respective bucket.
C. Give each vendor the roles/owner for their respective
bucket.
D. Give them a link to their bucket, which has the format:
console.cloud.google.com/storage/browser/[BUCKET_NAME]
33. When learning about external IP addresses in GCP which of the

following is NOT correct? (Select One)
A. Assigned from a pool

B. Assigned from an internal static address
C. Assigned from an external static address
D. VM does not know its address but its mapped internally to
an internal IP
34. Your users are only uploading resources (writing) to an access-controlled

bucket. You can use the _____________________functionality of Cloud
Storage to require only one signed URL. (Select One)
A. Resumable uploads
B. Controlled uploads
C. Authenticated uploads
D. Signed uploads
35. VPC Network Peering allows you to peer two VPC networks so that the
VMs in the two networks can communicate via internal, private IP addresses.
Which of the following is NOT true about Network Peering? (Select One)
A. VPC Network Peering works with Compute Engine and

App Engine Standard
B. Peering can be configured for one VPC network even
before the other VPC network is created.
C. A given VPC network can peer with multiple VPC
networks
D. VPC Network Peering works with Compute
Engine and App Engine Flexible
36. You have been asked by your customer to move their "in house"
application to App Engine. Customer would like to know what runtimes are
supported. Which of the following are the supported programming
languages? (Select Four)
A. Python
B. PHP
C. Rust
D. Perl
E. Go
F. Java
G. Solidity
37. You company is going to be testing user provisioning with Google

services. You want to manually provision users for testing or other
purposes manually by using the_________________ (Select One)
A. Gmail Console
B. Gsuite Admin Console
C. GCP Console
D. Open ID
38. The VM instances quota is also a _____________quota and limits the

number of VM instances that can exist in a given __________, regardless of
whether the VM is running or not. (Select One)
A. Region, Regional
B. Regional, Region
C. Zonal, Regional
D. Zonal, Global
39. You need to create many projects for many different teams. You want
to use a Cloud Deployment Manager (DM) deployment to create those
projects in a folder called devops1.
What should you do? (Select One)
A. This cannot be done. Use Terraform since it supports teams
better.
B. Create a project called devops1 and enable appropriate
APIs. Grant the project creator role to the service account
Use command “gcloud deployment-manager deployments
create -project devops1
C. Create a project called devops1 and enable appropriate
APIs. Grant the project owner role to the service account
Use command “gcloud deployment-manager deployment
D. Create a project called devops1 and enable appropriate
APIs. Grant the organization role to the service account
create new -project devops1
40. The maximum number of subnets in a project is how many? (Select

One)
A. 10
B. 100
C. 125
D. 1250
41. What is the maximum size of a log entry with logging (Select One)
A. 128
B. 256
C. 512
D. 127
42. What does Cloud Logging in Google Cloud include as part of the
service? (Select Three)
A. User Interface (Logs Viewer)

B. API for programmatic access
C. Storage for logs
D. Analytics Tools
E. Kubernetes Logging extensions.
43. What is the default retention period for Admin Activity Logs? (Select
One)
A. 30 days
B. 400 days
C. 500 days
D. 31 days
44. Using gsutil you can download text files from a bucket by using what
gsutil command? (Select Two)
A. gsutil cp gs://my-bucket/*.files
B. gsutil dn gs://my-bucket/*.txt
C. gsutil copy gs://my-bucket/*.txt
D. gsutil cp gs://my-bucket/*.txt
45. You would like to obtain the current IAM Policy for a project called my-
project test. What would be the correct syntax? (Select One)
A. gcloud set-iam-policy project my-project-test

B. gcloud projects get-iam-policy my-project-test
C. gcloud projects get-iam-policy --my-project-test
D. gcloud get-iam-policy my-project-test
46. GCLOUD wide commands. These flags are available to all commands.
Which is NOT a gcloud wide command? (Select One)
A. --account
B. --configuration
C. --help
D. --verbose
47. What page in the GCP Billing page contains details about your costs and
payment information? (Select One)
A. History
B. Billing and Invoicing
C. Payments
D. Organizations
48. When considering storage options for your virtual machines in Compute
Engine the choices can be confusing when costing is not the main concern.
Without costing being a concern, what type of storage would provide fast and
reliable block storage and scale to 64TB? (Select One)
A. Standard Persistent
B. SSD Persistent
C. Local SSD
D. Cloud Storage Buckets
49. Compute Engine blocks or restricts traffic through all of the following
ports/protocols between the Internet and virtual machines, and between two
virtual machines when traffic is addressed to their external IP addresses
through these ports (this also includes load-balanced addresses). These ports
are permanently blocked; they cannot be opened using firewall rules. What
ports are blocked in Compute Engine? (Select Three)
A. All outgoing traffic to port 25 (SMTP) is blocked.

B. All traffic coming from on premises
C. GRE traffic is blocked, even between VMs
D. Most outgoing traffic to port 465 or 587 (SMTP over SSL)
is blocked, except for known Google IP addresses
E. All outgoing traffic to port 22 (SSH) is blocked.
50. Cloud SQL is a fully managed SQL database service. You need to scale
this service for reads and writes. What type of scaling would you want to
use? (Select One)
A. Horizontally
B. Vertically
C. Diagonally
GCP ASSOCIATE CLOUD
ENGINEER PRACTICE
EXAM ONE - WITH
ANSWERS/EXPLANATIONS
1. You have downloaded the SDK kit from Google and now would like to
manage containers on GKE with gcloud. What command would be typed to
install kubectl in the CLI?
A. Gcloud components install kubectl

B. Gcloud components kubectl install
C. Gcloud components install kubernetes
D. Gcloud components install components kubectl
Correct Answer(s): A. gcloud components install kubectl

Explanation: Using gcloud is very important for this cloud engineer exam
around Kubernetes. The gcloud commands are what interact with GCP
resources that create and manage the clusters and then the kubectl, which is
the Kubernetes command line tool is used to run commands against
Kubernetes clusters on GKE.
2. A recent software update to your enterprises e-commerce website that is

running on Google Cloud has caused the website to crash for several hours.
Your CTO decides that all critical changes must now have a back-out/roll-
back plan. The website is deployed on hundreds of virtual machines (VMs),
and critical changes are frequent.
Which two actions should you take to implement the back-out/roll-back
plan??
A. Use managed instance groups with the "update-instances"
B. Enable object versioning on the website's static data files stored
in Google Cloud Storage
C. Create a new instance template with applied fixes and roll out
via A/B test
D. Use unmanaged instance groups with the "update-instances"
Correct Answer(s): B. Processor

Explanation: Use managed instance groups to provide updates and object
versioning will ensure that you can get back to the previous stable version.
3. Your company uses a third-party monitoring solution for your

enterprise apps. You are using Kubernetes Engine for your container
deployments and would like to enable this internal monitoring app for
Kubernetes clusters. What would be the best approach? (Select One)
A. Deploy the monitoring pod as a DaemonSet.

B. Deploy the monitoring pod as a cluster
C. Deploy the monitoring extension for Stackdriver Trace
D. Deploy a solution from the Cloud Marketplace
Correct Answer(s): A. Deploy the monitoring pod as a DaemonSet.

Explanation: Many monitoring solutions use the Kubernetes DaemonSet
structure to deploy an agent on every cluster node. S Note that each tool has
its own software for cluster monitoring. Heapster is another option that could
also be used, Heapster is a bridge between a cluster and a storage designed to
collect the cluster metrics. Stackdriver is native to Google Cloud and
therefore the recommended approach by Google Cloud.
4. App Engine services are specified(designed) to be _________?
A. Regional
B. Global
C. Multi-regional
D. Zonal
Correct Answer(s): A. Regional

Explanation: App Engine is a regional service , which means the
infrastructure that runs your apps is located in a specific region. This region
cannot be moved nor migrated. It is managed by Google to be redundantly
available across all the zones within that region.
5. The Monitoring agent, ________________, is based on the original

collectd system statistics collection daemon? (Select One)
A. Stackdriver-agent
B. Stackdriver-agent-collectd
C. Stackdriver-collectd
D. Stackdriver-statsd
Correct Answer(s): A. Stackdriver-agent

Explanation: The Stackdriver Monitoring agent is a collectd-based daemon
that gathers system and application metrics from virtual machine instances
and sends them to Stackdriver
Monitoring. cloud.google.com/monitoring/agent/
6. You are currently deploying an application on a Kubernetes cluster.

Your aware that a Deployment’s rollout is triggered if and only if the
Deployment’s pod template is changed, for example if the labels or
container images of the template are updated. Other updates, such as scaling
the Deployment, do not trigger a rollout. What is the file name that would
need to be changed? (Select One)
A. .spectemplate.yaml
B. App.py
C. .template.yaml
D. .spec.template
Correct Answer(s): D. .spec.template is a deployment template.

Explanation: A Deployment's rollout is triggered if and only if the
Deployment's Pod template is changed.
https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
7. You are currently looking at your GCP platform with gcloud and
would like to list all the instances in GCP Compute Engine. What command
would you use? (Select One)
A. gcloud compute instances grep

B. gcloud grep compute instances
C. gcloud compute list instances
D. gcloud compute instances list
Correct Answer(s): D. gcloud compute instances list

Explanation: Review the gcloud documentation site for command syntax
https://cloud.google.com/sdk/gcloud/reference/compute/instances/list
8. __________________is a unified programming model and also a

managed service for developing and executing a wide range of data
processing patterns including ETL, batch computation, and continuous
computation. What is the service? (Select One)
A. Cloud Datalab
B. Cloud Dataflow
C. Cloud Dataproc
D. Cloud Spanner
Correct Answer(s): B. Cloud Dataflow

Explanation: Cloud Dataflow is a unified programming model and a managed
service for developing and executing a wide range of data processing patterns
including ETL, batch computation, and continuous computation. The
challenge with a lot of the GCP services is that they sound the same or have
the same prefix which can be confusing.
https://cloud.google.com/sdk/gcloud/reference/dataflow/
9 Your considering placing your Infrastructure as code processes on Cloud

Deployment Manager. What would be a risk of doing this? (Select One)
A. Cloud Deployment Manager requires a Google APIs service
account to run.
B. Cloud Deployment Manager APIs could be deprecated in the
future.
C. Cloud Deployment Manager can be used to permanently delete
cloud resources.
D. Cloud Deployment Manager takes some training to use.
Correct Answer(s): B. Cloud Deployment Manager.

