Your company has replaced your laptop OS from Windows to Ubuntu and you installed a stable

release of Cloud SDK on your machine, however when you run kubectl, you receive an error stating
“Command ‘kubectl’ not found”. Which command will you use to install kubectl on Ubuntu?

A sudo apt install kubectl

B gcloud install kubectl

C sudo yum install kubectl

D gcloud components install kubectl

You have recently joined a startup and have been asked to create a new Google Cloud account for the
company along with setting up budget alarm of $100. You have set up an alarm with 40%, 60%, 90%,
and 100% threshold. What will happen once the threshold of 100% is reached?

A A notification will be sent to Project Owner & Billing Admins.

B Your project will be deleted because you have depleted all your budget.

C All VMs will be stopped so that you don’t exceed your budget.

D A notification will be sent to Billing Admins and Billing Users.

You have to run several services to support an application. Which of the following is a good
deployment model?

A Use two large VMs, making one of them read-only.

B Run on a large, single VM

C Use a small VM for all services and increase the size of the VM when CPU utilization exceeds 90
percent

D Use containers in a managed cluster

You have been tasked with designing an organizational hierarchy for managing departments and their
cloud resources. What organizing components are available in GCP?

A Organization, folders, projects

B Buckets, directories, subdirectories

C Organizations, buckets, projects

D Folders, buckets, projects

You have been asked to design a storage system for a web application that allows users to upload large
data files to be analyzed by a business intelligence workflow. The files should be stored in a high-
availability storage system. File system functionality is not required. Which storage system in Google
Cloud Platform should be used?

A Block storage

B Object storage

C Cache

D Network File System

What is not a characteristic of specialized services in Google Cloud Platform?

A They are serverless. You do not need to configure servers or clusters.

B They provide specific functions, such as translating text or analyzing images.

C They require monitoring by the user.

D They provide an API to access the functionality of the service.

What is the fundamental unit of computing in cloud computing?

A Subnet

B Virtual machine

C Physical server

D Block

As a cloud engineer, you have been asked to upgrade the free trial of your account and rename it to a
production-inventory-system. You are getting permission denied error while making the changes.
Which of the following permissions will solve the problem?

A billing.accounts.update

B billing.account.upgrade

C billing.account.update

D billing.accounts.upgrade

A startup has reached out to you for help with their single page application which they will be running
using docker. They want you to suggest the best possible service which can be used by the developers
to deploy and manage the application on their own. Which one according to you will be best suited for
their requirement without considering the management of underlying infrastructure?

A App Engine

B Cloud Engine

C Cloud Functions

D Google Cloud Storage

Investing in servers for extended periods of time, such as committing to use servers for three to five
years, works well when?

A A company is just starting up

B A company can accurately predict server need for an extended period of time

C A company has a fixed IT budget

D A company has a variable IT budget

How many maximum instance-hours are supported by an App Engine as free daily usage quota when
scaling an instance using Automatic Scaling type?

A8

B 10

C 28

D 35

You are working with a healthcare startup as Google Cloud Consultant on a new project which they are
about to launch next week as a beta version. All the static files are stored on GCS and you have been
asked to make one of the PDF named launching-bucket publicly available for the customers to
download. You only have access to CLI to achieve the same. Which of the following commands would
you use to do it?

A gsutil acl ch -u allUsers:r gs://launching-bucket/file.pdf

B gsutil acl update -u allUsers:R gs://launching-bucket/file.pdf

C gcloud gs update-acl --public-read gs://launching-bucket/file.pdf

D gcloud storage update-acl --public-read gs://launching-bucket/file.pdf

A cloud engineer wants to create a VM named my-server-1 with four CPUs. Which of the following
commands would he use to create the VM my-server-1?

A gcloud compute instances create --machine-type=n1-standard-4 my-server-1

B gcloud compute instances create --cpus-4 my-server-1

C gcloud compute instances create --machine-type=n1-standard-4 --instancename my-server-1

D gcloud compute instances create --machine-type=n1-4-cpu my-server-1

You are starting to work on a client’s project who is looking for a database service within Google Cloud
that is horizontally scalable, supports gigabyte size of relational data, and even supports ACID for
reliable storage of data. Which service will you recommend?

A CloudSQL

B Cloud Spanner

C Datastore

D BigQuery

You have been asked to build a backend using Clojure and host it on Google Cloud with full freedom of
choosing OS, applications, libraries, etc. Which service will you prefer?

