Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Google
  5. ASSOCIATE-CLOUD-ENGINEER

Google ASSOCIATE-CLOUD-ENGINEER Exam
Associate Cloud Engineer (Page 2 )

Updated On: 25-Jan-2026
Page 2 of 63
PDF with 343 Questions

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance.
What should you do?

  1. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
  2. Ask each member of the team to generate a new SSH key pair and to send you their public key.
    Use a configuration management tool to deploy those keys on each instance.
  3. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.
  4. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Answer(s): C

Explanation:

https://cloud.google.com/compute/docs/instances/managing-instance-access



You have a number of compute instances belonging to an unmanaged instances group. You need to SSH to one of the Compute Engine instances to run an ad hoc script. You've already authenticated gcloud, however, you don't have an SSH key deployed yet. In the fewest steps possible, what's the easiest way to SSH to the instance?

  1. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.
  2. Use the gcloud compute ssh command.
  3. Create a key with the ssh-keygen command. Then use the gcloud compute ssh command.
  4. Create a key with the ssh-keygen command. Upload the key to the instance. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

Answer(s): B

Explanation:

gcloud compute ssh ensures that the user's public SSH key is present in the project's metadata. If the user does not have a public SSH key, one is generated using ssh-keygen and added to the project's metadata. This is similar to the other option where we copy the key explicitly to the project's metadata but here it is done automatically for us. There are also security benefits with this approach.
When we use gcloud compute ssh to connect to Linux instances, we are adding a layer of security by storing your host keys as guest attributes. Storing SSH host keys as guest attributes improve the security of your connections by helping to protect against vulnerabilities such as man-in-the-middle (MITM) attacks. On the initial boot of a VM instance, if guest attributes are enabled, Compute Engine stores your generated host keys as guest attributes.
Compute Engine then uses these host keys that were stored during the initial boot to verify all subsequent connections to the VM instance.

Ref: https://cloud.google.com/compute/docs/instances/connecting-to-instance Ref: https://cloud.google.com/sdk/gcloud/reference/compute/ssh



You are designing an application that uses WebSockets and HTTP sessions that are not distributed across the web servers. You want to ensure the application runs properly on Google Cloud Platform.
What should you do?

  1. Meet with the cloud enablement team to discuss load balancer options.
  2. Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.
  3. Review the encryption requirements for WebSocket connections with the security team.
  4. Convert the WebSocket code to use HTTP streaming.

Answer(s): A

Explanation:

Google HTTP(S) Load Balancing has native support for the WebSocket protocol when you use HTTP or HTTPS, not HTTP/2, as the protocol to the backend.

Ref: https://cloud.google.com/load-balancing/docs/https#websocket_proxy_support

So the next possible step is to Meet with the cloud enablement team to discuss load balancer options.
We dont need to convert WebSocket code to use HTTP streaming or Redesign the application, as WebSocket support is offered by Google HTTP(S) Load Balancing. Reviewing the encryption requirements is a good idea but it has nothing to do with WebSockets.



You are designing an application that lets users upload and share photos. You expect your application to grow really fast and you are targeting a worldwide audience. You want to delete uploaded photos after 30 days. You want to minimize costs while ensuring your application is highly available.
Which GCP storage solution should you choose?

  1. Persistent SSD on VM instances.
  2. Cloud Filestore.
  3. Multiregional Cloud Storage bucket.
  4. Cloud Datastore database.

Answer(s): C

Explanation:

Cloud Storage allows world-wide storage and retrieval of any amount of data at any time. We dont need to set up auto-scaling ourselves. Cloud Storage autoscaling is managed by GCP. Cloud Storage is an object store so it is suitable for storing photos. Cloud Storage allows world-wide storage and retrieval so cater well to our worldwide audience. Cloud storage provides us lifecycle rules that can be configured to automatically delete objects older than 30 days. This also fits our requirements. Finally, Google Cloud Storage offers several storage classes such as Nearline Storage ($0.01 per GB per Month) Coldline Storage ($0.007 per GB per Month) and Archive Storage ($0.004 per GB per month) which are significantly cheaper than any of the options above.
Ref: https://cloud.google.com/storage/docs
Ref: https://cloud.google.com/storage/pricing



A company wants to build an application that stores images in a Cloud Storage bucket and wants to generate thumbnails as well as resize the images. They want to use a google managed service that can scale up and scale down to zero automatically with minimal effort. You have been asked to recommend a service.
Which GCP service would you suggest?

  1. Google Compute Engine
  2. Google App Engine
  3. Cloud Functions
  4. Google Kubernetes Engine

Answer(s): C

Explanation:



Cloud Functions is Google Cloud's event-driven serverless compute platform. It automatically scales based on the load and requires no additional configuration. You pay only for the resources used.

Ref: https://cloud.google.com/functions

While all other options i.e. Google Compute Engine, Google Kubernetes Engine, Google App Engine support autoscaling, it needs to be configured explicitly based on the load and is not as trivial as the scale up or scale down offered by Google's cloud functions.



Viewing page 2 of 63
Viewing questions 6 - 10 out of 343 questions



Post your Comments and Discuss Google ASSOCIATE-CLOUD-ENGINEER exam prep with other Community members:

Join the ASSOCIATE-CLOUD-ENGINEER Discussion