Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Google
  5. ASSOCIATE-CLOUD-ENGINEER

Google ASSOCIATE-CLOUD-ENGINEER Exam
Associate Cloud Engineer (Page 6 )

Updated On: 25-Jan-2026
Page 6 of 63
PDF with 343 Questions

Your company is using Google Workspace to manage employee accounts. Anticipated growth will increase the number of personnel from 100 employees to 1.000 employees within 2 years. Most employees will need access to your company's Google Cloud account. The systems and processes will need to support 10x growth without performance degradation, unnecessary complexity, or security issues.
What should you do?

  1. Migrate the users to Active Directory. Connect the Human Resources system to Active Directory.
    Turn on Google Cloud Directory Sync (GCDS) for Cloud Identity. Turn on Identity Federation from Cloud Identity to Active Directory.
  2. Organize the users in Cloud Identity into groups. Enforce multi-factor authentication in Cloud Identity.
  3. Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation.
  4. Use a third-party identity provider service through federation. Synchronize the users from Google Workplace to the third-party provider in real time.

Answer(s): B



You recently received a new Google Cloud project with an attached billing account where you will work. You need to create instances, set firewalls, and store data in Cloud Storage. You want to follow Google-recommended practices.
What should you do?

  1. Use the gcloud CLI services enable cloudresourcemanager.googleapis.com command to enable all resources.
  2. Use the gcloud services enable compute.googleapis.com command to enable Compute Engine and the gcloud services enable storage-api.googleapis.com command to enable the Cloud Storage APIs.
  3. Open the Google Cloud console and enable all Google Cloud APIs from the API dashboard.
  4. Open the Google Cloud console and run gcloud init --project <project-id> in a Cloud Shell.

Answer(s): B



You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information.
What should you do?

  1. Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.
  2. Grant all engineer's permission to create their own billing accounts for each new project.
  3. Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.
  4. Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

Answer(s): A



Your learn wants to deploy a specific content management system (CMS) solution lo Google Cloud. You need a quick and easy way to deploy and install the solution.
What should you do?

  1. Search for the CMS solution in Google Cloud Marketplace. Use gcloud CLI to deploy the solution.
  2. Search for the CMS solution in Google Cloud Marketplace. Deploy the solution directly from Cloud Marketplace.
  3. Search for the CMS solution in Google Cloud Marketplace. Use Terraform and the Cloud Marketplace ID to deploy the solution with the appropriate parameters.
  4. Use the installation guide of the CMS provider. Perform the installation through your configuration management system.

Answer(s): B



You have two subnets (subnet-a and subnet-b) in the default VPC. Your database servers are running in subnet-

  1. Your application servers and web servers are running in subnet-b. You want to configure a firewall rule that only allows database traffic from the application servers to the database servers.
    What should you do?
  2. * Create service accounts sa-app and sa-db.
    · Associate service account: sa-app with the application servers and the service account sa-db with the database servers.
    · Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.
  3. · Create network tags app-server and db-server.
    · Add the app-server lag lo the application servers and the db-server lag to the database servers.
    · Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.
  4. * Create a service account sa-app and a network tag db-server.
    * Associate the service account sa-app with the application servers and the network tag db-server with the database servers.
    · Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.
  5. · Create a network lag app-server and service account sa-db.
    · Add the tag to the application servers and associate the service account with the database servers.
    · Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.

Answer(s): C



Viewing page 6 of 63
Viewing questions 26 - 30 out of 343 questions



Post your Comments and Discuss Google ASSOCIATE-CLOUD-ENGINEER exam prep with other Community members:

Join the ASSOCIATE-CLOUD-ENGINEER Discussion