A Cloud Function

B App Engine Standard

C Compute Engine

D Cloud Run

You created a Nearline bucket in GCS by using the default parameters, after an hour you realized the
requirement was to create a Nearline bucket in asia-south1 location. How will you correct this
configuration change?

A Edit the bucket and change the location of the bucket from the default location to asia-south1.

B You can not edit the bucket once it is created.

C Modify the bucket and change its storage class to regional and choose the location to asia-south1.

D Delete the bucket and create a new bucket as per the requirement.
Your client wants to migrate an application to Google Cloud which has 15 TB of relational data. The
database is growing rapidly by 10 GB every day. In addition, to support the traffic, at least 10 read
replicas are required. Which of the following services would you meet the requirements?

A Cloud Bigtable

B Cloud Storage

C BigQuery

D Cloud Spanner

You have MS SQL Server running on a VM with n1-standard-4 machine type. For the last few days, you
are noticing performance degradation because of more than 95% memory utilization. CPU metrics
look absolutely fine and need no change. Your manager has asked you to increase a small amount of
memory keeping the cost in mind. What is the most cost-effective approach?

A Change machine type to n1-highmem-4

B Change machine type to n1-highcpu-10

C Change machine type to n1-standard-6

D Switch to custom machine type and increase memory size.

You want your application hosted on a VM to fetch metadata of that instance. Which command will
help you to fetch it?

A curl metadata.google.internal/compute-metadata/v1/

B curl <instance-private-ip>/metadata/v1/

C curl metadata.google.internal/computeMetadata/v1/

D curl internal.googleapi.com/compute-metadata/v1/

You have 100 TB of non-relational data and want to run analytics on it to see the previous year’s net
sales. Which tool suits your requirement?

A Bigtable

B Datastore

C BigQuery

D GCS
Your team has deployed a GKE cluster having 3 nodes for high availability. The cluster was tested
multiple times before moving to production, but it suddenly stopped working after deploying it to the
production environment. A team member approached you that he will need shell access to the
container for a while to resolve the issue. Which command will give him access to the container?

A kubectl exec web-server /bin/bash

B kubectl exec -i -t web-server -- /bin/bash

C kubectl ssh web-server /bin/bash

D kubectl web-server ssh -- /bin/bash

You need to deploy an update to an application in Google App Engine. The update is risky, but it can
only be tested in a live environment. What is the best way to introduce the update to minimize risk?

A Deploy a new version of the application but use traffic splitting to only direct a small number of users
to the new version.

B Deploy the application temporarily and be prepared to pull it back if needed.

C Warn users that a new app version may have issues and provide a way to contact you if there are
problems.

D Create a new project with the new app version, then redirect users to the new version.

Which of the following export options are available with Google Cloud Billing?

A Cloud SQL & Bigtable

B BigQuery & File

C BigQuery & Bigtable

D Bigtable & Storage

Which of the following commands could be used to autoscale a replication controller “foo” with
number of pods between 1 to 10 having target cpu utilization at 80%?

A kubectl rc --autoscale foo --min=1 --max=10 --cpu-percentage=80

B kubectl deployment --autoscale foo --min=1 --max--10 --cpu-percent=80

C kubectl autoscale rc foo --max=10 --cpu-percent=80

D kubectl autoscale deployment foo --min=1 --max--10 --cpu-percent=80

You are building an architecture for one of your clients with a requirement of streaming millions of
requests with high availability and durability along with HIPAA compliance. Which managed service
will you prefer?

A Cloud Function

B Cloud Dataproc

C Cloud Pub/Sub

D RabbitMQ

You have been asked to deploy a highly available Kubernetes cluster using Google Kubernetes Engine
by your manager. While spinning up the cluster you realize you do not see an option of creating a
master. What can be the reason?

A GKE does not use master nodes to control child nodes.

B You need to spin up a compute instance and set it up as a master node.

C Master node is created automatically by GKE.

D None of the above.

There are 15 VMs in your company’s Google Cloud account which have public IP addresses but are
ephemeral. Your manager asked you to assign static public IP to each instance. During the process, you
were able to assign IPs to only 5 of the VMs and were receiving errors in all other instances. What can
be the reason?

A You have reached the hard limit of using static IP addresses.

B Your quota has been exhausted and you can raise a request to increase it.

C Not all OS supports static public IP so check if the OS on VM supports static IP.

D You need to first remove the existing public IP attached to VMs and then attach static IP to them.

There are 5 VPC networks in your staging project created for 5 different applications. Each network has
its own CIDR range and firewall rules. You are asked to list the firewall rules of network-3 to perform
an update. Select the appropriate response.

