ACE Workbook v2.0

Preparing for Your
Associate Cloud
Engineer Journey
Course Workbook
Certification Exam Guide Sections
1 Setting up a cloud solution environment
2 Planning and configuring a cloud solution
3 Deploying and implementing a cloud solution
4 Ensuring successful operation of a cloud solution
5 Configuring access and security

Section 1:
Setting up a cloud solution
environment
1.1 Diagnostic Question 01
Stella is a new member of a team in your company A. Assign Stella a roles/compute.viewer role.
who has been put in charge of monitoring VM B. Assign Stella compute.instances.get permissions on
instances in the organization. Stella will need the all of the projects she needs to monitor.
required permissions to perform this role.
C. Add Stella to a Google Group in your organization.
Bind that group to roles/compute.viewer.
D. Assign the “viewer” policy to Stella.
How should you grant her those permissions?
A. Organization, Project, Resource, Folder.

How are resource hierarchies organized
in Google Cloud? B. Organization, Folder, Project, Resource.
C. Project, Organization, Folder, Resource.
D. Resource, Folder, Organization, Project.
A. The Project ID.

What Google Cloud project attributes
can be changed? B. The Project Name.
C. The Project Number.
D. The Project Category.
Jane will manage objects in Cloud Storage A. Assign Jane the roles/storage.objectCreator on every project.
for the Cymbal Superstore. She needs to B. Assign Jane the roles/viewer on each project and the
have access to the proper permissions for roles/storage.objectCreator for each bucket.
every project across the organization.
C. Assign Jane the roles/editor at the organizational level.
D. Add Jane to a group that has the roles/storage.objectAdmin role
assigned at the organizational level.
What should you do?
You need to add new groups of employees A. Grant the most restrictive basic role to most services, grant
in Cymbal Superstore’s production predefined or custom roles as necessary.
environment. You need to consider B. Grant predefined and custom roles that provide necessary
Google’s recommendation of using permissions and grant basic roles only where needed.
least privilege.
C. Grant the least restrictive basic roles to most services and grant
predefined and custom roles only when necessary.
What should you do?
D. Grant custom roles to individual users and implement basic roles
at the resource level.
The Operations Department at Cymbal A. compute.images.list

Superstore wants to provide managers B. compute.images.get
access to information about VM usage
C. compute.images.create
without allowing them to make changes
that would affect the state. You assign D. compute.images.setIAM
them the Compute Engine Viewer role. E. computer.images.update
Which two permissions will they receive?

Setting up cloud projects
1.1 and accounts
Courses Skill Badges Documentation
Google Cloud Fundamentals: Overview | Cloud IAM Documentation

Core Infrastructure
Resource hierarchy | Resource Manager
● M2 Getting Starting with Google Cloud Google Cloud
Documentation
Google Cloud Create and Manage Perform Foundational
Cloud Resource Quest Infrastructure Tasks in Understanding roles | Cloud IAM
Google Cloud Quest Documentation
Architecting with Google
Compute Engine
● M4 Cloud IAM
=
Essential Google Cloud
Infrastructure: Core Services
● M1 Cloud IAM
A. Set up Cloud Billing to pay for usage costs in Google

How are billing accounts applied to
Cloud projects and Google Workspace accounts.
projects in Google Cloud? (Pick two.)
B. A project and its resources can be tied to more than
one billing account.
C. A billing account can be linked to one or more projects.
D. A project and its resources can only be tied to one
billing account.
E. If your project only uses free resources you don’t need
a link to an active billing account.
Fiona is the billing administrator for the A. Change the budget alert default threshold rules to
project associated with Cymbal include Jeffrey as a recipient.
Superstore’s eCommerce application. B. Use Cloud Monitoring notification channels to send
Jeffrey, the marketing department lead, Jeffrey an email alert.
wants to receive emails related to budget
C. Add Jeffrey and Fiona to the budget scope custom
alerts. Jeffrey should have access to no
email delivery dialog.
additional billing information.
D. Send alerts to a Pub/Sub topic that Jeffrey is
subscribed to.
What should you do?
1.2 Managing billing configuration
Courses Documentation
Google Cloud Fundamentals: Core Infrastructure