Explanation: APIs could be deprecated in the future.
APIs of course take maintenance. Other choices would likely not be a risk.
10 You are currently reviewing your project in GCP using gcloud. You
would like to confirm what the DNS related info is for a project. What is the
command to do this? Select One
(Select One)
A. gcloud dns project-info describe

B. gcloud dns project-info list
C. gcloud dns project-info show
D. gcloud dns project-info grep
Correct Answer(s): A. gcloud dns project-info describe

Explanation: gcloud commands need to be memorized. The easy way to
rule out two answers is generally to look at the service which should come
after gcloud. If the answer is flag related, then we need to memorize in most
cases. https://cloud.google.com/sdk/gcloud/reference/dns/project-info/
11. You are evaluating new GCP services and would like to use tools to
help you evaluate the costs of using GCP. What are two tools available from
GCP to help analyse costs. (Select Two)
A. Pricing Calculator
B. ROI Calculator
C. TCO Tool
D. Cost Optimization Tool
Correct Answer(s): A and C: Pricing Calculator and TCO Tool
Explanation. For this exam. Expect several questions on pricing Bigtable and
Storage. You can also take advantage of some tools to help you evaluate the
costs of using GCP. The pricing calculator provides a quick and easy way to
estimate what your GCP usage will look like. You can provide details about
the services you want to use, such as the number of Compute Engine
instances, persistent disks and their sizes, and so on, and then see a pricing
estimate.
https://cloud.google.com/products/calculator
The Total Cost of Ownership (TCO) Tool evaluates the relative costs for
running your compute load in the cloud and provides a financial estimate.
The tool provides several inputs for cost modelling, which you can adjust,
and then compares estimated costs on GCP and AWS. This tool does not
model all components of a typical application, such as storage and
networking.
https://inthecloud.withgoogle.com/tco-assessment-19/form.html
12. You would like to create a new container repository with Cloud Source
Repositories using gcloud. What would be the command to create a repo
called "devops" (Select One)
A. gcloud source repo create devops

B. gcloud source repos create devops
C. gcloud create source repos "devops"
D. gcloud create source repos devops
Correct Answer(s): B. gcloud source repos create devops
Explanation. Note on the cloud engineer exam. There were a few questions
that required exact syntax knowledge for devops services such as Cloud
Build, Cloud Source Repo and Container Registry
gcloud source repo create devops
https://cloud.google.com/source-repositories/docs/creating-an-empty-
repository
13. Your currently ready to deploy some Cloud Deployment Manager
templates and you will need to ensure specific requirements ("explicit") exists
before the templates deploy. What would be the option you would add to
your templates or configuration files? (Select One)
A. dependsOn
B. properties
C. variables
D. deployON
Correct Answer(s): A. dependsOn
Explanation. "dependsOn" You can specify these dependencies using the
dependsOn option in your configuration files or templates. When you add the
dependsOn option for a resource, Deployment Manager creates or updates the
dependencies before creating or updating the resource.
https://cloud.google.com/deployment-manager/docs/configuration/create-
explicit-dependencies
14. By default you can create up to _______ networks per project. (Select
One)
A. 10
B. 100
C. 5
D. 50
Correct Answer(s): C. 5
Explanation. By default ,the limit is 5 per project. You can contact support to
have this adjusted as needed. The exam has a few trivia around projects and
quotas.
https://cloud.google.com/vpc/docs/using-vpc
15. You would like to deploy a LAMP stack for your development team.
The only issue is you’re not sure how to configure this LAMP stack. You
would like to use a solution that has readymade templates to deploy. What
GCP service could you use (Select One)
A. Cloud Deployment Manager
B. Cloud Marketplace
C. Cloud Endure
D. Cloud DataFlow
Correct Answer(s): B. Cloud Marketplace
Explanation: Google Cloud Marketplace formerly Cloud Launcher offers
ready-to-go development stacks, solutions, and services to accelerate
development, so you spend less time installing and more time developing.
https://cloud.google.com/launcher/
16. You would like to create a file structure for Cloud Storage that can be
mounted to Compute Engine. What would be the best option? (Select One)
A. Fuse Tool
B. Samba
C. NFS
D. Use Filestore
Correct Answer(s): A. Fuse Tool

Explanation: You can use the Google Cloud Storage FUSE tool to mount a
Cloud Storage bucket to your Compute Engine instance. The mounted bucket
behaves similarly to a persistent disk even though Cloud Storage buckets are
object storage. To learn how to mount a Cloud Storage bucket on your
instance, read Using Cloud Storage FUSE.
https://cloud.google.com/compute/docs/disks/gcs-buckets
17. The__________ Tier delivers traffic over Google’s well-provisioned,

low latency, highly reliable global network. (Select One)
A. Standard
B. Premium
C. Cloud VPN
D. Cloud Interconnect
Correct Answer(s): B. Premium
Explanation: The Premium Tier delivers traffic over Google’s well-
provisioned, low latency, highly reliable global network.
https://cloud.google.com/network-tiers/
18. You are designing a CD Pipeline and would like to have your source
code hosted on GKE, Build Automation and Artifact Management with
GCP Services. Your currently using Spinnaker for your code deployment.
Refer to the diagram and place in the proper sequence for A, B, C to design
your initial CD Pipeline.
(Select One)
A. Cloud Source Repositories, Cloud Build, GKE

B. Cloud Build, Cloud Source Repositories, Container
Registry
C. Cloud Source Repositories, Cloud Build, Container
Registry
D. Kubernetes Engine, Cloud Source Repositories, Container
Registry
Correct Answer(s): C. Cloud Build, Cloud Source Repositories, Container

Registry
Explanation: Effectively place the services in the proper order.
CI/CD Pipeline https://cloud.google.com/solutions/continuous-delivery/
19. You have just started your cluster and deployed your pods. You now
need to view all the running pods. What is the proper CLI syntax to
accomplish this task? (Select One)
A. kubectl get pods

B. kubectl list pods
C. gcloud get pods
D. gcloud list pods
Correct Answer(s): A: kubectl get pods
Explanation: The command syntax to inspect pods is the same as you would
use for your on-premises deployments. kubectl get pods
20. You have been contacted by the enterprise support team which has told
you there have reports of significant latency at specific times for an
application running on GCP. They would like you to review the issue and
provide them insight into why the application is latent at specific times?
What Google Cloud service could you use to inspect latency data that has
been collected in near real time? (Select One)
A. Stackdriver Debug
B. Stackdriver Trace
C. VPC Trace Logs
D. Stackdriver Profiler
Correct Answer(s): A: Stackdriver Trace (Cloud Trace)

Explanation: Cloud Trace formerly Stackdriver Trace is a distributed tracing
system that collects latency data from your applications and displays it in the
Google Cloud Console. You can track how requests propagate through your
application and receive detailed near real-time performance insights. Cloud
Trace automatically analyses all your application's traces to generate in-depth
latency reports to surface performance degradations, and can capture traces
from all your VMs, containers, or App Engine projects.
21. The Organization resource is the root node in the Google Cloud Platform
hierarchy and is the hierarchical super node of projects. What are the types of
customers an organization resource is available for? (Select Two)
A. GSuite
B. Gmail
C. Google for Education
D. Cloud Identity
Correct Answer(s): A and D: Gsuite and Cloud Identity

Explanation: An Organization resource is available for G Suite and Cloud
Identity customers. Organizations are confusing at first, but for this exam we
need to understand some high level details and what an Org Administrator is
about as well. https://cloud.google.com/resource-manager/docs/creating-
managing-organization
22 . In GCP there are two types of managed instance groups.

(Select Two)
A. Zonal
B. Regional
C. Global
D. GDPR
Correct Answer(s): A, B Zonal and Regional
Explanation: You can create two types of managed instance groups: A zonal
managed instance group, which contains instances from the same zone. A
regional managed instance group, which contains instances from multiple
zones across the same region. Lastly, don’t confused over an unmanaged
instance group.
https://cloud.google.com/compute/docs/instance-groups/
23. Which of the following features are supported by GCP Cloud Storage?
(Select Two)
A. Object Versioning
B. Object Lifecycle Management
C. Object Analysis Management
D. Object Antivirus Scanning
Correct Answer(s): A. Object Versioning and Object Lifecycle Management

Explanation: Object Lifecycle and Object
Versioning https://cloud.google.com/storage/docs/lifecycle
24. You’re currently being summoned to the CIO office and he would like to
have a copy of the billing reports from Google Cloud Platform. What answer
has the correct formats you can export billing info to? (Select One)
A. CSV or JSON
B. CSV or XML
C. JSON or XML
D. JSON or .Doc
Correct Answer(s): A: CSV or JSON
Explanation: To access a detailed breakdown of your charges, you can
export your daily usage and cost estimates automatically to a CSV or JSON
file stored in a Google Cloud Storage bucket you specify.
https://cloud.google.com/billing/docs/how-to/export-data-file
25. Which of the following is not possible using primitive roles in GCP?
(Select One)
A. Allows a user access to view all datasets in a project, but

not run queries on them.
B. Allows Development owner access and Production editor
access for all datasets in a project.
C. Allows a user access to view all datasets in a project only
Correct Answer(s): A: Allows a user access to view all datasets in a project,
but not run queries on them.
Explanation: Primitive roles can be used to give owner, editor, or viewer
access to a user or group, but they can't be used to separate data access
permissions from job-running permissions. Reference:
https://cloud.google.com/bigquery/docs/access-control#primitive_iam_roles
26. You are getting to migrate VMS from your onsite datacenter to GCP
Compute Engine. What is the gcloud command to import images and create a
bootable image? (Select One)
A. gcloud compute images import

B. gcloud compute import images
C. gcloud compute images "import"
D. gcloud compute import "images"
Correct Answer(s): A gcloud compute images import

