1|Page
GCP Professional Data Engineer Certification Exam
Newest 2025/2026 With Complete Questions And
Correct Answers |Already Graded A+||Latest Exam
Version!!!|
You have been tasked with creating a pilot project in GCP
to demonstrate the feasibility of
migrating workloads from an on-premises Hadoop cluster
to Cloud Dataproc. Three other
engineers will work with you. None of the data that you will
use contains sensitive informa-
tion. You want to minimize the amount of time that you
spend on administering the devel-
opment environment. What would you use to control
access to resources in the development
environment?
A. Predefined roles
B. Custom roles
C. Primitive roles
D. Access control lists - Answer-C. The correct answer is
C. This is an appropriate use case for primitive roles
because
,2|Page
there are few users working in a development
environment, not production, and working
with data that does not contain sensitive information. In
this case, there is no need for fine-
grained access controls. Options A and B are incorrect
because they would require more
administration, and fine-grained access controls are not
needed. Option D is incorrect;
access control lists are used with Cloud Storage resources
and should be used only when
roles are insufficient.
The auditors for your company have determined that
several employees have more per-
missions than needed to carry out their job responsibilities.
All the employees have users
accounts on GCP that have been assigned predefined
roles. You have concluded that the
optimal way to meet the auditors' recommendations is by
using custom roles. What permis-
sion is needed to create a custom role?
A. iam.roles.create
,3|Page
B. iam.custom.roles
C. roles/iam.custom.create
D. roles/iam.create.custom - Answer-A. The correct
answer is A; the iam.roles.create permission is needed to
create custom
roles. Option B is incorrect; it is not an actual permission.
Options C and D are incorrect;
they are examples of fictitious roles, not permissions.
You have created a managed instance group in Compute
Engine to run a high-performance
computing application. The application will read source
data from a Cloud Storage
bucket and write results to another bucket. The application
will run whenever new data is
uploaded to Cloud Storage via a Cloud Function that
invokes the script to start the job. You
will need to assign the role roles/storage.objectCreator to
an identity so that the application
can write the output data to Cloud Storage. To what kind of
identity would you assign the
roles?
, 4|Page
A. User.
B. Group.
C. Service account.
D. You wouldn't. The role would be assigned to the bucket.
- Answer-C. The correct answer is C. A service account
associated with the application should have
the roles/storage.objectCreator assigned to it. Options A
and B are incorrect; those
are identities associated with actual users. Option D is
incorrect; access control lists can be
assigned to a bucket, but roles are assigned to identities.
Your company has implemented an organizational
hierarchy consisting of two layers of
folders and tens of projects. The top layer of folders
corresponds to a department, and the
second layer of folders are working groups within a
department. Each working group has
one or more projects in the resource hierarchy. You have
to ensure that all projects comply
with regulations, so you have created several policies.
Policy A applies to all departments.
GCP Professional Data Engineer Certification Exam
Newest 2025/2026 With Complete Questions And
Correct Answers |Already Graded A+||Latest Exam
Version!!!|
You have been tasked with creating a pilot project in GCP
to demonstrate the feasibility of
migrating workloads from an on-premises Hadoop cluster
to Cloud Dataproc. Three other
engineers will work with you. None of the data that you will
use contains sensitive informa-
tion. You want to minimize the amount of time that you
spend on administering the devel-
opment environment. What would you use to control
access to resources in the development
environment?
A. Predefined roles
B. Custom roles
C. Primitive roles
D. Access control lists - Answer-C. The correct answer is
C. This is an appropriate use case for primitive roles
because
,2|Page
there are few users working in a development
environment, not production, and working
with data that does not contain sensitive information. In
this case, there is no need for fine-
grained access controls. Options A and B are incorrect
because they would require more
administration, and fine-grained access controls are not
needed. Option D is incorrect;
access control lists are used with Cloud Storage resources
and should be used only when
roles are insufficient.
The auditors for your company have determined that
several employees have more per-
missions than needed to carry out their job responsibilities.
All the employees have users
accounts on GCP that have been assigned predefined
roles. You have concluded that the
optimal way to meet the auditors' recommendations is by
using custom roles. What permis-
sion is needed to create a custom role?
A. iam.roles.create
,3|Page
B. iam.custom.roles
C. roles/iam.custom.create
D. roles/iam.create.custom - Answer-A. The correct
answer is A; the iam.roles.create permission is needed to
create custom
roles. Option B is incorrect; it is not an actual permission.
Options C and D are incorrect;
they are examples of fictitious roles, not permissions.
You have created a managed instance group in Compute
Engine to run a high-performance
computing application. The application will read source
data from a Cloud Storage
bucket and write results to another bucket. The application
will run whenever new data is
uploaded to Cloud Storage via a Cloud Function that
invokes the script to start the job. You
will need to assign the role roles/storage.objectCreator to
an identity so that the application
can write the output data to Cloud Storage. To what kind of
identity would you assign the
roles?
, 4|Page
A. User.
B. Group.
C. Service account.
D. You wouldn't. The role would be assigned to the bucket.
- Answer-C. The correct answer is C. A service account
associated with the application should have
the roles/storage.objectCreator assigned to it. Options A
and B are incorrect; those
are identities associated with actual users. Option D is
incorrect; access control lists can be
assigned to a bucket, but roles are assigned to identities.
Your company has implemented an organizational
hierarchy consisting of two layers of
folders and tens of projects. The top layer of folders
corresponds to a department, and the
second layer of folders are working groups within a
department. Each working group has
one or more projects in the resource hierarchy. You have
to ensure that all projects comply
with regulations, so you have created several policies.
Policy A applies to all departments.