Create, modify, or close your
● M2 Getting Starting with Google Cloud
self-serve
Cloud Billing account
Architecting with Google Essential Google Cloud Create, edit, or delete budgets
Compute Engine Infrastructure: Core Services and budget alerts | Cloud Billing
● M6 Resource = ● M3 Resource
Management Management
A. Google Cloud Console

Pick two choices that provide a
command line interface to Google Cloud. B. Cloud Shell
C. Cloud Console Mobile App
D. Cloud SDK
You want to use the Cloud Shell to copy A. gcloud

files to your Cloud Storage bucket. B. gsutil
C. bq
Which Cloud SDK command should you use? D. Cloud Storage Browser
Installing and configuring the command line
1.3 interface (CLI), specifically the Cloud SDK

Google Cloud Fundamentals:
Core Infrastructure Google Cloud overview | Overview
● M2 Getting Starting with Google Cloud Google Cloud Managing Cloud SDK components |
Google Cloud Cloud SDK Documentation
Create and Manage Perform Foundational
Cloud Resource Quest Infrastructure Tasks in gcloud | Cloud SDK Documentation
Google Cloud Quest
Architecting with Google Using the bq command-line tool |
Compute Engine BigQuery
● M1 Getting Started gsutil tool | Cloud Storage
with Google Cloud
=
● M1 Introduction to
Google Cloud
Section 2:
Planning and configuring a
cloud solution
The projected amount of cloud storage A. Use the pricing calculator to estimate
required for Cymbal Superstore to the costs for 10 TB of regional standard
enable users to post pictures for storage, 30 TB of regional Coldline storage,
project reviews is 10 TB of immediate and egress charges for reads from storage.
access storage in the US and 30 TB of B. Use the pricing calculator to estimate the price for 10 TB of regional
storage for historical posts in a bucket standard storage, 30 TB of regional Nearline storage, and ingress
located near Cymbal Superstore’s charges for posts to the bucket.
headquarters. The contents of this
C. Use the pricing calculator to estimate the price for 10 TB of
bucket will need to be accessed once
multi-region standard storage, 30 TB for regional Coldline storage,
every 30 days. You want to estimate
and ingress charges for posts to the bucket.
the cost of these storage resources to
ensure this is economically feasible. D. Use the pricing calculator to estimate the price for 10 TB of
multi-region standard storage, 30 TB for regional Nearline, and
egress charges for reads from the bucket.
What should you do?
Planning and estimating
2.1 using the Pricing Calculator
Google Cloud Pricing Calculator

Architecting with Google Essential Google Cloud
Compute Engine Infrastructure: Foundation
● M3 Virtual Machines ● M3 Virtual Machines
● M6 Resource
Management = Essential Google Cloud
● M3 Resource
Management
Cymbal Superstore decides to migrate A. Implement an application using containers on Cloud Run.
their supply chain application to Google B. Implement an application using code on App Engine.
Cloud. You need to configure specific
C. Implement an application using containers on Google
operating system dependencies.
Kubernetes Engine.
D. Implement an application using virtual machines on
What should you do?
Compute Engine.
Cymbal Superstore decides to pilot a A. SSH into a Compute Engine VM and execute your code.
cloud application for their point of sale B. Package your code to a container image and post it to
system in their flagship store. You want Cloud Run.
to focus on code and develop your
C. Implement a deployment manifest and run kubectl
solution quickly, and you want your
apply on it in Google Kubernetes Engine.
code to be portable.
D. Code your solution in Cloud Functions.
How do you proceed?

An application running on a A. Create Compute Engine Virtual Machines and

highly-customized version of Ubuntu migrate the app to that infrastructure.
needs to be migrated to Google Cloud. B. Deploy the existing application to App Engine.
You need to do this in the least amount
C. Deploy your application in a container image to Cloud Run.
of time with minimal code changes.
D. Implement a Kubernetes cluster and create pods
to enable your app.
How should you proceed?
You want to deploy a microservices A. Cloud Run

application. You need full control of how B. App Engine
you manage containers, reliability, and
C. Google Kubernetes Engine
autoscaling, but don’t want or need to
manage the control plane. D. Compute Engine
Which compute option should you use?

