Home/ GCP Certifications/ GCP-ACE Practice/ Page 1

GCP GCP-ACE Free Practice Questions — Page 1

Associate Cloud Engineer • 5 questions • Answers & explanations included

Question 1

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.
D. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.
Show Answer & Explanation

Correct Answer: C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.

Each team member generates their own SSH key pair and links the public key to their Google account. Granting compute.osAdminLogin to the team's Google Group gives admin access efficiently. This allows Google Cloud to track who logged in via Cloud Audit Logs, satisfying the auditing requirement. Option A and D share the same private key across users — this breaks individual accountability. Option B works but requires manual key deployment per instance, which is operationally inefficient.

Question 2

You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible. Which range should you use?

A. 0.0.0.0/0
B. 10.0.0.0/8
C. 172.16.0.0/12
D. 192.168.0.0/16
Show Answer & Explanation

Correct Answer: B. 10.0.0.0/8

In a custom VPC, valid private IP ranges follow RFC 1918. The /8 prefix gives the largest number of addresses (~16 million hosts). 0.0.0.0/0 is not a valid subnet range for VPC — it's a routing destination. 172.16.0.0/12 and 192.168.0.0/16 are smaller ranges. GCP supports /8 as the maximum subnet size.

Question 3

You want to select and configure a cost-effective solution for relational data on Google Cloud Platform. You are working with a small set of operational data in one geographic location. You need to support point-in-time recovery. What should you do?

A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.
B. Select Cloud SQL (MySQL). Select the create failover replicas option.
C. Select Cloud Spanner. Set up your instance with 2 nodes.
D. Select Cloud Spanner. Set up your instance as multi-regional.
Show Answer & Explanation

Correct Answer: A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.

Cloud SQL (MySQL) supports point-in-time recovery via binary logging. It's cost-effective for small, single-region operational datasets. Cloud Spanner is expensive and designed for globally distributed, high-scale workloads — overkill here. Failover replicas (B) provide HA, not point-in-time recovery. Binary logging must be explicitly enabled in Cloud SQL to support PITR.

Question 4

You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps. You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?

A. Create an HTTP load balancer with a backend configuration that references an existing instance group. Set the health check to healthy (HTTP)
B. Create an HTTP load balancer with a backend configuration that references an existing instance group. Define a balancing mode and set the maximum RPS to 10.
C. Create a managed instance group. Set the Autohealing health check to healthy (HTTP)
D. Create a managed instance group. Verify that the autoscaling setting is on.
Show Answer & Explanation

Correct Answer: C. Create a managed instance group. Set the Autohealing health check to healthy (HTTP)

Managed Instance Groups (MIGs) support autohealing using health checks. You configure an HTTP health check and attach it to the MIG's autohealing policy. If a VM fails 3 checks (10s each), it gets automatically recreated. Option A and B use HTTP load balancers which don't directly trigger VM recreation. Option D (autoscaling) controls instance count, not health-based recreation.

Question 5

You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

A. Use gcloud config configurations describe to review the output.
B. Use gcloud config configurations activate and gcloud config list to review the output.
C. Use kubectl config get-contexts to review the output.
D. Use kubectl config use-context and kubectl config view to review the output.
Show Answer & Explanation

Correct Answer: D. Use kubectl config use-context and kubectl config view to review the output.

kubectl config use-context switches to the kubeconfig context of the inactive configuration, and kubectl config view shows its details including the cluster. This avoids activating the gcloud config entirely. Option A only shows gcloud config metadata, not GKE cluster details. Option B requires activating the config first, adding unnecessary steps. Option C lists all contexts but doesn't switch — you still can't view the target cluster's details without switching context.

Ready for the Full GCP-ACE Experience?

Access all 66 pages of practice questions and simulate the real exam with timed mode.

Start Interactive Quiz →