Explanation: Remember to learn the syntax gcloud compute images
import https://cloud.google.com/compute/docs/images/importing-virtual-
disks
27. You’re currently considering moving your on-premises CI pipeline from

on premises to Google Cloud Platform. You would like to have code
maintained in a private Git repository which is hosted on the Google Cloud
Platform. What service would you choose? (Select One)
A. Container Registry
B. Kubernetes Engine
C. Cloud Source Repositories
D. Cloud Build
E. Cloud Run
Correct Answer(s): C. Cloud Source Repositories
Explanation: Cloud Source Repositories is a secure hosted private Git on
Google Cloud. https://cloud.google.com/source-repositories/
28. Google Cloud has both types of services that are "ops and no-ops"
management requirements when as referring to customizability with compute
services. How would you rank the four compute services on a scale ranging
from the fewest management requirements and lowest customizability to the
most management requirements and highest customizability? (Select One)
A. Cloud Functions, Compute Engine, Kubernetes Engine,

App Engine
B. Cloud Functions, Kubernetes Engine, App Engine Compute
Engine
C. Cloud Functions, App Engine, Kubernetes Engine,
Compute Engine
D. Cloud Functions, App Engine, Compute Engine,
Kubernetes Engine
Correct Answer(s): C. Cloud Functions, App Engine, Kubernetes Engine,
Compute Engine
Explanation: Google has compute services that are managed which are
considered No-Ops and other services that are Lo-Ops.
https://cloud.google.com/docs/overview/cloud-platform-services#computing-
hosting
29. You have been contacted by your CIO to improve your application
availability. You have decided to use instance groups by spreading your
instances across three zones. What type of instance group do you select?
(Select One)
A. Multi-Regional managed groups

B. Multi-Zonal managed groups
C. Regional managed groups
D. Zonal managed groups
Correct Answer(s): A. Multi-Regional managed groups
Explanation: An instance group is a collection of virtual machines (VM)
instances that you can manage as a single entity. There are two types
Managed and Unmanaged Instance Groups.
https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-
managed-instances
30. Cloud SQL is a fully managed database service. What three variations of
SQL does Cloud SQL Support? (Select Three)
A. MYSQL
B. NewSQL
C. MS SQL
D. Oracle SQL
E. Postgres SQL
Correct Answer(s): A. PostgreSQL and My SQL and now MS SQL
Explanation: Cloud SQL supports three main SQL versions
https://cloud.google.com/sql/
31. You have just deployed your application on App Engine standard in the
following region.
us-east4 (Northern Virginia
What is the required process to change your App Engine instance from
Northern Virginia to?
europe-west (Belgium)
Select the best answer. (Select One)
A. App Engine is a regional service so if you move it has to be

in the same region
B. App Engine is a global service so just
C. App Engine is a regional service so just
D. App Engine is a regional service so the region can’t be
changed after its set
Correct Answer(s): D. App Engine is a regional service so the region can’t be

changed after its set
Explanation: You cannot change an app's region after you set it. If you
already created an App Engine application, you can view the region by
running the gcloud app describe command or opening the App Engine
Dashboard in the GCP Console. The region of your App Engine application
is listed under http://[YOUR_PROJECT_ID].appspot.com.
32. You’re currently working with several contractors. They are using Cloud
Storage buckets for dropping files for review and your company’s approval.
Which of the following should you NOT perform? (Select One)
A. Create a separate bucket for each vendor.
B. Give each vendor the roles/storage.objectAdmin for their
respective bucket.
C. Give each vendor the roles/owner for their respective
bucket.
D. Give them a link to their bucket, which has the format:
console.cloud.google.com/storage/browser/[BUCKET_NAM
Correct Answer(s): D. Give them a link to their bucket, which has the
format…
Explanation: Now you would almost never give temporary users, partners or
non-employee owner rights. This is a best practice
https://cloud.google.com/storage/docs/collaboration
33. When learning about external IP addresses in GCP which of the

following is NOT correct? (Select One)
A. Assigned from a pool

B. Assigned from an internal static address
C. Assigned from an external static address
D. VM does not know its address but its mapped internally to
an internal IP
Correct Answer(s): D. VM does not know its address but its mapped
internally to an internal IP
Explanation: VM does not know its address but its mapped internally to an
internal IP https://cloud.google.com/compute/docs/ip-addresses/reserve-
static-external-ip-address
34. Your users are only uploading resources (writing) to an access-controlled

bucket. You can use the _____________________functionality of Cloud
Storage to require only one signed URL. (Select One)
A. Resumable uploads
B. Controlled uploads
C. Authenticated uploads
D. Signed uploads by URL
Correct Answer(s): D. Signed uploads by URL
Explanation: If your users are only uploading resources (writing) to an
access-controlled bucket, you can use the resumable uploads functionality of
Cloud Storage to require only one signed URL. This signed URL is part of
the initial POST request, during which no data is actually uploaded.
https://cloud.google.com/storage/docs/access-control/signed-urls
35. VPC Network Peering allows you to peer two VPC networks so that the
VMs in the two networks can communicate via internal, private IP addresses.
Which of the following is NOT true about Network Peering? (Select One)
A. VPC Network Peering works with Compute Engine and

App Engine Standard
B. Peering can be configured for one VPC network even
before the other VPC network is created.
C. A given VPC network can peer with multiple VPC
networks
D. VPC Network Peering works with Compute
Engine and App Engine Flexible
Correct Answer(s): A .VPC Network Peering works with Compute Engine
and App Engine Standard
Explanation: Does not support App Engine
Standard. https://cloud.google.com/vpc/docs/vpc-peering
36. You have been asked by your customer to move their "in house"
application to App Engine. Customer would like to know what runtimes are
supported. Which of the following are the supported programming
languages? (Select Four)
A. Python
B. PHP
C. Rust
D. Perl
E. Go
F. Java
G. Solidity
Correct Answer(s): A,B, E and F- Python, PHP, Go and Java
Explanation: Make sure you know the supported languages for standard for
the exam. https://cloud.google.com/appengine/downloads
37. You company is going to be testing user provisioning with Google

services. You want to manually provision users for testing or other
purposes manually by using the_________________ (Select One)
A. Gmail Console
B. Gsuite Admin Console
C. GCP Console
D. Open ID
Correct Answer(s): B Gsuite Admin Control
Explanation: G Suite Admin Console To manually provision users for
testing or other purposes, Cloud Platform administrators can provision users
and their associations with groups and organizations manually by using the G
Suite Admin Console. https://cloud.google.com/docs/enterprise/best-
practices-for-enterprise-organizations
38. The VM instances quota is also a _____________quota and limits the

number of VM instances that can exist in a given __________, regardless of
whether the VM is running or not. (Select One)
A. Region, Regional
B. Regional, Region
C. Zonal, Regional
D. Zonal, Global
Correct Answer(s): B. Regional, Region
Explanation: The VM instances quota is also a regional quota and limits the
number of VM instances that can exist in a given region, regardless of
whether the VM is running or
not https://cloud.google.com/compute/quotas
39. You need to create many projects for many different teams. You want
to use a Cloud Deployment Manager (DM) deployment to create those
projects in a folder called devops1.
What should you do? (Select One)
A. This cannot be done. Use Terraform since it supports teams

better.
B. Create a project called devops1 and enable appropriate
APIs. Grant the project creator role to the service account
C. Create a project called devops1 and enable appropriate
APIs. Grant the project owner role to the service account
Use command “gcloud deployment-manager deployment
D. Create a project called devops1 and enable appropriate
APIs. Grant the organization role to the service account
create new -project devops1
Correct Answer(s): B. Create a project called devops1 and enable appropriate

APIs. Grant the project creator role to the service account Use command
“gcloud deployment-manager deployments create -project devops1
Explanation: The best option is to allow for the project creator role. (never
owner) for a service account. Command syntax is correct
40. The maximum number of subnets in a project is how many? (Select

One)
A. 10
B. 100
C. 125
D. 1250
Correct Answer(s): B. 100

Explanation: The default limit is 100. You can view this in your GCP
project
41. What is the maximum size of a log entry with logging (Select One)
A. 128
B. 256
C. 512
D. 127
Correct Answer(s): B. 256
Explanation: Don’t confuse the length of the logging retention or metrics for
example. Note 256 is approximate limit is based on internal data sizes, not
the actual REST API request size. https://cloud.google.com/logging/quotas
42. What does Cloud Logging in Google Cloud include as part of the
service? (Select Three)
A. User Interface (Logs Viewer)

B. API for programmatic access
C. Storage for logs
D. Analytics Tools
E. Kubernetes Logging extensions.
Correct Answer(s): A, B, C. User Interface (Logs Viewer) B, API for