Planning and configuring
2.2 compute resources
Courses Skill Badges
Google Cloud Fundamentals: Getting Started with Google

Core Infrastructure Kubernetes Engine Google Cloud
Set Up and Configure a
● M3 Virtual Machines in the Cloud ● M2 Introduction to Containers Cloud Environment in
● M5 Containers in the Cloud and Kubernetes Google Cloud Quest
● M6 Applications in the Cloud
Architecting with Google Essential Google Cloud Documentation

● M3 Virtual Machines = ● M3 Virtual Machines Choosing the right compute option in
GCP: a decision tree
Application Hosting Options
Tutorials | Compute Engine
Documentation
Cymbal Superstore needs to analyze whether A. BigQuery

they met quarterly sales projections. Analysts B. Cloud SQL
assigned to run this query are familiar with SQL.
C. Cloud Spanner
D. Cloud Firestore
What data solution should they implement?

Cymbal Superstore’s supply chain A. Multi-regional

application frequently analyzes large B. Regional
amounts of data to inform business
C. Nearline
processes and operational dashboards.
D. Coldline
What storage class would make

sense for this use case?
Cymbal Superstore has a need to populate visual A. BigQuery

dashboards with historical time-based data. This B. Cloud Storage
is an analytical use-case.
C. Cloud Firestore
D. Cloud SQL
Which two storage solutions could they use? E. Cloud Bigtable
2.3 data storage options
Cloud Storage Options

Core Infrastructure Storage classes
Google Cloud
● M4 Storage in the Cloud Perform Foundational Data lifecycle | Cloud Architecture
Infrastructure Tasks in Center
Google Cloud Quest
Compute Engine
● M5 Storage and Database
Services
=
● M2 Storage and
Database Services
Cymbal Superstore is piloting an A. Implement a premium tier pass-through

update to its ecommerce app for the external https load balancer connected
flagship store in Minneapolis, to the web tier as the frontend and a
Minnesota. The app is implemented as regional internal load balancer between the web tier and backend.
a three-tier web service with traffic B. Implement a proxied external TCP/UDP network load balancer
originating from the local area and connected to the web tier as the frontend and a premium network tier
resources dedicated for it in ssl load balancer between the web tier and the backend.
us-central1. You need to configure a
C. Configure a standard tier proxied external https load balancer
secure, low-cost network
connected to the web tier as a frontend and a regional internal load
load-balancing architecture for it.
balancer between the web tier and the backend.
D. Configure a proxied SSL load balancer connected to the web tier as
How do you proceed? the frontend and a standard tier internal TCP/UDP load balancer
between the web tier and the backend.
A. Global http(s)
What Google Cloud load balancing option
runs at Layer 7 of the TCP stack? B. Global SSL Proxy
C. Global TCP Proxy
D. Regional Network
2.4 network resources

Cloud Load Balancing overview
● M3 Virtual Machines in the Cloud
Cloud Load Balancing

● M2 Virtual Networks ● M2 Virtual Network
● M9 Load Balancing
and Autoscaling = Elastic Google Cloud Infrastructure:
Scaling and Automation
and Autoscaling
Section 3:
Deploying and
implementing a cloud
solution
Cymbal Superstore’s sales department has A. Find a MySQL machine image in Cloud Marketplace and
a medium-sized MySQL database. This configure it to meet your needs.
database includes user-defined functions B. Implement a database instance using Cloud SQL, back up
and is used internally by the marketing your local data, and restore it to the new instance.
department at Cymbal Superstore HQ. The
C. Configure a Compute Engine VM with an N2 machine type,
sales department asks you to migrate the
install MySQL, and restore your data to the new instance.
database to Google Cloud in the most
timely and economical way. D. Use gcloud to implement a Compute Engine instance with
an E2-standard-8 machine type, install, and configure
What should you do? MySQL.
The backend of Cymbal Superstore’s A. Create a new instance template. Click Update VMs. Set
e-commerce system consists of managed the update type to Opportunistic. Click Start.
instance groups. You need to update the B. Create a new instance template, then click Update VMs.
operating system of the instances in an Set the update type to PROACTIVE. Click Start.
automated way using minimal resources.
C. Create a new instance template. Click Update VMs. Set
max surge to 5. Click Start.
D. Abandon each of the instances in the managed instance
What should you do? group. Delete the instance template, replace it with a new
one, and recreate the instances in the managed group.
Deploying and implementing
3.1 Compute Engine resources
Google Cloud Fundamentals: Core Infrastructure Compute Engine documentation |

