Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Q52-Q73] Google Associate-Cloud-Engineer Practice Verified Answers - Pass Your Exams For Sure! [2021]

[Q52-Q73] Google Associate-Cloud-Engineer Practice Verified Answers - Pass Your Exams For Sure! [2021]

Share

Google Associate-Cloud-Engineer Practice Verified Answers - Pass Your Exams For Sure! [2021]

Valid Way To Pass Google Cloud Certified's  Associate-Cloud-Engineer Exam

NEW QUESTION 52
Your company set up a complex organizational structure on Google Cloud. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure. You need to assign minimum permissions to these team members, and you want to follow Google-recommended practices.
What should you do?

  • A. Add the users to a group, and add this group to roles/browser.
  • B. Add the users to roles/iam.roleViewer role.
  • C. Add the users to roles/browser role.
  • D. Add the users to a group, and add this group to roles/iam.roleViewer role.

Answer: A

 

NEW QUESTION 53
You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google's recommended practices. Which method should you use?

  • A. Deployment Manager
  • B. Cloud Composer
  • C. Managed Instance Group
  • D. Unmanaged Instance Group

Answer: C

Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/instances/

 

NEW QUESTION 54
You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

  • A. Select "Container-Optimized OS (cos)" as a node image for your GKE cluster.
  • B. Select the latest available cluster version for your GKE cluster.
  • C. Enable the Node Auto-Repair feature for your GKE cluster.
  • D. Enable the Node Auto-Upgrades feature for your GKE cluster.

Answer: D

 

NEW QUESTION 55
You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?

  • A. 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.
    2. Create a Cloud Pub/Sub subscription for that topic.
    3. Make your application pull messages from that subscription.
  • B. 1. Create a service account.
    2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.
    3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.
  • C. 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.
    2. Create a Cloud Pub/Sub subscription for that topic.
    3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.
  • D. 1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.
    2. Call your application on Cloud Run from the Cloud Function for every message.

Answer: B

 

NEW QUESTION 56
You are hosting an application on bare-metal servers in your own data center. The application needs access to Cloud Storage. However, security policies prevent the servers hosting the application from having public IP addresses or access to the internet. You want to follow Google-recommended practices to provide the application with access to Cloud Storage. What should you do?

  • A. 1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP.2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel.3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.
  • B. 1. Use nslookup to get the IP address for storage.googleapis.com.2. Negotiate with the security team to be able to give a public IP address to the servers.3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.
  • C. 1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine.2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend.3. Configure your new instances to use this ILB as proxy.
  • D. 1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform (GCP).2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance.3. Configure your servers to use that instance as a proxy to access Cloud Storage.

Answer: A

 

NEW QUESTION 57
You have an application server running on Compute Engine in the europe-west1-d zone. You need to ensure high availability and replicate the server to the europe-west2-c zone using the fewest steps possible. What should you do?

  • A. Use "gcloud compute instances move" with parameter "--destination-zone europe-west2-c" to move the instance to the new zone.
  • B. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west1-d zone and then move the disk to europe-west2-c. Create a new VM with that disk.
  • C. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west2-c zone.
    Create a new VM with that disk.
  • D. Use "gcloud" to copy the disk to the europe-west2-c zone. Create a new VM with that disk.

Answer: C

Explanation:
A is correct because this makes sure the VM gets replicated in the new zone.
B is not correct because this takes more steps than A.
C is not correct because this will generate an error, because gcloud cannot copy disks.
D is not correct because the original VM will be moved, not replicated.

 

NEW QUESTION 58
You have a project using BigQuery. You want to list all BigQuery jobs for that project. You want to set this project as the default for the bq command-line tool. What should you do?

  • A. Use "bq generate config-url" to generate a URL to the Google Cloud Platform Console to set the default project.
  • B. Use "bq config set project" to set the default project.
  • C. Use "gcloud generate config-url" to generate a URL to the Google Cloud Platform Console to set the default project.
  • D. Use "gcloud config set project" to set the default project.

Answer: D

Explanation:
A is correct because you need to use gcloud to manage the config/defaults.
B is not correct because the bq command-line tool assumes the gcloud configuration settings and can't be set through BigQuery.
C is not correct because entering this command will not achieve the desired result and will generate an error.
D is not correct because entering this command will not achieve the desired result and will generate an error.
https://cloud.google.com/bigquery/docs/reference/bq-cli-reference
https://cloud.google.com/sdk/gcloud/reference/config/set

 

NEW QUESTION 59
You've created a new "Custom Role" for a specific new job role inside your company. The role consisted of several permissions; some had a status of "Supported" others a status of "Testing." The role has been working for weeks; however, some permissions recently stopped working. What is the most likely cause for this?

  • A. The latest Google applied updates reset all of the custom roles.
  • B. Your account has been compromised by hackers.
  • C. One or more permissions with a status of "Testing" have changed.
  • D. The custom role has reached its expiration period.

Answer: B,C

 

NEW QUESTION 60
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

  • A. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to BETA while testing the role permissions.
  • B. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
  • C. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
  • D. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to BETA while testing the role permissions.

