Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsACEFlashcards
Free — No Signup RequiredGoogle Cloud· Updated 2026

ACE Flashcards — Free Google Associate Cloud Engineer Study Cards

Reinforce ACE concepts with active-recall study cards covering all 5 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.

1000+ study cards5 domains coveredActive recall methodFull explanations included
Start 30-card session50-card shuffle
Exam OverviewPractice TestMock ExamStudy GuideFlashcards

Study Sessions

ACE Flashcards

Pick a session size:

⚡Quick 10📝20 Cards🎯30 Cards📊50 Cards💪100 Cards
1,000+ cards · All free

Domains

Configuring Access and Security
Planning and Configuring a Cloud Solution
Ensuring Successful Operation of a Cloud Solution
Deploying and Implementing a Cloud Solution
Setting Up a Cloud Solution Environment

How to use ACE flashcards effectively

Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For ACE preparation, this means flashcards are one of the highest-return study tools available.

Attempt recall first

Read the ACE question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.

Review wrong cards again

When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.

Study by domain

Group your ACE flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real ACE exam requires.

Short sessions beat marathon reviews

20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass ACE.

ACE flashcard preview

Sample cards from the ACE flashcard bank. Read the question, think of the answer, then read the explanation below.

1

An engineer needs to grant an external auditor read-only access to a subset of Cloud Storage buckets in a project. The auditor's identity is a Google account. Which IAM approach should the engineer use?

Configuring Access and Security

Add the auditor's email as a member with the Storage Object Viewer role on the project, and use IAM Conditions to restrict access to specific bucket resources.

The best practice is to grant the Storage Object Viewer role at the project level and then use IAM Conditions to restrict access to specific bucket resources. This avoids managing multiple bindings per bucket while ensuring the auditor only sees the intended buckets. Granting at the bucket level is possible but less scalable; granting Storage Admin is too permissive; using ACLs is legacy and more complex to audit.

2

A company is migrating a legacy monolithic application to Google Cloud. The application has unpredictable traffic patterns and long-running connections. The team wants to minimize operational overhead and only pay for resources when the application is processing requests. Which compute option should they choose?

Planning and Configuring a Cloud Solution

Cloud Run

Cloud Run is a serverless compute platform that scales to zero when not in use, has a per-request billing model, and supports HTTP-triggered container workloads. It can handle long-running connections as long as they stay within the request timeout limit. Cloud Run minimizes operational overhead by eliminating server management and scaling automatically.

3

You need to monitor the uptime of an external HTTPS endpoint that is critical to your application. Which Google Cloud service should you use to create an uptime check?

Ensuring Successful Operation of a Cloud Solution

Cloud Monitoring

Cloud Monitoring provides uptime checks that can monitor HTTP, HTTPS, and TCP endpoints from multiple locations.

4

You want to create a Compute Engine instance with a default machine type of n1-standard-1, using the latest Debian 11 image, with a 50GB boot disk, in the us-central1-a zone. Which gcloud command accomplishes this?

Deploying and Implementing a Cloud Solution

gcloud compute instances create my-instance --machine-type=n1-standard-1 --image-family=debian-11 --image-project=debian-cloud --boot-disk-size=50GB --zone=us-central1-a

The correct command is option B. It specifies the machine type as n1-standard-1, uses the latest Debian 11 image via --image-family=debian-11 and --image-project=debian-cloud, sets the boot disk size to 50GB with --boot-disk-size=50GB, and designates the us-central1-a zone with --zone=us-central1-a. Option A is incorrect because it uses debian-10 instead of debian-11. Option C is wrong because it uses --region instead of --zone. Option D is wrong because it uses --root-disk-size instead of --boot-disk-size.

5

A new engineer needs to set up the gcloud CLI on their local machine and authenticate with a user account. Which command should they run after installing the SDK?

Setting Up a Cloud Solution Environment

gcloud init

The 'gcloud init' command initializes the SDK, sets properties, and runs auth login. Alternatively, 'gcloud auth login' only authenticates without setting project/defaults.

