[ACE] Google Cloud Certified Associate
Cloud Engineer Certification Exam
Preparation
**Question 1.** Which Google Cloud resource hierarchy level can contain both folders and
projects?
A) Organization
B) Folder
C) Project
D) Billing Account
Answer: A
Explanation: The Organization is the top‑level node and can contain folders and projects
directly.
**Question 2.** In IAM, which type of role provides the most granular permissions?
A) Primitive role
B) Predefined role
C) Custom role
D) Owner role
Answer: C
Explanation: Custom roles are defined by the admin and can include only the specific
permissions needed, offering the finest granularity.
**Question 3.** Which IAM primitive role grants the ability to view resources but not modify
them?
A) Viewer
B) Editor
C) Owner
D) Browser
, [ACE] Google Cloud Certified Associate
Cloud Engineer Certification Exam
Preparation
Answer: A
Explanation: The Viewer primitive role provides read‑only access to all resources in the scope.
**Question 4.** What is the recommended method for authenticating applications running on
Compute Engine instances without storing keys?
A) Use a service account key file stored on the VM
B) Enable workload identity federation
C) Attach a service account to the instance and use Application Default Credentials
D) Store credentials in Cloud Storage and read them at runtime
Answer: C
Explanation: Attaching a service account to the VM allows the instance to obtain short‑lived
tokens automatically via ADC, eliminating key storage.
**Question 5.** Which of the following is a best practice for managing service account keys?
A) Create a new key for each application and store it indefinitely
B) Rotate keys every 90 days and delete unused keys promptly
C) Share a single key across multiple projects for simplicity
D) Store keys in plaintext on local developer machines
Answer: B
Explanation: Regular rotation and prompt deletion of unused keys reduce the risk of
compromised credentials.
**Question 6.** To enable the Compute Engine API for a new project using the gcloud CLI,
which command is correct?
A) gcloud services enable compute.googleapis.com --project=PROJECT_ID
, [ACE] Google Cloud Certified Associate
Cloud Engineer Certification Exam
Preparation
B) gcloud compute api enable --project=PROJECT_ID
C) gcloud services activate compute.googleapis.com --project=PROJECT_ID
D) gcloud compute enable --project=PROJECT_ID
Answer: A
Explanation: `gcloud services enable` followed by the service name activates the API for the
specified project.
**Question 7.** Which billing account type allows you to link multiple projects and view a
consolidated cost report?
A) Free trial billing account
B) Self‑serve billing account
C) Enterprise billing account
D) Pay‑as‑you‑go billing account
Answer: B
Explanation: A self‑serve billing account is the standard type for most GCP customers and
supports multiple linked projects with consolidated reporting.
**Question 8.** What feature can you use to receive an email when a project's monthly spend
exceeds a defined amount?
A) Cost Management Dashboard
B) Billing Export to BigQuery
C) Budget alerts
D) Cloud Scheduler
Answer: C
, [ACE] Google Cloud Certified Associate
Cloud Engineer Certification Exam
Preparation
Explanation: Budgets can be configured with alerts that trigger email notifications when spend
thresholds are crossed.
**Question 9.** Which method provides the most granular analysis of GCP costs over time?
A) Billing reports in the console
B) Exporting billing data to Cloud Storage CSV files
C) Exporting billing data to BigQuery and running custom queries
D) Using the Cloud Billing API to fetch daily totals
Answer: C
Explanation: BigQuery allows you to query billing data with SQL, enabling detailed, time‑based,
and resource‑specific analysis.
**Question 10.** When selecting a compute service for a stateless web application that must
scale automatically based on HTTP traffic, which is the best choice?
A) Compute Engine with managed instance groups
B) Google Kubernetes Engine Standard clusters
C) Cloud Run
D) Cloud Functions
Answer: C
Explanation: Cloud Run automatically scales containers to zero and up based on incoming HTTP
requests, ideal for stateless web workloads.
**Question 11.** Which Compute Engine pricing option provides the lowest cost for workloads
that can tolerate interruptions?
