Free Google Associate Cloud Engineer Actual Exam Questions

Actually, filtering by Configuration and Service Account (option A) is the way to go because service account creation is a config event, not data access. Options C and D deal with Data Access logs, which are more for actions on data rather than resource creation. Between A and B, B filters by Google Project, which is broader—service accounts are distinct resources, so you want to narrow it down specifically to Service Account. So yeah, option A makes the most sense here.

A/C? Creation should be under Configuration, but if Data Access logs are enabled for admin activities, it might show creation too. Still, A feels like the safer bet since it's a config change.

Option D is best since App Engine natively supports traffic splitting between versions.

D/C? Since both mention deploying new versions in App Engine, but only D talks about splitting traffic within App Engine settings, it feels more straightforward for traffic split. C sounds off by suggesting separate apps.

D imo. Creating a new billing account definitely requires Billing Administrator rights, so that’s a must. Once the new billing account exists, linking it to an existing project usually just needs you to update the project’s billing settings, which Billing Admins can do. The question doesn’t say anything about needing Project Billing Manager specifically for linking, only for managing billing on the project side. So option D covers creating and linking with the right role clearly—better than A or C, and more streamlined than B which mixes roles oddly.

B/D? I think B fits better since creating a billing account definitely needs Billing Admin, and linking it to a project requires Project Billing Manager rights. D misses the project-side permission.

A/C? A sets automatic restart and live migration, but C's autohealing with a health check also helps maintain availability by replacing unhealthy instances. Both improve uptime but in different ways.

A. The question specifically mentions automatic restart and availability during maintenance, so the settings in A directly address both: auto-restart on crashes and live migration during maintenance. C mentions autohealing but that depends on health checks, which aren't guaranteed here, so it’s less certain. B and D don’t cover the full set of requirements. Also, live migration (in A) ensures the instances stay running during maintenance, which is key for availability.

Given the typical subnet mask constraints, /8 (option B) is the largest block you can assign to a single subnet.

Probably B, since 10.0.0.0/8 covers more addresses than the other private ranges.

I think D is the fastest for feedback since it lets you see dependency issues without deploying. C would take longer because you're actually creating resources in another project. So, D.

D imo, --preview checks dependencies instantly without making any changes.

A, since HTTPS Load Balancer also offers global distribution and SSL offload, reducing latency.

B. The key here is minimizing latency for a global client base while handling SSL-encrypted TCP traffic on port 443. Since the traffic must stay encrypted all the way to the backend, using a Network Load Balancer makes sense because it operates at the transport layer and forwards TCP connections without decrypting them. This avoids the extra processing delay caused by SSL termination at the load balancer, unlike options A or C, which would decrypt and re-encrypt traffic. Also, internal load balancer (D) doesn’t fit since it’s meant for internal traffic, not global internet clients.

Makes sense to pick B since snapshot schedules handle automatic retention and fast restores.

Snapshots are definitely the fastest to restore compared to images or manual exports, plus the schedule handles retention automatically. So I’d go with B.

A vs D? The app.yaml usually doesn’t specify the project, it mostly deals with app settings like runtime, handlers, etc. The actual project used depends on your gcloud config or the --project flag during deploy. So checking your active gcloud config with gcloud config list (D) makes more sense to figure out which project was targeted when deploying. If you accidentally had a different project active, that’d explain where it went.

A imo, because the app.yaml file usually contains the project ID or settings that tie the app to a specific project. If that’s misconfigured, it could explain why the app deployed somewhere unexpected. Checking config alone (like in D) tells you the environment but not what’s defined in your app’s config files. It’s worth verifying both, but the root cause might be in the project settings inside app.yaml.

Maybe A is worth considering since letting instances write directly to BigQuery might avoid extra moving parts, cutting costs and complexity compared to the Cloud Function routes.

C. This option is cleaner because exporting filtered logs directly to BigQuery avoids running extra compute resources, unlike B or D which add unnecessary complexity and cost.

D vs B? B skips mentioning firewall rules, which are crucial for RDP access. D explicitly includes setting firewall rules and credentials, making it the more complete choice for fewer steps.

Probably C since port 22 is for SSH, not RDP, so that seems off.

B doesn’t work because --available lists all possible APIs, not just enabled ones. The question wants enabled APIs specifically, so B’s out. A is more on point here.

Makes sense that A is right since it directly lists enabled APIs for a specified project using --project. The others mention listing available services or account info, which doesn’t match what’s asked. A

This feels like a classic case for option C. Using gsutil with a cron job is straightforward and reliable for syncing files on a schedule without needing complex event-driven architecture. A and D involve components that don’t really fit the on-prem to cloud file sync scenario, and B is manual, which doesn’t meet the automation need. C

A/D? A seems off since Datastore is unrelated to medical images stored on-prem, so that batch template feels irrelevant. D involves Pub/Sub and triggers, which sounds like an event-driven approach but might be overkill for just archiving new files. Since the images are on-prem, you'd need a way to push them anyway. That leaves B and C, but B is manual upload, so not automated. C with a cron job and gsutil syncing fits the automation need best without unnecessary complexity.

B/D? Changing the region setting inside an existing App Engine app (B) isn’t possible as the region is fixed at app creation. Also, you can’t create multiple App Engine apps in one project, so C is out. That basically leaves D—creating a new project and setting up the app in asia-northeast1 there. It’s a bit of a hassle since you need to migrate data and services manually, but it’s the only way to get your app running in a different region.

D/C? You can’t change App Engine region or add a second app in the same project, so C is out. That leaves D, creating a new project. No way to switch regions otherwise.

Maybe B. Stackdriver logs are designed for detailed auditing, so filtering them should show both metadata label changes and file views without missing anything. Activity logs might be too high-level for this.

Good point about the depth of Stackdriver logs, but I’d also note that Activity logs in the Console might be quicker if you just want a simple check on metadata labels. Still, B seems more thorough for both tasks. B