ACE Workbook v2.0
ACE Workbook v2.0
ACE Workbook v2.0
Course Workbook
Certification Exam Guide Sections
1 Setting up a cloud solution environment
Stella is a new member of a team in your company who has A. Assign Stella a roles/compute.viewer role.
been put in charge of monitoring VM instances in the B. Assign Stella compute.instances.get permissions on all of
organization. Stella will need the required permissions to the projects she needs to monitor.
perform this role.
C. Add Stella to a Google Group in your organization. Bind
that group to roles/compute.viewer.
D. Assign the “viewer” policy to Stella.
How should you grant her those permissions?
1.1 Diagnostic Question 02
Jane will manage objects in Cloud Storage for A. Assign Jane the roles/storage.objectCreator on every project.
the Cymbal Superstore. She needs to have access B. Assign Jane the roles/viewer on each project and the
to the proper permissions for every project across roles/storage.objectCreator for each bucket.
the organization.
C. Assign Jane the roles/editor at the organizational level.
D. Add Jane to a group that has the roles/storage.objectAdmin role
assigned at the organizational level.
What should you do?
1.1 Diagnostic Question 05
You need to add new groups of employees in A. Grant the most restrictive basic role to most services, grant predefined
Cymbal Superstore’s production environment. or custom roles as necessary.
You need to consider Google’s recommendation B. Grant predefined and custom roles that provide necessary permissions
of using least privilege. and grant basic roles only where needed.
C. Grant the least restrictive basic roles to most services and grant
predefined and custom roles only when necessary.
What should you do?
D. Grant custom roles to individual users and implement basic roles at the
resource level.
1.1 Diagnostic Question 06
=
Essential Google Cloud Infrastru
cture: Core Services
● M1 IAM
1.2 Diagnostic Question 07
How are billing accounts applied to projects A. Set up Cloud Billing to pay for usage costs in Google Cloud
in Google Cloud? (Pick two.) projects and Google Workspace accounts.
B. A project and its resources can be tied to more than one billing
account.
C. A billing account can be linked to one or more projects.
D. A project and its resources can only be tied to one billing
account.
E. If your project only uses free resources you don’t need a link
to an active billing account.
1.2 Diagnostic Question 08
Fiona is the billing administrator for the project A. Change the budget alert default threshold rules to include
associated with Cymbal Superstore’s Jeffrey as a recipient.
eCommerce application. Jeffrey, the marketing B. Use Cloud Monitoring notification channels to send Jeffrey an
department lead, wants to receive emails related email alert.
to budget alerts. Jeffrey should have access to
C. Add Jeffrey and Fiona to the budget scope custom email
no additional billing information.
delivery dialog.
D. Send alerts to a Pub/Sub topic that Jeffrey is subscribed to.
What should you do?
1.2 Managing billing configuration
Courses Documentation
Pick two choices that provide a command line A. Google Cloud console
interface to Google Cloud. B. Cloud Shell
C. Cloud Mobile App
D. Cloud SDK
1.3 Diagnostic Question 10
● M2 Getting Starting with Google Cloud Google Cloud Managing Cloud SDK components | Cloud S
DK Documentation
Google Cloud Create and Manage Perform Foundational Infrastructure
Cloud Resource Quest Tasks in
Google Cloud Quest gcloud | Cloud SDK Documentation
Architecting with Google Comp
ute Engine Using the bq command-line tool | BigQuery
● M1 Getting Started gsutil tool | Cloud Storage
with Google Cloud
=
Essential Google Cloud Infrastru
cture: Core Services
● M1 Introduction to Google
Cloud
Section 2:
Planning and configuring a
cloud solution
2.1 Diagnostic Question 01
The projected amount of cloud storage A. Use the pricing calculator to estimate the
required for Cymbal Superstore to enable costs for 10 TB of regional Standard storage, 30 TB of
users to post pictures for project reviews is regional Coldline storage, and egress charges for
10 TB of immediate access storage in the reads from storage.
US and 30 TB of storage for historical posts B. Use the pricing calculator to estimate the price for 10 TB of regional Standard
in a bucket located near Cymbal storage, 30 TB of regional Nearline storage, and ingress charges for posts to
Superstore’s headquarters. The contents of the bucket.
this bucket will need to be accessed once
C. Use the pricing calculator to estimate the price for 10 TB of multi-region
every 30 days. You want to estimate the cost
Standard storage, 30 TB for regional Coldline storage, and ingress charges for
of these storage resources to ensure this is
posts to the bucket.
economically feasible.
