2025 Latest 100% Exam Passing Ratio - Associate-Cloud-Engineer Dumps PDF [Q78-Q103]

2025 Latest 100% Exam Passing Ratio - Associate-Cloud-Engineer Dumps PDF

Pass Exam With Full Sureness - Associate-Cloud-Engineer Dumps with 345 Questions

Below is the Associate Cloud Engineer Exam Format

Format: Multiple choices, multiple answers

Number of Questions: 50
Passing score: 80%
Length of Examination: 2 Hours
Language: English, Japanese, Spanish, Portuguese, French, German, and Indonesian.

NEW QUESTION # 78
You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

A. Multi-Regional Storage
B. Regional Storage
C. Nearline Storage
D. Coldline Storage

Answer: D

Explanation:
Coldline Storage is a very-low-cost, highly durable storage service for storing infrequently accessed data.
Coldline Storage is ideal for data you plan to read or modify at most once a quarter. Since we have a requirement to access data once a quarter and want to go with the most cost-efficient option, we should select Coldline Storage.
Ref: https://cloud.google.com/storage/docs/storage-classes#coldline

NEW QUESTION # 79
Your team has developed a stateless application which requires it to be run directly on virtual machines. The application is expected to receive a fluctuating amount of traffic and needs to scale automatically. You need to deploy the application. What should you do?

A. Deploy the application on Cloud Run and configure autoscaling.
B. Deploy the application on a managed instance group and configure autoscaling.
C. Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.
D. Deploy the application on Cloud Functions and configure the maximum number instances.

Answer: B

Explanation:
A managed instance group (MIG) is a group of identical virtual machines (VMs) that you can manage as a single entity. You can use a MIG to deploy and maintain a stateless application that runs directly on VMs. A MIG can automatically scale the number of VMs based on the load or a schedule. A MIG can also automatically heal the VMs if they become unhealthy or unavailable. A MIG is suitable for applications that need to run on VMs rather than containers or serverless platforms.
B is incorrect because Kubernetes Engine is a managed service for running containerized applications on a cluster of nodes. It is not necessary to use Kubernetes Engine if the application does not use containers and can run directly on VMs.
C is incorrect because Cloud Functions is a serverless platform for running event-driven code in response to triggers. It is not suitable for applications that need to run continuously and handle HTTP requests.
D is incorrect because Cloud Run is a serverless platform for running stateless containerized applications. It is not suitable for applications that do not use containers and can run directly on VMs.

NEW QUESTION # 80
You are developing a new web application that will be deployed on Google Cloud Platform. As part of your release cycle, you want to test updates to your application on a small portion of real user traffic. The majority of the users should still be directed towards a stable version of your application. What should you do?

A. Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment.
B. Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version
C. Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version
D. Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service.

Answer: A

Explanation:
Keyword, Version, traffic splitting, App Engine supports traffic splitting for versions before releasing.

NEW QUESTION # 81
You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web- applications project. What should you do?

A. Give "project owner" role to crm-databases-proj and the web-applications project.
B. Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
C. Give "project owner" role to crm-databases-proj and bigquery.dataViewer role to web- applications.
D. Give "project owner" for web-applications appropriate roles to crm-databases- proj

Answer: B

Explanation:
bigquery.dataViewer should be assigned to the group of analysts in the crm-databases-proj project.
https://cloud.google.com/bigquery/docs/access-control-
examples#read_access_to_data_in_a_different_project

NEW QUESTION # 82
You need to migrate invoice documents stored on-premises to Cloud Storage. The documents have the following storage requirements:
* Documents must be kept for five years.
* Up to five revisions of the same invoice document must be stored, to allow for corrections.
* Documents older than 365 days should be moved to lower cost storage tiers.
You want to follow Google-recommended practices to minimize your operational and development costs.
What should you do?

A. Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.
B. Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.
C. Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.
D. Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

Answer: D

NEW QUESTION # 83
You have been asked to build backend using Clojure and host it on Google Cloud with full freedom of choosing OS, applications, libraries, etc. Which service will you prefer?

A. Compute Engine
B. App Engine Standard
C. Cloud Function
D. CloudRun

Answer: A

NEW QUESTION # 84
You need to deploy an application, which is packaged in a container image, in a new project. The application exposes an HTTP endpoint and receives very few requests per day. You want to minimize costs. What should you do?

A. Deploy the container on Cloud Run.
B. Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled.
C. Deploy the container on App Engine Flexible.
D. Deploy the container on Cloud Run on GKE.