● M3 Virtual Machines in the Cloud Compute Engine Documentation
Creating managed instance groups |
Compute Engine Documentation
● M3 Virtual Machines ● M3 Virtual Machines
● M9 Load Balancing and
Autoscaling = Elastic Google Cloud Infrastructure:
Scaling and Automation
● M10 Infrastructure ● M2 Load Balancing
Automation and Autoscaling
● M3 Infrastructure Automation
The development team for the supply A. Implement an autopilot cluster in us-central1-a with a
chain project is ready to start building default pool and an Ubuntu image.
their new cloud app using a small B. Implement a private standard zonal cluster in us-central1-a
Kubernetes cluster for the pilot. The with a default pool and an Ubuntu image.
cluster should only be available to team
C. Implement a private standard regional cluster in
members and does not need to be highly
us-central1 with a default pool and container-optimized
available. The developers also need the
image type.
ability to change the cluster architecture
as they deploy new capabilities. D. Implement an autopilot cluster in us-central1 with an
Ubuntu image type.
How would you implement this?
Deploying and Implementing
3.2 Google Kubernetes Engine resources
Types of clusters | Kubernetes

Engine Documentation
Core Infrastructure Google Cloud
● M5 Containers in the Cloud Set Up and Configure a

Cloud Environment in
Getting Started with Google Google Cloud Quest
Kubernetes Engine
● M2 Introduction to Containers
and Kubernetes
● M3 Kubernetes Architecture
You need to quickly deploy a containerized A. App Engine Flexible

web application on Google Cloud. You know B. App Engine Standard
the services you want to be exposed. You
C. Cloud Run
do not want to manage infrastructure. You
only want to pay when requests are being D. Cloud Functions
handled and need support for custom
packages.
What technology meets these needs?

You need to analyze and act on files being A. --trigger-event google.storage.object.finalize

added to a Cloud Storage bucket. Your B. --trigger-event google.storage.object.create
programming team is proficient in Python.
C. --trigger-event google.storage.object.change
The analysis you need to do takes at most
5 minutes. You implement a Cloud Function D. --trigger-event google.storage.object.add
to accomplish your processing and specify
a trigger resource pointing to your bucket.
How should you configure the

--trigger-event parameter using gcloud?
Deploying and implementing Cloud Run
3.3 and Cloud Functions resources

Choose an App Engine
● M6 Applications in the Cloud environment | App Engine
● M7 Developing, Deploying, and Monitoring in the Cloud Documentation
Application Hosting Options
Cloud Run: What no one tells you
about Serverless (and how it's
done)
Learn Cloud Functions in a snap!
Cloud Functions
You require a Cloud Storage bucket serving A. Run a gcloud mb command specifying the name of the
users in New York City. There is a need for bucket and accepting defaults for the other mb settings.
geo-redundancy. You do not plan B. Run a gsutil mb command specifying a multi-regional
on using ACLs. location and an option to turn ACL evaluation off.
C. Run a gsutil mb command specifying a dual-region
bucket and an option to turn ACL evaluation off.
What CLI command do you use? D. Run a gsutil mb command specifying a dual-region
bucket and accepting defaults for the other mb settings.
Cymbal Superstore asks you to implement Cloud A. --availability-type