A gcloud compute firewall-rules list --filter network=network-3

B gcloud compute network=network-3 --list firewall-rules

C gcloud vpc network=network-3 --list firewall-rules

D gcloud vpc firewall-rules list --filter network=network-3

Which of the following gcloud commands lets you view the details of a custom subnet you created in a
particular region?

A gcloud compute networks subnets read [SUBNET_NAME] --region us-central1

B gcloud compute networks subnets view [SUBNET_NAME] --region us-central1

C gcloud compute networks subnets list [SUBNET_NAME] --region us-central1

D gcloud compute networks subnets describe [SUBNET_NAME] --region us-central1

Your team has deployed a few windows web servers on a custom VPC network and the same is
running properly. After a few hours of the app suddenly crashes, developers are trying to remote
access web servers, but are failing to do so. While troubleshooting the issue you realize that the
firewall rule is missing. Which command will help you solve the problem?

A gcloud compute firewall-rules create “remote-access” --network “my-network” --allow tcp:22

B gcloud compute firewall-rules create “tcp:3389”

C gcloud compute firewall-rules create “remote-access” --network “my-network” --allow tcp:3389

D gcloud compute firewall-rules allow “udp:3389” --network “my-network”

A development team works with two Cloud Functions using node.js code. Each function corresponds
to environments for development and production. The code is the same except for the Cloud SQL
database values used in each function. The team wants to maintain code in a clean and reusable
fashion and decides to pass the database value during function execution. Which feature will allow
you to do this?

A Metadata

B Service Accounts

C Environment Variables

D Timeouts

You have a Kubernetes cluster with 1 node-pool. The cluster receives a lot of traffic and needs to grow.
You decide to add a node. What should you do?

A Use “gcloud container clusters resize” with the desired number of nodes.

B Use “kubectl container clusters resize” with the desired number of nodes.

C Edit the managed instance group of the cluster and increase the number of VMs by 1.
D Edit the managed instance group of the cluster and enable autoscaling.

You are launching VMs for your company’s internal application via CLI and you are not able to recollect
one of the flags. Using which command you can help yourself?

A gcloud compute help instances create

B gcloud help compute instances create

C man gcloud compute instances create

D man gcloud compute instances launch

A web application is hosted on VM and its resources are stored in a bucket. You have been asked to let
any authenticated user access the very high level blueprint of the company's product. This blueprint
does not contain any confidential data or IP data so can be made available to the public as well. What
changes are required to make it work?

A Add a new entry in permission with allUsers having public permission.

B Create a new entry in permission with allAuthenticatedUsers having read permission.

C Create a new entry in permission with allAuthorizedUsers having public permission.

D permission. Remove all existing entries from permission and add allAuthenticatedUsers having read
permission.

You want to rename an object stored in a bucket. What command structure would you use?

A gcloud mv gs://[OLD_OBJECT_NAME] gs://[NEW_OBJECT_NAME]

B gsutil cp gs://[BUCKET_NAME]/[OLD_OBJECT_NAME] gs://[BUCKET_NAME]/[NEW_OBJECT_NAME]

C gsutil mv gs://[BUCKET_NAME]/[OLD_OBJECT_NAME] gs://[BUCKET_NAME]/[NEW_OBJECT_NAME]

D gsutil mv gs://[OLD_OBJECT_NAME] gs://[NEW_OBJECT_NAME]

A health care company that provides medical services to the users wants to track their network
forensics, real-time security analysis, and optimize the expense. The manager would like to track the
network sent from and received by VM instances. What do you suggest they do?

A Pub/Sub

B VPC Monitoring

C VPC Flow Logs

D Cloud Storage

You as a Senior Cloud Engineer doing proofs-of-concept (POC) on a business-critical application having
a database deployed on a GCE virtual machine. The requirement is to have a disk that supports up to
35,000 Read IOPS per instance. Which of the following disks is suitable to meet the requirement?

A Standard Persistent Disk

B SSD Persistent Disk

C Local SSD (SCSI)

D Local SSD (NVMe)

Your project has a requirement of high GPU capacity and your manager has asked you to spin up a new
ubuntu instance with NVIDIA Tesla k80 GPU in the us-east1-d zone. Which of the following commands
would you use to do the following?