programmatic access and C. Storage for logs.
Explanation: Cloud Logging is integrated with Stackdriver but there are no
analytics or special extensions for Kubernetes. There are Kubernetes metrics
used. Stackdriver is the default logging solution for clusters deployed on
Google Kubernetes Engine. Stackdriver Logging is deployed to a new cluster
by default unless you explicitly opt-out.
https://kubernetes.io/docs/tasks/debug-application-cluster/logging-
stackdriver/
43. What is the default retention period for Admin Activity Logs? (Select
One)
A. 30 days
B. 400 days
C. 500 days
D. 31 days
Correct Answer(s): B: 400
Explanation: There is some trivia on the exam around logging. We need to
know both 400 and 30 days. In the Stackdriver section is a table that list there
for Admin Activity, Data Access, etc.
https://cloud.google.com/logging/quotas
44. Using gsutil you can download text files from a bucket by using what
gsutil command? (Select One)
A. gsutil cp gs://my-bucket/*.files
B. gsutil dn gs://my-bucket/*.txt
C. gsutil copy gs://my-bucket/*.txt
D. gsutil cp gs://my-bucket/*.txt
Correct Answer(s): D gsutil cp gs://my-bucket/*.txt
Explanation: We will need to know a wide range of gcloud commands and
gsutil is part of the objectives. Gsutil is used for managing Cloud Storage.
https://cloud.google.com/storage/docs/gsutil/commands/cp
45. You would like to obtain the current IAM Policy for a project called my-
project test. What would be the correct syntax? (Select One)
A. gcloud set-iam-policy project my-project-test
B. gcloud projects get-iam-policy my-project-test
C. gcloud projects get-iam-policy --my-project-test
D. gcloud get-iam-policy my-project-test
Correct Answer(s): B: gcloud projects get-iam-policy my-project-test
Explanation: We will need to know a wide range of gcloud commands and
managing projects are part of the objectives. gcloud projects get-iam-policy
my-project-test https://cloud.google.com/sdk/gcloud/reference/config/set
46. GCLOUD wide commands. These flags are available to all commands.
Which is NOT a gcloud wide command? (Select One)
A. --account
B. --configuration
C. --help
D. --verbose
Correct Answer(s): D: --verbose
Explanation: -verbose is incorrect. The flag for verbose is verbosity.
GCLOUD WIDE FLAGS These flags are available to all commands: --
account, --configuration, --flatten, --format, --help, --log-http, --project, --
quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for
details. https://cloud.google.com/sdk/gcloud/reference/version
47. What page in the GCP Billing page contains details about your costs and
payment information? Select One
(Select One)
A. History
B. Billing and Invoicing
C. Payments
D. Organizations
Correct Answer(s): A: History
Explanation: Your billing account's History page contains details about your
costs and payment information. Here, you can: View transactions and sort by
transaction types. Sort your account's payment information.
https://cloud.google.com/billing/docs/how-to/view-history
48. When considering storage options for your virtual machines in Compute
Engine the choices can be confusing when costing is not the main concern.
Without costing being a concern, what type of storage would provide fast and
reliable block storage and scale to 64TB? (Select One)
A. Standard Persistent
B. SSD Persistent
C. Local SSD
D. Cloud Storage Buckets
Correct Answer(s): B: SSD Persistent
Explanation: SSD Persistent Fast and reliable block storage Fast and reliable
block storage Fast and reliable block storage with synchronous replication
across two zones in a region https://cloud.google.com/compute/docs/disks/
49. Compute Engine blocks or restricts traffic through all of the following
ports/protocols between the Internet and virtual machines, and between two
virtual machines when traffic is addressed to their external IP addresses
through these ports (this also includes load-balanced addresses). These ports
are permanently blocked; they cannot be opened using firewall rules. What
ports are blocked in Compute Engine? (Select Three)
A. All outgoing traffic to port 25 (SMTP) is blocked.

B. All traffic coming from on premises
C. GRE traffic is blocked, even between VMs
D. Most outgoing traffic to port 465 or 587 (SMTP over SSL)
is blocked, except for known Google IP addresses
E. All outgoing traffic to port 22 (SSH) is blocked.
Correct Answer(s): A, C and D:
Explanation: All outgoing traffic to port 25 (SMTP) is blocked. Most
outgoing traffic to port 465 or 587 (SMTP over SSL) is blocked, except for
known Google IP addresses. GRE traffic is blocked, even between VMs.
Traffic that uses a protocol other than TCP, UDP, ICMP, and IPIP is blocked,
unless explicitly allowed through protocol forwarding.
https://cloud.google.com/compute/docs/networks-and-firewalls
50. Cloud SQL is a fully managed SQL database service. You need to scale
this service for reads and writes. What type of scaling would you want to
use? (Select One)
A. Horizontally
B. Vertically
C. Diagonally
Correct Answer(s): B: Vertically
Explanation: Vertical for writes and reads. If you need horizontally scaling
SQL use Cloud Spanner for distributed nodes.
https://cloud.google.com/storage-options/
End of Practice Exam One
Additional Free Resources

Additional FREE practice Questions are available after August 1, 2020 online
at https://TechCommanders.com/GCPFreepractice
Free YouTube GCP Cloud Engineer Playlist
https://www.youtube.com/playlist?
list=PLOYQCApvKhV2c4iUQdPKwzWH5x5gjsvmg
Google Cloud focused blog for all exams! http://thegcpgurus.com/
GCP ASSOCIATE CLOUD
ENGINEER PRACTICE
EXAM TWO - QUESTIONS
W/O
This practice exam is followed with the same practice exam with answers and explanation.
Good Luck. These questions are more difficult than on the exam. If you do well here. you should
feel confident on sitting for the exam.
1. You are currently designing a cloud application that your user base will
connect to without a gateway VPN. The company is wanting to ensure that
the application maintains user identity and context to guard access to the
applications and VMs. What would you recommend? (Select One)
A. Cloud VPN
B. Identity Aware Proxy (IAP)
C. Cloud NAT
D. Cloud Endpoints
2. The _______________________________resource represents the
Access Control Lists (ACLs) for buckets within Google Cloud Storage.
ACLs let you specify who has access to your data and to what extent.
(Select One)
A. SetIAMPolicy
B. TestIAMPermissions
C. DefaultAccessControls
D. BucketAccessControls
3. You have created several preemptible Linux virtual machine instances

using Google Compute Engine. You want to properly shut down your
application before the virtual machines are pre-empted (Shut off). (Select
One)
A. Create a shutdown script and use it as the value for a new metadata
entry with the key shutdown-script in Deployment Manager
B. Create a shutdown script and use it as the value for a new metadata
entry with the key shutdown-script in the Cloud Platform Console when you
create the new virtual machine instance
C. Create a shutdown script and use it as the value for a new log point
entry with the key shutdown-script in the Cloud Platform Console when you
create the new virtual machine instance
D. Create a shutdown script and use it as the value for a new metadata
entry with the key shutdown-script and then use the Google Cloud Github
for resources to complete.
4. The first step in Cloud Deployment manager is to create

what____________? (Select One)
A. Template
B. Configuration
C. Resources
D. Pipeline
5. When using the SDK, you want to ensure you set the current project for
your development environment. What would be the proper syntax in
gcloud? (Select One)
A. gcloud config set project projectname

B. gcloud config init project projectname
C. gcloud config set project --projectname
D. gcloud config init project --projectname
6. The Versioning Configuration feature in gsutil enables you to configure

a Google Cloud Storage bucket to keep old versions of objects.
The gsutil versioning command has two sub-commands. What are the two
subcommands? (Select Two)
A. Get
B. Set
C. List
D. Show
E. Put
7. You would like to create a new Compute Engine instance called gcelab2
in the zone us-central-c.
What is the proper command? (Select One)
A. gcloud compute instances create gcelab2 --zone us-central1-c

B. gcloud compute instances make gcelab2 --zone us-central1-c
C. gcloud compute instances init gcelab2 --zone us-central1-c
D. gcloud compute instances init gcelab2 --region us-central1-c
8. Logs are associated primarily with GCP ____________, although

_______________ can also have logs. (Select One)
A. Projects and Regions

B. Projects and Organizations
C. Zones and Regions
D. Projects and Zones
9. Cloud Endpoints can be implemented in which languages?

(Select Two)
A. PHP
B. Rust
C. Go
D. Python
E. Java
10. Your customer requires that metrics from all applications be retained
for 5 years for future analysis in possible legal proceedings. Which
approach should you use? (Select One)
A. Configure Stackdriver Monitoring for all Projects, and export to

Cloud Storage.
B. Configure Stackdriver Monitoring for all Projects with the default
retention policies.
C. Configure Stackdriver Monitoring for all Projects, and export to
BigQuery.
D. Configure Stackdriver Monitoring for all Projects, and export to
Cloud Datastore
11. How do you isolate VM systems within one project to guarantee that
they can't communicate over the internal IP address? (Select One)
A. Place them in different zones

B. Place them in different networks
C. Place them in separate organizations
D. Place them in a separate project
12. Your customer has asked you to place VMs on the same subnet, but
they also told you that they need them in different zones? Why would they
want this to be setup like this? (Select One)
A. For High Availability

B. For Performance
C. For Resource Management
D. For Billing Purposes
13. You need to follow a "best practice" for dealing with processes that do
not shutdown correctly with your VM's. What do you configure in the
autoscaling options that will reduce risk by running shutdown scripts to
redirect incoming traffic at the load balancer and flush the cache prior to
exit? (Select One)
A. Hard Exit
B. Soft Exit
C. Graceful Exit
D. Not supported in GCP
14. The HTTPS load balancer can leverage which of the following types of
GCP resources? (Select Two)
NOTE: For this exam you must know about load balancers and the two
different approaches to Load Balancing!? (Select One)
A. Global IP Address (ephemeral or static)

B. Global IP Address (ephemeral only)
C. One or more Instance Groups
D. Two or more Instance Groups
15. When we setup a project in GCP what are the two main benefits of
using a project? (Select Two).
A. We can associate objects and services with billing

B. No benefits
C. We can create a max of five organizations.
D. We also can create networks (quota max 5)
16. What type of resource is this? ___________ bundle application code
and dependencies into a single unit, abstracting the application from the
infrastructure. (Select One)
A. Virtual Machines
B. Containers
C. Microservices
D. Apps
17. Google Cloud Platform has several unique and innovative benefits
when it comes to billing and resource control. What are these benefits?
(Select Three)
A. Sustained use discounts

B. Sub-hour billing
C. Compute Engine Custom Machines
D. Hourly billing
E. Bitcoin Mining machines
F. Spot Instances
18. Which of the following is a GCP resource that is used for infrastructure
automation. This resource is where you can specify repeatable processes
also. What is this service/resource in GCP that can be used for automation?
(Select One)
A. CloudFormation
B. Cloud Deployment Manager
C. Puppet
D. Cloud Marketplace
19. Your customer is currently developing on App Engine with Python.
They would like to implement standard images for their VM
configurations. What deployment do they need to subscribe to so to enable
the use of standard image on their VM’s? (Select One)
A. App Engine Standard

B. App Engine Flexible
C. App Engine Custom
D. App Engine Dedicated
20. Google Cloud Deployment Manager allows you to specify all the
resources needed for your application in a declarative format using
___________ format? What is the format Cloud Deployment Manager
uses? (Select One)
A. YAML
B. Python
C. PHP
D. JSON
21. Which of the follow methods will not cause a shutdown script to be
executed. (Select One)
A. When a user initiates a shutdown though a request to the guest

operating system
B. Preemptible instance being shutdown
C. Shut down via the Cloud Console
D. An instance reset thru an API Call
22. When we speak of Best Practices around IAM and specifically the
"Principle of least privilege" . What would be two best practices as related
to least privilege? (Select One)
A. Always apply the maximum access level required