SQL as a database backend to their supply chain B. --replica-type
application. You want to configure automatic failover
C. --secondary-zone
in case of a zone outage. You decide to use the
gcloud sql instances create command set to D. --master-instance-name
accomplish this.
Which gcloud command line argument is required

to configure the stated failover capability as you
create the required instances?
Cymbal Superstore’s marketing A. Implement a bq load command in a command line script

department needs to load some slowly and schedule it with cron.
changing data into BigQuery. The data B. Read the data from your bucket by using the BigQuery
arrives hourly in a Cloud Storage bucket. streaming API in a program.
You want to minimize cost and implement
C. Create a Cloud Function to push data to BigQuery through
this in the fewest steps.
a Dataflow pipeline.
D. Use the BigQuery data transfer service to schedule a
What should you do?
transfer between your bucket and BigQuery.
3.4 data solutions
Google Cloud Fundamentals: Creating storage buckets | Cloud
Core Infrastructure Storage
● M4 Storage in the Cloud Google Cloud
What is Cloud Storage?
● M8 Big Data and Machine Learning Perform Foundational
Cloud SQL for MySQL features
in the Cloud Infrastructure Tasks in
Google Cloud Quest Creating instances | Cloud SQL for
MySQL
Compute Engine How to load, import, or ingest data
into BigQuery for analysis
● M5 Storage and
Database Services Google Cloud
Introduction to loading data |
BigQuery
= Set Up and Configure a
Google Cloud Quest
● M2 Storage and
Database Services
Which Virtual Private Cloud (VPC) network A. Default Project network

type allows you to fully control IP ranges B. Auto mode network
and the definition of regional subnets? C. Custom mode network
D. An auto mode network converted to a custom network
3.5 networking resources
VPC network overview

Compute Engine Google Cloud
● M2 Virtual Networks Set Up and Configure a

= Google Cloud Quest

Infrastructure: Foundation
● M2 Virtual Networks
What action does the terraform A. Downloads the latest version of the terraform provider.
apply command perform? B. Verifies syntax of terraform config file.
C. Shows a preview of resources that will be created.
D. Sets up resources requested in the terraform config file.
Implementing resources via
3.7 infrastructure as code
Architecting with Google Elastic Google Cloud Infrastructure: Introduction

Compute Engine Scaling and Automation Using Terraform with Google Cloud
● M10 Infrastructure
Automation
= ● M3 Infrastructure
Automation
Section 4:
Ensuring successful
operation of a cloud
solution
A. gcloud compute snapshots list

You want to view a description of your
available snapshots using the command B. gcloud snapshots list
line interface (CLI). What gcloud C. gcloud compute snapshots get
command should you use?
D. gcloud compute list snapshots
You have a scheduled snapshot you A. Delete the downstream incremental snapshots before
are trying to delete, but the operation deleting the main reference.
returns an error. B. Delete the object the snapshot was created from.
C. Detach the snapshot schedule before deleting it.
What should you do to resolve
this problem? D. Restore the snapshot to a persistent disk before deleting it.
A. Defining Health checks.

Which of the following tasks are part of
the process when configuring a B. Providing Number of instances.
managed instance group? (Pick two.) C. Specifying Persistent disks.
D. Choosing instance Machine type.
E. Configuring the operating system.
Managing Compute
4.1
Engine resources Documentation
Working with persistent disk

Courses
snapshots | Compute Engine
Documentation
Google Cloud Fundamentals: Core Infrastructure Working with persistent disk
● M3 Virtual Machines in the Cloud snapshots | Compute Engine
Documentation
Persistent disk snapshots | Compute
Architecting with Google Essential Google Cloud Engine Documentation
Compute Engine Infrastructure: Foundation Instance templates | Compute Engine
● M3 Virtual Machines ● M3 Virtual Machines Documentation
● M9 Load Balancing Instance groups | Compute Engine
and Autoscaling = Elastic Google Cloud Infrastructure:
Scaling and Automation Documentation
and Autoscaling
Cymbal Superstore’s GKE cluster requires an A. Annotate your ingress object with an ingress.class of “gce.”
internal http(s) load balancer. You are B. Configure your service object with a type: LoadBalancer.
creating the configuration files required
C. Annotate your service object with a neg reference.
for this resource.
D. Implement custom static routes in your VPC.
What is the proper setting for this scenario?