A gcloud compute instances create gpu-instance-1 \

--machine-type n1-standard-2 --zone us-east1-d \
--accelerator type=nvidia-tesla-k80,count=1 \
--image-family ubuntu-1604-lts --image-project ubuntu-os-cloud \
--maintenance-policy TERMINATE --restart-on-failure

B gcloud compute instances create gpu-instance-1 \

--machine-type nvidia-tesla-k80 --zone us-east1-d count=1 \
--image-family ubuntu-1604-lts --maintenance-policy TERMINATE
--restart-on-failure

C gcloud compute instances create gpu-instance-1 \

--machine-type=n1-standard-2 --zone us-east1-d \
--accelerator-type=nvidia-tesla-k80,count=1 \
--image-family ubuntu-1604-lts --image-project ubuntu-os-cloud \
--maintenance-policy TERMINATE --restart-on-failure

D gcloud compute instances create gpu-instance-1 \

--machine-type n1-standard-2 --zone us-east1-d \
--accelerator type nvidia-tesla-k80,count 1 \
--image-family ubuntu-1604-lts --image-project ubuntu-os-cloud \
--maintenance-policy TERMINATE --restart-on-failure

Your company was bidding on a big data project for the last few months and they have finally received
the project. The project wants you to deploy Apache Spark clusters on Google Cloud. Which service
will you use?
A Bigtable

B Cloud Composer

C DataFlow

D DataProc

A cloud engineer has been assigned to work on a running project. He wants to know which VMs are
running in the project. How could the cloud engineer get the information of the all VMs running in the
project?

A Execute the command gcloud instances list

B Execute the command gcloud compute instances list

C Execute the command gcloud list instances

D Execute the command gcloud compute list

Your company has uploaded some business-critical documents to Cloud Storage and your project
manager wants you to restrict access to the objects by using ACLs. Which of the following permission
would allow you to update the object ACLs?

A storage.objects.update

B storage.objects.setIamPolicy

C storage.objects.create

D storage.objects.getIamPolicy

Your company has deployed an application using Google App Engine flexible environment and you
have been asked to ssh the VM instance in a flexible environment, update the app configuration and if
required, enable and disable the App Engine application, which of the following predefined roles has
access to perform these tasks?

A App Engine Admin

B App Engine Service Admin

C App Engine Deployer

D App Engine Code Viewer

You are trying to fetch metadata of a VM using “curl
metadata.google.internal/computeMetadata/v1/” command but are constantly receiving 403
Forbidden. What could be the possible reason?

A Service account is missing.

B Metadata-Flavor: Google header is missing.

C Metadata-Access: Google header is missing.

D Firewall rule attached to the VM is blocking the request.

You want to list roles assigned to users in a project called ace-exam-project. What gcloud command
would you use?

A gcloud iam get-iam-policy ace-exam-project

B gcloud iam list ace-exam-project

C gcloud projects get-iam-policy ace-exam-project

D gcloud projects list ace-exam-project

Your company hired a Big Data consultant for creating real-time reporting applications using Google
Cloud services like BigQuery and PowerBI reporting tool. Your manager asked you to create an IAM
user which gives him access to read, update, and delete the dataset but not to create one. Which role
would you assign to him?

A roles/bigquery.dataOwner

B roles/bigquery.dataEditor

C roles/bigquery.datasetEditor

D roles/bigquery.admin

Your company has appointed a new DevOps engineer with experience in Google Cloud Platform, you
have been asked to create a user which would allow him to call “builds.cancel()” API only. Which of
the following permission would you consider completing this task?

A cloudbuild.builds.create

B cloudbuild.builds.update

C cloudbuild.builds.list

D cloudbuild.builds.get
Using the principle of least privilege, your colleague Bob needs to be able to create new instances on
Compute Engine in the project ‘Project A’. How should you give him access without giving more
permissions than is necessary?

A Give Bob Compute Engine Instance Admin Role for Project A.

B Give Bob Compute Engine Admin Role for Project A.

C Create a shared VPC that Bob can access Compute resources from.

D Give Bob Project Editor IAM role for project A.

Your company is going for an audit and the auditor has approached you to provide them with all the
audit logs related to the bangkit-prod project. Which service will you use to extract the logs for
auditors?

A Flow logs

B Stackdriver logging

C Activity logs

D Audit logs

An auditor needs to review audit logs. You assign read-only permission to a custom role you create for
auditors. What security best practices are you following?

A Separation of duties

B Defense in depth

C Least privilege

D Vulnerability scanning

You are creating a firewall rule for your DB server so that only web servers and your internal
application servers can access it. You have added both service accounts and tags for traffic filters but
while saving you receive an error. What can be the reason?

A Service account is not supported as a filter.

B Tags are not supported as traffic filters.

C You can only specify only one traffic filter at a time.

D Service accounts and tags cannot be used together at the same time.