Back to Google Associate Cloud Engineer questions

Scenario-based practice

Refer to the Exhibit Practice Questions

Practise Google Associate Cloud Engineer practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
ACE
exam code
Google Cloud
vendor

Scenario guide

How to approach refer to the exhibit practice questions

Practise exhibit-style questions that ask you to read a topology, table, command output or diagram before choosing the best answer.

Quick answer

Exhibit-style questions test whether you can read a topology, command output, diagram or table before choosing the best answer.

How to extract the relevant detail from an exhibit.

How topology, command output or routing information affects the answer.

How to avoid answering from memory before reading the evidence.

How to map the exhibit back to the exam objective.

Related practice questions

Related ACE topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1easymultiple choice
Full question →

Refer to the exhibit. After applying this IAM policy to a bucket, what access is granted?

Exhibit

{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": [
        "allAuthenticatedUsers"
      ]
    }
  ]
}
Question 2hardmultiple choice
Full question →

Refer to the exhibit. A user attempts to create a Deployment Manager deployment that references a service account. What is the most likely issue?

Exhibit

ERROR: (gcloud.deployment-manager.deployments.create) The user does not have permission to use service account 'my-sa@project.iam.gserviceaccount.com'. Required 'iam.serviceAccounts.actAs' permission.
Question 3mediummultiple choice
Full question →

Refer to the exhibit. A team has this IAM policy on a Cloud Storage bucket. The bucket contains sensitive data. Which action should the team take immediately?

Exhibit

{
  "bindings": [
    {
      "role": "roles/storage.objectAdmin",
      "members": [
        "user:admin@example.com",
        "serviceAccount:sa@project.iam.gserviceaccount.com"
      ]
    },
    {
      "role": "roles/storage.objectViewer",
      "members": [
        "allUsers"
      ]
    }
  ]
}
Question 4hardmultiple choice
Full question →

Refer to the exhibit. An engineer runs this command and sees the output. The instance is unable to reach the internet. What is the most likely reason?

Network Topology
zone=us-central1-aformat="yaml(networkInterfaces)"Command output:networkInterfaces:- ipAddress: 10.128.0.2network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/defaultsubnetwork: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/default
Question 5hardmultiple choice
Full question →

Based on the exhibit, which type of traffic will successfully reach the instance?

Exhibit

Refer to the exhibit.

$ gcloud compute instances describe my-vm --zone=us-central1-a
...
networkInterfaces:
- network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default
  subnetwork: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/default
  accessConfigs:
  - name: external-nat
    type: ONE_TO_ONE_NAT
    natIP: 34.71.192.55
tags:
  items:
  - web-server
serviceAccounts:
- email: 123456789-compute@developer.gserviceaccount.com
  scopes:
  - https://www.googleapis.com/auth/cloud-platform

Firewall rules:
- name: allow-http-from-internet
  direction: INGRESS
  priority: 1000
  sourceRanges:
  - 0.0.0.0/0
  allowed:
  - IPProtocol: tcp
    ports:
    - '80'
  targetTags:
  - web-server
- name: deny-all-ingress
  direction: INGRESS
  priority: 2000
  sourceRanges:
  - 0.0.0.0/0
  denied:
  - IPProtocol: all
Question 6mediummultiple choice
Full question →

Refer to the exhibit. An application running on this instance is unable to write to a Cloud Storage bucket. What is the most likely cause?

Exhibit

serviceAccounts:
  - email: '123456789-compute@developer.gserviceaccount.com'
    scopes:
    - 'https://www.googleapis.com/auth/devstorage.read_only'
    - 'https://www.googleapis.com/auth/logging.write'
    - 'https://www.googleapis.com/auth/pubsub'
Question 7easymultiple choice
Full question →

Refer to the exhibit. A developer tries to create a new project using the command `gcloud projects create my-project --name="My Project"` and receives the error 'Project ID my-project already exists.' What should the developer do?