Answer: D

NEW QUESTION # 85
You are monitoring an application and receive user feedback that a specific error is spiking. You notice that the error is caused by a Service Account having insufficient permissions. You are able to solve the problem but want to be notified if the problem recurs. What should you do?

A. Create a custom log-based metric for the specific error to be used in an Alerting Policy.
B. Create a sink to BigQuery to export all the logs. Create a Data Studio dashboard on the exported logs.
C. In the Log Viewer, filter the logs on severity 'Error' and the name of the Service Account.
D. Grant Project Owner access to the Service Account.

Answer: A

NEW QUESTION # 86
You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements:
* All service accounts that require a key should be created in a centralized project called pj-sa.
* Service account keys should only be valid for one day.
You need a Google-recommended solution that minimizes cost. What should you do?

A. Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.
B. Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.
C. Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.
D. Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

Answer: B

Explanation:
According to the Google Cloud documentation, you can use organization policy constraints to control the creation and expiration of service account keys. The constraints are:
* constraints/iam.allowServiceAccountKeyCreation: This constraint allows you to specify which projects or folders can create service account keys. You can set the value to true or false, or use a condition to apply the constraint to specific service accounts. By setting this constraint to false for the organization and adding an exception for the pj-sa project, you can prevent developers from creating service account keys in other projects.
* constraints/iam.serviceAccountKeyMaxLifetime: This constraint allows you to specify the maximum lifetime of service account keys. You can set the value to a duration in seconds, such as 86400 for one day. By setting this constraint to 86400 for the organization, you can ensure that all service account keys
* expire after one day.
These constraints are recommended by Google Cloud as best practices to minimize the risk of service account key misuse or compromise. They also help you reduce the cost of managing service account keys, as you do not need to implement a custom solution to rotate or delete them.
References:
* 1: Associate Cloud Engineer Certification Exam Guide | Learn - Google Cloud
* 5: Create and delete service account keys - Google Cloud
* Organization policy constraints for service accounts

NEW QUESTION # 87
(Your company is modernizing its applications and refactoring them to containerized microservices. You need to deploy the infrastructure on Google Cloud so that teams can deploy their applications. The applications cannot be exposed publicly. You want to minimize management and operational overhead. What should you do?)

A. Provision a Standard regional Google Kubernetes Engine (GKE) cluster.
B. Provision a Standard zonal Google Kubernetes Engine (GKE) cluster.
C. Provision a Google Kubernetes Engine (GKE) Autopilot cluster.
D. Provision a fleet of Compute Engine instances and install Kubernetes.

Answer: C

Explanation:
GKE Autopilot is a mode of operation in GKE where Google manages the underlying infrastructure, including nodes, node pools, and their upgrades. This significantly reduces the management and operational overhead for the user, allowing teams to focus solely on deploying and managing their containerized applications. Since the applications are not exposed publicly, the zonal or regional nature of the cluster primarily impacts availability within Google Cloud, and Autopilot is available for both. Autopilot minimizes the operational burden, which is a key requirement.
Option A: A Standard zonal GKE cluster requires you to manage the nodes yourself, including sizing, scaling, and upgrades, increasing operational overhead compared to Autopilot.
Option B: Manually installing and managing Kubernetes on a fleet of Compute Engine instances involves the highest level of management overhead, which contradicts the requirement to minimize it.
Option D: A Standard regional GKE cluster provides higher availability than a zonal cluster by replicating the control plane and nodes across multiple zones within a region. However, it still requires you to manage the underlying nodes, unlike Autopilot.
Reference to Google Cloud Certified - Associate Cloud Engineer Documents:
The different modes of GKE operation, including Standard and Autopilot, and their respective management responsibilities and benefits, are clearly outlined in the Google Kubernetes Engine documentation, a core topic for the Associate Cloud Engineer certification. The emphasis on reduced operational overhead with Autopilot is a key differentiator.

NEW QUESTION # 88
You are deploying a production application on Compute Engine. You want to prevent anyone from accidentally destroying the instance by clicking the wrong button. What should you do?

A. Disable the flag "Delete boot disk when instance is deleted."
B. Enable delete protection on the instance.
C. Disable Automatic restart on the instance.
D. Enable Preemptibility on the instance.