6

A team's Cloud Build pipeline must: (1) run unit tests, (2) build a Docker image only if tests pass, (3) push the image to Artifact Registry. Which cloudbuild.yaml structure correctly enforces this sequential dependency?

Define all three steps in a single `steps` list — they run sequentially by default and stop on failure

Option A is correct because Cloud Build executes steps in a `steps` list sequentially by default, and any step that exits with a non-zero status (e.g., test failure) immediately stops the entire pipeline. This enforces the required dependency: unit tests must pass before the Docker image is built, and the image must be built before it is pushed to Artifact Registry.

7

A team needs a database backup job to run every day at 2 AM UTC. The job calls an HTTP endpoint to trigger the backup. The endpoint requires no complex orchestration — just a timed HTTP call. Which GCP service handles this most simply?

Cloud Scheduler with an HTTP target pointing to the backup endpoint

Cloud Scheduler is the simplest GCP service for a recurring HTTP call because it is a fully managed cron job service that directly supports HTTP targets. You configure a schedule (e.g., '0 2 * * *' for daily at 2 AM UTC) and point it to the backup endpoint URL. No additional code, queue, or orchestration is needed, making it the most straightforward solution for this use case.

8

A team wants to receive an email alert when the average CPU utilization of VMs in a managed instance group exceeds 80% for more than 5 minutes. What should they create in Cloud Monitoring?

An alerting policy with a CPU utilization threshold condition

B is correct because Cloud Monitoring alerting policies allow you to define conditions based on metric thresholds, such as average CPU utilization exceeding 80% for a specified duration (5 minutes). This directly meets the requirement to trigger an email alert when the condition is met.

9

A Go service is consuming significantly more CPU than expected. The team suspects an inefficient function but doesn't know which one. Which Cloud Operations tool identifies CPU hotspots in production code?

Cloud Profiler

Cloud Profiler is the correct tool because it continuously gathers CPU and heap usage data from production services using statistical sampling, then presents a flame graph or call tree that pinpoints which functions consume the most CPU. Unlike debugging or tracing tools, Profiler is designed specifically for identifying performance bottlenecks like CPU hotspots with minimal overhead, making it ideal for diagnosing an inefficient function in a Go service running in production.

10

A network team is creating a new VPC and must decide between auto mode and custom mode. Why would they choose custom mode?

Custom mode allows full control over which regions have subnets and what CIDR ranges are used

Custom mode VPCs give the network team full control over the IP address range (CIDR block) and the ability to create subnets in any region, unlike auto mode VPCs which automatically create subnets in every region with a fixed /20 range per region. This is essential when you need to avoid overlapping CIDRs with on-premises networks or other VPCs, or when you want to restrict subnets to specific regions for compliance or cost reasons.

11

A company organizes its GCP projects by business unit — Finance, Engineering, and Sales. Which resource is best suited to group these projects while applying shared IAM policies to all projects in each group?

Create GCP Folders for each business unit and add the relevant projects

C is correct because GCP Folders are the hierarchical resource designed to group projects under an organization node, allowing you to apply shared IAM policies at the folder level that automatically propagate to all projects within that folder. This aligns with the requirement to organize projects by business unit and enforce consistent access controls across each group.

12

A GKE Pod needs to call the Cloud Storage API. The team wants to avoid creating and managing service account key files. What is the recommended approach?

Enable Workload Identity on the GKE cluster and bind a Kubernetes ServiceAccount to a GCP IAM ServiceAccount

Workload Identity is the recommended approach because it allows a Kubernetes ServiceAccount in GKE to authenticate as a GCP IAM ServiceAccount without managing or storing any service account key files. This eliminates the security risk of key leakage and simplifies credential rotation. By binding the Kubernetes ServiceAccount to a GCP IAM ServiceAccount, Pods can directly call Cloud Storage APIs using the IAM permissions of the linked service account, with automatic token exchange via the GKE metadata server.

