🔒 Configuring Access and Security - ACE Practice Questions

Understand IAM custom roles, service accounts, VPC firewall rules, audit logs, and managing access to GCP resources securely.

5Questions Available
1Exam Domains

Practice Access & Security Questions Now

Start a timed practice session focusing on Configuring Access and Security topics from the ACE question bank.

Start ACE Practice Quiz →

ACE Access & Security Question Bank (5 Questions)

Browse all 5 practice questions covering Configuring Access and Security for the ACE certification exam. Each question includes the full answer and a detailed explanation to help you understand the concepts.

  1. Question 1Configuring Access and Security

    What is the difference between basic roles, predefined roles, and custom roles in Google Cloud IAM?

    AThey are all the same
    BBasic roles (Owner/Editor/Viewer) are broad; predefined roles are service-specific with fine-grained permissions; custom roles let you define exact permissions
    CCustom roles are less secure
    DOnly basic roles exist
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Basic: Owner (full), Editor (read+write), Viewer (read-only) — too broad for production. Predefined: Google-managed, per-service (roles/storage.objectViewer, roles/compute.networkAdmin). Custom: you define exact permissions — use when predefined roles are too broad. Best practice: predefined > custom > basic.

  2. Question 2Configuring Access and Security

    How do you allow HTTP traffic to VMs tagged 'web-server' in a VPC?

    AOpen all ports
    BCreate an ingress firewall rule: gcloud compute firewall-rules create allow-http --network=VPC --allow=tcp:80 --target-tags=web-server --source-ranges=0.0.0.0/0
    CDisable the firewall
    DUse Cloud NAT
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Firewall rule: --direction=INGRESS --action=ALLOW --rules=tcp:80 --target-tags=web-server --source-ranges=0.0.0.0/0. Use network tags for targeted rules. Priority: 0-65535 (lower = higher). Best practice: allow specific ports/sources, use service accounts instead of tags for production workloads.

  3. Question 3Configuring Access and Security

    What is the purpose of VPC firewall rules?

    AEncrypt data in transit
    BControl ingress and egress traffic to/from VM instances based on IP, protocol, and port
    CManage DNS records
    DConfigure load balancers
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    VPC firewall rules filter traffic at the instance level, controlling which connections are allowed or denied based on source/destination IPs, protocols, ports, and network tags.

  4. Question 4Configuring Access and Security

    What are predefined roles vs. custom roles in IAM?

    ANo difference
    BPredefined roles are Google-maintained collections of permissions for common tasks; custom roles are user-defined with specific permissions
    CPredefined are more secure
    DCustom roles can't be used in production
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Predefined roles (roles/compute.admin) are maintained by Google for common use cases. Custom roles let you combine specific permissions for least-privilege access beyond what predefined roles offer.

  5. Question 5Configuring Access and Security

    What are VPC firewall rules?

    APhysical firewalls
    BDistributed, stateful firewall rules that control ingress and egress traffic to VM instances based on IP ranges, protocols, ports, tags, and service accounts
    CWAF rules
    DDNS rules
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    VPC firewall rules: apply to VM network interfaces. Components: direction (ingress/egress), priority (0-65535, lower wins), action (allow/deny), target (all, tag, SA), source/destination (IP, tag, SA), protocol/port. Default: deny all ingress, allow all egress. Stateful: return traffic auto-allowed.

Key Access & Security Concepts for ACE

iamcustom roleservice accountfirewallaudit logvpcsecurityencryption

ACE Access & Security Exam Tips

Configuring Access and Security questions in ACE are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: iam, custom role, service account, firewall, audit log, vpc.

What ACE Expects

  • Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
  • Access & Security scenarios for ACE are frequently mapped to Domain 5 (~15%), so read the objective carefully before picking controls or architecture.
  • Expect multi-service scenarios where Access & Security interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated service question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and managed-service best practices.

High-Value Access & Security Concepts

  • Know the core Access & Security building blocks cold: iam, custom role, service account, firewall.
  • Review the edge-case features and limits for audit log, vpc; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Access & Security pairs with Cloud Environment, Operations in real deployment patterns.
  • For ACE, explain why the chosen Access & Security design meets reliability, security, and cost expectations better than the alternatives.

Common ACE Traps

  • Watch for answers that partially solve the requirement but miss operational constraints.
  • Questions in Configuring Access and Security often include distractors that look correct for Access & Security but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Access & Security implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Configuring Access and Security (~15%) outcomes for ACE?
  • Can you explain security and access boundaries for Access & Security without relying on default-open assumptions?
  • Can you describe how Access & Security integrates with Cloud Environment and Operations during failure, scaling, and monitoring events?

Exam Domains Covering Access & Security

Domain 5Configuring Access and Security~15%

Related Resources

🎯 Free ACE Mock Exam📝 Cloud Environment Questions📝 Operations Questions

More ACE Study Resources

← ACE Study Hub30-Day Study PlanFull Practice Exam