GCP Associate Cloud Engineer Exam Study Guide

Home » Google Cloud » GCP Associate Cloud Engineer Exam Study Guide

GCP Associate Cloud Engineer Exam Study Guide

Last updated on June 29, 2023

Google offers the Associate Cloud Engineer (ACE) as an Associate level certification for individuals who already have IT experience but are relatively new to the Google Cloud Platform. For individuals with zero IT experience or for non-IT people who want to learn Google Cloud, you might want to check Google’s Cloud Digital Leader Certification. To be ACE-Certified, you need to pass the Associate Cloud Engineer exam. This exam will verify your knowledge in deploying, monitoring, and maintaining projects on Google Cloud.

The ACE exam can be broken down into five domains:

  • Setting Up a Cloud Solution Environment

  • Planning and Configuring a Cloud Solution

  • Deploying and Implementing a Cloud Solution

  • Ensuring Successful Operation of a Cloud Solution

  • Configuring Access and Security

You can view the detailed exam outline here.

Google recommends an individual to have a minimum of 6 months of experience building in Google Cloud before taking the exam. Worry not, if you haven’t got the experience, this guide will provide you the necessary materials to help you pass the exam. 

Study Materials

The following resources will help you prepare for the Associate Cloud Engineer Certification exam.

  1. Official Google Cloud Documentation – Google provides comprehensive guides in building solutions on the Google Cloud Platform. This documentation includes guides for GCP Services and includes helpful content like popular solutions, tutorials, and best practices that are often seen on the actual exam.

We suggest going through the following documentation:

Tutorials dojo strip

2. Google Cloud Blog – This includes the latest news, features, and announcement on Google Cloud.

3. GCP Services FAQ – Google Cloud provides an FAQ section on each of their services. We suggest you go through the FAQ of the primary services like Compute, Storage, and IAM. We will further discuss the services to prioritize in the latter section.

4. Google Cloud’s Platform Comparison – If you have a background in other Cloud Providers like AWS and Microsoft, Google provides a side-to-side services comparison. This comparison will help you picture out and familiarize yourself with the GCP Services as most of the services work in the same manner.

5. Google Cloud Free Program – Google Cloud offers a 90-day trial period that includes $300 in free Cloud Billing credits for new accounts. Google also provides free usage for services like Compute Engine, Cloud Storage, and BigQuery as long as you don’t exceed the monthly usage limit. Take advantage of this program to practice building solutions and interacting on different GCP services. Make yourself comfortable navigating through the Google Cloud Console. To know more about Google Cloud Free Program, visit this page.

6. Google Cloud Tech – Youtube Channel – You can find helpful videos on Google Cloud’s official Youtube channel – from service introduction, tutorials, and labs. We suggest going through the Getting Started with Cloud playlist and videos about the services listed on the GCP Services to Focus on.

7. Official Associate Cloud Engineer Sample Questions – This is a 20 item question from Google. The sample questions may be short, but they familiarize you with the actual exam format and exam content. There is no limit on taking these sample questions.

8. Tutorials Dojo’s Google Cloud Platform Cheat Sheets – Think of these as a summary of all the essential information from the Google Cloud documentation. These cheat sheets also include different GCP service comparisons.

9. Tutorials Dojo’s Google Certified Associate Cloud Engineer Practice Exams (coming soon!) – This is not your typical practice exam. Our practice tests not only give you actual exam-like questions but also include thorough explanations that will surely give you aha moments. We also have a FREE Google Certified Associate Cloud Engineer Practice Exams-Sampler to help give you an idea of what the actual exam feels like.

GCP Services to Focus on

We list all the GCP services that are often included in the exam scenarios. Having a high-level knowledge of these services will almost guarantee you to pass the exam.

  1. Google Compute Engine – You should be able to launch a VM instance, create backups, configure autoscaling, and manage instance groups.

  2. Google Cloud Storage – Know the different Cloud Storage Classes and their use cases.

  3. Google App Engine – Learn how to applications are deployed and how scaling works in App Engine. Know the difference between Standard and Flexible Environment.

  4. Google Kubernetes Engine – Learn how applications are deployed in Google Kubernetes Engine. Learn how autoscaling works in Kubernetes. Know the common terms in Kubernetes like Pods, Deployment, Daemons. 

  5. Google VPC – You should be able to create VPCs and subnets from scratch. Know how to configure firewall rules and routes. Learn how to connect VPCs to other VPCs and on-premises networks.

  6. Google BigQuery – You should learn how to import and export data to and from BigQuery. Know how to grant access to BigQuery Datasets.