A. Pod templates
What Kubernetes object provides
access to logic running in your cluster B. Pods
via endpoints that you define? C. Services
D. Deployments
A. kubectl apply
What is the declarative way to initialize B. kubectl create
and update Kubernetes objects?
C. kubectl replace
D. kubectl run
Documentation
Managing Google Kubernetes
4.2 Engine resources Ingress for Internal HTTP(S) Load
Balancing
Ingress for External HTTP(S) Load
Balancing
Configuring Ingress for external
load balancing
Courses Skill Badges
Configuring Ingress for Internal
HTTP(S) Load Balancing
Google Cloud Fundamentals: Core GKE overview | Kubernetes Engine
Infrastructure Google Cloud Documentation
● M5 Containers in the Cloud Pod | Kubernetes Engine
Cloud Environment in Documentation
Getting Started with Google
Google Cloud Quest Deployment | Kubernetes Engine
Kubernetes Engine
Documentation
● M3 Kubernetes Architecture
● M4 Introduction to Kubernetes Services | Kubernetes Engine
Workloads Documentation
Overview of deploying workloads |
Kubernetes Engine Documentation
Kubernetes Object Management
You have a Cloud Run service with a A. Set Min instances.

database backend. You want to limit B. Set Max instances.
the number of connections to
C. Set CPU Utilization.
your database.
D. Set Concurrency settings.
What should you do?

4.3 Managing Cloud Run resources
Google Cloud Fundamentals: Core Infrastructure About container instance

● M6 Applications in the Cloud autoscaling | Cloud Run
Documentation
You want to implement a lifecycle rule A. Age

that changes your storage type from B. CreatedBefore
standard to nearline after a specific date.
C. MatchesStorageClass
D. IsLive
What conditions should you use?
E. NumberofNewerVersions
(Pick two.)
4.4 Managing storage and database solutions
Object Lifecycle Management |

Architecting with Google Essential Google Cloud Cloud Storage
Compute Engine Infrastructure: Core Services
● M5 Storage and
Database Services
= ● M2 Storage and
Database Services
Cymbal Superstore has a subnetwork A. gcloud compute networks subnets expand-ip-range

called mysubnet with an IP range of mysubnet --region us-central1 --prefix-length 20
10.1.2.0/24. You need to expand this B. gcloud networks subnets expand-ip-range mysubnet
subnet to include enough IP addresses --region us-central1 --prefix-length 21
for at most 2000 new users or devices.
C. gcloud compute networks subnets expand-ip-range
mysubnet --region us-central1 --prefix-length 21
D. gcloud compute networks subnets expand-ip-range
What should you do?
mysubnet --region us-cetnral1 --prefix-length 22
4.5 Managing networking resources
Architecting with Google Essential Google Cloud gcloud compute networks

Compute Engine Infrastructure: Foundation subnets expand-ip-range
● M2 Virtual Networks = ● M2 Virtual Networks Using VPC networks
Cymbal Superstore’s supply chain A. Choose resource type of VM instance

management system has been and metric of CPU load, condition
deployed and is working well. You are trigger if any time series violates,
tasked with monitoring the system’s condition is below, threshold is .60, for 5 minutes.
resources so you can react quickly to B. Choose resource type of VM instance and metric of CPU utilization,
any problems. You want to ensure the condition trigger all time series violates, condition is above,
CPU usage of each of your Compute threshold is .60 for 5 minutes.
Engine instances in us-central1 remains
C. Choose resource type of VM instance, and metric of CPU utilization,
below 60%. You want an incident
condition trigger if any time series violates, condition is below,
created if it exceeds this value for 5
threshold is .60 for 5 minutes.
minutes. You need to configure the
proper alerting policy for this scenario. D. Choose resource type of VM instance and metric of CPU utilization,
condition trigger if any time series violates, condition is above,
threshold is .60 for 5 minutes.
What should you do?
4.6 Monitoring and logging
Managing metric-based alerting

Architecting with Google policies | Cloud Monitoring
Compute Engine Google Cloud
Introduction to alerting | Cloud
● M7 Resource Monitoring Perform Foundational Monitoring
Infrastructure Tasks in
= Google Cloud Quest