B. Always apply the minimal access level required
C. Never control who can change policies and group memberships at
the project level
D. Never control who can change policies and group memberships at
the organizational level
23. Each Cloud Platform project has three unique identifiers. Which one is
NOT a correct identifier? (Select One)
A. Project Name
B. Project ID
C. Project Scope
D. Project Number
24. You can use ________________________to monitor signals and build
operations in your Kubernetes Engine clusters. (Select One)
A. Stackdriver Logging
B. Stackdriver Monitoring
C. Stackdriver Kubernetes API
D. Stackdriver Trace
25. When creating a VPC in Auto mode the following routes are created.
(Select Two)
A. A default route for Internet traffic (0/0) is created when the network
is created.
B. A default route for Internet traffic (0/25) is created when the
network is created.
C. One route is created for each subnet when the subnet is created. One
route is created for each subnet when the subnet is created.
D. A default route for Internet traffic (0/25) is created when the
network is created.
26. You have been asked by your IT Manager to setup some Cloud Storage
for some in house data that will migrate the cloud. You have been told that
you need to have an archive for data over 6 months for DR purposes. What
Storage Class would you choose? (Select One)
A. Nearline
B. Coldline
C. Regional
D. Multi Regional
27. What is the flag for estimating costs for bytes read in Bigquery with the
bq command? (Select One)
A. -dry_run
B. --dry_run_read
C. --estimate_reads
D. Must use the pricing calculator.
E. Must contact support for the BQ spreadsheet
28. For system metrics, Stackdriver creates a Deployment that periodically

connects to each node and collects metrics about its Pods and containers,
then sends the metrics to Stackdriver.
Metrics for usage of system resources are collected from the following
sources: (Select Three)
A. CPU
B. Hypervisor
C. Memory
D. Network
E. Disk
F. Cache
29. ___________________is an agreement between VPN IKE peers to

permit traffic through a tunnel if the traffic matches the specified addresses.
(Select One)
A. Traffic Selector
B. CIDR Range
C. Traffic Routing
D. All of the above
30. Your company has decided to migrate from AWS S3 to GCP Cloud
Storage. You would like to transfer 120GB of data via the most efficient
method. Your network connection is a T3 and you have set up your GCP
Cloud Storage structure (buckets, folders, etc)
What would be the recommended approach? (Select One)

A. Transfer Appliance
B. Storage Transfer Service
C. BQ Transfer Service
D. Cloud Endure
31. Which log type provides you with logs of actions taken by Google
Support staff when accessing your Google Cloud resources? (Select One)
A. Data Access
B. Admin Activity
C. Access Transparency
D. System Events
32. You would like to understand operations of deploying Compute Engine
resources and its operations. What log would you want to view? (Select
One)
A. Admin Activity
B. System Events
C. Data Access
D. Access Transparency
33. With Continuous ______________, revisions are deployed to a

production environment automatically without explicit approval from a
developer, making the entire software release process automated. (Select
One)
A. Deployment
B. Development
C. Integration
34. What type of account would you use when you want to have services
interact with other services. (Select One)
A. Github Account
B. Gsuite Account
C. User Account
D. Service Account
35. Google considers regional locations to be how many miles apart?
(Select One)
A. 100
B. 1000
C. 500
D. 50
36. Which type of load balancing would you set up to handle web
applications that open to the public? (Select One)
A. Network Load Balancing

B. HTTP Load Balancing
C. UDP Load Balancing
D. TCP Load Balancing
37. You would like to add a strict deploy-time policy enforcement to your
Kubernetes Engine cluster. What would be your best option? (Select One)
A. IAM Policies
B. Binary Authorization
C. Cloud Armor
D. Container Registry
38. Your organization would like to obtain significant discounts on your

VM instance deployments on Google Cloud. These VM instances need to
be available fully. What pricing model would you want to consider.
(Select One)
A. Spot Instance
B. Reserved Instances
C. Committed Use Instances
D. On Demand Instances
E. Ephemeral Instances
39. You’re currently a developer at XYZ Corporation and you have over 60
projects deployed on GCP. You would like to integrate SSO into your GCP
and additional IT services. What are two features of SSO with GCP?
(Select Two)
A. Use your own authentication mechanism and manage your own

credentials
B. Federate your AD Trees to Google Cloud Platform
C. Federate your AWS accounts with Google Cloud Platform
D. Google Apps Directory Sync integrates with LDAP
40. You have an application that accepts inputs from users. The application
needs to kick off different background tasks based on these inputs. You
want to allow for automated asynchronous execution of these tasks as soon
as input is submitted by the user. Which product should you use? (Select
Two)
A. Cloud Tasks
B. Cloud Crons
C. Cloud Pub/Sub
D. Cloud SDK
41. According to Google Cloud Platform design principles stateless servers
are easier to work with than stateful servers? (True or False) ? (Select
Two)
A. True
B. False
42. Which of the following two statements are true about choices around
Cloud Deployment Manager templates? ? (Select Two)
A. Jinja2 is a simpler but less powerful templating language that uses
the same syntax as YAML
B. Jinja2 templates are more powerful and give you the option to
programmatically create or manage your templates
C. Python is a simpler but less powerful templating language that uses
the same syntax as YAML
D. Python templates are more powerful and give you the option to
programmatically create or manage your templates
43. Which of the following is a feature of using a VPC In Google Cloud?

(Select one)
A. Global Resource
B. Regional Resource
C. AWS Compatible Resource
D. Multi-Regional Resource
44. Your organization would like to obtain significant discounts on your

VM instance deployments on Google Cloud. These VM instances only need
to be used for a few hours a month.
What pricing model would you want to consider? (Select One)
A. Spot Instance
E. Preemptible Instances
45. Which are the following resources are Global Resources in GCP?
(Select Two)
A. Snapshots
B. Disks
C. Images
D. Zones
46. What GCP service is a lightweight, event-based, asynchronous

compute solution that allows you to create small, single-purpose functions
that respond to cloud events without the need to manage a server or a
runtime environment. (Select One)
A. Cloud Functions
B. Cloud Run
C. Cloud DataStore
D. Cloud PubSub
47. Your company manufactures devices with sensors and has the need to
stream huge amounts of data from these devices to a storage option in the
cloud. Which Google Cloud Platform storage option is the best choice for
your application? (Select One)
A. BigQuery
B. BigTable
C. Cloud SQL
D. Cloud Run
E. Cloud Storage
48. Your currently writing templates for Deployment Manager

deployments. You can write templates in your choice of what two
languages? (Select Two)
A. Python or Java
B. PHP or Java
C. Python or Jinja2
D. Jinja2 or PHP
49. You would like to create a new repository in Cloud Source
Repositories with gcloud. What would be the command to create a repo
called "developer"? (Select Two)
A. gcloud source repos create developer
B. gcloud source repo create developer
C. gcloud create source repos developer
D. gcloud create source repos "developer"
50. Which of the following two details about managing secrets would not
be considered a best practice? (Select Two)
A. Rotating Secrets is a must

B. Cache Secrets locally once a year
C. Cache Secrets locally many times a day
D. Use a separate solution or platform
END of Exam.
GCP ASSOCIATE CLOUD
ENGINEER PRACTICE
EXAM TWO - WITH
1. You are currently designing a cloud application that your user base will
connect to without a gateway VPN. The company is wanting to ensure that
the application maintains user identity and context to guard access to the
applications and VMs. What would you recommend? (Select One)
A. Cloud VPN
B. Identity Aware Proxy (IAP)
C. Cloud NAT
D. Cloud Endpoints
Correct Answer(s): B: Identity Aware Proxy (IAP)
Explanation: IAP protects SSH and RDP access to your VMs hosted on
GCP. This is an effective whitelisting approach. Your VM instances don't
even need public IP addresses. https://cloud.google.com/iap/
2. The _______________________________resource represents the Access
Control Lists (ACLs) for buckets within Google Cloud Storage. ACLs let you
specify who has access to your data and to what extent. (Select One)
A. SetIAMPolicy
B. TestIAMPermissions
C. DefaultAccessControls
D. BucketAccessControls
Correct Answer(s): D: BucketAccessControls
Explanation: Buckets contain objects which can be accessed by their own
methods. In addition to the ACL property, buckets contain
bucketAccessControls, for use in fine-grained manipulation of an existing
bucket's access controls.
3. You have created several preemptible Linux virtual machine instances