Answer: D

Explanation:
Preventing Accidental VM Deletion This document describes how to protect specific VM instances from deletion by setting the deletionProtection property on an Instance resource. To learn more about VM instances, read the Instances documentation. As part of your workload, there might be certain VM instances that are critical to running your application or services, such as an instance running a SQL server, a server used as a license manager, and so on. These VM instances might need to stay running indefinitely so you need a way to protect these VMs from being deleted. By setting the deletionProtection flag, a VM instance can be protected from accidental deletion. If a user attempts to delete a VM instance for which you have set the deletionProtection flag, the request fails. Only a user that has been granted a role with compute.instances.create permission can reset the flag to allow the resource to be deleted.
https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion

NEW QUESTION # 89
(You manage a VPC network in Google Cloud with a subnet that is rapidly approaching its private IP address capacity. You expect the number of Compute Engine VM instances in the same region to double within a week. You need to implement a Google-recommended solution that minimizes operational costs and does not require downtime. What should you do?)

A. Create a second VPC with the same subnet IP range, and connect this VPC to the existing VPC by using VPC Network Peering.
B. Delete the existing subnet, and create a new subnet with double the IP range available.
C. Use the Google Cloud CLI tool to expand the primary IP range of your subnet.
D. Permit additional traffic from the expected range of private IP addresses to reach your VMs by configuring firewall rules.

Answer: C

Explanation:
Comprehensive and Detailed In Depth Explanation:
The problem states that a subnet is nearing its IP address capacity, and the requirement is to expand it without downtime and with minimal operational cost, following Google-recommended practices.
A: Creating a second VPC with the same subnet IP range and peering: While VPC Network Peering allows communication between VPCs, having overlapping IP ranges is generally not recommended and can lead to routing complexities if not managed carefully. It also adds operational overhead of managing two VPCs. This is not the most straightforward or cost-effective solution for simply expanding IP capacity within the same logical network.
B: Deleting and recreating the subnet: Deleting a subnet that contains active VM instances will cause downtime for those instances, violating a key requirement.
C: Using the Google Cloud CLI tool to expand the primary IP range of your subnet: Google Cloud allows you to expand the primary IP range of an existing subnet after it's created, as long as there are no conflicting subnets in the VPC. This operation does not require deleting the subnet or restarting the existing VMs within it, thus avoiding downtime. It's a direct and cost-effective way to increase the available IP address space within the existing subnet. This is a Google-recommended practice for handling subnet capacity issues.
D: Permitting additional traffic with firewall rules: Firewall rules control network traffic based on IP ranges, protocols, and ports. They do not increase the number of available private IP addresses within the subnet. This option does not address the core issue of IP address exhaustion.
Therefore, expanding the primary IP range of the existing subnet using the Google Cloud CLI is the recommended solution that meets all the requirements: addressing IP capacity, minimizing operational costs, and avoiding downtime.
Google Cloud Documentation References:
Expanding Subnet IP Ranges: https://cloud.google.com/vpc/docs/expand-subnet - This documentation explicitly describes how to expand the IP range of an existing subnet without downtime. It outlines the prerequisites and steps involved using the gcloud CLI or the Google Cloud Console.
VPC Network Overview: https://cloud.google.com/vpc/docs/vpc - Provides context on subnet IP ranges and their management.

NEW QUESTION # 90
You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?

A. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.
B. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.
C. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.
D. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Answer: B

Explanation:
If for any reason VM crashes autoscaling set as OFF wont spin another instance in its place which would defeat the purpose of always running VM(tough there will be some disruption) as -- Max-num-Instance is set to 1.
There is no mention of auto-healing is set or not which is disable by default.
B - Incorrect - Does not fit the requirement because AFTER the deletion of the instance, no other instance was created.

NEW QUESTION # 91
Your company is moving from an on-premises environment to Google Cloud Platform (GCP). You have multiple development teams that use Cassandra environments as backend databases. They all need a development environment that is isolated from other Cassandra instances. You want to move to GCP quickly and with minimal support effort. What should you do?

A. 1. Build an instruction guide to install Cassandra on GCP.
2. Make the instruction guide accessible to your developers.
B. 1. Advise your developers to go to Cloud Marketplace.
2. Ask the developers to launch a Cassandra image for their development work.
C. 1. Build a Cassandra Compute Engine instance and take a snapshot of it.
2. Use the snapshot to create instances for your developers.
D. 1. Build a Cassandra Compute Engine instance and take a snapshot of it.
2.Upload the snapshot to Cloud Storage and make it accessible to your developers.
3.Build instructions to create a Compute Engine instance from the snapshot so that developers can do it themselves.