● M4 Resource Monitoring Google Cloud

Google Cloud Quest
Section 5:
Configuring access and
security
You need to configure access to Cloud A. Assign permissions to a Google account referenced
Spanner from the GKE cluster that is by the application.
supporting Cymbal Superstore’s B. Assign permissions through a Google Workspace
ecommerce microservices application. account referenced by the application.
You want to specify an account type to
C. Assign permissions through service account
set the proper permissions.
referenced by the application.
D. Assign permissions through a Cloud Identity account
What should you do? referenced by the application.
You are trying to assign roles to the dev and A. Ask your administrator for
prod projects of Cymbal Superstore’s resourcemanager.projects.setIamPolicy roles for
e-commerce app but are receiving an error each project.
when you try to run set-iam policy. The B. Ask your administrator for the
projects are organized into an ecommerce roles/resourcemanager.folderIamAdmin for the
folder in the Cymbal Superstore organizational ecommerce folder.
hierarchy. You want to follow best practices for
C. Ask your administrator for the
the permissions you need while respecting the
roles/resourcemanager.organizationAdmin for
practice of least privilege.
Cymbal Superstore.
What should you do? D. Ask your administrator for the

roles/iam.securityAdmin role in IAM.
You have a custom role implemented for A. Make the change to the custom role locally
administration of the dev/test environment for and run an update on the custom role.
Cymbal Superstore’s transportation B. Delete the custom role and recreate a new
management application. You are developing a custom role with required permissions.
pilot to use Cloud Run instead of Cloud
C. Copy the existing role, add the new
Functions. You want to ensure your
permissions to the copy, and delete the old
administrators have the correct access to the
role.
new resources.
D. Create a new role with needed permissions
and migrate users to it.
What should you do?
Managing Identity and
5.1 Access Management (IAM)
Google Cloud Fundamentals: Overview | Cloud IAM

Core Infrastructure Documentation
● M2 Getting Starting with Preparing a Google Kubernetes
Google Cloud
Google Cloud
Engine environment for production
Architecting with Google Set Up and Configure a

Compute Engine Cloud Environment in
● M4 Identity and Access Google Cloud Quest
Management (IAM)
=
● M1 Identity and Access
Management (IAM)
A. To directly access user data

Which of the scenarios below is an
example of a situation where you B. For development environments
should use a service account? C. For interactive analysis
D. For individual GKE pods
Cymbal Superstore is implementing a mobile A. API key

app for end users to track deliveries that are en
B. OAuth 2.0 client
route to them. The app needs to access data
about truck location from Pub/Sub using C. Environment provided service account
Google recommended practices. D. Service account key
What kind of credentials should you use?

5.2 Managing service accounts
Google Cloud Fundamentals: Core Infrastructure Authenticating as a service

● M2 Getting Starting with Google Cloud account | Authentication
Authentication overview

● M4 Identity = ● M1 Identity and Access
and Access Management (IAM)
Management (IAM)
A. Admin Activity audit logs

Which Cloud Audit log is disabled by
default with a few exceptions? B. Data Access audit logs
C. System Event audit logs
D. Policy Denied audit logs
You are configuring audit logging for A. Admin Activity log entries
Cloud Storage. You want to know when
B. ADMIN_READ log entries
objects are added to a bucket.
C. DATA_READ log entries
Which type of audit log entry D. DATA_WRITE log entries

should you monitor?
5.3 Viewing audit logs
Google Cloud Fundamentals: Core Infrastructure Cloud Audit Logs overview |

● M7 Deployment and Monitoring Cloud Logging
Cloud Audit Logs with Cloud
Storage
● M7 Resource = ● M4 Resource Monitoring
Monitoring
When will you take the exam?
Plan time How many weeks do you have to

prepare?
to prepare How many hours will you spend

preparing for the exam each week?
How many total hours will you

prepare?
Example 6-week plan
Week 1 Week 2 Week 3 Week 4 Week 5 Week 6
Google Cloud Create and Architecting with Set up and Getting started Sample questions
Fundamentals: Manage Cloud Compute Engine configure a cloud with GKE
Core Resources environment
Infrastructure Skill Badge Skill Badge Automating Review
Infrastructure on documentation
Foundational Google Cloud with
Infrastructure Terraform
Skill Badge Skill Badge
Weekly study plan
Now, consider what you’ve learned about your knowledge and skills
through the diagnostic questions in this course. You should have a
better understanding of what areas you need to focus on and what
resources are available.
Use the template that follows to plan your study goals for each week.
Consider:
● What exam guide section(s) or topic area(s) will you focus on?
● What courses (or specific modules) will help you learn more?
● What Skill Badges or labs will you work on for hands-on practice?
● What documentation links will you review?
● What additional resources will you use - such as sample
questions?
You may do some or all of these study activities each week.
Duplicate the weekly template for the number of weeks in your

individual preparation journey.
Weekly study template (example)
Area(s) of focus: Configuring access using IAM
Courses/modules Google Cloud Fundamentals: Core Infrastructure, Module 2 Getting Started with Google Cloud
to complete: Architecting with Google Compute Engine, Module 4 Cloud IAM
Skill Badges/labs Set Up and Configure a Cloud Environment in Google Cloud Quest
to complete:
Documentation https://cloud.google.com/iam/docs/overview
https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#managing_identity_and_access
to review: https://cloud.google.com/iam/docs/creating-custom-roles
https://cloud.google.com/docs/authentication/production#automatically
https://cloud.google.com/docs/authentication/
Additional study: Sample questions 1-5

Weekly study template
Area(s) of focus:
Courses/modules
to complete:
Skill Badges/labs
to complete:
Documentation
to review:
Additional study:

ACE Workbook v2.0

Uploaded by

Copyright:

Available Formats

ACE Workbook v2.0

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ACE Workbook v2.0

Uploaded by

Copyright:

Available Formats

Preparing for Your

2 Planning and configuring a cloud solution

3 Deploying and implementing a cloud solution

4 Ensuring successful operation of a cloud solution

5 Configuring access and security

A. Organization, Project, Resource, Folder.

A. The Project ID.

The Operations Department at Cymbal A. compute.images.list

Which two permissions will they receive?

Courses Skill Badges Documentation

Google Cloud Fundamentals: Overview | Cloud IAM Documentation

A. Set up Cloud Billing to pay for usage costs in Google

Google Cloud Fundamentals: Core Infrastructure

A. Google Cloud Console

You want to use the Cloud Shell to copy A. gcloud

Courses Skill Badges Documentation

Google Cloud Pricing Calculator

How do you proceed?

An application running on a A. Create Compute Engine Virtual Machines and

You want to deploy a microservices A. Cloud Run

Which compute option should you use?

Google Cloud Fundamentals: Getting Started with Google

● M6 Applications in the Cloud

Architecting with Google Essential Google Cloud Documentation

Cymbal Superstore needs to analyze whether A. BigQuery

What data solution should they implement?

Cymbal Superstore’s supply chain A. Multi-regional

What storage class would make

Cymbal Superstore has a need to populate visual A. BigQuery

Courses Skill Badges Documentation

Cloud Storage Options

Cymbal Superstore is piloting an A. Implement a premium tier pass-through

Google Cloud Fundamentals: Core Infrastructure

Architecting with Google Essential Google Cloud

Google Cloud Fundamentals: Core Infrastructure Compute Engine documentation |

Courses Skill Badges Documentation

Types of clusters | Kubernetes

● M5 Containers in the Cloud Set Up and Configure a

You need to quickly deploy a containerized A. App Engine Flexible

What technology meets these needs?

You need to analyze and act on files being A. --trigger-event google.storage.object.finalize

How should you configure the

Google Cloud Fundamentals: Core Infrastructure

Cymbal Superstore asks you to implement Cloud A. --availability-type

Which gcloud command line argument is required

Cymbal Superstore’s marketing A. Implement a bq load command in a command line script

Which Virtual Private Cloud (VPC) network A. Default Project network

Courses Skill Badges Documentation

VPC network overview

● M2 Virtual Networks Set Up and Configure a

Essential Google Cloud

Architecting with Google Elastic Google Cloud Infrastructure: Introduction

A. gcloud compute snapshots list

A. Defining Health checks.

Working with persistent disk

What is the proper setting for this scenario?

You have a Cloud Run service with a A. Set Min instances.

What should you do?

Google Cloud Fundamentals: Core Infrastructure About container instance

You want to implement a lifecycle rule A. Age