Common Traps on Which Command Should the Administrator Use Practice Questions
- ·Separate verification commands from configuration commands.
- ·Read whether the question asks to identify, verify, fix, permit or deny.
- ·Small command keywords often change the correct answer.
Sample Questions
Practice all 7 →A security architect wants to implement a 'never trust, always verify' security approach where no user or service is assumed to be trustworthy based on network location alone. Every access request must be authenticated and authorized regardless of whether it comes from inside or outside the corporate network. Which security model describes this approach?
Explanation: Zero Trust security assumes that no network location (inside the firewall, VPN-connected, etc.) makes a request inherently trustworthy. Every access request is authenticated, authorized, and validated regardless of origin. This is contrasted with traditional perimeter security models ('castle and moat') where being inside the network grants broad trust. Google's BeyondCorp is an implementation of Zero Trust, which is also the foundation for Google Cloud's IAP (Identity-Aware Proxy).
A company's security policy requires all employees to verify their identity using more than just a password when accessing Google Cloud resources. What security feature enforces this requirement?
Explanation: Multi-Factor Authentication (MFA), also called Two-Step Verification (2SV) in Google's terminology, requires users to verify their identity with a second factor beyond just a password — such as a security key (FIDO2/WebAuthn), authenticator app TOTP code, or SMS code. Organizations can enforce MFA/2SV requirements in the Google Workspace admin console or Google Cloud Identity settings, preventing account access even if passwords are compromised.
A company wants to set up automated checks that continuously verify their website's homepage, login page, and API endpoints are accessible from multiple global locations. If any endpoint becomes unreachable for more than 2 minutes, the on-call engineer should be alerted. Which Cloud Monitoring feature provides this?
Explanation: Cloud Monitoring uptime checks periodically send requests to URLs, hostnames, or IP addresses from multiple Google points of presence around the world. If a check fails from a configurable number of locations for a specified duration, Cloud Monitoring triggers an alerting policy to notify the on-call team. This is the purpose-built, managed solution for external endpoint availability monitoring — no custom infrastructure needed.
A company uses service accounts to allow their application running on a Compute Engine VM to access Cloud Storage. Which is the most secure way to configure this service account access?
Explanation: Service accounts attached to Compute Engine VMs provide credentials to running applications via the GCE metadata server without any key files. The application code uses Application Default Credentials (ADC) to automatically obtain credentials from the metadata server. The service account should be granted only the specific IAM roles it needs on specific resources (least privilege). Downloading SA key files is unnecessary and creates a credential management burden.
A company's engineering organization wants to share operational knowledge across teams using a 'golden path' — a recommended, pre-configured set of tools, services, and templates that makes the easy path also the correct path. Which Google Cloud concept supports this practice?
Explanation: Google Cloud's landing zone concept — implemented through organization policies, Terraform blueprints, Cloud Foundation Toolkit, and internal developer platforms — establishes pre-approved, pre-configured environments that teams use as starting points. The 'golden path' approach ensures new projects automatically inherit security policies, cost controls, monitoring configurations, and networking standards. This reduces toil (teams don't configure from scratch), improves consistency, and prevents misconfigurations.
+2 more scenario questions available
Practice all Which Command Should the Administrator Use Practice QuestionsRelated Topics
Frequently asked questions
How do "Which Command Should the Administrator Use Practice Questions" appear on the real GCDL?
Practise command-choice questions where the task is to identify the correct verification, configuration or troubleshooting command. These appear throughout the GCDL and require you to apply your knowledge, not just recall facts.
How many scenario questions are on the GCDL exam?
Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the GCDL. Practicing each scenario type ensures you're ready for any format.
Are these GCDL scenario practice questions free?
Yes — all scenario practice on Courseiva is completely free. Sign up for a free account to track your progress and see which scenario types you've mastered.
Ready to practice this scenario type?
Launch a full Which Command Should the Administrator Use Practice Questions session with instant scoring and detailed explanations.
Start Scenario Practice →