Answer: D

NEW QUESTION # 92
You need to create a Compute Engine instance in a new project that doesn't exist yet. What should you do?

A. Enable the Compute Engine API in the Cloud Console, use the Cloud SDK to create the instance, and then use the -pproject flag to specify a new project.
B. Enable the Compute Engine API in the Cloud Console. Go to the Compute Engine section of the Console to create a new instance, and look for the Create In A New Project option in the creation form.
C. Using the Cloud SDK, create the new instance, and use the -pproject flag to specify the new project.
Answer yes when prompted by Cloud SDK to enable the Compute Engine API.
D. Using the Cloud SDK, create a new project, enable the Compute Engine API in that project, and then create the instance specifying your new project.

Answer: D

Explanation:
Before you begin:
1. In the Cloud Console, on the project selector page, select or create a Cloud project.
2. Make sure that billing is enabled for your Google Cloud project. Learn how to confirm billing is enabled for your project.
To use the gcloud command-line tool for this quickstart, you must first install and initialize the Cloud SDK:
1. Download and install the Cloud SDK using the instructions given on Installing Google Cloud SDK.
2. Initialize the SDK using the instructions given on Initializing Cloud SDK.
To use gcloud in Cloud Shell for this quickstart, first activate Cloud Shell using the instructions given on Starting Cloud Shell.
https://cloud.google.com/ai-platform/deep-learning-vm/docs/quickstart-cli#before-you-begin

NEW QUESTION # 93
You need to verify that a Google Cloud Platform service account was created at a particular time.
What should you do?

A. Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.
B. Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.
C. Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.
D. Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

Answer: B

Explanation:
You don't need data access logs and configuration counts as creation.

NEW QUESTION # 94
You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The object should be kept for three years, and you need to minimize cost. What should you do?

A. Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.
B. Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.
C. Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.
D. Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Answer: A

Explanation:
Reference:
+policy+that+uses+Nearline+storage+for+30+days+and+then+moves+to+Archive+storage+for+three
+years.&source=bl&ots=kYLZN1ymA8&sig=ACfU3U2XLmzQ39cmPDwjfWxRbNtDNLc_6g&hl=en&sa=X&ved
=2ahUKEwjZmefOpr7qAhVzQkEAHTUgASYQ6AEwAHoECAoQAQ#v=onepage&q=Set%20up%20a% 20policy%20that%20uses%20Nearline%20storage%20for%2030%20days%20and%20then%20moves%20to
%20Archive%20storage%20for%20three%20years.&f=false

NEW QUESTION # 95
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

A. 1. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow all
B. 1. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to
10.0.1.0/24)* Protocols: allow TCP: 8080
C. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow all
D. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow TCP: 8080

Answer: D

Explanation:
1. Create an ingress firewall rule with the following settings: "¢ Targets: all instances with tier #2 service account "¢ Source filter: all instances with tier #1 service account "¢ Protocols: allow TCP:8080
2. Create an ingress firewall rule with the following settings: "¢ Targets: all instances with tier #3 service account "¢ Source filter: all instances with tier #2 service account "¢ Protocols: allow TCP: 8080

NEW QUESTION # 96
You installed the Google Cloud CLI on your workstation and set the proxy configuration. However, you are worried that your proxy credentials will be recorded in the gcloud CLI logs. You want to prevent your proxy credentials from being logged What should you do?

A. Configure username and password by using gcloud configure set proxy/username and gcloud configure set proxy/ proxy/password commands.
B. Provide values for CLOUDSDK_USERNAME and CLOUDSDK_PASSWORD in the gcloud CLI tool configure file.
C. Encode username and password in sha256 encoding, and save it to a text file. Use filename as a value in the gcloud configure set core/custom_ca_certs_file command.
D. Set the CLOUDSDK_PROXY_USERNAME and CLOUDSDK_PROXY PASSWORD properties by using environment variables in your command line tool.

Answer: D

NEW QUESTION # 97
You used the gcloud container clusters command to create two Google Cloud Kubernetes (GKE) clusters prod-cluster and dev-cluster.
* prod-cluster is a standard cluster.
* dev-cluster is an auto-pilot duster.
When you run the Kubect1 get nodes command, you only see the nodes from prod-cluster.
Which commands should you run to check the node status for dev-cluster?

Answer: C

NEW QUESTION # 98
You need to update a deployment in Deployment Manager without any resource downtime in the deployment. Which command should you use?