13

A company runs a stable production workload on 20 n2-standard-8 VMs that run continuously year-round. Which pricing commitment maximizes cost savings on these VMs?

3-year committed use discount (CUD)

The 3-year committed use discount (CUD) offers the highest discount rate (up to 57% for compute-optimized machine types) compared to 1-year CUDs (up to 20%) or sustained use discounts (up to 30% for running a VM the entire month). Since the workload runs 20 n2-standard-8 VMs continuously year-round, a 3-year CUD locks in the maximum savings for this predictable, steady-state usage.

14

An organization has a policy requiring all new GCP projects to be created within specific folders and linked to approved billing accounts only. Which combination of features enforces this at scale?

Organization policies to restrict allowed billing accounts + granting Project Creator role only at approved folder level

Option B is correct because it combines two enforcement mechanisms: Organization policies (specifically the `constraints/compute.restrictBillingAccounts` constraint) to limit which billing accounts can be attached to projects, and granting the Project Creator role (`roles/resourcemanager.projectCreator`) only at the folder level (not the organization level). This ensures that new projects can only be created within the approved folders and must use an approved billing account, enforcing the policy at scale across the entire organization.

15

A DevOps team monitors a Cloud SQL instance and notices its CPU is consistently above 85% for several hours. The instance handles a critical production database. What should be the team's immediate action?

Scale up the Cloud SQL instance machine type to add more vCPUs

Scaling up the Cloud SQL instance to a larger machine type with more vCPUs directly addresses sustained high CPU utilization by providing additional compute capacity. This is the immediate corrective action for a critical production database because it increases the instance's processing power without requiring architectural changes or downtime (if using a rolling update). Read replicas help with read-heavy workloads but do not reduce CPU load from write operations or complex queries on the primary instance.

16

A financial application requires a relational database with automatic failover to a standby in a different zone, with minimal configuration overhead. Which Cloud SQL configuration provides this?

Cloud SQL with High Availability (HA) configuration

Cloud SQL's High Availability (HA) configuration provides automatic failover to a standby instance in a different zone using synchronous replication and a regional persistent disk. This meets the requirement for minimal configuration overhead because it is a built-in feature that requires no application-level logic or manual intervention.

17

A platform team is deploying a multi-tier application on GKE: a frontend Deployment, a backend Deployment, and a Redis StatefulSet. The backend must be reachable by name from the frontend, but not from outside the cluster. Which Kubernetes resource enables internal name-based service discovery?

A ClusterIP Service for the backend

A ClusterIP Service exposes the backend Pods on a stable, internal IP address that is only reachable from within the GKE cluster. The frontend can resolve the backend by the Service's DNS name (e.g., `backend.default.svc.cluster.local`) using the cluster's internal DNS (CoreDNS), enabling name-based service discovery without exposing the backend to external traffic.

18

A production GKE cluster is running low on node resources. Pods are in Pending state because no node has sufficient CPU or memory. Without deleting existing Pods, what is the fastest way to resolve this?

Resize the node pool to add more nodes: `gcloud container clusters resize`

Option A is correct because resizing the node pool with `gcloud container clusters resize` immediately adds more nodes to the cluster, providing additional CPU and memory capacity. This allows the scheduler to place pending Pods without modifying or deleting existing workloads, making it the fastest solution that preserves running Pods.

19

A FinOps team wants to analyze daily GCP spending trends, allocate costs by team using labels, and create custom dashboards. Which configuration exports billing data for this analysis?

Enable Cloud Billing data export to BigQuery and query the exported dataset

Option C is correct because exporting GCP billing data to BigQuery enables granular, daily cost analysis, label-based allocation, and custom dashboard creation via tools like Looker Studio. BigQuery's SQL interface allows querying detailed cost and usage data, which is essential for the FinOps team's requirements.

20

A GKE team is comparing Autopilot and Standard cluster modes for a new project. They want to minimize infrastructure management overhead, automatically right-size node resources, and be billed only for Pod resource requests. Which mode matches these requirements?

