Online Access Free Google.Associate-Cloud-Engineer.v2025-11-11.q153 Practice Test (Page 15)

Associate-Cloud-Engineer Exam Question 66

You are working for a hospital that stores Its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

A.Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval

B.In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket

C.Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage Schedule the script as a cron job

D.Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub lope

Associate-Cloud-Engineer Exam Question 67

(You have an application running inside a Compute Engine instance. You want to provide the application with secure access to a BigQuery dataset. You must ensure that credentials are only valid for a short period of time, and your application will only have access to the intended BigQuery dataset. You want to follow Google-recommended practices and minimize your operational costs. What should you do?)

A.Attach a custom service account to the instance, and grant the service account the BigQuery Data Viewer IAM role on the project.

B.Attach a new service account to the instance every hour, and grant the service account the BigQuery Data Viewer IAM role on the dataset.

C.Attach a custom service account to the instance, and grant the service account the BigQuery Data Viewer IAM role on the dataset.

D.Attach a new service account to the instance every hour, and grant the service account the BigQuery Data Viewer IAM role on the project.

Correct Answer: C

Comprehensive and Detailed In Depth Explanation:
The core requirements are secure access to a specific BigQuery dataset from a Compute Engine instance, using short-lived credentials, adhering to Google's best practices, and minimizing operational overhead.
A: Project-level IAM role: Granting the BigQuery Data Viewer role at the project level gives the service account broad access to all BigQuery datasets within that project. This violates the principle of least privilege, a fundamental security best practice, as the application should only have access to the designated dataset.
B: Hourly new service account with dataset-level role: While this aims to achieve short-lived credentials, the operational burden of creating, attaching, and managing IAM policies for a new service account every hour is significant and not a Google-recommended practice for routine access. It introduces unnecessary complexity and potential for errors.
C: Custom service account with dataset-level IAM role: This is the recommended and most efficient approach. You create a dedicated Google Cloud service account specifically for this application. You then grant this service account the necessary IAM role (e.g., BigQuery Data Viewer, or a more specific custom role) directly on the target BigQuery dataset. When the Compute Engine instance runs as this service account, the Google Cloud client libraries automatically handle the acquisition and rotation of short-lived OAuth 2.0 access tokens from the instance's metadata server. This eliminates the need to manage long-lived credentials (like service account keys) and ensures the application only has access to the intended dataset. This adheres to the principle of least privilege and minimizes operational costs.
D: Hourly new service account with project-level role: This option combines the high operational overhead of frequently creating new service accounts with the security risk of granting overly permissive project-level access. It is not a recommended practice.
Therefore, the most secure, cost-effective, and operationally efficient solution is to create a custom service account, attach it to the Compute Engine instance, and grant it the appropriate BigQuery IAM role specifically on the target dataset. The platform handles the short-lived credentials automatically.
Google Cloud Documentation References:
Creating and enabling service accounts for instances: https://cloud.google.com/compute/docs/access/create- enable-service-accounts-for-instances - Explains how to create and associate service accounts with Compute Engine VMs.
Granting, changing, and revoking access to resources: https://cloud.google.com/iam/docs/granting-changing- revoking-access - Details how to manage IAM policies and grant roles to service accounts on specific resources (like BigQuery datasets).
BigQuery IAM roles: https://cloud.google.com/bigquery/docs/control-access - Provides information on the various IAM roles available for controlling access to BigQuery resources at different levels (project, dataset, table, etc.).
Best practices for using service accounts: https://cloud.google.com/iam/docs/best-practices-for-using-service- accounts - Emphasizes the importance of the principle of least privilege and avoiding the management of long- lived service account keys when possible (relying on the metadata server for short-lived tokens).

Associate-Cloud-Engineer Exam Question 68

An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination. What should you do?

A.View System Event Logs in Stackdriver. Search for the user's email as the principal.

B.View System Event Logs in Stackdriver. Search for the service account associated with the user.

C.View Data Access audit logs in Stackdriver. Search for the user's email as the principal.

D.View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

Associate-Cloud-Engineer Exam Question 69

You are planning to move your company's website and a specific asynchronous background job to Google Cloud Your website contains only static HTML content The background job is started through an HTTP endpoint and generates monthly invoices for your customers. Your website needs to be available in multiple geographic locations and requires autoscaling. You want to have no costs when your workloads are not In use and follow recommended practices. What should you do?

A.Move both your website and background job to Compute Engine
CMove both your website and background job to Cloud Run.

B.Move your website to Google Kubemetes Engine (GKE). and move your background job to Cloud Functions

C.Move your website to Google Kubemetes Engine (GKE), and move your background job to Compute Engine

Associate-Cloud-Engineer Exam Question 70

During a recent audit of your existing Google Cloud resources, you discovered several users with email addresses outside of your Google Workspace domain.
You want to ensure that your resources are only shared with users whose email addresses match your domain.
You need to remove any mismatched users, and you want to avoid having to audit your resources to identify mismatched users. What should you do?

A.Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.

B.Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.

C.Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.

D.Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

Other Version: 722Google.Associate-Cloud-Engineer.v2026-04-02.q161; 458Google.Associate-Cloud-Engineer.v2026-02-18.q139; 614Google.Associate-Cloud-Engineer.v2025-12-18.q130; 1683Google.Associate-Cloud-Engineer.v2024-09-27.q109; 1097Google.Associate-Cloud-Engineer.v2024-01-29.q127; 1280Google.Associate-Cloud-Engineer.v2023-10-13.q110; 1252Google.Associate-Cloud-Engineer.v2023-05-12.q89; 24427Google.Associate-Cloud-Engineer.v2022-08-13.q158; 4857Google.Associate-Cloud-Engineer.v2022-05-25.q156; 163Google.Torrentvce.Associate-Cloud-Engineer.v2022-04-30.by.janet.156q.pdf; 3903Google.Associate-Cloud-Engineer.v2021-09-01.q128; 143Google.Actual4test.Associate-Cloud-Engineer.v2021-08-17.by.sarah.155q.pdf

Latest Upload: 105ISTQB.CT-AI.v2026-06-18.q68; 222IIA.IIA-CIA-Part3.v2026-06-17.q220; 147WGU.Introduction-to-IT.v2026-06-17.q67; 194CompTIA.220-1202.v2026-06-16.q110; 128TheInstitutes.CPCU-500.v2026-06-16.q25; 206ACAMS.CAMS7-CN.v2026-06-16.q170; 222CBIC.CIC.v2026-06-15.q123; 142Peoplecert.ITIL-4-Specialist-High-velocity-IT.v2026-06-15.q16; 244HashiCorp.Terraform-Associate-004.v2026-06-15.q126; 151Peoplecert.ITILFNDv5.v2026-06-15.q26

Associate-Cloud-Engineer Exam Question 66

Associate-Cloud-Engineer Exam Question 67

Associate-Cloud-Engineer Exam Question 68

Associate-Cloud-Engineer Exam Question 69

Associate-Cloud-Engineer Exam Question 70

Download PDF File