D. Use the pricing calculator to estimate the price for 10 TB of multi-region
Standard storage, 30 TB for regional Nearline, and egress charges for reads
What should you do? from the bucket.
Planning and estimating using
2.1 the Pricing Calculator
Courses Documentation
Cymbal Superstore decides to migrate their A. Implement an application using containers on Cloud Run.
supply chain application to Google Cloud. You B. Implement an application using code on App Engine.
need to configure specific operating system
C. Implement an application using containers on Google Kubernetes
dependencies.
Engine.
What should you do? D. Implement an application using virtual machines on Compute
Engine.
2.2 Diagnostic Question 03
Cymbal Superstore decides to pilot a cloud A. SSH into a Compute Engine VM and execute your code.
application for their point of sale system in B. Package your code to a container image and post it to Cloud Run.
their flagship store. You want to focus on
C. Implement a deployment manifest and run kubectl apply on
code and develop your solution quickly, and
it in Google Kubernetes Engine.
you want your code to be portable.
D. Code your solution in Cloud Functions.
Google Cloud Fundamentals: Core Inf Getting Started with Google Kubernetes E
rastructure ngine Google Cloud
Set Up and Configure a Cloud
● M3 Virtual Machines in the Cloud ● M2 Introduction to Containers and Environment in Google Clou
● M5 Containers in the Cloud d Quest
Kubernetes
● M6 Applications in the Cloud
=
Essential Google Cloud Infrastructure:
Core Services
● M2 Storage and
Database Services
2.4 Diagnostic Question 09
Courses Documentation
Cymbal Superstore’s sales department has a A. Find a MySQL machine image in Cloud Marketplace and
medium-sized MySQL database. This database configure it to meet your needs.
includes user-defined functions and is used B. Implement a database instance using Cloud SQL, back up your
internally by the marketing department at local data, and restore it to the new instance.
Cymbal Superstore HQ. The sales department
C. Configure a Compute Engine VM with an N2 machine type,
asks you to migrate the database to Google
install MySQL, and restore your data to the new instance.
Cloud in the most timely and economical way.
D. Use gcloud to implement a Compute Engine instance with an E2-
standard-8 machine type, install, and configure MySQL.
What should you do?
3.1 Diagnostic Question 02
The backend of Cymbal Superstore’s e- A. Create a new instance template. Click Update VMs. Set the
commerce system consists of managed instance update type to Opportunistic. Click Start.
groups. You need to update the operating system B. Create a new instance template, then click Update VMs. Set the
of the instances in an automated way using update type to PROACTIVE. Click Start.
minimal resources.
C. Create a new instance template. Click Update VMs. Set max
surge to 5. Click Start.
D. Abandon each of the instances in the managed instance group.
What should you do? Delete the instance template, replace it with a new one, and
recreate the instances in the managed group.
Deploying and implementing
3.1 Compute Engine resources
Courses Documentation
The development team for the supply chain A. Implement an autopilot cluster in us-central1-a with a default pool
project is ready to start building their new and an Ubuntu image.
cloud app using a small Kubernetes cluster for B. Implement a private standard zonal cluster in us-central1-a with a
the pilot. The cluster should only be available default pool and an Ubuntu image.
to team members and does not need to be
C. Implement a private standard regional cluster in us-central1 with a
highly available. The developers also need the
default pool and container-optimized image type.
ability to change the cluster architecture as
they deploy new capabilities. D. Implement an autopilot cluster in us-central1 with an Ubuntu
image type.
You need to quickly deploy a containerized web A. App Engine flexible environment
application on Google Cloud. You know the B. App Engine standard environment
services you want to be exposed. You do not
C. Cloud Run
want to manage infrastructure. You only want to
pay when requests are being handled and need D. Cloud Functions
support for custom packages.
You need to analyze and act on files being added A. --trigger-event google.storage.object.finalize
to a Cloud Storage bucket. Your programming B. --trigger-event google.storage.object.create
team is proficient in Python. The analysis you
C. --trigger-event google.storage.object.change
need to do takes at most 5 minutes. You
implement a Cloud Function to accomplish your D. --trigger-event google.storage.object.add
processing and specify a trigger resource
pointing to your bucket.