GKE Autopilot — managed nodes, automatic right-sizing, and per-Pod billing

GKE Autopilot is the correct choice because it fully manages the underlying node infrastructure, automatically right-sizes node resources based on Pod resource requests, and bills only for the requested CPU and memory of Pods, not the underlying nodes. This aligns directly with the team's goals of minimizing management overhead, automatic right-sizing, and per-Pod billing.

21

Your organization mandates that all service-to-service communication within a GKE cluster must be encrypted in transit using mutual TLS (mTLS). The team does not want to manage certificates or modify application code. Which solution meets these requirements?

Enable Anthos Service Mesh with mTLS policy set to STRICT mode.

Anthos Service Mesh (ASM) with mTLS set to STRICT mode enforces mutual TLS between all services in the mesh without requiring any application code changes or manual certificate management. ASM automatically injects Envoy sidecar proxies that handle certificate issuance, rotation, and encryption, meeting the requirement for encrypted service-to-service communication with mTLS.

22

A developer runs `gcloud projects list` and receives the error: `ERROR: (gcloud.projects.list) PERMISSION_DENIED: The caller does not have permission`. The developer has the Viewer role on several projects. What is the most likely cause?

The developer lacks `resourcemanager.projects.list` at the organization or folder level.

The `gcloud projects list` command requires the `resourcemanager.projects.list` permission, which is granted at the organization or folder level, not at the individual project level. Even with the Viewer role on several projects, the developer lacks this specific permission at the resource hierarchy level above the projects, causing the PERMISSION_DENIED error.

23

You have a Kubernetes Deployment running 5 replicas. You need to update the container image with zero downtime, ensuring that at least 4 replicas are always available during the update, and no more than 6 replicas exist at any time. Which Deployment strategy and settings achieve this?

RollingUpdate with `maxUnavailable: 1` and `maxSurge: 1`.

Option B is correct because a RollingUpdate strategy with `maxUnavailable: 1` and `maxSurge: 1` ensures that during the update, at most one replica is taken down (so at least 4 remain available) and at most one extra replica is created above the desired 5 (so no more than 6 exist at any time). This satisfies both constraints while achieving zero downtime.

Study all 1000+ ACE cards

ACE flashcards by domain

The ACE flashcard bank covers all 5 official blueprint domains published by Google Cloud. Cards are distributed proportionally, so domains with higher exam weight have more cards.

Domain Coverage

Configuring Access and Security

~1 cards

Planning and Configuring a Cloud Solution

~1 cards

Ensuring Successful Operation of a Cloud Solution

~1 cards

Deploying and Implementing a Cloud Solution

~1 cards

Setting Up a Cloud Solution Environment

~1 cards

Flashcards vs practice tests: which is better for ACE?

Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:

Flashcards — concept retention

Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that ACE questions assume you know.

Best in: weeks 1–3

Practice tests — application

Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.ACE questions test scenario reasoning — not just recall — so practice tests are essential.

Best in: weeks 3–6

The most effective ACE study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.

ACE flashcards — frequently asked questions

Are the ACE flashcards free?

Yes. Courseiva provides free ACE flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.

How many ACE flashcards are on Courseiva?

Courseiva has 1000+ original ACE flashcards across all 5 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Google Cloud exam objectives.

How are Courseiva flashcards different from Anki or Quizlet?

Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official ACE exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.

Can I use ACE flashcards offline?

Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.

Free forever · No credit card required

Track your ACE flashcard progress

Save your results, see which domains need more work, and get spaced repetition recommendations — all free.

Sign Up Free

Free forever · Every certification included

Start Studying

⚡Quick 10 cards📝20-card session🎯30-card session📊50-card shuffle💪100-card marathon

Also Study With

Practice TestMock ExamStudy GuideExam Domains

Related Flashcards

GCDLPCASAA-C03AZ-104

Related Flashcard Sets

GCDL

Google Cloud Digital Leader

PCA

Professional Cloud Architect

SAA-C03

AWS Solutions Architect

AZ-104

Azure Administrator

Browse all certifications →