using Google Compute Engine. You want to properly shut down your
application before the virtual machines are pre-empted (Shut off). (Select
One)
A. Create a shutdown script and use it as the value for a new
metadata entry with the key shutdown-script in Deployment
Manager
B. Create a shutdown script and use it as the value for a new
metadata entry with the key shutdown-script in the Cloud
Platform Console when you create the new virtual machine
instance
C. Create a shutdown script and use it as the value for a new
log point entry with the key shutdown-script in the Cloud
Platform Console when you create the new virtual machine
instance
D. Create a shutdown script and use it as the value for a new
metadata entry with the key shutdown-script and then use
the Google Cloud Github for resources to complete.
Correct Answer(s): B: Create a shutdown script and use it as the value for a
new metadata entry with the key shutdown-script in the Cloud Platform
Console when you create the new virtual machine instance
Explanation: Create a shutdown script and use it as the value for a new
metadata entry with the key shutdown-script in the Cloud Platform Console
when you create the new virtual machine instance
https://cloud.google.com/compute/docs/shutdownscript
4. The first step in Cloud Deployment manager is to create
what____________? (Select One)
A. Template
B. Configuration
C. Resources
D. Pipeline
Correct Answer(s): B: Configuration
Explanation: The first step in creating your deployment is to create a
configuration. A configuration is a list of resources, and their respective
properties, that will be part of your deployment.
https://cloud.google.com/deployment-manager/docs/step-by-step-
guide/create-a-configuration
5. When using the SDK, you want to ensure you set the current project for
your development environment. What would be the proper syntax in
gcloud? (Select One)
A. gcloud config set project projectname
B. gcloud config init project projectname
C. gcloud config set project --projectname
D. gcloud config init project --projectname
Correct Answer(s): D: gcloud config init project --projectname
Explanation: For the exam please ensure you reference the gcloud
commands for projects consistently. You can expect several questions on
these commands and syntaxes on the exam.
gcloud config set project projectname
https://cloud.google.com/sdk/gcloud/reference/config/set
6. The Versioning Configuration feature in gsutil enables you to configure a
Google Cloud Storage bucket to keep old versions of objects.
The gsutil versioning command has two sub-commands. What are the two
subcommands? (Select Two)
A. Get
B. Set
C. List
D. Show
E. Put
Correct Answer(s): A, B: Get and Set
Explanation: Set The "set" sub-command requires an additional sub-
command, either "on" or "off", which, respectively, will enable or disable
versioning for the specified bucket(s). Get The "get" sub-command gets the
versioning configuration for a bucket and displays whether or not it is
enabled.
https://cloud.google.com/storage/docs/gsutil/commands/versioning
7. You would like to create a new Compute Engine instance called gcelab2 in
the zone us-central-c.
What is the proper command? (Select One)
A. gcloud compute instances create gcelab2 --zone us-
central1-c
B. gcloud compute instances make gcelab2 --zone us-central1-
c
C. gcloud compute instances init gcelab2 --zone us-central1-c
D. gcloud compute instances init gcelab2 --region us-central1-
c
Correct Answer(s): A gcloud compute instances create gcelab2 --zone us-
central1-c
Explanation: Creating a GCE instance is basic knowledge required for the
exam.
gcloud compute instances create gcelab2 --zone us-central1-c
https://cloud.google.com/sdk/gcloud/reference/version
8. Logs are associated primarily with GCP ____________, although
_______________ can also have logs. (Select One)
A. Projects and Regions
B. Projects and Organizations
C. Zones and Regions
D. Projects and Zones
Correct Answer(s): C: Project, Organizations
Explanation: Logs are associated primarily with GCP projects, although
organizations can also have logs
https://cloud.google.com/logging/docs/basic-concepts
9. Cloud Endpoints can be implemented in which languages?
(Select Two)
A. PHP
B. Rust
C. Go
D. Python
E. Java
Correct Answer(s): D, E: Python, Java
Explanation: Cloud Endpoints for the App Engine standard generation 1
environment historically used Endpoints Frameworks, which only supports
the Java 8 and Python 2.7 runtime environments.
https://cloud.google.com/endpoints/docs/choose-endpoints-option
10. Your customer requires that metrics from all applications be retained for
5 years for future analysis in possible legal proceedings. Which approach
should you use? (Select One)
A. Configure Stackdriver Monitoring for all Projects, and
export to Cloud Storage.
B. Configure Stackdriver Monitoring for all Projects with the
default retention policies.
C. Configure Stackdriver Monitoring for all Projects, and
export to BigQuery.
D. Configure Stackdriver Monitoring for all Projects, and
export to Cloud Datastore
Correct Answer(s): A : Configure Stackdriver Monitoring (Now Operations)
for all Projects, and export to Cloud Storage.
Explanation: Cloud Storage is the only economical option and would meet
compliance requirements if setup properly. The hint to use Cloud Storage
was 5 years since it would likely be archive data.
11. How do you isolate VM systems within one project to guarantee that they
can't communicate over the internal IP address? (Select One)
A. Place them in different zones
B. Place them in different networks
C. Place them in separate organizations
D. Place them in a separate project
Correct Answer(s): B: Place them in different networks
Explanation: If we want global availability -- alternatives and failover VMs
that are in a different geographic region -- there is a bit more complexity
involved. Notice that because these VMs are in a single Network, even
though they are in different regions, they can still communicate through
GCP's internal global network.
12. Your customer has asked you to place VMs on the same subnet, but they
also told you that they need them in different zones? Why would they want
this to be setup like this? (Select One)
A. For High Availability
B. For Performance
C. For Resource Management
D. For Billing Purposes
Correct Answer(s): A: For High Availability
Explanation: This provides increased availability due to multiple zones
Simplified security due to a single subnetwork
13. You need to follow a "best practice" for dealing with processes that do
not shutdown correctly with your VM's. What do you configure in
the autoscaling options that will reduce risk by running shutdown scripts to
redirect incoming traffic at the load balancer and flush the cache prior to
exit? (Select One)
A. Hard Exit
B. Soft Exit
C. Graceful Exit
D. Not supported in GCP
Correct Answer(s): C: Graceful Exit
Explanation: Graceful exit with autoscaling event by running shutdown script
to redirect incoming traffic at load balancer, and flush cache prior to exit.
14. The HTTPS load balancer can leverage which of the following types of
GCP resources? (Select Two)
NOTE: For this exam you must know about load balancers and the two
different approaches to Load Balancing!? (Select One)
A. Global IP Address (ephemeral or static)
B. Global IP Address (ephemeral only)
C. One or more Instance Groups
D. Two or more Instance Groups
Correct Answer(s): A, C: Global IP Address (ephemeral or static), One or
more Instance Groups
Explanation: 1. A load balancer distributes user traffic across multiple
instances of your applications. To do this the load balancer leverages
additional resources, Global IP Address (ephemeral or static) 2. One or more
Instance Groups are allowed. In GCP the load balancer is a managed service
and is global. I would advise you go into the exam ready for a few load
balancing questions. Review the types of Cloud Load Balancing
https://cloud.google.com/load-balancing/docs/load-balancing-overview
15. When we setup a project in GCP what are the two main benefits of using
a project? (Select Two).
A. We can associate objects and services with billing
B. No benefits
C. We can create a max of five organizations.
D. We also can create networks (quota max 5)
Correct Answer(s): A, D: We can associate objects and services with billing,
we also can create networks (quota max 5)
Explanation: Projects are tested both directly and indirectly on the exam. A
project organizes all your Google Cloud resources. A project consists of a set
of users; a set of APIs; and billing, authentication, and monitoring settings for
those APIs.
You will need to also know gcloud commands as well.
https://cloud.google.com/storage/docs/projects
16. What type of resource is this? ___________ bundle application code
and dependencies into a single unit, abstracting the application from the
infrastructure. (Select One)
A. Virtual Machines
B. Containers
C. Microservices
D. Apps
Correct Answer(s): B: Containers
Explanation: Containers bundle application code and dependencies into a
single unit, abstracting the application from the infrastructure
17. Google Cloud Platform has several unique and innovative benefits when
it comes to billing and resource control. What are these benefits? (Select
Three)
A. Sustained use discounts
B. Sub-hour billing
C. Compute Engine Custom Machines
D. Hourly billing
E. Bitcoin Mining machines
F. Spot Instances
Correct Answer(s): A, B,C: Sustained use discounts, Sub-hour billing,
Compute Engine Custom Machines
Explanation: 1. Sub-hour billing 2. Sustained-use discounts Automatically
reward users who run virtual machines for over 25% of any calendar month
3. Compute Engine custom machine types Pay only for the resources you
need for your application
18. Which of the following is a GCP resource that is used for infrastructure
automation. This resource is where you can specify repeatable processes also.
What is this service/resource in GCP that can be used for automation? (Select
One)
A. CloudFormation
B. Cloud Deployment Manager
C. Puppet
D. Cloud Marketplace
Correct Answer(s): B: Cloud Deployment Manager
Explanation: CloudFormation is AWS, so we can throw that one out. IaaC is
important for this exam. Google Cloud Deployment Manager allows you to
specify all the resources needed for your application in a declarative format
using yaml. You can also use Python or Jinja2 templates to parameterize the
configuration and allow reuse of common deployment paradigms such as a
load balanced, auto-scaled instance group.
19. Your customer is currently developing on App Engine with Python. They
would like to implement standard images for their VM configurations. What
deployment do they need to subscribe to so to enable the use
of standard image on their VM’s? (Select One)
A. App Engine Standard
B. App Engine Flexible
C. App Engine Custom
D. App Engine Dedicated
Correct Answer(s): A: App Engine Standard
Explanation: App Engine is all they need if there is no specific development
language specified like Node.js App Engine Standard runs a sandbox. App
Engine Flexible deploys via containers.
20. Google Cloud Deployment Manager allows you to specify all the
resources needed for your application in a declarative format using
___________ format? What is the format Cloud Deployment Manager
uses? (Select One)
A. YAML
B. Python
C. PHP
D. JSON
Correct Answer(s): A: YAML
Explanation: Google Cloud Deployment Manager allows you to specify all
the resources needed for your application in a declarative format using Yaml.
Templates are either Jinja2 or Python https://cloud.google.com/deployment-
manager/docs/configuration/templates/create-basic-template
21. Which of the follow methods will not cause a shutdown script to be
executed. (Select One)
A. When a user initiates a shutdown though a request to the
guest operating system
B. Preemptible instance being shutdown
C. Shut down via the Cloud Console
D. An instance reset thru an API Call
Correct Answer(s): C: Shut down via the Cloud Console
Explanation: Create and run shutdown scripts that execute commands right
before an instance is terminated or restarted, on a best-effort basis. This is
useful if you rely on automated scripts to start up and shut down instances,
allowing instances time to clean up or perform tasks, such as exporting logs,
or syncing with other systems.
https://cloud.google.com/compute/docs/shutdownscript
22. When we speak of Best Practices around IAM and specifically the
"Principle of least privilege" . What would be two best practices as related to
least privilege? (Select One)
A. Always apply the maximum access level required
B. Always apply the minimal access level required
C. Never control who can change policies and group
memberships at the project level
D. Never control who can change policies and group
memberships at the organizational level
Correct Answer(s): B: Always apply the minimal access level required
Explanation: This is the principle of least privilege. Always apply the
minimal access level required Use groups as a best practice as well. Control
who can change policies and group memberships. Enforce audit policy
changes and always enable audit logs to record project-level permission
changes
23. Each Cloud Platform project has three unique identifiers. Which one is
NOT a correct identifier? (Select One)
A. Project Name
B. Project ID
C. Project Scope
D. Project Number
Correct Answer(s): C: Project Scope
Explanation: Each Cloud Platform project has: - A project name, which you
provide. - A project ID, which you can provide, or Cloud Platform can
provide for you. - A project number, which Cloud Platform provides. Project
scope is incorrect since we are not talking the PMP exam.
https://cloud.google.com/storage/docs/projects
24. You can use ________________________to monitor signals and build