Answer: B

Explanation:
Explanation

 

NEW QUESTION 61
Your auditor wants to view your organization's use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need. What should you do?

  • A. Turn on Data Access Logs for the buckets they want to audit, and then build a query in the log viewer that filters on Cloud Storage.
  • B. Use the export logs API to provide the Admin Activity Audit Logs in the format they want.
  • C. Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs.
  • D. Assign the appropriate permissions, and the use Cloud Monitoring to review metrics.

Answer: B

Explanation:
https://cloud.google.com/storage/docs/audit-logging

 

NEW QUESTION 62
Your security team has been reluctant to move to the cloud because they don't have the level of network visibility they're used to. Which feature might help them to gain insights into your Google Cloud network?

  • A. Firewall rules
  • B. Flow logs
  • C. Subnets
  • D. Routes

Answer: B

 

NEW QUESTION 63
Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?

  • A. Add the group for the finance team to roles/billing project/Manager role.
  • B. Add the group for the finance team to roles/billing user role.
  • C. Add the group for the finance team to roles/billing admin role.
  • D. Add the group for the finance team to roles/billing viewer role.

Answer: D

Explanation:
Billing Account Viewer access would usually be granted to finance teams, it provides access to spend information, but does not confer the right to link or unlink projects or otherwise manage the properties of the billing account.
https://cloud.google.com/billing/docs/how-to/billing-access

 

NEW QUESTION 64
You have developed a containerized web application that will serve Internal colleagues during business hours. You want to ensure that no costs are incurred outside of the hours the application is used. You have just created a new Google Cloud project and want to deploy the application. What should you do?

  • A. Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.
  • B. Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero
  • C. Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml
  • D. Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml

Answer: C

 

NEW QUESTION 65
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

  • A. 1. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow all
  • B. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow TCP: 8080
  • C. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow all
  • D. 1. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to
    10.0.1.0/24)* Protocols: allow TCP: 8080

Answer: B

 

NEW QUESTION 66
You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?

  • A. Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
  • B. Execute the Deployment Manager template using the --preview option in the same project, and observe the state of interdependent resources.
  • C. Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.
  • D. Use granular logging statements within a Deployment Manager template authored in Python.

Answer: B

 

NEW QUESTION 67
You need to manage multiple Google Cloud Platform (GCP) projects in the fewest steps possible. You want to configure the Google Cloud SDK command line interface (CLI) so that you can easily manage multiple GCP projects. What should you?

  • A. 1. Create a configuration for each project you need to manage.
    2. Use gcloud init to update the configuration values when you need to work with a non-default project
  • B. 1. Use the default configuration for one project you need to manage.
    2. Activate the appropriate configuration when you work with each of your assigned GCP projects.
  • C. 1. Use the default configuration for one project you need to manage.
    2. Use gcloud init to update the configuration values when you need to work with a non-default project.
  • D. 1. Create a configuration for each project you need to manage.
    2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

Answer: C

 

NEW QUESTION 68
You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using UDP. You want to make sure it is reachable by clients over that port. What should you do?

  • A. Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.
  • B. Add the network tag allow-udp-636 to the VM instance running the LDAP server.
  • C. Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.
  • D. Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.

Answer: A

 

NEW QUESTION 69
You are building a pipeline to process time-series dat
a. Which Google Cloud Platform services should you put in boxes 1,2,3, and 4?

  • A. Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
  • B. Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery
  • C. Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery
  • D. Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable

Answer: C

 

NEW QUESTION 70
A business team requires a structured storage solution to store all of a company's historical sales data.
Currently there are 4 TB of data, which will grow to hundreds of terabytes within a few years. The team must be able to regularly run queries against the data using current business intelligence tools. Fast performance is required despite the dataset growth.
Which solution should the company use?

  • A. Amazon DynamoDB
  • B. Amazon Redshift
  • C. Amazon Aurora
  • D. Amazon S3

Answer: B

Explanation:
Explanation/Reference: https://aws.amazon.com/blogs/aws/category/amazon-redshift/

 

NEW QUESTION 71
You recently deployed a new version of an application to App Engine and then discovered a bug in the release. You need to immediately revert to the prior version of the application. What should you do?

  • A. Deploy the original version as a separate application. Then go to App Engine settings and split traffic between applications so that the original version serves 100% of the requests.
  • B. On the App Engine page of the GCP Console, select the application that needs to be reverted and click Revert.
  • C. Run gcloud app restore.
  • D. On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version.

Answer: A

 

NEW QUESTION 72
Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?

  • A. Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.
  • B. Create a custom role by removing delete permissions, and add users to that role only.
  • C. Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.
  • D. Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

Answer: D

 

NEW QUESTION 73
......


Below is the cost of Associate Cloud Engineer Exam

The price of Associate Cloud Engineer exam is $125 USD (plus tax where appropriate)

Google Associate-Cloud-Engineer Pre-Exam Practice Tests | TestSimulate: https://www.testsimulate.com/Associate-Cloud-Engineer-study-materials.html

Related Blogs

more
Go To Associate-Cloud-Engineer Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.