A) Standard VM
Cloud Engineer Certification Exam
Preparation
**Question 1.** Which Google Cloud resource hierarchy level can contain both folders and
projects?
A) Organization
B) Folder
C) Project
D) Billing Account
Answer: A
Explanation: The Organization is the top‑level node and can contain folders and projects
directly.
**Question 2.** In IAM, which type of role provides the most granular permissions?
A) Primitive role
B) Predefined role
C) Custom role
D) Owner role
Answer: C
Explanation: Custom roles are defined by the admin and can include only the specific
permissions needed, offering the finest granularity.
**Question 3.** Which IAM primitive role grants the ability to view resources but not modify
them?
A) Viewer
B) Editor
C) Owner
D) Browser
, [ACE] Google Cloud Certified Associate
Cloud Engineer Certification Exam
Preparation
Answer: A
Explanation: The Viewer primitive role provides read‑only access to all resources in the scope.
**Question 4.** What is the recommended method for authenticating applications running on
Compute Engine instances without storing keys?
A) Use a service account key file stored on the VM
B) Enable workload identity federation
C) Attach a service account to the instance and use Application Default Credentials
D) Store credentials in Cloud Storage and read them at runtime
Answer: C
Explanation: Attaching a service account to the VM allows the instance to obtain short‑lived
tokens automatically via ADC, eliminating key storage.
**Question 5.** Which of the following is a best practice for managing service account keys?
A) Create a new key for each application and store it indefinitely
B) Rotate keys every 90 days and delete unused keys promptly
C) Share a single key across multiple projects for simplicity
D) Store keys in plaintext on local developer machines
Answer: B
Explanation: Regular rotation and prompt deletion of unused keys reduce the risk of
compromised credentials.
**Question 6.** To enable the Compute Engine API for a new project using the gcloud CLI,
which command is correct?
A) gcloud services enable compute.googleapis.com --project=PROJECT_ID
, [ACE] Google Cloud Certified Associate
Cloud Engineer Certification Exam
Preparation
B) gcloud compute api enable --project=PROJECT_ID
C) gcloud services activate compute.googleapis.com --project=PROJECT_ID
D) gcloud compute enable --project=PROJECT_ID
Answer: A
Explanation: `gcloud services enable` followed by the service name activates the API for the
specified project.
**Question 7.** Which billing account type allows you to link multiple projects and view a
consolidated cost report?
A) Free trial billing account
B) Self‑serve billing account
C) Enterprise billing account
D) Pay‑as‑you‑go billing account
Answer: B
Explanation: A self‑serve billing account is the standard type for most GCP customers and
supports multiple linked projects with consolidated reporting.
**Question 8.** What feature can you use to receive an email when a project's monthly spend
exceeds a defined amount?
A) Cost Management Dashboard
B) Billing Export to BigQuery
C) Budget alerts
D) Cloud Scheduler
Answer: C
, [ACE] Google Cloud Certified Associate
Cloud Engineer Certification Exam
Preparation
Explanation: Budgets can be configured with alerts that trigger email notifications when spend
thresholds are crossed.
**Question 9.** Which method provides the most granular analysis of GCP costs over time?
A) Billing reports in the console
B) Exporting billing data to Cloud Storage CSV files
C) Exporting billing data to BigQuery and running custom queries
D) Using the Cloud Billing API to fetch daily totals
Answer: C
Explanation: BigQuery allows you to query billing data with SQL, enabling detailed, time‑based,
and resource‑specific analysis.
**Question 10.** When selecting a compute service for a stateless web application that must
scale automatically based on HTTP traffic, which is the best choice?
A) Compute Engine with managed instance groups
B) Google Kubernetes Engine Standard clusters
C) Cloud Run
D) Cloud Functions
Answer: C
Explanation: Cloud Run automatically scales containers to zero and up based on incoming HTTP
requests, ideal for stateless web workloads.
**Question 11.** Which Compute Engine pricing option provides the lowest cost for workloads
that can tolerate interruptions?
A) Standard VM