Exhibit

Error from gcloud:
$ gcloud projects create my-project --name="My Project"
ERROR: (gcloud.projects.create) Project ID 'my-project' already exists.
Question 8hardmultiple choice
Full question →

Refer to the exhibit. A Deployment is applied to a GKE cluster. The cluster has a single node pool with one node of machine type n1-standard-4 (4 vCPUs, 15 GB memory). After a few minutes, only two Pods are running, and one Pod is in Pending state. The node's resource usage shows 70% CPU allocated and 85% memory allocated. What is the most likely cause of the Pending Pod?

Exhibit

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: web
        image: us.gcr.io/my-project/web-app:1.0
        resources:
          requests:
            memory: "6Gi"
            cpu: "1"
          limits:
            memory: "12Gi"
            cpu: "2"
Question 9mediummultiple choice
Full question →

Refer to the exhibit. You have set up an HTTP load balancer with this health check. Your backend instances are running a web server on port 80, and the /health endpoint returns 200 OK. However, the health check marks all instances as unhealthy. What is the most likely cause?

Exhibit

$ gcloud compute health-checks describe http-health-check
healthCheckType: HTTP
timeoutSec: 5
unhealthyThreshold: 2
healthyThreshold: 2
checkIntervalSec: 5
port: 80
requestPath: /healthz
Question 10mediummultiple choice
Full question →

A new developer tries to create a project using gcloud projects create but receives the error shown in the exhibit. Which action should the administrator take to resolve the issue?

Exhibit

Refer to the exhibit.

ERROR: (gcloud.projects.create) User [user@example.com] does not have permission to create projects (or the project already exists). To create a project, you must have the resourcemanager.projects.create permission on the resource.
Question 11mediummultiple choice
Full question →

Refer to the exhibit. The Terraform plan above returns the error: Error: "member" is required. What is the issue?

Exhibit

resource "google_project_iam_member" "project" {
  project = "my-project"
  role    = "roles/editor"
  members = ["user:john@example.com"]
}
Question 12mediummultiple choice
Full question →

Refer to the exhibit. A user 'admin@example.com' attempts to create a Compute Engine instance but fails with a permission error. Which permission is missing?

Exhibit

{
  "bindings": [
    {
      "role": "roles/compute.instanceAdmin.v1",
      "members": [
        "user:admin@example.com",
        "serviceAccount:my-sa@project.iam.gserviceaccount.com"
      ]
    },
    {
      "role": "roles/iam.serviceAccountUser",
      "members": [
        "user:admin@example.com"
      ]
    }
  ]
}
Question 13hardmultiple choice
Full question →

Refer to the exhibit. A user tries to delete the disk 'my-disk' but receives an error. Based on the exhibit, what is the most likely cause?

Network Topology
gcloud compute disks listfilter="name=my-disk"NAME: my-diskZONE: us-central1-aSIZE_GB: 10STATUS: READYUSERS: https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-instance
Question 14hardmultiple choice
Full question →

Refer to the exhibit. An administrator wants to grant a service account read-only access to all Compute Engine instances in a project, but only those with label 'environment=production'. Which IAM policy configuration should be used?

Exhibit

IAM policy JSON:
{
  "bindings": [
    {
      "role": "roles/compute.viewer",
      "members": [
        "serviceAccount:sa@project.iam.gserviceaccount.com"
      ],
      "condition": {
        "title": "production_label",
        "expression": "resource.labels.environment == 'production'"
      }
    }
  ]
}
Question 15mediummultiple choice
Full question →

Refer to the exhibit. A user runs `gcloud compute instances list` in Cloud Shell and gets the output 'Listed 0 items.' The user expects to see the VM they just created via the Console. What is the most likely cause?

Exhibit

Output of `gcloud compute instances list` in Cloud Shell:
Listed 0 items.
The user expects to see a VM they just created via the Console.

These ACE practice questions are part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style ACE questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.