Courses Documentation
You require a Cloud Storage bucket serving A. Run a gcloud mb command specifying the name of the bucket and
users in New York City. There is a need for geo- accepting defaults for the other mb settings.
redundancy. You do not plan on using B. Run a gsutil mb command specifying a multi-regional location
ACLs. and an option to turn ACL evaluation off.
C. Run a gsutil mb command specifying a dual-region bucket and an
option to turn ACL evaluation off.
What CLI command do you use? D. Run a gsutil mb command specifying a dual-region bucket and
accepting defaults for the other mb settings.
3.4 Diagnostic Question 07
Cymbal Superstore’s marketing department A. Implement a bq load command in a command line script and
needs to load some slowly changing data into schedule it with cron.
BigQuery. The data arrives hourly in a Cloud B. Read the data from your bucket by using the BigQuery streaming
Storage bucket. You want to minimize cost and API in a program.
implement this in the fewest steps.
C. Create a Cloud Function to push data to BigQuery through a
Dataflow pipeline.
D. Use the BigQuery data transfer service to schedule a transfer
What should you do?
between your bucket and BigQuery.
Deploying and implementing data
3.4 solutions
Architecting with Google Compute En How to load, import, or ingest data into
gine BigQuery for analysis
● M5 Storage and
Database Services Introduction to loading data | BigQuery
Google Cloud
What action does the terraform A. Downloads the latest version of the terraform provider.
apply command perform? B. Verifies syntax of terraform config file.
C. Shows a preview of resources that will be created.
D. Sets up resources requested in the terraform config file.
Implementing resources via
3.7 infrastructure as code
Courses Documentation
Architecting with Google Compu Elastic Google Cloud Infrastructure: Scali Introduction
te Engine ng and Automation Using Terraform with Google Cloud
● M10 Infrastructure
Automation
= ● M3 Infrastructure Automation
Section 4:
Ensuring successful operation
of a cloud solution
4.1 Diagnostic Question 01
You have a scheduled snapshot you are A. Delete the downstream incremental snapshots before deleting the
trying to delete, but the operation returns main reference.
an error. B. Delete the object the snapshot was created from.
What should you do to resolve C. Detach the snapshot schedule before deleting it.
this problem? D. Restore the snapshot to a persistent disk before deleting it.
4.1 Diagnostic Question 03
Courses
Working with persistent disk snapshots |
Compute Engine Documentation
Google Cloud Fundamentals: Core Infrastructure
● M3 Virtual Machines in the Cloud
Working with persistent disk snapshots |
Compute Engine Documentation
Persistent disk snapshots | Compute Engin
Architecting with Google Compu Essential Google Cloud Infrastructure: e Documentation
te Engine Foundation
Instance templates | Compute Engine Doc
● M3 Virtual Machines ● M3 Virtual Machines umentation
● M9 Load Balancing
Elastic Google Cloud Infrastructure: Sc
and Autoscaling = aling and Automation Instance groups | Compute Engine Docum
● M2 Load Balancing entation
and Autoscaling
4.2 Diagnostic Question 04
Cymbal Superstore’s GKE cluster requires an internal A. Annotate your ingress object with an ingress.class of “gce.”
http(s) load balancer. You are B. Configure your service object with a type: LoadBalancer.
creating the configuration files required for
C. Annotate your service object with a neg reference.
this resource.
D. Implement custom static routes in your VPC.
A. Pod templates
What Kubernetes object provides access to
logic running in your cluster via endpoints B. Pods
that you define? C. Services
D. Deployments
4.2 Diagnostic Question 06
A. kubectl apply
What is the declarative way to initialize and B. kubectl create
update Kubernetes objects?
C. kubectl replace
D. kubectl run
Managing Google Kubernetes Documentation
Google Cloud Fundamentals: Core Infrastruct Configuring Ingress for Internal HTTP(S
ure ) Load Balancing
Google Cloud
Courses Documentation
Courses Documentation
Cymbal Superstore has a subnetwork called A. gcloud compute networks subnets expand-ip-range mysubnet --
mysubnet with an IP range of 10.1.2.0/24. You region us-central1 --prefix-length 20
need to expand this subnet to include enough B. gcloud networks subnets expand-ip-range mysubnet --region us-
IP addresses for at most 2000 new users or central1 --prefix-length 21
devices.