operations in your Kubernetes Engine clusters. (Select One)
A. Stackdriver Logging
B. Stackdriver Monitoring
C. Stackdriver Kubernetes API
D. Stackdriver Trace
Correct Answer(s): B: Stackdriver Monitoring (Operations)
Explanation: Stackdriver monitors system metrics and custom metrics.
System metrics are measurements of the cluster's infrastructure, such as CPU
or memory usage. Custom metrics are application-specific metrics that you
define yourself, such as the total number of active user sessions or the total
number of rendered pages.
Note that the exam depending on when you take it may or may not be
updated to reflect the change from Stackdriver to Operations.
https://cloud.google.com/products/operations
25. When creating a VPC in Auto mode the following routes are created.
(Select Two)
A. A default route for Internet traffic (0/0) is created when the
network is created.
B. A default route for Internet traffic (0/25) is created when
the network is created.
C. One route is created for each subnet when the subnet is
created. One route is created for each subnet when the
subnet is created.
D. A default route for Internet traffic (0/25) is created when
the network is created.
Correct Answer(s): A and C. default route for Internet traffic (0/0) is created
when the network is created.
A default route for Internet traffic (0/0) is created when the network is
created. One route is created for each subnet when the subnet is created.
Explanation: A default route for Internet traffic (0/0) is created when the
network is created. One route is created for each subnet when the subnet is
created. https://cloud.google.com/vpc/docs/routes#firewallsandroutes
26. You have been asked by your IT Manager to setup some Cloud Storage
for some in house data that will migrate the cloud. You have been told that
you need to have an archive for data over 6 months for DR purposes. What
Storage Class would you choose? (Select One)
A. Nearline
B. Coldline
C. Regional
D. Multi Regional
Correct Answer(s): B. Coldline
Explanation: For the exam it is important to know the difference in Cloud
Storage tiers. Review Storage Classes
https://cloud.google.com/storage/docs/storage-classes
27. What is the flag for estimating costs for bytes read in Bigquery with the
bq command? (Select One)
A. -dry_run
B. --dry_run_read
C. --estimate_reads
D. Must use the pricing calculator.
E. Must contact support for the BQ spreadsheet
Correct Answer(s): A --dry_run
Explanation: You can perform a dry run (estimate resources) for a query job
by using the dry run syntax
https://cloud.google.com/bigquery/docs/estimate-costs#bigquery-query-dry-
run-cli
28. For system metrics, Stackdriver creates a Deployment that periodically
connects to each node and collects metrics about its Pods and containers, then
sends the metrics to Stackdriver.
sources: (Select Three)
A. CPU
B. Hypervisor
C. Memory
D. Network
E. Disk
F. Cache
Correct Answer(s): A, C, E: CPU, Memory and Disk

Explanation:
sources: CPU: container/CPU/usage_time Memory:
container/memory/bytes_used, collected from memory.usage_in_bytes in
cgroup Evict able memory: container/memory/bytes_used, collected from the
total_inactive_file field of memory.stat Non-evict able memory: Measured by
memory.usage_in_bytes - memory.total_inactive_file Disk:
container/disk/bytes_used https://cloud.google.com/kubernetes-
engine/docs/how-to/monitoring
29. ___________________is an agreement between VPN IKE peers to

permit traffic through a tunnel if the traffic matches the specified
addresses. (Select One)
A. Traffic Selector
B. CIDR Range
C. Traffic Routing
D. All of the above
Correct Answer(s): A: Traffic Selector

Explanation: When creating a VPN tunnel, you must tell the tunnel which
destination IP address ranges it can allow, and you must create routes to
forward packets destined for that IP range to the tunnel. Traffic selector is an
agreement between IKE peers to permit traffic through a tunnel if the traffic
matches the specified addresses.
https://cloud.google.com/vpn/docs/concepts/overview
30. Your company has decided to migrate from AWS S3 to GCP Cloud
Storage. You would like to transfer 120GB of data via the most efficient
method. Your network connection is a T3 and you have set up your GCP
Cloud Storage structure (buckets, folders, etc)
What would be the recommended approach? (Select One)
A. Transfer Appliance
B. Storage Transfer Service
C. BQ Transfer Service
D. Cloud Endure
Correct Answer(s): B: Storage Transfer Service
Explanation: Storage Transfer Service transfers data from an online data
source to a data sink. Your data source can be an Amazon Simple Storage
Service (Amazon S3) bucket, an HTTP/HTTPS location, or a Cloud Storage
bucket. Your data sink (the destination) is always a Cloud Storage bucket.
https://cloud.google.com/products/data-transfer/
31. Which log type provides you with logs of actions taken by Google
Support staff when accessing your Google Cloud resources? (Select One)
A. Data Access
B. Admin Activity
C. Access Transparency
D. System Events
Correct Answer(s): C: Access Transparency
Explanation: Access Transparency provides near real-time logs when Google
Cloud administrators access your content. Cloud Audit Logs already provide
visibility into the actions of your own administrators.
https://cloud.google.com/access-transparency
32. You would like to understand operations of deploying Compute Engine
resources and its operations. What log would you want to view? (Select One)
A. Admin Activity
B. System Events
C. Data Access
D. Access Transparency
Correct Answer(s): A: Admin Activity
Explanation: Admin Activity audit logs contain log entries for API calls or
other administrative actions that modify the configuration or metadata of
resources.
https://cloud.google.com/logging/docs/audit
33. With Continuous ______________, revisions are deployed to a
developer, making the entire software release process automated. (Select
One)
A. Deployment
B. Development
C. Integration
Correct Answer(s): A: Deployment
Explanation: With continuous deployment, revisions are deployed to a
developer, making the entire software release process automated
34. What type of account would you use when you want to have services
interact with other services. (Select One)
A. Github Account
B. Gsuite Account
C. User Account
D. Service Account
Correct Answer(s): D: Service Account
Explanation: Get to know service accounts. Service accounts are not user
accounts but accounts meant to be used for programmatic access.
https://cloud.google.com/compute/docs/access/service-accounts
35. Google considers regional locations to be how many miles apart? (Select
One)
A. 100
B. 1000
C. 500
D. 50
Correct Answer(s): A: 100 miles
Explanation: All regional locations are at least 100 miles apart to provide for
assurance of availability. https://cloud.google.com/storage/docs/bucket-
locations
36. Which type of load balancing would you set up to handle web
applications that open to the public? (Select One)
A. Network Load Balancing
B. HTTP Load Balancing
C. UDP Load Balancing
D. TCP Load Balancing
Correct Answer(s): B: HTTP Load Balancing

Explanation: Layer 7 load balancing in GCP is HTTP(S) load balancing.
You can also enable Cloud CDN to optimize your cloud application delivery.
https://cloud.google.com/load-balancing/
37. You would like to add a strict deploy-time policy enforcement to your
Kubernetes Engine cluster. What would be your best option? (Select One)
A. IAM Policies
B. Binary Authorization
C. Cloud Armor
D. Container Registry
Correct Answer(s): B: Binary Authorization
Explanation: Binary Authorization (BinAuthz) is a service that aims to reduce
some of these concerns by adding deploy-time policy enforcement to your
Kubernetes Engine cluster.
https://codelabs.developers.google.com/codelabs/cloud-binauthz-intro/#0
38. Your organization would like to obtain significant discounts on your VM
instance deployments on Google Cloud. These VM instances need to be
available fully. What pricing model would you want to consider. (Select
One)
A. Spot Instance
E. Ephemeral Instances
Correct Answer(s): C: Committed Use Instances
Explanation: There is terminology that is also AWS terminology such as Spot
and Reserved. Googles form of “reserved” instances are “Committed Use” .
Users can create custom machine types with unique configurations of vCPUs
and memory. The commitments apply on a regional basis.
https://cloud.google.com/compute/docs/instances/signing-up-committed-use-
discounts
39. You’re currently a developer at XYZ Corporation and you have over 60
projects deployed on GCP. You would like to integrate SSO into your GCP
and additional IT services. What are two features of SSO with
GCP? (Select Two)
A. Use your own authentication mechanism and manage your
own credentials
B. Federate your AD Trees to Google Cloud Platform
C. Federate your AWS accounts with Google Cloud Platform
D. Google Apps Directory Sync integrates with LDAP
Correct Answer(s): A, D: Use your own authentication mechanism and
manage your own credentials, Google Apps Directory Sync integrates with
LDAP
Explanation: GCDS can be used and can bring your own creds to gcp
https://cloud.google.com/iam/
40. You have an application that accepts inputs from users. The application
needs to kick off different background tasks based on these inputs. You want
to allow for automated asynchronous execution of these tasks as soon as
input is submitted by the user. Which product should you use? (Select Two)
A. Cloud Tasks
B. Cloud Crons
C. Cloud Pub/Sub
D. Cloud SDK
Correct Answer(s): A: Cloud Tasks
Explanation: Cloud Task Queues Push or Pull. The core difference between
Pub/Sub and Cloud Tasks is the notion of implicit vs explicit invocation.
https://cloud.google.com/appengine/docs/standard/java/taskqueue/
41. According to Google Cloud Platform design principles stateless servers
are easier to work with than stateful servers? (True or False) ? (Select Two)
A. True
B. False
Correct Answer(s): A: True
Explanation: The best state is no state. Make as much of your system as
possible stateless. Easier to apply more workers to a problem. Easier to
relocate tasks. More fault tolerant, less to recovery when something breaks.
https://landing.google.com/sre/sre-book/chapters/load-balancing-frontend/
42. Which of the following two statements are true about choices around
Cloud Deployment Manager templates? ? (Select Two)
A. Jinja2 is a simpler but less powerful templating language
that uses the same syntax as YAML
B. Jinja2 templates are more powerful and give you the option
to programmatically create or manage your templates
C. Python is a simpler but less powerful templating language
that uses the same syntax as YAML
D. Python templates are more powerful and give you the
option to programmatically create or manage your
templates
Correct Answer(s): A: D: Jinja2 is a simpler but less powerful templating
language that uses the same syntax as YAML, D. Python templates are more
powerful and give you the option to programmatically create or manage your
templates
Explanation: You can write templates in your choice of Python 2.7 or Jinja2.
Python templates are more powerful and give you the option to
programmatically create or manage your templates. If you are familiar with
Python, use Python for your templates. Jinja2 is a simpler but less powerful
templating language that uses the same syntax as YAML. If you aren't
familiar with Python or just want to write simple templates without messing
with Python, use Jinja2. https://cloud.google.com/deployment-
manager/docs/step-by-step-guide/create-a-template
43. Which of the following is a feature of using a VPC In Google
Cloud? (Select one)
A. Global Resource
B. Regional Resource
C. AWS Compatible Resource
D. Multi-Regional Resource
Correct Answer(s): A: Global Resource
Explanation: A single Google Cloud VPC can span multiple regions without
communicating across the public Internet. For on-premises scenarios, you can
share a connection between VPC and on-premises resources with all regions
in a single VPC. You don't need a connection in every region
https://cloud.google.com/vpc/
44. Your organization would like to obtain significant discounts on your VM

