G O O G L E C E R T I F I C A T I O N
Associate Cloud Engineer Practice Exam
Exam Number: 1002 | Last updated April 21, 2026 | 4991+ questions across 5 vendor-aligned objectives
The Associate Cloud Engineer certification validates your ability to apply Google Cloud to real business problems. It is built for cloud operations engineers, sysadmins, and developers who deploy, monitor, and maintain workloads on Google Cloud day to day. A passing score proves you can map platform capabilities to outcomes and make defensible technical choices under time pressure.
Heavy-weighted areas define where study time pays back fastest: 25% targets Deploying and Implementing a Cloud Solution (Compute Engine VMs, Google Kubernetes Engine, App Engine, Cloud Run, Cloud Functions); 20% targets Setting Up a Cloud Solution Environment (projects, billing accounts, IAM bootstrapping, Cloud SDK configuration); 20% targets Ensuring Successful Operation of a Cloud Solution (Cloud Monitoring, Cloud Logging, instance groups, managed instance templates).
Supporting domains fill out the blueprint: 20% covers Configuring Access and Security (IAM roles, service accounts, audit logs, VPC firewall rules); 15% covers Planning and Configuring a Cloud Solution (regions and zones, pricing calculator, software licenses). Each still appears on the exam, so none can be safely skipped.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Google documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
987
practice exam users
92.3%
satisfied users
79.5%
passed the exam
4/5
quality rating
Test your Cloud Engineer knowledge
10 of 4991+ questions
Question #1 - Setting Up a Cloud Solution Environment
A new project lead at a logistics firm is bootstrapping a fresh Google Cloud project for a pilot and needs to grant a teammate the ability to create Compute Engine VMs but not modify IAM policies or billing.
Which predefined role best follows least-privilege for this task?
A) roles/owner at the project level
B) roles/editor at the project level
C) roles/compute.instanceAdmin.v1 at the project level
D) roles/billing.admin at the billing account level
Show solution
Correct answers: C – Explanation:
roles/compute.instanceAdmin.v1 lets a user create and manage Compute Engine instances without broader IAM or billing power. Owner and Editor grant far more than needed. Billing Admin controls spend, not VM creation. Source: Check Source
Question #2 - Planning and Configuring a Cloud Solution
A gaming studio plans to launch a new match service for European players and needs to minimize latency for users in France, Germany, and Italy while keeping traffic within the EU.
Which approach best satisfies both goals?
A) Deploy into europe-west regions such as europe-west9 and europe-west3
B) Deploy into us-central1 and rely on Cloud CDN alone
C) Deploy into asia-southeast1 to balance global reach
D) Deploy into a single southamerica region
Show solution
Correct answers: A – Explanation:
Placing compute in europe-west regions puts workloads close to European users and keeps traffic within the EU, satisfying both latency and data-residency intent. US, APAC, or South America regions add round-trip time and do not keep traffic in the EU. Source: Check Source
Question #3 - Deploying and Implementing a Cloud Solution
A developer must deploy a stateless microservice that should automatically scale the number of pods based on CPU utilization inside a GKE cluster.
Which Kubernetes object and gcloud command pattern best fits this requirement?
A) Create a DaemonSet and run kubectl scale on a timer
B) Create a StatefulSet with persistent volumes and fixed replicas
C) Create a CronJob that reschedules pods hourly
D) Create a Deployment and a HorizontalPodAutoscaler
Show solution
Correct answers: D – Explanation:
A Deployment plus HorizontalPodAutoscaler is the idiomatic pattern for stateless workloads that should scale on CPU. DaemonSets run one pod per node and do not autoscale by CPU. StatefulSets are for stateful apps with fixed replicas. CronJobs run scheduled batch work, not always-on services. Source: Check Source
Question #4 - Ensuring Successful Operation of a Cloud Solution
An engineer is triaging why requests to a production Cloud Run service spike in latency each afternoon and wants to query structured logs by severity and request latency.
Which Google Cloud tool is most appropriate for that investigation?
A) Cloud Storage bucket listings
B) Cloud Logging with the Logs Explorer and structured queries
C) Cloud Source Repositories commit history
D) Cloud Scheduler job logs only
Show solution
Correct answers: B – Explanation:
Cloud Logging and the Logs Explorer support structured queries by severity, latency, and labels, which is exactly what the engineer needs. Storage listings, source commits, and scheduler logs do not give request-level telemetry for Cloud Run. Source: Check Source
Question #5 - Configuring Access and Security
A developer has a Compute Engine VM that needs to read objects from a single Cloud Storage bucket. The developer’s first instinct is to put a user credential file on the VM.
Which approach aligns with Google Cloud best practice?
A) Copy a user’s service account JSON key to the VM
B) Grant roles/owner to the VM’s default service account
C) Attach a dedicated service account with roles/storage.objectViewer scoped to that bucket
D) Make the bucket public and rely on VPC firewall
Show solution
Correct answers: C – Explanation:
A dedicated service account with a narrowly scoped role on the specific bucket is the least-privilege pattern on Google Cloud. User keys on a VM are brittle and hard to rotate. Granting Owner to the default service account violates least privilege. Making the bucket public leaks data regardless of VPC. Source: Check Source
Question #6 - Deploying and Implementing a Cloud Solution
A startup needs to run a small HTTP endpoint that resizes images when a file lands in Cloud Storage. The team wants the simplest event-driven option with no server management.
Which Google Cloud runtime is the best fit?