  7. Google Cloud Logging – You should be familiar with the different types of Audit logs. Learn how to export audit logs.

  8. Google Cloud Monitoring – Learn how Cloud Monitoring works. Know what are Workspaces and Monitoring Agent.

  9. Google IAM – Learn how to manage IAM users and groups. Learn how to grant access to different GCP services. Understand the roles, policies, and service accounts. Know the best practices on IAM.

  10. Google Cloud Billing – Know the basic cloud billing principles. Know what are Cloud Billing accounts, how to create budgets and alerts. Be familiar with the common IAM roles in Cloud Billing.

  11. Google Cloud Shell – Know what cloud shell is. Be familiar with the common gcloud commands for the most common GCP services like Compute, IAM and, VPC. Be familiar as well with bq and gsutil.

Validate Your Knowledge

If you think you have enough theoretical and hands-on knowledge, we highly suggest taking our Google Certified Associate Cloud Engineer Practice Exams. Each question in our practice exam falls into the different exam domains that Google provided. After taking the practice exam, you can quickly identify your strengths and the exam domains that you should continually work on. You should be able to identify the what and hows through the explanation provided on every question. Each answer is backed up with references, which we recommend that you thoroughly read if you want to understand the topic further. With our Associate Cloud Engineer Practice Exams and GCP Cheat Sheets, we guarantee that you will be able to pass the exam on the first try.

Google Certified Associate Cloud Engineer Practice Exams

 

Sample Practice Test Questions:

Question 1

Your company’s finance team needs to back up data on a Cloud Storage bucket for disaster recovery purposes. You want to comply with Google’s recommended practices in implementing the solution for this task.

Which storage class do you think would be the best option?

  1. Multi-Regional Storage
  2. Nearline Storage
  3. Coldline Storage
  4. Archive Storage

Correct Answer: 4

There are three Google-recommended storage classes for archiving data in Cloud Storage. Nearline, Coldline, and Archive offer ultra-low-cost, highly-durable, highly available archival storage. For data accessed less than once a year, Archive is a cost-effective storage option for the long-term preservation of data. Coldline is also ideal for cold storage—data your business expects to touch less than once a quarter. For warmer storage, choose Nearline: data you expect to access less than once a month, but possibly multiple times throughout the year. 

Archive Storage is the lowest-cost, highly durable storage service for data archiving, online backup, and disaster recovery. Unlike the “coldest” storage services offered by other Cloud providers, your data is available within milliseconds, not hours or days.

Unlike other Cloud Storage storage classes, Archive Storage has no availability SLA, though the typical availability is comparable to Nearline Storage and Coldline Storage. Archive Storage also has higher costs for data access and operations, as well as a 365-day minimum storage duration. Archive Storage is the best choice for data that you plan to access less than once a year. For example:

Cold data storage – Archived data, such as data stored for legal or regulatory reasons, can be stored at low cost as Archive Storage, yet still be available if you need it.

Disaster recovery – In the event of a disaster recovery event, recovery time is key. Cloud Storage provides low latency access to data stored as Archive Storage.

In the scenario, you were asked to identify which among the storage classes is the best option to store disaster recovery data. This means that we are more concerned about lowering the cost of storing data into the storage rather than the frequency of your access to the bucket. For disaster recovery, the data stored in the bucket is rarely used and is only accessed when an outage occurred. Cloud Storage also offers geo-redundancy where you can store your data in a multi-region or dual-region setup.

Hence, the correct answer is: Archive Storage.

Multi-Regional Storage is incorrect because this type is just like the Standard Storage class which is more suitable for frequently accessed data. This storage class is not suitable for disaster recovery due to its high cost. The Archive Storage class is a better option as it can provide a reliable, durable, and fast recovery time at a fraction of the cost.

Coldline Storage is incorrect. While this storage class is also low-cost, it is only good for storing data that is accessed less than once a quarter. This used to be Google’s recommended way to store cold data until Archive Storage was released to the public.

Nearline Storage is incorrect since this storage class is suitable for storing warmer data that is accessed less than once a month. Picking this option will be the most expensive choice among the other storage classes provided.

References:
https://cloud.google.com/storage/docs/storage-classes#archive
https://cloud.google.com/storage/archival
https://cloud.google.com/storage/docs/locations

Check out these Google Cloud Storage Services Cheat Sheets:
https://tutorialsdojo.com/google-cloud-platform-gcp-storage-services/

Question 2

AWS Exam Readiness Courses

All employees in your organization have a Google account. Your operations team needs to manage over a hundred Compute Engine instances. The members of this team must be provided only with administrative access to the VM instances. Moreover, the security team wants to audit instance logins and ensure that the provision of credentials is operationally efficient.

What should you do?

  1. Create a new SSH key pair. Issue the private key to each member of the team. Configure the public key in the metadata of each instance.
  2. Require each member of the team to generate a new SSH key pair. Have them send their public key to you. Utilize a configuration management tool to deploy those SSH keys on each instance.
  3. Require each member of the team to generate a new SSH key pair and to add the public key to their respective Google account. Then grant the compute.osAdminLogin role to the corresponding Google group of the operations team.
  4. Create a new SSH key pair. Issue the private key to each member of the operations team. Configure the public key as a project-wide public SSH key in your project. Lastly, allow project-wide public SSH keys on each instance.

Correct Answer: 3

If you need to manage user access to your Linux VM instances, you can use one of the following methods:

– OS Login
– Managing SSH keys in metadata
– Temporarily grant a user access to an instance

In most scenarios, Google recommends using OS Login. The OS Login feature lets you use Compute Engine IAM roles to manage SSH access to Linux instances. You can add an extra layer of security by setting up OS Login with two-factor authentication and manage access at the organization level by setting up organization policies.

After you enable OS Login on one or more instances in your project, those instances accept connections only from user accounts that have the necessary IAM roles in your project or organization. There are two predefined roles that you can utilize.

– roles/compute.osLogin, which does not grant administrator permissions
– roles/compute.osAdminLogin, which grants administrator permissions

OS Login lets you use Compute Engine IAM roles to efficiently manage SSH access to Linux instances and is an alternative to manually managing instance access by adding and removing SSH keys in the metadata.

To manage instance access using IAM roles, you must enable the OS Login feature by setting a metadata key-value pair in your project or in your instance’s metadata: enable-oslogin=TRUE.

After you enable OS Login on one or more instances in your project, those VMs accept connections only from user accounts that have the necessary IAM roles in your project or organization.

Therefore, the correct answer is: Require each member of the team to generate a new SSH key pair and to add the public key to their respective Google account. Then grant the compute.osAdminLogin role to the corresponding Google group of the operations team.

The option that says: Create a new SSH key pair. Issue the private key to each member of the team. Configure the public key in the metadata of each instance is incorrect because reusing a single SSH key pair with all employees is a poor security practice as auditing instance login for each user becomes impossible.

The option that says: Require each member of the team to generate a new SSH key pair. Have them send their public key to you. Utilize a configuration management tool to deploy those SSH keys on each instance is incorrect because this approach is not operationally efficient. Doing this would mean that you will have to add SSH keys to each instance whenever there is a new member. Similarly, you will have to remove the SSH keys on each instance whenever you want to remove their access.

The option that says: Create a new SSH key pair. Issue the private key to each member of the operations team. Configure the public key as a project-wide public SSH key in your project. Lastly, allow project-wide public SSH keys on each instance is incorrect because reusing a single SSH key pair with all employees is not a good security practice. Auditing instance login is difficult in this approach.

References:
https://cloud.google.com/compute/docs/instances/access-overview
https://cloud.google.com/compute/docs/instances/managing-instance-access

Check out this Google Compute Engine Cheat Sheet:
https://tutorialsdojo.com/google-compute-engine-gce/

Final Remarks

The amount of preparation for the ACE exam depends on the individual’s background. Google provided enough resources for you to prepare for the exam. The 90-day trial period that Google offers should be enough to familiarize yourself with the GCP Console and Cloud shell. Our high-quality practice exam and cheat sheets will solidify your knowledge and fill in all the missing pieces you need to pass the exam. Indeed, we hope that you will ace your ACE exam.

You can book your certification exam here. If you aren’t confident, don’t book yet or reschedule your exam. You have an option to take the exam on-site or remotely; either way, both are proctored. Don’t forget to take a good rest before the exam. If you will be taking an on-site exam, it is good to come early to the testing center for you to have time to relax and be comfortable in the exam environment or do a quick review. Best of luck in your exam and bring home that sought-after certification!

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Lervin John Obando

Lervin is a Cloud Technology enthusiast and an AWS Community Builder whose expertise expands from Systems Administration, Database to Cloud Infrastructure. He is a Multi-Cloud Certified professional holding multiple certifications from AWS, Google, and Oracle. When he is not in front of his computer, you can find him spending time with his wife and dog.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?