instance deployments on Google Cloud. These VM instances only need to be
used for a few hours a month.
What pricing model would you want to consider? (Select One)
A. Spot Instance
E. Preemptible Instances
Correct Answer(s): E: Preemptable Instances
Explanation: There is terminology that is also AWS terminology such as Spot
and Reserved. Googles form of “ Spot” instances are “Preemptable” . A
preemptible VM is an instance that you can create and run at a much lower
price than normal instances. However, Compute Engine might terminate at
GCP will these instances if it requires access to those resources for other
tasks.
https://cloud.google.com/compute/docs/instances/preemptible
45. Which are the following resources are Global Resources in GCP?
(Select Two)
A. Snapshots
B. Disks
C. Images
D. Zones
Correct Answer(s): A, C: Snapshots and Images
Explanation: Global resources Global resources are accessible by any
resource in any zone within the same project. When you create a global
resource, you do not need to provide a scope specification. Global resources
include: Global resources Global resources are accessible by any resource in
any zone within the same project. When you create a global resource, you do
not need to provide a scope specification. Global resources include: Images
can be used by any instance or disk resource in the same project as the image.
Google provides preconfigured images that you can use to boot your
instance. You can customize one of these images, or you can build your own
image.
https://cloud.google.com/compute/docs/regions-zones/global-regional-zonal-
resources
46. What GCP service is a lightweight, event-based, asynchronous compute
solution that allows you to create small, single-purpose functions that respond
to cloud events without the need to manage a server or a runtime
environment. (Select One)
A. Cloud Functions
B. Cloud Run
C. Cloud DataStore
D. Cloud PubSub
Correct Answer(s): A: Cloud Functions
Explanation: Cloud Functions is an (FaaS) with no servers to manage. Let’s
not get confused with Cloud Run. Cloud Run is a service that we would
deploy for lightweight containers. https://cloud.google.com/functions/
47. Your company manufactures devices with sensors and has the need to
stream huge amounts of data from these devices to a storage option in the
cloud. Which Google Cloud Platform storage option is the best choice for
your application? (Select One)
A. BigQuery
B. BigTable
C. Cloud SQL
D. Cloud Run
E. Cloud Storage
Correct Answer(s): B: BigTable
Bigtable is ideal for storing very large amounts of data in a key-value store
and supports high read and write throughput at low latency for fast access to
large amounts of data. https://cloud.google.com/bigtable
48. Your currently writing templates for Deployment Manager deployments.
You can write templates in your choice of what two languages? (Select
Two)
A. Python or Java
B. PHP or Java
C. Python or Jinja2
D. Jinja2 or PHP
Correct Answer(s): C: Python or Jinja2
Explanation: Python 2.7 or Jinja2 You can write templates in your choice of
Python 2.7 or Jinja2. Python templates are more powerful and give you the
option to programmatically create or manage your templates. If you are
familiar with Python, use Python for your templates.
https://cloud.google.com/deployment-manager/docs/step-by-step-
guide/create-a-template
49. You would like to create a new repository in Cloud Source Repositories
with gcloud. What would be the command to create a repo called
"developer"? (Select Two)
A. gcloud source repos create developer
B. gcloud source repo create developer
C. gcloud create source repos developer
D. gcloud create source repos "developer"
Correct Answer(s): A: gcloud source repos create developer
Explanation: gcloud source repo create developer
https://cloud.google.com/source-repositories/docs/creating-an-empty-
repository
50. Which of the following two details about managing secrets would not be
considered a best practice? (Select Two)
A. Rotating Secrets is a must
B. Cache Secrets locally once a year
C. Cache Secrets locally many times a day
D. Use a separate solution or platform
Correct Answer(s): A, C: Rotating Secrets is a must and Cache Secrets
locally many times a day.
Explanation: These are common secret management best practices
Rotating secrets (Use multiple versions)
Cache secrets locally (Several times per hour)
Using a separate solution or platform
END of Exam 2
Additional Resources
Additional FREE practice Questions are available after August 1, 2020 online
at https://TechCommanders.com/GCPFreepractice
Free YouTube GCP Cloud Engineer Playlist
https://www.youtube.com/playlist?
list=PLOYQCApvKhV2c4iUQdPKwzWH5x5gjsvmg
Google Cloud focused blog for all exams! http://thegcpgurus.com/
ABOUT THE AUTHOR
Joseph Holbrook
Introduction to Author
Joe Holbrook has been in the IT field since 1993 when he was exposed to
several HPUX systems on board a US Navy flagship USS JFK. He has
migrated from UNIX networking world to Storage Area Networking(SAN)
and then onto Enterprise Cloud/Virtualization and Blockchain Architectures.
He has worked for in various engineering roles for numerous companies
Hitachi Data Systems, 3PAR Data, Brocade Communications, Dimension
Data, EMC, Northrup Grumman and ViON.
Joe holds IT Industry leading certifications from Amazon Web Services,

Google Cloud, Brocade, Hitachi Data Systems, EMC, VMWare, CompTIA,
HP 3PAR, Cloud Credential Council, Palo Alto Networks and numerous
other organizations
Joe attended Central Texas University while in the Navy and received and
AA in Electronics Technology. He received a Certificate in Total Quality
Management from the United States International University (USIU) in San
Diego. He received several Certificates in Information Systems, Project
Management, Intranet Development and received a BSIS from the University
of Massachusetts Lowell (UMASS).
Joe was awarded by AFCEA NOVA the "SUPERNOVA" award for

outstanding event leadership.
Joe was also awarded the Brocade Excellence Award in 2008 for his Brocade
Services Partner Training Program implementation.
Joe is also the author of “Architecting Enterprise Blockchain Solutions”

Wiley Sybex
Currently Joe is the owner of a new upstart learning platform called

TechCommanders and is based out of Jacksonville FL.

Google Cloud Associate Cloud Engi...

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Google Cloud Associate Cloud Engi...

Uploaded by

Copyright:

Available Formats

GOOGLE CLOUD

Copyright © 2020 Techcommanders, LLC

Front cover image by Self.

Printed by Techcommanders, LLC., in the United States of America.

First printing edition 2020.

This book is dedicated to my soulmate and wife, Frida, my daughter

Additional FREE practice Questions are available online at

A. Gcloud components install kubectl

2. A recent software update to your enterprises e-commerce website that is

A. Use managed instance groups with the "update-instances"

3. Your company uses a third-party monitoring solution for your

A. Deploy the monitoring pod as a DaemonSet.

4. App Engine services are specified(designed) to be _________?

5. The Monitoring agent, ________________, is based on the original

A. gcloud compute instances grep

8. __________________is a unified programming model and also a

9 Your considering placing your Infrastructure as code processes on Cloud

A. gcloud dns project-info describe

A. gcloud source repo create devops

A. Cloud Deployment Manager

A. Cloud Source Repositories, Cloud Build, GKE

A. kubectl get pods

A. Allows a user access to view all datasets in a project, but

A. gcloud compute images import

A. Cloud Functions, Compute Engine, Kubernetes Engine,

A. Multi-Regional managed groups

us-east4 (Northern Virginia)

Select the best answer. (Select One)

A. App Engine is a regional service so if you move it has to be

A. Create a separate bucket for each vendor.

33. When learning about external IP addresses in GCP which of the

A. Assigned from a pool

34. Your users are only uploading resources (writing) to an access-controlled

A. VPC Network Peering works with Compute Engine and

37. You company is going to be testing user provisioning with Google

38. The VM instances quota is also a _____________quota and limits the

40. The maximum number of subnets in a project is how many? (Select

A. User Interface (Logs Viewer)

A. gcloud set-iam-policy project my-project-test

A. All outgoing traffic to port 25 (SMTP) is blocked.

A. Gcloud components install kubectl

Correct Answer(s): A. gcloud components install kubectl

2. A recent software update to your enterprises e-commerce website that is

Correct Answer(s): B. Processor

3. Your company uses a third-party monitoring solution for your

A. Deploy the monitoring pod as a DaemonSet.

Correct Answer(s): A. Deploy the monitoring pod as a DaemonSet.

4. App Engine services are specified(designed) to be _________?

Correct Answer(s): A. Regional

5. The Monitoring agent, ________________, is based on the original

Correct Answer(s): A. Stackdriver-agent

6. You are currently deploying an application on a Kubernetes cluster.

Correct Answer(s): D. .spec.template is a deployment template.

A. gcloud compute instances grep

Correct Answer(s): D. gcloud compute instances list

8. __________________is a unified programming model and also a

Correct Answer(s): B. Cloud Dataflow

9 Your considering placing your Infrastructure as code processes on Cloud

Correct Answer(s): B. Cloud Deployment Manager.

A. gcloud dns project-info describe

Correct Answer(s): A. gcloud dns project-info describe

A. gcloud source repo create devops

Correct Answer(s): A. Fuse Tool

17. The__________ Tier delivers traffic over Google’s well-provisioned,