C. gcloud compute networks subnets expand-ip-range mysubnet --
region us-central1 --prefix-length 21
D. gcloud compute networks subnets expand-ip-range mysubnet --
What should you do?
region us-cetnral1 --prefix-length 22
4.5 Managing networking resources
Courses Documentation
Architecting with Google Compu Essential Google Cloud Infrastructure: Fo gcloud compute networks subnets exp
te Engine undation and-ip-range
● M2 Virtual Networks
= ● M2 Virtual Networks
Using VPC networks
4.6 Diagnostic Question 10
You need to configure access to Cloud A. Assign permissions to a Google account referenced by the
Spanner from the GKE cluster that is application.
supporting Cymbal Superstore’s ecommerce B. Assign permissions through a Google Workspace account
microservices application. You want to referenced by the application.
specify an account type to set the proper
C. Assign permissions through service account referenced by
permissions.
the application.
D. Assign permissions through a Cloud Identity account
What should you do?
referenced by the application.
5.1 Diagnostic Question 02
You are trying to assign roles to the dev and prod A. Ask your administrator for
projects of Cymbal Superstore’s e-commerce app but resourcemanager.projects.setIamPolicy roles for each
are receiving an error when you try to run set-iam project.
policy. The projects are organized into an ecommerce B. Ask your administrator for the
folder in the Cymbal Superstore organizational roles/resourcemanager.folderIamAdmin for the ecommerce
hierarchy. You want to follow best practices for the folder.
permissions you need while respecting the practice of
C. Ask your administrator for the
least privilege.
roles/resourcemanager.organizationAdmin for Cymbal
Superstore.
What should you do? D. Ask your administrator for the roles/iam.securityAdmin role
in IAM.
5.1 Diagnostic Question 03
You have a custom role implemented for A. Make the change to the custom role locally and run
administration of the dev/test environment for an update on the custom role.
Cymbal Superstore’s transportation management B. Delete the custom role and recreate a new custom
application. You are developing a pilot to use Cloud role with required permissions.
Run instead of Cloud Functions. You want to ensure
C. Copy the existing role, add the new permissions to
your administrators have the correct access to the
the copy, and delete the old role.
new resources.
D. Create a new role with needed permissions and
migrate users to it.
What should you do?
Managing Identity and
5.1 Access Management (IAM)
=
Essential Google Cloud Infrastru
cture: Core Services
● M1 Identity and Access
Management (IAM)
5.2 Diagnostic Question 04
Courses Documentation
You are configuring audit logging for Cloud A. Admin Activity log entries
Storage. You want to know when objects are
B. ADMIN_READ log entries
added to a bucket.
C. DATA_READ log entries
Courses Documentation
Google Cloud Create and Manage Architecting with Set up and configure Getting started with Sample questions
Fundamentals: Core Cloud Resources Compute Engine a cloud environment GKE
Infrastructure Skill Badge Skill Badge
Automating Review
Foundational Infrastructure on documentation
Infrastructure Google Cloud with
Skill Badge Terraform
Skill Badge
Weekly study plan
Now, consider what you’ve learned about your knowledge and skills through
the diagnostic questions in this course. You should have a better
understanding of what areas you need to focus on and what resources are
available.
Use the template that follows to plan your study goals for each week.
Consider:
● What exam guide section(s) or topic area(s) will you focus on?
● What courses (or specific modules) will help you learn more?
● What Skill Badges or labs will you work on for hands-on practice?
● What documentation links will you review?
● What additional resources will you use - such as sample questions?
You may do some or all of these study activities each week.
Duplicate the weekly template for the number of weeks in your individual
preparation journey.
Weekly study template (example)
Area(s) of focus: Configuring access using IAM
Courses/modules Google Cloud Fundamentals: Core Infrastructure, Module 2 Getting Started with Google Cloud
to complete: Architecting with Google Compute Engine, Module 4 IAM
Skill Badges/labs Set Up and Configure a Cloud Environment in Google Cloud Quest
to complete:
Documentation https://cloud.google.com/iam/docs/overview
https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#managing_identity_and_access
to review: https://cloud.google.com/iam/docs/creating-custom-roles
https://cloud.google.com/docs/authentication/production#automatically
https://cloud.google.com/docs/authentication/
Courses/modules
to complete:
Skill Badges/labs
to complete:
Documentation
to review:
Additional study: