Google Certified Associate Cloud
Engineer (ACE) Exam & Sample
Questions with Correct Answers 100%
Pass
*GOOGLE CERTIFIED ASSOCIATE CLOUD ENGINEER (ACE)* - ✔✔
**PRACTICE EXAM 1** - ✔✔
You need to quickly find a *managed data processing service* that can help you enable
fast, simplified streaming *data pipeline* development with *lower data latency*.
Which service is your best solution? - ✔✔*DATAFLOW*
Dataflow is a managed data processing service that can help you enable fast, simplified
streaming *data pipeline development* with lower data latency.
--Serverless stream and batch processing service
--cannot handle Apache Spark
Which hierarchy level within the GCP Organization provides isolation boundaries
between projects and the ability to group projects? - ✔✔FOLDERS
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 1
,--Folders provide isolation boundaries *between projects and the ability to group
projects*.
organization >> folder >> projects/ group projects >> datasets >> tables/views
--folders hold projects and group projects
You need a managed Spark and Hadoop service that lets you take advantage of open-
source data tools for batch processing, querying, streaming, and machine learning.
Which service is the best solution? - ✔✔*Dataproc*
Cloud Dataproc is a managed Spark and Hadoop
--Manages service for processing large datasets
--Services: Hadoop, MapReduce, ApacheSpark, Pig, Hive
Your team has designated you to find the best way to *control access to your VMs*.
Which methods should you choose? - ✔✔1. Create custom *SSH keys* and upload them
to the VM you want to maintain a connection to, and routinely rotate those keys.
2. Create a *firewall rule* that will only allow certain IPs to connect.
(SSH = Secure Shell = access credentials key)
You are setting up a plan to deploy a VPC for your organization. You want to be able to
capture traffic in and out of your network. How would you do this? - ✔✔Deploy the
VPC and enable flow logs.
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 2
,*With flow logs, you can capture traffic in and out of your network.*
*FLOW LOGS* - ✔✔*CAPTURE TRAFFIC IN AND OUT OF THE NETWORK*
--internal and external
--*traffic movement*
--Cloud Operations is only internal
You want to take a look at record admin activity within your account. What should you
do? - ✔✔View the Audit Logs in Cloud Logging
--Audit logs helps you view administrative tasks and activities in your environment.
(Admin Activity)
4 Different Types of Cloud Audit Logs - ✔✔1. Admin Activity
2. Data Access
3. System Event
4. Policy Denied
Admin Activity - ✔✔--record when users create VM instances or change IAM
permissions.
Data Access - ✔✔--When you access data
--user-driven API calls that create, modify, or read user-provided resource data.
System Event - ✔✔--Generated by google
--log entries for Google Cloud actions that modify the configuration of resources
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 3
, Policy Denied - ✔✔--recorded when a Google Cloud service denies access to a user or
service account because of a security policy violation
--USED BY THE GCP LOG EXPLORER which views, retrieves, and analyzes data
What is known as the root node or the parent resource in the Google Cloud resource
hierarchy? - ✔✔*ORGANIZATION*
The organization is the root node or the parent resource in the Google Cloud resource
hierarchy.
organization >> Schwab
folder >>> sandbox
project >> DEV/QA/PROD
resources >>> BigQuery / Cloud Storage
You are tasked with assigning a role that has a *Viewer, Editor, or Owner* and allows
*read, edit, and full access on GCP resources*. Which type of role would you assign to
fit this description? - ✔✔BASIC ROLES
--Basic roles have a Viewer, Editor, or Owner and allow read, edit, and full access on
GCP resources.
IAM ROLES = a collection of permissions - ✔✔1. *BASIC/PRIMITIVE ROLES*
--Owner, Editor, and Viewer.
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 4
Engineer (ACE) Exam & Sample
Questions with Correct Answers 100%
Pass
*GOOGLE CERTIFIED ASSOCIATE CLOUD ENGINEER (ACE)* - ✔✔
**PRACTICE EXAM 1** - ✔✔
You need to quickly find a *managed data processing service* that can help you enable
fast, simplified streaming *data pipeline* development with *lower data latency*.
Which service is your best solution? - ✔✔*DATAFLOW*
Dataflow is a managed data processing service that can help you enable fast, simplified
streaming *data pipeline development* with lower data latency.
--Serverless stream and batch processing service
--cannot handle Apache Spark
Which hierarchy level within the GCP Organization provides isolation boundaries
between projects and the ability to group projects? - ✔✔FOLDERS
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 1
,--Folders provide isolation boundaries *between projects and the ability to group
projects*.
organization >> folder >> projects/ group projects >> datasets >> tables/views
--folders hold projects and group projects
You need a managed Spark and Hadoop service that lets you take advantage of open-
source data tools for batch processing, querying, streaming, and machine learning.
Which service is the best solution? - ✔✔*Dataproc*
Cloud Dataproc is a managed Spark and Hadoop
--Manages service for processing large datasets
--Services: Hadoop, MapReduce, ApacheSpark, Pig, Hive
Your team has designated you to find the best way to *control access to your VMs*.
Which methods should you choose? - ✔✔1. Create custom *SSH keys* and upload them
to the VM you want to maintain a connection to, and routinely rotate those keys.
2. Create a *firewall rule* that will only allow certain IPs to connect.
(SSH = Secure Shell = access credentials key)
You are setting up a plan to deploy a VPC for your organization. You want to be able to
capture traffic in and out of your network. How would you do this? - ✔✔Deploy the
VPC and enable flow logs.
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 2
,*With flow logs, you can capture traffic in and out of your network.*
*FLOW LOGS* - ✔✔*CAPTURE TRAFFIC IN AND OUT OF THE NETWORK*
--internal and external
--*traffic movement*
--Cloud Operations is only internal
You want to take a look at record admin activity within your account. What should you
do? - ✔✔View the Audit Logs in Cloud Logging
--Audit logs helps you view administrative tasks and activities in your environment.
(Admin Activity)
4 Different Types of Cloud Audit Logs - ✔✔1. Admin Activity
2. Data Access
3. System Event
4. Policy Denied
Admin Activity - ✔✔--record when users create VM instances or change IAM
permissions.
Data Access - ✔✔--When you access data
--user-driven API calls that create, modify, or read user-provided resource data.
System Event - ✔✔--Generated by google
--log entries for Google Cloud actions that modify the configuration of resources
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 3
, Policy Denied - ✔✔--recorded when a Google Cloud service denies access to a user or
service account because of a security policy violation
--USED BY THE GCP LOG EXPLORER which views, retrieves, and analyzes data
What is known as the root node or the parent resource in the Google Cloud resource
hierarchy? - ✔✔*ORGANIZATION*
The organization is the root node or the parent resource in the Google Cloud resource
hierarchy.
organization >> Schwab
folder >>> sandbox
project >> DEV/QA/PROD
resources >>> BigQuery / Cloud Storage
You are tasked with assigning a role that has a *Viewer, Editor, or Owner* and allows
*read, edit, and full access on GCP resources*. Which type of role would you assign to
fit this description? - ✔✔BASIC ROLES
--Basic roles have a Viewer, Editor, or Owner and allow read, edit, and full access on
GCP resources.
IAM ROLES = a collection of permissions - ✔✔1. *BASIC/PRIMITIVE ROLES*
--Owner, Editor, and Viewer.
100% Pass Guarantee Katelyn Whitman All Rights Reserved © 2025 4
