🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
ACE
ACE Google Cloud

Associate Cloud Engineer

Google Cloud Associate Cloud Engineer certification training teaches candidates how to set up, configure, deploy, operate, and secure cloud solutions on GCP, focusing on practical, hands‑on skills needed for real‑world projects.

120
Minutes
50
Questions
70/100
Passing Score
$200
Exam Cost
5
Languages

Who Should Take This

It is ideal for IT professionals, system administrators, or developers with roughly six months of hands‑on experience managing Google Cloud resources who aim to validate their operational competence. Learners seek to deepen expertise in environment setup, solution design, deployment, operations, and security to advance their cloud engineering careers.

What's Covered

1 Creating projects, managing billing, configuring IAM roles, and initializing the Cloud SDK and gcloud CLI for a cloud environment.
2 Selecting and sizing compute, storage, and networking resources based on workload requirements and cost constraints.
3 Deploying compute workloads on Compute Engine, GKE, App Engine, and Cloud Run; implementing storage and database solutions; configuring networking resources.
4 Managing compute, storage, and networking resources; monitoring and logging with Cloud Monitoring and Cloud Logging; troubleshooting operational issues.
5 Managing IAM policies, service accounts, and audit configurations; configuring VPC networking and firewall rules for secure access.

Exam Structure

Question Types

  • Multiple Choice
  • Multiple Select

Scoring Method

Pass/fail. Google does not publish a scaled score; an approximate passing threshold of 70% is widely reported.

Delivery Method

Kryterion testing center or online proctored

Prerequisites

None required. 6+ months of hands-on GCP experience recommended.

Recertification

3 years

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

80 learning goals
1 Domain 1: Setting Up a Cloud Solution Environment
3 topics

Setting up cloud projects and accounts

  • Identify the Google Cloud resource hierarchy including organizations, folders, projects, and resources and explain how each level provides scope for policies, IAM bindings, and access control.
  • Identify organization policies, resource labels, and governance mechanisms and explain how they enforce constraints across the resource hierarchy.
  • Create and manage Google Cloud projects using Cloud Console and gcloud CLI, assigning appropriate labels, linking billing accounts, and enabling required APIs.
  • Configure IAM roles at the organization, folder, and project levels using basic roles, predefined roles, and the principle of least privilege for team access management.
  • Analyze resource hierarchy design decisions and evaluate the tradeoffs among flat versus nested folder structures, inherited versus directly applied IAM bindings, and organization policy constraints for multi-team environments.

Managing billing configuration

  • Identify billing account types, billing account linking to projects, and the relationship between billing accounts and payment profiles in Google Cloud.
  • Create and configure billing budgets with threshold-based alerts, link billing accounts to projects, and export billing data to BigQuery for cost analysis.
  • Analyze billing reports and evaluate budget alert configurations to identify cost anomalies, forecast spending trends, and recommend billing account structures for multi-project environments.

Installing and configuring the command line interface

  • Identify Cloud SDK components including gcloud, gsutil, and bq and explain how gcloud init, gcloud config, and named configurations manage default project, region, and zone settings.
  • Install and initialize the Cloud SDK, configure default project and region/zone properties, create and switch between named configurations for managing multiple projects.
  • Analyze CLI configuration scenarios and evaluate the use of named configurations, environment variables, and per-command flags to manage authentication and project context across development, staging, and production environments.
2 Domain 2: Planning and Configuring a Cloud Solution
4 topics

Planning and estimating GCP product use

  • Identify the Google Cloud Pricing Calculator and explain how to estimate costs for compute, storage, and networking resources based on expected usage patterns.
  • Use the Pricing Calculator to plan resource provisioning by estimating monthly costs for Compute Engine instances, Cloud Storage buckets, and network egress for a given workload scenario.

Planning and configuring compute resources

  • Identify Compute Engine resource concepts including machine type families, custom machine types, persistent disk types, local SSDs, boot disk images, and preemptible/Spot VMs and explain how each maps to workload requirements.
  • Identify GKE components including clusters, node pools, pods, services, and deployments and explain how Autopilot and Standard cluster modes orchestrate containerized applications.
  • Identify App Engine standard and flexible environments, Cloud Functions, and Cloud Run and explain the differences in runtime support, scaling behavior, event-driven execution models, and deployment patterns.
  • Plan Compute Engine instance configurations by selecting appropriate machine types, disk types, images, and preemptible/Spot VM options based on application CPU, memory, storage, and cost requirements.
  • Plan GKE cluster configurations by selecting appropriate node pool machine types, cluster modes, networking options, and pod resource requests for containerized workloads.
  • Analyze compute platform tradeoffs among Compute Engine, GKE, App Engine, Cloud Functions, and Cloud Run and select the appropriate platform based on workload type, scaling requirements, operational overhead, and cost constraints.

Planning and configuring data storage options

  • Identify managed database services including Cloud SQL engines and instance tiers, Cloud Spanner regional and multi-regional configurations, and Bigtable cluster architecture and explain their consistency, scalability, and use case characteristics.
  • Identify BigQuery serverless analytics architecture including datasets, tables, jobs, and slots and Cloud Storage classes including Standard, Nearline, Coldline, and Archive and explain their access patterns and cost characteristics.
  • Plan Cloud Storage bucket configurations by selecting appropriate storage classes, lifecycle rules, and retention policies based on data access frequency and compliance requirements.
  • Analyze data storage tradeoffs among Cloud SQL, Cloud Spanner, Bigtable, BigQuery, and Cloud Storage and select the optimal storage solution based on data structure, query patterns, consistency requirements, and scale.

Planning and configuring network resources

  • Identify VPC network concepts including auto mode and custom mode networks, subnets, IP address ranges, routes, and firewall rule components and explain how they provide isolated and secured network environments for GCP resources.
  • Identify Cloud Load Balancing types including HTTP(S), TCP/SSL proxy, network TCP/UDP, and internal load balancers and Cloud DNS managed zones, record sets, and DNSSEC and explain their scope, protocol support, and resolution capabilities.
  • Identify Cloud VPN and Cloud Interconnect connectivity options including Classic VPN, HA VPN, Dedicated Interconnect, and Partner Interconnect and explain their bandwidth, latency, and redundancy characteristics for hybrid scenarios.
  • Plan VPC network configurations by designing custom mode networks with appropriate subnet CIDR ranges, firewall rules, and routes for multi-tier application deployments.
  • Plan load balancing configurations by selecting the appropriate load balancer type and configuring backend services, health checks, and URL maps for HTTP(S) and TCP workloads.
  • Analyze network architecture tradeoffs among VPN, Dedicated Interconnect, and Partner Interconnect and select the appropriate hybrid connectivity solution based on bandwidth, latency, cost, and redundancy requirements.
3 Domain 3: Deploying and Implementing a Cloud Solution
5 topics

Deploying and implementing Compute Engine resources

  • Launch Compute Engine instances using gcloud CLI and Cloud Console, specifying machine type, boot disk image, network interface, and startup scripts for application initialization.
  • Create and configure instance templates and managed instance groups with autoscaling policies, health checks, and rolling update strategies for horizontally scalable applications.
  • Configure SSH access to Compute Engine instances using OS Login, metadata-managed SSH keys, and Identity-Aware Proxy tunneling for secure remote administration.
  • Analyze Compute Engine deployment scenarios and evaluate the tradeoffs among single instances, unmanaged instance groups, and managed instance groups with autoscaling for workloads with varying availability and scaling requirements.

Deploying and implementing GKE resources

  • Create GKE clusters using gcloud CLI specifying cluster mode, node pool configuration, network settings, and Kubernetes version for containerized workload deployment.
  • Deploy containerized applications to GKE using kubectl to create deployments, services, and configmaps and manage pod lifecycle, rolling updates, and monitoring integration with Cloud Monitoring and Cloud Logging.
  • Analyze GKE deployment strategies and evaluate the tradeoffs among Autopilot and Standard clusters, node pool sizing, and pod autoscaling configurations for workloads with varying resource and availability requirements.

Deploying and implementing App Engine, Cloud Functions, and Cloud Run resources

  • Deploy applications to App Engine by configuring app.yaml with runtime, scaling settings, and environment variables and managing version deployments and traffic splitting.
  • Deploy Cloud Functions by specifying trigger types including HTTP, Pub/Sub, and Cloud Storage events, configuring runtime, memory, timeout, and environment variables.
  • Deploy services to Cloud Run by building container images, configuring concurrency, minimum and maximum instances, and setting up custom domains and HTTPS endpoints.
  • Analyze serverless deployment tradeoffs among App Engine standard, App Engine flexible, Cloud Functions, and Cloud Run and select the appropriate platform based on request patterns, cold start sensitivity, container flexibility, and cost.

Deploying and implementing data solutions

  • Create and configure Cloud SQL instances by selecting database engine, machine type, storage type, high-availability configuration, and automated backup schedules.
  • Create BigQuery datasets and tables, load data from Cloud Storage and other sources, and execute SQL queries using the BigQuery Console and bq CLI.
  • Create Cloud Storage buckets with specified storage classes, configure lifecycle management rules for automatic object transition and deletion, and set up versioning and retention policies.
  • Create and configure Pub/Sub topics and subscriptions for asynchronous message delivery and deploy Dataflow jobs for batch and streaming data processing pipelines.
  • Analyze data solution deployment tradeoffs and evaluate the selection of Cloud SQL, BigQuery, Cloud Storage, Pub/Sub, and Dataflow based on data volume, query latency, streaming versus batch requirements, and operational complexity.

Deploying and implementing networking resources

  • Create VPC networks, subnets, and firewall rules using gcloud CLI, configuring custom mode networks with CIDR ranges, Private Google Access, and traffic control rules with direction, priority, targets, and protocol filters.
  • Deploy Cloud VPN tunnels, Cloud Interconnect attachments, and HTTP(S) load balancers with backend services, health checks, URL maps, and SSL certificates for hybrid connectivity and traffic distribution.
  • Analyze networking deployment scenarios and evaluate the tradeoffs among firewall rule granularity, load balancer types, and hybrid connectivity options for workloads requiring varied security postures and traffic patterns.
4 Domain 4: Ensuring Successful Operation of a Cloud Solution
6 topics

Managing Compute Engine resources

  • Manage running Compute Engine instances by starting, stopping, resetting, deleting, changing machine type, attaching disks, establishing SSH connections via IAP, and viewing instance inventories filtered by labels, zones, and status.
  • Create and manage persistent disk snapshots and custom images for backup, disaster recovery, and golden image creation across projects and regions.
  • Analyze Compute Engine operational scenarios and evaluate instance management strategies including snapshot scheduling, image family versioning, and live migration behavior for workloads with varied uptime and recovery requirements.

Managing GKE resources

  • View GKE cluster status, manage pod lifecycle by inspecting logs, describing events, scaling deployments, and performing rolling updates and rollbacks using kubectl and Cloud Console.
  • Configure GKE cluster node pool scaling and cluster upgrade policies including surge upgrades, maintenance windows, and release channels for production cluster management.
  • Analyze GKE operational tradeoffs and evaluate cluster scaling strategies, upgrade channel selections, and node pool configurations for workloads with varying stability and feature currency requirements.

Managing Cloud Run resources

  • Manage Cloud Run service revisions by adjusting traffic splitting percentages, configuring minimum and maximum instances, concurrency settings, and CPU allocation for canary and blue-green deployments.
  • Analyze Cloud Run revision metrics and evaluate deployment health, traffic splitting strategies, and rollback procedures to select appropriate operational responses for service degradation scenarios.

Managing storage and database solutions

  • Manage Cloud Storage object lifecycle policies and retention configurations by creating lifecycle rules for automatic storage class transitions, object expiration, and bucket lock for compliance hold periods.
  • Manage Cloud SQL instances by performing point-in-time recovery, creating read replicas, adjusting instance size, and managing database users and connection settings.
  • Manage BigQuery resources by setting dataset access controls, configuring partition and clustering strategies, and optimizing query performance using query execution plans.
  • Analyze storage and database operational tradeoffs and evaluate lifecycle management, retention, replication, and scaling strategies to optimize for cost, compliance, and performance across Cloud Storage, Cloud SQL, and BigQuery.

Managing networking resources

  • Manage VPC subnets by adding subnets, expanding CIDR ranges, reserving static IPs, configuring Cloud NAT, managing DNS record sets, and updating firewall rules using VPC Flow Logs for troubleshooting.
  • Analyze network management scenarios and evaluate subnet expansion, IP reservation, firewall rule ordering, and NAT configuration strategies for evolving network topologies with growing resource demands.

Monitoring and logging

  • Identify Cloud Monitoring components including metrics, dashboards, alerting policies, uptime checks, and notification channels and explain how they provide visibility into resource health and performance.
  • Identify Cloud Logging components including log entries, log routers, log sinks, and log-based metrics and explain how they capture, route, and store operational log data from GCP resources.
  • Create Cloud Monitoring dashboards with custom charts, configure alerting policies with condition thresholds and notification channels, and set up uptime checks for external endpoint monitoring.
  • View and filter Cloud Logging log entries using the Logs Explorer, create log sinks to export logs to Cloud Storage, BigQuery, and Pub/Sub, and create log-based metrics for alerting.
  • Analyze monitoring and logging data to diagnose operational issues, evaluate alerting policy effectiveness, and recommend log routing and retention strategies based on compliance and troubleshooting requirements.
5 Domain 5: Configuring Access and Security
3 topics

Managing IAM

  • Identify IAM components including members, roles (basic, predefined, custom), policies, and conditions and explain how the allow policy evaluation model determines access to GCP resources.
  • View and interpret IAM policies using gcloud CLI and Cloud Console to identify who has what roles on which resources across the project hierarchy.
  • Assign and revoke IAM roles at project and resource levels using gcloud iam policy bindings, selecting appropriate predefined roles for common cloud engineer tasks.
  • Create custom IAM roles by defining specific permissions and manage role lifecycle including versioning, testing, and deployment for organizations requiring fine-grained access control beyond predefined roles.
  • Analyze IAM policy configurations and evaluate the tradeoffs among basic roles, predefined roles, and custom roles and recommend least-privilege access strategies for multi-team environments with separation of duties requirements.

Managing service accounts

  • Identify service account types including default, user-managed, and Google-managed service accounts and explain how they provide application-level identity for GCP API access.
  • Create user-managed service accounts using gcloud CLI, assign IAM roles to service accounts, and attach service accounts to Compute Engine instances and GKE workloads.
  • Manage service account keys by creating, rotating, and deleting JSON key files and configure workload identity federation as an alternative to long-lived keys for external applications.
  • Analyze service account security scenarios and evaluate tradeoffs among default service accounts, dedicated user-managed accounts, and workload identity federation to recommend secure application identity strategies that minimize key exposure.

Viewing audit logs

  • Identify Cloud Audit Log types including Admin Activity, Data Access, System Event, and Policy Denied logs and explain their default retention periods and enablement requirements.
  • View and filter audit log entries using Cloud Logging Logs Explorer, identifying who performed what action on which resource and when, for security investigation and compliance reporting.
  • Configure Data Access audit log enablement for specific services and export audit logs to Cloud Storage and BigQuery for long-term retention and compliance analysis.
  • Analyze audit log data to investigate security events, evaluate access patterns across projects, and recommend audit log configurations that balance compliance coverage with storage cost.

Hands-On Labs

30 labs ~454 min total Console Simulator

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Certification Benefits

Salary Impact

$125,000
Average Salary

Related Job Roles

Cloud Engineer DevOps Engineer Systems Administrator Cloud Administrator

Industry Recognition

Google Cloud certifications are highly valued in data-driven and AI-focused organizations. The Associate Cloud Engineer credential validates hands-on GCP skills and serves as the foundation for all Professional-level Google Cloud certifications.

Scope

Included Topics

  • All domains and task statements in the Google Cloud Associate Cloud Engineer certification exam guide: Domain 1 Setting Up a Cloud Solution Environment (~17.5%), Domain 2 Planning and Configuring a Cloud Solution (~17.5%), Domain 3 Deploying and Implementing a Cloud Solution (~25%), Domain 4 Ensuring Successful Operation of a Cloud Solution (~20%), and Domain 5 Configuring Access and Security (~20%).
  • Foundational to intermediate operational and deployment skills for Google Cloud workloads, including project setup, billing, CLI configuration, compute and storage planning, GKE and App Engine deployment, VPC networking, IAM, service accounts, and monitoring and logging.
  • Service-selection and configuration reasoning for common cloud engineer scenarios requiring hands-on provisioning, deployment, management, and troubleshooting of GCP resources.
  • Key GCP services for associate cloud engineers: Compute Engine, GKE, App Engine, Cloud Functions, Cloud Run, Cloud SQL, Cloud Spanner, Bigtable, BigQuery, Cloud Storage, VPC, Cloud VPN, Cloud Interconnect, Cloud DNS, Cloud Load Balancing, Pub/Sub, Dataflow, Cloud Monitoring, Cloud Logging, IAM, Cloud SDK, gcloud CLI, Cloud Billing, Resource Manager, Cloud Console.

Not Covered

  • Implementation detail depth expected only for Google Cloud Professional-level certifications such as Professional Cloud Architect or Professional Cloud DevOps Engineer.
  • Low-level client library programming, Terraform and Deployment Manager authoring, and advanced CI/CD pipeline design beyond basic deployment operations.
  • Current list prices, promotional discounts, and region-specific pricing values that change frequently over time.
  • Services and features not emphasized by the Associate Cloud Engineer exam guide, including advanced ML/AI services (Vertex AI, AutoML), deep data engineering workflows, and enterprise migration planning.
  • Google Workspace administration, Google Cloud Marketplace third-party integrations, and partner-specific tooling not covered in the exam guide.

Official Exam Page

Learn more at Google Cloud

Visit

Ready to master ACE?

Adaptive learning that maps your knowledge and closes your gaps.

Subscribe to Access

Trademark Notice

Google, Google Cloud, and Google Cloud Platform are trademarks of Google LLC. Google does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.