Cloud Engineer Practice Exam 2025: Latest Questions

You need to create an isolated environment for a new development team. The team should be able to create and manage Compute Engine VMs, but not modify IAM policies or billing settings. What is the recommended approach?

You deployed a stateless web application on a Managed Instance Group (MIG). You want the group to automatically add or remove instances based on CPU utilization. What should you configure?

You need to grant a CI/CD pipeline the ability to deploy a new revision to an existing Cloud Run service. The pipeline must not be able to create or delete projects. What is the best practice?

A team wants to centralize viewing of logs for Compute Engine and Cloud Run across multiple projects. They do not need to move or copy logs, only query them from one place. What should they do?

You need to host a single-page application (static HTML/CSS/JS) with global users. You want low operational overhead and the ability to use a custom domain with HTTPS. What should you choose?

A new VM cannot reach the internet. It is in a subnet without external IPs, and a Cloud NAT gateway has already been created. Other VMs in different subnets can access the internet through the same Cloud NAT. What is the most likely cause?

Your application writes objects to a Cloud Storage bucket. A compliance requirement states that objects must not be deleted or overwritten for 30 days after creation, even by project owners. What should you configure?

You run a private GKE cluster. Pods need to pull images from Artifact Registry in the same project. You want to follow least privilege and avoid using overly broad roles. What is the recommended configuration?

Your company has separate projects for prod and dev under the same organization. A security policy requires that no one can create external IP addresses in the dev project, while prod must remain unaffected. What is the best approach?

A multi-tier app uses a Cloud SQL instance with a private IP. The app runs on Compute Engine in a different VPC within the same organization. You must connect to Cloud SQL privately without using public IPs, and you want a scalable, recommended design. What should you do?

You need to grant a developer the ability to view Compute Engine instances and read instance metadata in a single project, but not create, update, or delete any resources. What should you do?

You deployed a stateless web application on a managed instance group (MIG). You want to automatically add or remove VM instances based on CPU utilization. What should you configure?

A new project must be created with a specific billing account and placed under an existing folder in an organization. Which tool is the most appropriate for this one-time setup?

You are migrating an on-premises workload to Compute Engine. The application requires a fixed internal IP address so downstream services can always reach it, even if the VM is stopped and started. What should you do?

Your team uses Cloud Storage to store log archives. A compliance requirement states that objects must be retained for 90 days and must not be deleted or overwritten during that period, even by project owners. What should you configure?

You run a backend service on Compute Engine that must be reachable from the internet over HTTPS with a single anycast IP and support global users with low latency. You also want Google-managed TLS certificates. Which load balancing option should you choose?

A Cloud Run service needs to call a private REST API hosted on a VM that has only an internal IP address in a VPC. You want to keep the VM private and avoid exposing it to the internet. What should you do?

You need to run a daily SQL export from a Cloud SQL for PostgreSQL instance to a Cloud Storage bucket. The job must be automated and use least privilege. What is the best approach?

A company has multiple environments (dev, test, prod) across separate projects. They want centralized logging and monitoring in a single 'ops' project while keeping workloads isolated. What should you implement?

You are configuring a shared VPC. The network team manages the host project, and application teams deploy VMs in service projects. An application team needs to create VM instances that attach to subnets in the host project, but they must not be able to modify firewall rules or subnets. What should you do?

You are deploying a Compute Engine VM that must access a Cloud Storage bucket. Security policy requires avoiding long-lived service account keys and granting only the minimum permissions needed. What should you do?

A development team wants to quickly spin up a repeatable test environment that includes a VPC, subnets, firewall rules, and a managed instance group. The environment should be version-controlled and recreated consistently across projects. What is the recommended approach?

You configured an HTTP(S) Load Balancer with a backend service pointing to a managed instance group. The load balancer returns 502 errors for all requests. Instances are running and can serve traffic when accessed directly. What is the most likely cause?

A batch processing job needs to run on preemptible Spot VMs to reduce cost. The job must automatically retry when VMs are terminated and should scale the number of workers based on queued tasks. Which design is most appropriate?

Your organization has multiple projects under the same folder. You need to ensure that only approved VM machine types can be created across all these projects, while allowing teams to manage other resources normally. What should you implement?