Practice questions · IT & Cloud
Google Cloud Associate Cloud Engineer (ACE): Practice Questions
Original practice questions for the Google Cloud Associate Cloud Engineer (ACE). Each answer is explained, including why the others are wrong. Filter by domain or difficulty. These are concept checks - not real exam questions.
Answered 0 · Correct 0
-
Google Compute Engine provides:
Correct answer: B. Compute Engine runs VMs (IaaS). The data warehouse is BigQuery, object storage is Cloud Storage, and DNS is Cloud DNS. -
Google Kubernetes Engine (GKE) is:
Correct answer: B. GKE runs and manages Kubernetes clusters. Databases (Cloud SQL), CDNs and IAM are separate services. -
Cloud Run is best for:
Correct answer: C. Cloud Run runs containers serverlessly, scaling to zero. Self-managed Kubernetes is GKE, storage is Cloud Storage, and identity is IAM. -
Google Cloud Storage is used for:
Correct answer: B. Cloud Storage holds objects in buckets. Relational data is Cloud SQL, VMs are Compute Engine, and routing is a VPC concern. -
BigQuery is:
Correct answer: A. BigQuery is a serverless data warehouse for analytics. A block storage disk is a Persistent Disk, a load balancer is Cloud Load Balancing, and a container registry is Artifact Registry, none of which run analytic queries. -
Cloud SQL provides:
Correct answer: B. Cloud SQL is managed relational database hosting. Object storage is Cloud Storage, functions are Cloud Functions, and the CDN is Cloud CDN. -
A VPC in Google Cloud is:
Correct answer: D. A VPC provides private networking for resources. It is not a billing account, storage class, or dashboard. -
Cloud Load Balancing is used to:
Correct answer: D. Cloud Load Balancing spreads traffic for scale and availability. Disk encryption, logging and IAM are separate functions. -
An IAM role in Google Cloud defines:
Correct answer: C. An IAM role is a set of permissions that can be granted to identities such as users, groups or service accounts. A storage bucket holds objects, a subnet is a VPC network range, and a VM size is a Compute Engine machine type, so none of those define permissions. -
A service account is:
Correct answer: B. Service accounts are non-human identities for workloads. They are not personal logins, billing methods, or storage tiers. -
Applying least privilege in IAM means:
Correct answer: A. Least privilege grants only the permissions required. Broad Owner grants, using only an admin, or disabling IAM all increase risk. -
Cloud Monitoring is used to:
Correct answer: A. Cloud Monitoring provides metrics, dashboards and alerting. Storage, containers and DNS are other services. -
Cloud Logging primarily:
Correct answer: C. Cloud Logging aggregates and stores logs for search and analysis. Encryption, load balancing and VM creation are separate. -
To avoid surprise bills, you should:
Correct answer: D. Budget alerts warn you as spend approaches a threshold. Disabling logging, oversizing machines, or turning off IAM do not control cost (and some increase risk). -
Google App Engine is best described as:
Correct answer: B. App Engine is managed PaaS. Compute Engine gives VMs, Cloud Storage holds objects, and Cloud SQL is the database. -
A managed instance group (MIG) lets you:
Correct answer: D. A MIG runs a fleet of identical VMs with autoscaling and auto-healing. Managing DNS is Cloud DNS, assigning IAM roles is an identity task, and storing objects is Cloud Storage, none of which manage VM fleets. -
Spot (preemptible) VMs are:
Correct answer: B. Spot VMs are cheaper instances that Google can reclaim at short notice, so they suit fault-tolerant work. They are not the most expensive VMs, are not guaranteed always-on (that is the trade-off), and are not limited to databases. -
The Coldline and Archive storage classes are best for:
Correct answer: A. Coldline and Archive minimise storage cost for rarely accessed, long-term data. Active transactional databases and frequently accessed hot data need warmer classes like Standard, and live video streaming needs low-latency delivery, not cold archival storage. -
Cloud Bigtable is best suited for:
Correct answer: D. Bigtable is wide-column NoSQL for large-scale, low-latency workloads such as time-series data. Small relational datasets fit Cloud SQL, image files belong in Cloud Storage, and DNS resolution is Cloud DNS. -
Persistent Disks provide:
Correct answer: A. Persistent Disks are durable block storage you attach to Compute Engine VMs. A message queue is Pub/Sub, object storage is Cloud Storage, and a content delivery network is Cloud CDN. -
A firewall rule in a VPC controls:
Correct answer: C. A VPC firewall rule controls which traffic is allowed to and from instances. The billing account, storage classes, and IAM role bindings are configured elsewhere and do not govern network traffic. -
Shared VPC lets an organization:
Correct answer: D. Shared VPC lets one network be shared across multiple projects and managed centrally. It does not delete logs, merge billing accounts, or encrypt local disks. -
A predefined IAM role:
Correct answer: A. Predefined roles bundle relevant permissions. They are narrower than Owner and are not users. -
Applying least privilege in Google Cloud IAM means you:
Correct answer: D. Least privilege means granting the most specific, narrowest role that meets the need. Always granting Owner is far too broad, sharing a single account removes accountability, and disabling IAM removes access control entirely. -
Cloud KMS is used to:
Correct answer: B. Cloud KMS creates and manages encryption keys. Running containers is GKE or Cloud Run, balancing network load is Cloud Load Balancing, and storing logs is Cloud Logging. -
Cloud Trace is used to:
Correct answer: B. Cloud Trace analyses application latency through distributed tracing. Managing billing is Cloud Billing, storing backups is a storage task, and assigning IP addresses is a VPC networking function. -
A budget alert in Google Cloud:
Correct answer: A. A budget alert notifies you when spending approaches a defined threshold; it does not hard-block spending automatically. It also does not encrypt your data or run your code. -
The gcloud command-line tool is used to:
Correct answer: D. gcloud manages Google Cloud resources from a terminal. Editing word documents, sending marketing email, and browsing the web are everyday applications unrelated to the GCP CLI. -
Cloud Load Balancing helps you:
Correct answer: A. Cloud Load Balancing distributes traffic across backends for scale and availability. Writing application code is a developer task, managing encryption keys is Cloud KMS, and storing cold data is the Coldline or Archive storage class. -
Granting an IAM role to a Google Group rather than to individuals:
Correct answer: C. Granting a role to a group simplifies access management at scale, since you change membership instead of editing each user's permissions. It does not remove access, encrypt data, and it is fully supported, not disallowed.
Practice questions FAQ
- Are these real GCP ACE exam questions?
- No. These are original study questions written to test understanding. They are not real exam questions, exam dumps, or copied from any provider.
- How should I use these practice questions?
- Answer each one, read the explanation (including why the wrong options are wrong), and use the per-domain score below to focus your revision on weak areas. Revisit before exam day.
- How many questions should I do before the exam?
- Enough to score consistently across every domain, alongside full-length practice from official or reputable providers. Understanding why each answer is right matters more than raw volume.
- What score means I am ready?
- A good signal is consistently scoring around 80% or higher across all domains on questions you have not seen before, and being able to explain why the wrong options are wrong.
- Should I use exam dumps?
- No. Dumps (real or leaked questions) breach provider policy, can void your certification, and do not build the understanding the exam actually tests.