A. gcloud deployment-manager resources create --config <deployment-config-path>
B. gcloud deployment-manager resources update --config <deployment-config-path>
C. gcloud deployment-manager deployments create --config <deployment-config- path>
D. gcloud deployment-manager deployments update --config <deployment-config- path>

Answer: D

Explanation:
Update and create resource is not even a command under deployment management service.
https://cloud.google.com/sdk/gcloud/reference/deployment-manager/deployments/update

NEW QUESTION # 99
Your team has developed a stateless application which requires it to be run directly on virtual machines. The application is expected to receive a fluctuating amount of traffic and needs to scale automatically. You need to deploy the application. What should you do?

A. Deploy the application on Cloud Run and configure autoscaling.
B. Deploy the application on a managed instance group and configure autoscaling.
C. Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.
D. Deploy the application on Cloud Functions and configure the maximum number instances.

Answer: B

NEW QUESTION # 100
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

A. Use permissions in your role that use the `testing' support level for role permissions.
Set the role stage to ALPHA while testing the role permissions.
B. Use permissions in your role that use the `supported' support level for role permissions.
Set the role stage to ALPHA while testing the role permissions.
C. Use permissions in your role that use the `supported' support level for role permissions.
Set the role stage to BETA while testing the role permissions.
D. Use permissions in your role that use the `testing' support level for role permissions.
Set the role stage to BETA while testing the role permissions.

Answer: B

Explanation:
You need a custom role with permissions supported in prod and you want to publish the status of the role.
https://cloud.google.com/iam/docs/custom-roles-permissions-support
SUPPORTED The permission is fully supported in custom roles.
TESTING The permission is being tested to check its compatibility with custom roles. You can include the permission in custom roles, but you might see unexpected behavior. Not recommended for production use.
NOT_SUPPORTED The permission is not supported in custom roles.
You can't use TESTING as it is not good for prod. And you need first version which should be ALPHA.

NEW QUESTION # 101
You are building an application that stores relational data from users. Users across the globe will use this application. Your CTO is concerned about the scaling requirements because the size of the user base is unknown. You need to implement a database solution that can scale with your user growth with minimum configuration changes. Which storage solution should you use?

A. Cloud Spanner
B. Cloud Firestore
C. Cloud Datastore
D. Cloud SQL

Answer: A

Explanation:
Cloud Spanner is a relational database and is highly scalable. Cloud Spanner is a highly scalable, enterprise- grade, globally-distributed, and strongly consistent database service built for the cloud specifically to combine the benefits of relational database structure with a non-relational horizontal scale. This combination delivers high-performance transactions and strong consistency across rows, regions, and continents with an industry- leading 99.999% availability SLA, no planned downtime, and enterprise-grade security Ref: https://cloud.google.com/spanner Graphical user interface, application, Teams Description automatically generated

NEW QUESTION # 102
You received a JSON file that contained a private key of a Service Account in order to get access to several resources in a Google Cloud project. You downloaded and installed the Cloud SDK and want to use this private key for authentication and authorization when performing gcloud commands. What should you do?

A. Use the command gcloud auth login and point it to the private key
B. Use the command gcloud auth activate-service-account and point it to the private key
C. Place the private key file in the installation directory of the Cloud SDK and rename it to "credentials ison"
D. Place the private key file in your home directory and rename it to
''GOOGLE_APPUCATION_CREDENTiALS".

Answer: B

Explanation:
Authorizing with a service account
gcloud auth activate-service-account authorizes access using a service account. As with gcloud init and gcloud auth login, this command saves the service account credentials to the local system on successful completion and sets the specified account as the active account in your Cloud SDK configuration.
https://cloud.google.com/sdk/docs/authorizing#authorizing_with_a_service_account

NEW QUESTION # 103
......

Verified Associate-Cloud-Engineer dumps Q&As - 100% Pass from ActualTestsIT: https://protechtraining.actualtestsit.com/Google/Associate-Cloud-Engineer-exam-prep-dumps.html

2025 Latest 100% Exam Passing Ratio - Associate-Cloud-Engineer Dumps PDF [Q78-Q103]

Google Associate-Cloud-Engineer Certification Practice Exam

2025 Latest 100% Exam Passing Ratio - Associate-Cloud-Engineer Dumps PDF [Q78-Q103]

Below is the Associate Cloud Engineer Exam Format

Related Articles