Google Cloud Certified – Associate Cloud Engineer Practice Exam (Q 50)
QUESTION 1
You need to create an autoscaling managed instance group for an HTTPS web application.
You want to make sure that unhealthy VMs are recreated.
What should you do?
- A. Create a health check on port 443 and use that when creating the Managed Instance Group.
- B. Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.
- C. In the Instance Template, add the label health-check.
- D. In the Instance Template, add a startup script that sends a heartbeat to the metadata server.
Correct Answer: A
QUESTION 2
Your company has a Google Cloud Platform project that uses BigQuery for data warehousing.
Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Google-recommended practices.
What should you do?
- A.
- 1. Create an IAM entry for each data scientist’s user account.
- 2. Assign the BigQuery jobUser role to the group.
- B.
- 1. Create an IAM entry for each data scientist’s user account.
- 2. Assign the BigQuery dataViewer user role to the group.
- C.
- 1. Create a dedicated Google group in Cloud Identity.
- 2. Add each data scientist’s user account to the group.
- 3. Assign the BigQuery jobUser role to the group.
- D.
- 1. Create a dedicated Google group in Cloud Identity.
- 2. Add each data scientist’s user account to the group.
- 3. Assign the BigQuery dataViewer user role to the group.
Correct Answer: C
Reference contents:
– #BigQuery predefined IAM roles – Access control with IAM | BigQuery | Google Cloud
QUESTION 3
Your company has a 3-tier solution running on Google Compute Engine.
The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
– Instances in tier #1 must communicate with tier #2.
– Instances in tier #2 must communicate with tier #3.
What should you do?
- A.
- 1. Create an ingress firewall rule with the following settings: Targets: all instances Source filter: IP ranges (with the range set to 10.0.2.0/24) Protocols: allow all
- 2. Create an ingress firewall rule with the following settings: Targets: all instances Source filter: IP ranges (with the range set to 10.0.1.0/24) Protocols: allow all
- B.
- 1. Create an ingress firewall rule with the following settings: Targets: all instances with tier #2 service account Source filter: all instances with tier #1 service account Protocols: allow TCP:8080
- 2. Create an ingress firewall rule with the following settings: Targets: all instances with tier #3 service account Source filter: all instances with tier #2 service account Protocols: allow TCP: 8080
- C.
- 1. Create an ingress firewall rule with the following settings: Targets: all instances with tier #2 service account Source filter: all instances with tier #1 service account Protocols: allow all
- 2. Create an ingress firewall rule with the following settings: Targets: all instances with tier #3 service account Source filter: all instances with tier #2 service account Protocols: allow all
- D.
- 1. Create an egress firewall rule with the following settings: Targets: all instances Source filter: IP ranges (with the range set to 10.0.2.0/24) Protocols: allow TCP: 8080
- 2. Create an egress firewall rule with the following settings: Targets: all instances Source filter: IP ranges (with the range set to 10.0.1.0/24) Protocols: allow TCP: 8080