Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

Associate-Cloud-Engineer Exam Dumps - Google Cloud Certified Questions and Answers

Question # 34

You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Options:

A.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

B.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

C.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

D.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Buy Now
Question # 35

You need to deploy an application in Google Cloud using savorless technology. You want to test a new version of the application with a small percentage of production traffic. What should you do?

Options:

A.

Deploy the application lo Cloud. Run. Use gradual rollouts for traffic spelling.

B.

Deploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.

C.

Deploy the application to Cloud functions. Saucily the version number in the functions name.

D.

Deploy the application to App Engine. For each new version, create a new service.

Buy Now
Question # 36

You created a Kubernetes deployment by running kubectl run nginx image=nginx labels=app=prod. Your Kubernetes cluster is also used by a number of other deployments. How can you find the identifier of the pods for this nginx deployment?

Options:

A.

kubectl get deployments –output=pods

B.

gcloud get pods –selector=”app=prod”

C.

kubectl get pods -I “app=prod”

D.

gcloud list gke-deployments -filter={pod }

Buy Now
Question # 37

Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:

• Instances in tier #1 must communicate with tier #2.

• Instances in tier #2 must communicate with tier #3.

What should you do?

Options:

A.

1. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow all

B.

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow TCP: 8080

C.

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow all

D.

1. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow TCP: 8080

Buy Now
Question # 38

You deployed an App Engine application using gcloud app deploy, but it did not deploy to the intended project. You want to find out why this happened and where the application deployed. What should you do?

Options:

A.

Check the app.yaml file for your application and check project settings.

B.

Check the web-application.xml file for your application and check project settings.

C.

Go to Deployment Manager and review settings for deployment of applications.

D.

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

Buy Now
Question # 39

The DevOps group in your organization needs full control of Compute Engine resources in your development project. However, they should not have permission to create or update any other resources in the project. You want to follow Google's recommendations for setting permissions for the DevOps group. What should you do?

Options:

A.

Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps group.

B.

Create an IAM policy and grant all compute. instanceAdmln." permissions to the policy Attach the policy to the DevOps group.

C.

Create a custom role at the folder level and grant all compute. instanceAdmln. * permissions to the role Grant the custom role to the DevOps group.

D.

Grant the basic role roles/editor to the DevOps group.

Buy Now
Question # 40

You need to update a deployment in Deployment Manager without any resource downtime in the deployment. Which command should you use?

Options:

A.

gcloud deployment-manager deployments create --config

B.

gcloud deployment-manager deployments update --config

C.

gcloud deployment-manager resources create --config

D.

gcloud deployment-manager resources update --config

Buy Now
Question # 41

You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

Options:

A.

Create a health check on port 443 and use that when creating the Managed Instance Group.

B.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

C.

In the Instance Template, add the label ‘health-check’.

D.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

Buy Now
Question # 42

Your company has a large quantity of unstructured data in different file formats. You want to perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it can be processed by a Dataflow job. What should you do?

Options:

A.

Upload the data to BigQuery using the bq command line tool.

B.

Upload the data to Cloud Storage using the gsutil command line tool.

C.

Upload the data into Cloud SQL using the import function in the console.

D.

Upload the data into Cloud Spanner using the import function in the console.

Buy Now
Question # 43

You are the Google Cloud systems administrator for your organization. User A reports that they received an error when attempting to access the Cloud SQL database in their Google Cloud project, while User B can access the database. You need to troubleshoot the issue for User A, while following Google-recommended practices.

What should you do first?

Options:

A.

Confirm that network firewall rules are not blocking traffic for User A.

B.

Review recent configuration changes that may have caused unintended modifications to permissions.

C.

Verify that User A has the Identity and Access Management (IAM) Project Owner role assigned.

D.

Review the error message that User A received.

Buy Now
Exam Code: Associate-Cloud-Engineer
Exam Name: Google Cloud Certified - Associate Cloud Engineer
Last Update: Jun 15, 2025
Questions: 321
Associate-Cloud-Engineer pdf

Associate-Cloud-Engineer PDF

$34  $84.99
 Add to Cart
Associate-Cloud-Engineer Engine

Associate-Cloud-Engineer Testing Engine

$38  $94.99
 Add to Cart
Associate-Cloud-Engineer PDF + Engine

Associate-Cloud-Engineer PDF + Testing Engine

$54  $134.99
 Add to Cart