A) Cloud Functions triggered by a Cloud Storage event
B) Compute Engine with a custom systemd service
C) A GKE cluster with a custom controller
D) A Bigtable-hosted webhook
Show solution
Correct answers: A – Explanation:
Cloud Functions natively integrates with Cloud Storage event triggers and requires no server management, which matches the simplicity goal. Compute Engine and GKE both require infrastructure management. Bigtable is a database, not an event-driven runtime. Source: Check Source
Question #7 - Setting Up a Cloud Solution Environment
An engineer just installed the Google Cloud CLI on a fresh laptop and wants to authenticate, set a default project, and verify the active configuration.
Which sequence of gcloud commands is correct?
A) gcloud auth init; gcloud project set; gcloud list
B) gcloud login; gcloud set project; gcloud status
C) gcloud auth login; gcloud config set project PROJECT_ID; gcloud config list
D) gcloud iam sign-in; gcloud project default; gcloud check
Show solution
Correct answers: C – Explanation:
gcloud auth login handles authentication, gcloud config set project sets the default project, and gcloud config list displays the active configuration. The other sequences use commands that do not exist in the Cloud CLI. Source: Check Source
Question #8 - Configuring Access and Security
A security analyst needs to produce a report of every IAM policy change on a project over the last 30 days.
Which Google Cloud log stream contains that information by default?
A) VPC Flow Logs
B) Cloud Audit Logs Admin Activity logs
C) Access Transparency logs only
D) Data Access logs for Cloud Storage only
Show solution
Correct answers: B – Explanation:
Admin Activity audit logs capture IAM policy changes by default and are enabled automatically. VPC Flow Logs record network flows, not IAM. Access Transparency logs are Google-side access events. Data Access logs cover data reads, not admin changes. Source: Check Source
Question #9 - Ensuring Successful Operation of a Cloud Solution
An admin needs a VM-based web tier that keeps itself at a target size, auto-heals unhealthy instances, and can scale on CPU utilization.
Which Compute Engine construct satisfies all three requirements?
A) A single Compute Engine VM with a static external IP
B) A Preemptible VM pool with no autoscaler
C) A sole-tenant node group with manual scaling
D) A managed instance group backed by an instance template
Show solution
Correct answers: D – Explanation:
Managed instance groups with instance templates provide autohealing, autoscaling, and target size enforcement. A single VM does none of these. A preemptible pool without an autoscaler does not scale on CPU. Sole-tenant nodes do not autoscale by design. Source: Check Source
Question #10 - Planning and Configuring a Cloud Solution
A project manager must produce a rough monthly cost estimate for a proposed Compute Engine and Cloud Storage workload before any resources are deployed.
Which Google Cloud tool is purpose-built for that pre-deployment estimate?
A) Cloud Monitoring dashboards
B) Google Cloud Pricing Calculator
C) Cloud Billing reports
D) Recommender insights
Show solution
Correct answers: B – Explanation:
The Google Cloud Pricing Calculator estimates costs for proposed resources before deployment. Cloud Monitoring reports telemetry, Cloud Billing reports actual spend after usage, and Recommender offers tuning after resources exist. Source: Check Source
Get 4991+ more questions with source-linked explanations
Every answer traces to the exact Google documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated April 21, 2026
Learn more...
What the Cloud Engineer exam measures
- Setting Up a Cloud Solution Environment (20%): Apply Google Cloud practices to projects, billing accounts, IAM bootstrapping, Cloud SDK configuration.
- Planning and Configuring a Cloud Solution (15%): Apply Google Cloud practices to regions and zones, pricing calculator, software licenses.
- Deploying and Implementing a Cloud Solution (25%): Apply Google Cloud practices to Compute Engine VMs, Google Kubernetes Engine, App Engine, Cloud Run, Cloud Functions.
- Ensuring Successful Operation of a Cloud Solution (20%): Apply Google Cloud practices to Cloud Monitoring, Cloud Logging, instance groups, managed instance templates.
- Configuring Access and Security (20%): Apply Google Cloud practices to IAM roles, service accounts, audit logs, VPC firewall rules.
How to prepare for this exam
- Review the Associate Cloud Engineer official exam guide end to end before you commit a study plan, so every later hour is spent against the published blueprint.
- Complete the relevant Google Cloud Skills Boost learning path and treat its labs as non-optional rather than extra credit.
- Get hands-on practice in Qwiklabs sandbox, repeating the same tasks from memory until configuration feels routine.
- Apply what you learn in real-world project experience — your day job, a volunteer project, or an open-source contribution — so the concepts stick.
- Master one objective at a time, starting with the highest-weighted domain on the blueprint and moving down from there.
- Use PowerKram learn mode with feedback and sourced links to close gaps while the answer rationale is still fresh.
- Finish with PowerKram exam mode across all objectives under realistic time pressure before you book the real exam.
Career paths and salary outlook
Holding the Associate Cloud Engineer certification typically supports roles such as:
- Cloud Engineer: roughly $ 100,000 to $145,000 USD per year in the US market (range varies by region, years of experience, and specialization). See current data on Glassdoor.
- Cloud Systems Administrator: roughly $ 95,000 to $135,000 USD per year in the US market (range varies by region, years of experience, and specialization). See current data on Levels.fyi.
- Site Reliability Engineer: roughly $ 130,000 to $185,000 USD per year in the US market (range varies by region, years of experience, and specialization). See current data on Payscale.
Official resources
Work directly from Google’s own preparation resources and treat third-party content as a supplement: