Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer exact Exam Questions

Google Cloud Certified - Associate Cloud Engineer

Last Update 23 hours ago Total Questions : 332

The Google Cloud Certified - Associate Cloud Engineer content is now fully updated, with all current exam questions added 23 hours ago. Deciding to include Associate-Cloud-Engineer practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our Associate-Cloud-Engineer exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these Associate-Cloud-Engineer sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Google Cloud Certified - Associate Cloud Engineer practice test comfortably within the allotted time.

Question # 4

Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet has no more free IP addresses and you require an additional 10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other without additional routes. What should you do?

Use gcloud to expand the IP range of the current subnet.

Delete the subnet, and recreate it using a wider range of IP addresses.

Create a new project. Use Shared VPC to share the current network with the new project.

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

Question # 5

You deployed an App Engine application using gcloud app deploy, but it did not deploy to the intended project. You want to find out why this happened and where the application deployed. What should you do?

Check the app.yaml file for your application and check project settings.

Check the web-application.xml file for your application and check project settings.

Go to Deployment Manager and review settings for deployment of applications.

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

Question # 6

You are planning to migrate the following on-premises data management solutions to Google Cloud:

• One MySQL cluster for your main database

• Apache Kafka for your event streaming platform

• One Cloud SOL for PostgreSOL database for your analytical and reporting needs

You want to implement Google-recommended solutions for the migration. You need to ensure that the new solutions provide global scalability and require minimal operational and infrastructure management. What should you do?

Migrate from MySQL to Cloud SQL, from Kafka to Memorystore, and from Cloud SQL for PostgreSQL to Cloud SQL

Migrate from MySQL to Cloud Spanner, from Kafka to Memorystore, and from Cloud SOL for PostgreSQL to Cloud SQL

Migrate from MySQL to Cloud SOL, from Kafka to Pub/Sub, and from Cloud SOL for PostgreSQL to BigQuery.

Migrate from MySQL to Cloud Spanner, from Kafka to Pub/Sub. and from Cloud SQL for PostgreSQL to BigQuery

Question # 7

You are developing a financial trading application that will be used globally. Data is stored and queried using a relational structure, and clients from all over the world should get the exact identical state of the data. The application will be deployed in multiple regions to provide the lowest latency to end users. You need to select a storage option for the application data while minimizing latency. What should you do?

Use Cloud Bigtable for data storage.

Use Cloud SQL for data storage.

Use Cloud Spanner for data storage.

Use Firestore for data storage.

Question # 8

You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Question # 9

You are designing an application that uses WebSockets and HTTP sessions that are not distributed across the web servers. You want to ensure the application runs properly on Google Cloud Platform. What should you do?

Meet with the cloud enablement team to discuss load balancer options.

Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.

Review the encryption requirements for WebSocket connections with the security team.

Convert the WebSocket code to use HTTP streaming.

Question # 10

You are deploying an application to Cloud Run. Your application requires the use of an API that runs on Google Kubernetes Engine (GKE). You need to ensure that your Cloud Run service can privately reach the API on GKE, and you want to follow Google-recommended practices. What should you do?

Deploy an ingress resource on the GKE cluster to expose the API to the internet. Use Cloud Armor to filter for IP addresses that can connect to the API. On the Cloud Run service, configure the application to fetch its public IP address and update the Cloud Armor policy on startup to allow this IP address to call the API on ports 80 and 443.

Create an egress firewall rule on the VPC to allow connections to 0.0.0.0/0 on ports 80 and 443.

Create an ingress firewall rule on the VPC to allow connections from 0.0.0.0/0 on ports 80 and 443.

Deploy an internal Application Load Balancer to expose the API on GKE to the VPC. Configure Cloud DNS with the IP address of the internal Application Load Balancer. Deploy a Serverless VPC Access connector to allow the Cloud Run service to call the API through the FQDN on Cloud DNS.

Answer:

Explanation:

The requirement is for private communication between a Cloud Run service and a GKE API, following best practices.

Option A exposes the GKE API to the public internet, which violates the "privately reach" requirement. Relying on dynamic IP allowlisting with Cloud Armor is complex and less secure than private networking.

Options B and C configure overly permissive firewall rules (allowing all egress or ingress) and do not establish the necessary private network path between Cloud Run (which normally runs outside your VPC) and the GKE cluster within your VPC.

Option D describes the standard Google-recommended pattern for this scenario:

Internal Application Load Balancer (ILB): Expose the GKE service (API) using an ILB. This gives the service a private IP address accessible only within the VPC network (or connected networks).

Cloud DNS: Create a private DNS zone and record pointing a fully qualified domain name (FQDN) to the ILB's private IP address. This allows services to reach the API via a stable name instead of an IP.

Serverless VPC Access Connector: This connector creates a bridge allowing serverless services like Cloud Run to send traffic into your VPC network.

Cloud Run Configuration: Configure the Cloud Run service to use the VPC Access connector. The application code can then call the GKE API using its private FQDN registered in Cloud DNS.

This setup ensures traffic flows entirely over private networks (within the VPC via the ILB and through the VPC Access connector), meeting the private communication requirement securely and reliably.

[References:, Serverless VPC Access: "Serverless VPC Access lets your serverless environment send requests to your VPC network..." - https://cloud.google.com/vpc/docs/serverless-vpc-access, Internal Application Load Balancer Overview: "Google Cloud internal Application Load Balancers are regional, proxy-based Layer 7 load balancers that enable you to run and scale your services behind an internal IP address..." - https://cloud.google.com/load-balancing/docs/internal, Connecting from Cloud Run to a VPC network: Documentation often outlines patterns using VPC Access Connectors and Internal Load Balancers or Private Service Connect. - https://cloud.google.com/run/docs/configuring/connecting-vpc, GKE Internal Load Balancing: How to expose GKE services internally. - https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing, , , ]

Go to page: