Google Associate Cloud Engineer Exam
Just as the speed of this sector is increasing, so is the competition. You have to put a ton of extra efforts in order to grab the spotlight. If you want to build your career in this field, Google associate cloud engineer exam could be the best choice for you to schedule your entry into this booming sector. This page will provide you with complete information about this exam along with some important preparatory resources. Let us get underway!
An Google Associate Cloud Engineer deploys applications, monitors operations, and manages enterprise solutions. Cloud computing sector has boomed a lot in past few years. Presently, every IT enthusiast wants to learn cloud computing as this field is fetching high salaries and is expected to grow at the faster pace in future. The Google Associate Cloud Engineer Salary is around $109,415 USD annually. There are many companies which trust Google cloud or other companies for the smarter business and smarter functioning. The pace this industry is growing with is maddening everybody and becoming difficult to predict.
What is Google Associate Cloud Engineer?
Google Associate Cloud Engineer deploys applications, monitors operations of multiple projects, and maintains enterprise solutions to ensure that they meet target performance metrics. This individual has experience working with public clouds and on-premises solutions. They are able to use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud.
The Associate Cloud Engineer exam assesses your ability to:
- Set up a cloud solution environment
- Plan and configure a cloud solution
- Deploy and implement a cloud solution
- Ensure successful operation of a cloud solution
- Configure access and security
Exam Overview
Google Associate Cloud Engineer Certification exam consists of 50 questions which have to be answered in 120 minutes. The cost of taking the exam is $125 however, the prices may vary from place to place. The exam is available in English, Japanese, Spanish, Indonesian language. You can schedule the exam online at Webassessor or can go for onsite-proctored exam. Google Associate Cloud Engineer Passing Score is 70%.
There are no prerequisites for taking the Google associate cloud engineer exam. however, google recommends 6 months+ hands-on experience with Google Cloud.
Exam Details
Name of the exam | Google Associate Cloud Engineer exam |
No. of questions | 50 questions |
Time allowed | 120 minutes |
Cost of the exam | $125 |
Online registration platform | Webassessor |
Languages available | English, Japanese, Spanish, Indonesian |
Prerequisites | None |
Recommended experience | 6 months+ hands-on experience with Google Cloud |
Types of questions asked | Multiple choice and multiple select |
Passing score | 70% |
Types of questions asked in the exam
Google Associate Cloud Engineer Exam Questions consists of following two types:
Multiple choice: each question will be followed by 4 options out of which only one is correct option.
Multiple select: each question will have two or more correct answers.
Scheduling policy
You can schedule the exam in any of the available ways in which you are comfortable. There are two ways specified by google-
- If you wish to take through online way: create your account on Webassessor and register for the exam.
- If you wish to take through onsite proctored way: you can select the exam and then the testing center near you or according to your convenience.
Recertification Policy
Candidates must recertify in order to maintain their certification status. All the description is clearly stated in the detailed description of the exam, all Google Cloud certifications are valid for two years from the date certified. You may attempt recertification starting 60 days prior to your certification expiration date.
Any attempt to recertify or attempt the same exam while currently certified before this time period will result in a rejected attempt, forfeiture of any exam fees paid, possible revocation of your current certification as well as any other Google Cloud certifications, and possible suspension from the Google Certification Program.
Retake policy
Unless stated otherwise, if you fail the Exam, you may retake the Exam, but you must wait at least fourteen (14) days before doing so. If you fail the Exam a second time, you may retake the Exam, but must wait at least sixty (60) days before doing so. If you fail the Exam a third time, you may retake the Exam, but you must wait at least one (1) year before doing so.
Check Google Associate Cloud Engineer Interview Questions
Other exam policies
Getting aware with the policies and terms & conditions of the exam is very important so that you don’t miss out on any important detail. Make sure to collect all the relevant details about the exam policies and ethics that are required to take the exam. you can collect all the information related to the exam at the official site.
Get answers to queries visit: Google Associate Cloud Engineer FAQs.
Syllabus details
Google Associate Cloud Engineer Course Covers the following topics:
1. Setting up a cloud solution environment (17.5%)
1.1 Setting up cloud projects and accounts. Activities include:
- Creating a resource hierarchy
- Applying organizational policies to the resource hierarchy
- Granting members IAM roles within a project
- Managing users in Cloud Identity (manually and automated) (GCP Documentation: Cloud Identity)
- Enabling APIs within projects (GCP Documentation: Enabling an API in your Google Cloud project)
- Provisioning and setting up products in Google Cloud’s operations suite
1.2 Managing billing configuration. Activities include:
- Creating one or more billing accounts (GCP Documentation: Create, modify, or close your Cloud Billing account)
- Linking projects to a billing account (GCP Documentation: Modify a project’s billing settings)
- Establishing billing budgets and alerts (GCP Documentation: Set budgets and budget alerts)
- Setting up billing exports
1.3 Installing and configuring the command line interface (CLI), specifically the Cloud SDK (e.g., setting the default project).
2. Planning and configuring a cloud solution (17.5%)
2.1 Planning and estimating Google Cloud product use using the Pricing Calculator
2.2 Planning and configuring compute resources. Considerations include:
- Selecting appropriate compute choices for a given workload (e.g., Compute Engine, Google Kubernetes Engine, Cloud Run, Cloud Functions) (GCP Documentation: Choosing the right compute option in GCP: a decision tree)
- Using preemptible VMs and custom machine types as appropriate (GCP Documentation: Custom Machine Types)
2.3 Planning and configuring data storage options. Considerations include:
- Product choice (e.g., Cloud SQL, BigQuery, Firestore, Spanner, Bigtable) (GCP Documentation: Google Cloud products)
- Choosing storage options (e.g., Zonal persistent disk, Regional balanced persistent disk, Standard, Nearline, Coldline, Archive)
2.4 Planning and configuring network resources. Tasks include:
- Differentiating load balancing options (GCP Documentation: Cloud Load Balancing overview)
- Identifying resource locations in a network for availability (GCP Documentation: Geography and regions)
- Configuring Cloud DNS (GCP Documentation: Cloud DNS )
3. Deploying and implementing a cloud solution (25%)
3.1 Deploying and implementing Compute Engine resources. Tasks include:
- Launching a compute instance using the Google Cloud console and Cloud SDK (gcloud) (e.g., assign disks, availability policy, SSH keys)
- Creating an autoscaled managed instance group using an instance template (GCP Documentation: Creating managed instance groups)
- Generating/uploading a custom SSH key for instances (GCP Documentation: Managing SSH keys in metadata)
- Installing and configuring the Cloud Monitoring and Logging Agent
- Assessing compute quotas and requesting increases (GCP Documentation: Requesting an increase in quota)
3.2 Deploying and implementing Google Kubernetes Engine resources. Tasks include:
- Installing and configuring the command line interface (CLI) for Kubernetes (kubectl)
- Deploying a Google Kubernetes Engine cluster with different configurations including AutoPilot, regional clusters, private clusters, etc.
- Deploying a containerized application to Google Kubernetes Engine (GCP Documentation: Deploying a containerized web application)
- Configuring Google Kubernetes Engine application monitoring and logging (GCP Documentation: Overview of Google Cloud’s operations suite for GKE)
3.3 Deploying and implementing App Engine, Cloud Run, and Cloud Functions resources. Tasks include, where applicable:
- Deploying an application and updating scaling configuration, versions, and traffic splitting (GCP Documentation: Splitting Traffic)
- Deploying an application that receives Google Cloud events (e.g., Pub/Sub events, Cloud Storage object change notification events)
3.4 Deploying and implementing data solutions. Tasks include:
- Initializing data systems with products (e.g., Cloud SQL, Firestore, BigQuery, Spanner, Pub/Sub, Bigtable, Dataproc, Dataflow, Cloud Storage) (GCP Documentation: Initialization actions)
- Loading data (e.g., command line upload, API transfer, import/export, load data from Cloud Storage, streaming data to Cloud Pub/Sub) (GCP Documentation: Introduction to loading data)
3.5 Deploying and implementing networking resources. Tasks include:
- Creating a VPC with subnets (e.g., custom-mode VPC, shared VPC) (GCP Documentation: Using VPC networks)
- Launching a Compute Engine instance with custom network configuration (e.g., internal-only IP address, Google private access, static external and private IP address, network tags) (GCP Documentation: Creating instances with multiple network interfaces)
- Creating ingress and egress firewall rules for a VPC (e.g., IP subnets, network tags, service accounts) (GCP Documentation: VPC firewall rules overview)
- Creating a VPN between a Google VPC and an external network using Cloud VPN (GCP Documentation: Cloud VPN overview)
- Creating a load balancer to distribute application network traffic to an application (e.g., Global HTTP(S) load balancer, Global SSL Proxy load balancer, Global TCP Proxy load balancer, regional network load balancer, regional internal load balancer) (GCP Documentation: External TCP/UDP Network Load Balancing overview)
3.6 Deploying a solution using Cloud Marketplace. Tasks include:
- Browsing Cloud Marketplace catalogue and viewing solution details (GCP Documentation: GOOGLE CLOUD MARKETPLACE)
- Deploying a Cloud Marketplace solution (GCP Documentation: Creating Deployments with Google Cloud Platform Marketplace)
3.7 Implementing resources via infrastructure as code. Tasks include:
- Building infrastructure via Cloud Foundation Toolkit templates and implementing best practices
- Installing and configuring Config Connector in Google Kubernetes Engine to create, update, delete, and secure resources
4. Ensuring successful operation of a cloud solution (20%)
4.1 Managing Compute Engine resources. Tasks include:
- Managing a single VM instance (e.g., start, stop, edit configuration, or delete an instance) (GCP Documentation: Virtual machine instances)
- Remotely connecting to the instance
- Attaching a GPU to a new instance and installing CUDA libraries (GCP Documentation: Adding or removing GPUs)
- Viewing current running VM inventory (instance IDs, details) (GCP Documentation: Instance life cycle)
- Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a snapshot) (GCP Documentation: Creating persistent disk snapshots)
- Working with images (e.g., create an image from a VM or a snapshot, view images, delete an image) (GCP Documentation: Images)
- Working with instance groups (e.g., set autoscaling parameters, assign instance template, create an instance template, remove instance group) (GCP Documentation: Instance groups)
- Working with management interfaces (e.g., Google Cloud console, Cloud Shell, Cloud SDK) (GCP Documentation: Cloud management tools)
4.2 Managing Google Kubernetes Engine resources. Tasks include:
- Viewing current running cluster inventory (nodes, pods, services) (GCP Documentation: GKE Dashboards)
- Browsing the container image repository and viewing container image details (GCP Documentation: gcloud container images list)
- Working with node pools (e.g., add, edit, or remove a node pool) (GCP Documentation: Node pools)
- Working with pods (e.g., add, edit, or remove pods) (GCP Documentation: Pod)
- Working with services (e.g., add, edit, or remove a service) (GCP Documentation: About Google Cloud services)
- Working with stateful applications (e.g. persistent volumes, stateful sets) (GCP Documentation: Deploying a stateful application)
- Managing Horizontal and Vertical autoscaling configurations
- Working with management interfaces (e.g., Google Cloud Console, Cloud Shell, Cloud SDK, kubectl) (GCP Documentation: Cloud management tools)
4.3 Managing Cloud Run resources. Tasks include:
- Adjusting application traffic splitting parameters (GCP Documentation: Splitting Traffic)
- Setting scaling parameters for autoscaling instances (GCP Documentation: Autoscaling groups of instances)
- Determining whether to run Cloud Run (fully managed) or Cloud Run for Anthos
4.4 Managing storage and database solutions. Tasks include:
- Managing and securing objects in and between Cloud Storage buckets (GCP Documentation: Moving and renaming buckets)
- Setting object life cycle management policies for Cloud Storage buckets (GCP Documentation: Object Lifecycle Management)
- Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery, Cloud Spanner, Cloud Datastore, Cloud Bigtable) (GCP Documentation: Querying Cloud Storage data)
- Estimating costs of a BigQuery query (GCP Documentation: Estimating storage and query costs)
- Backing up and restoring data instances (e.g., Cloud SQL, Cloud Datastore) (GCP Documentation: Restoring an instance)
- Reviewing job status in Cloud Dataproc, Cloud Dataflow, or BigQuery (GCP Documentation: Life of a Dataproc Job)
4.5 Managing networking resources. Tasks include:
- Adding a subnet to an existing VPC (GCP Documentation: Using VPC networks)
- Expanding a subnet to have more IP addresses (GCP Documentation: gcloud compute networks subnets expand-ip-range)
- Reserving static external or internal IP addresses (GCP Documentation: Reserving a new static external IP address)
- Working with CloudDNS, CloudNAT, Load Balancers and firewall rules
4.6 Monitoring and logging. Tasks include:
- Creating Cloud Monitoring alerts based on resource metrics
- Creating and ingesting Cloud Monitoring custom metrics (e.g., from applications or logs)
- Configuring log sinks to export logs to external systems (e.g., on-premises or BigQuery) (GCP Documentation: Exporting with the Logs Viewer)
- Configuring log routers
- Viewing and filtering logs in Stackdriver (GCP Documentation: Advanced logs queries)
- Viewing specific log message details in Stackdriver (GCP Documentation: Viewing logs (Classic))
- Using cloud diagnostics to research an application issue (e.g., viewing Cloud Trace data, using Cloud Debug to view an application point-in-time) (GCP Documentation: Error Reporting)
- Viewing Google Cloud status (GCP Documentation: Google Cloud Status Dashboard)
5. Configuring access and security (20%)
5.1 Managing identity and access management (IAM). Tasks include:
- Viewing IAM policies
- Creating IAM policies
- Managing the various role types and defining custom IAM roles (e.g., primitive, predefined and custom) (GCP Documentation: Basic concepts)
5.2 Managing service accounts. Tasks include:
- Creating service accounts
- Using service accounts in IAM policies with minimum permissions (GCP Documentation: Service accounts)
- Assigning service accounts to resources (GCP Documentation: Creating and enabling service accounts for instances)
- Managing IAM of a service account
- Managing service account impersonation
- Creating and managing short-lived service account credentials
5.3 Viewing audit logs
Let us now look at the preparatory resources.
Preparatory resources for Google Associate Cloud Engineer
Due to the growing competition in this sector and its allied exam, cracking the certification and Google Associate Cloud Engineer Preparation is a difficult task. With the right set of resources and right strategy you can easily pass the exam. there are numerous resources that you can choose for preparation. But you should be very careful while picking the resources as these resources will determine how well will you pass the exam. so, let us look at handful of resources in our Google Associate Cloud Engineer Study Guide:
Online training
There are various sites that provides the online training for this exam. the online training is the best way to prepare for the exam while developing strong understanding of the concepts. The online classes also provide you with good reading material like notes or recommends books that might be beneficial for you. Google has itself recommended some trainings that might help you in scoring well and that are prepared officially by google itself via coursera and other sites.
Complete the recommended curriculum in Google Associate Cloud Engineer Training:
Broaden your knowledge with additional self-paced labs and quests:
- Quest: Baseline: Infrastructure
- Quest: Cloud Engineering
- Quest: Kubernetes in Google Cloud
- Hands-on lab: Cloud Run – Hello Cloud Run
- Hands-on lab: Deploying an Application to App Engine Flexible
Instructor led trainings
Instructor led trainings are also one of the best options to prepare for the exam. the instructors who are well versed with this and have excelled in this field are on board for teaching in the best possible way. Again, you can find many reliable sites that provide online training and also provide you additional resources that can help you a lot. Google again, has officially launched its training sessions which can be found on official site and they are also mentioned below-
Complete the recommended curriculum:
Hands – on trainings
Practicing and learning to apply the concepts in real life is very important. This exam tests your competency for a job so all your concepts should be crystal clear and you should know their application too. Google recommends Google Associate Cloud Engineer Online Trainings through the following labs:
- Quest: GCP Essentials
- Quest: Baseline: Infrastructure
- Quest: Cloud Engineering
- Quest: Networking in the Google Cloud
- Quest: Kubernetes in the Google Cloud
- Hands-on lab: Cloud Run – Hello Cloud Run
- Hands-on lab: Deploying an Application to App Engine Flexible
Practice papers and sample tests
Your practice is something which will decide your future. You should try to take Google Associate Cloud Engineer Practice Tests as much as you can as this will never let you down. Practicing will help you determine where do you lack in performing best and will also help you in getting more confident on the day of exam by eradicating your silly mistakes. You can try a Google Associate Cloud Engineer Free practice test now. Try to solve as much papers as you can. They will let you identify the loopholes in your practice and will help you in reaching the next level of preparation. or you can also refer to google documentation as they are very much reliable source for preparation.
Google documentation
Google documentation is the most authentic resource for preparation and that too free of cost. You can go to official site of google for this exam and can find the documentations. Google has divided its documentations in the following four major sections:
You can explore these documentations and can find absolutely reliable and quality content for your preparation.
Enrich your learning experience and get ready to qualify Google Associate Cloud Engineer Certification exam with hundreds of practice exam and expert resources. Start Preparing Now!
Google Associate Cloud Engineer Online Tutorial
Testprep Training provides Online Tutorials to assist you during the preparation for Google Associate Cloud Engineer Exam. These online tutorials are built to help you acquire the required knowledge of the domain areas and structure the learning path to support your preparation. The Google Associate Cloud Engineer Tutorial covers the learning objectives including –
- Set up a cloud solution environment
- Plan and configure a cloud solution
- Deploy and implement a cloud solution
- Ensure the successful operation of a cloud solution
- Configure access and security
However, Google Associate Cloud Engineer deploys applications, monitors operations of multiple projects, and maintains enterprise solutions to ensure that they meet target performance metrics. This individual has experience working with public clouds and on-premises solutions. They are able to use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud.
1. Setting up a cloud solution environment
1.1 Setting up cloud projects and accounts. Activities include:
- Creating projects
- Understanding predefined IAM roles within a project
- Managing users in Cloud Identity
- Enabling APIs within projects
- Provisioning Stackdriver workspaces
1.2 Managing billing configuration. Activities include:
- Creating one or more billing accounts
- Linking projects to a billing account
- Establishing billing budgets and alerts
- Setting up billing exports to estimate daily/monthly charges
1.3 Installing and configuring the command-line interface (CLI), specifically the Cloud SDK (e.g., setting the default project).
2. Planning and configuring a cloud solution
2.1 Planning and estimating GCP product use using the Pricing Calculator
2.2 Planning and configuring compute resources. Considerations include:
- Selecting appropriate compute choices for a given workload (e.g., Compute Engine, Google Kubernetes Engine, App Engine, Cloud Run, Cloud Functions)
- Using preemptible VMs and custom machine types as appropriate
2.3 Planning and configuring data storage options. Considerations include:
- Product choice (e.g., Cloud SQL, BigQuery, Cloud Spanner, Cloud Bigtable)
- Choosing storage options (e.g., Standard, Nearline, Coldline, Archive)
2.4 Planning and configuring network resources. Tasks include:
- Differentiating load balancing options
- Identifying resource locations in a network for availability
- Configuring Cloud DNS
3. Deploying and implementing a cloud solution
3.1 Deploying and implementing Compute Engine resources. Tasks include:
- Launching a compute instance using Cloud Console and Cloud SDK (gcloud) (e.g., assign disks, availability policy, SSH keys)
- Creating an autoscaled managed instance group using an instance template
- Generating/uploading a custom SSH key for instances
- Configuring a VM for Stackdriver monitoring and logging
- Assessing compute quotas and requesting increases
- Installing the Stackdriver Agent for monitoring and logging
3.2 Deploying and implementing Google Kubernetes Engine resources. Tasks include:
- Deploying a Google Kubernetes Engine cluster
- Deploying a container application to Google Kubernetes Engine using pods
- Configuring Google Kubernetes Engine application monitoring and logging
3.3 Deploying and implementing App Engine, Cloud Run, and Cloud Functions resources. Tasks include, where applicable:
- Deploying an application, updating scaling configuration, versions, and traffic splitting
- Deploying an application that receives Google Cloud events (e.g., Cloud Pub/Sub events, Cloud Storage object change notification events)
3.4 Deploying and implementing data solutions. Tasks include:
- Initializing data systems with products (e.g., Cloud SQL, Cloud Datastore, BigQuery, Cloud Spanner, Cloud Pub/Sub, Cloud Bigtable, Cloud Dataproc, Cloud Dataflow, Cloud Storage)
- Loading data (e.g., command-line upload, API transfer, import/export, load data from Cloud Storage, streaming data to Cloud Pub/Sub)
3.5 Deploying and implementing networking resources. Tasks include:
- Creating a VPC with subnets (e.g., custom-mode VPC, shared VPC)
- Launching a Compute Engine instance with custom network configuration (e.g., internal-only IP address, Google private access, static external and private IP address, network tags)
- Creating ingress and egress firewall rules for a VPC (e.g., IP subnets, tags, service accounts)
- Creating a VPN between a Google VPC and an external network using Cloud VPN
- Creating a load balancer to distribute application network traffic to an application (e.g., Global HTTP(S) load balancer, Global SSL Proxy load balancer, Global TCP Proxy load balancer, regional network load balancer, regional internal load balancer)
3.6 Deploying a solution using Cloud Marketplace. Tasks include:
- Browsing Cloud Marketplace catalog and viewing solution details
- Deploying a Cloud Marketplace solution
3.7 Deploying application infrastructure using Cloud Deployment Manager. Tasks include:
- Developing Deployment Manager templates
- Launching a Deployment Manager template
4. Ensuring successful operation of a cloud solution
4.1 Managing Compute Engine resources. Tasks include:
- Managing a single VM instance (e.g., start, stop, edit the configuration, or delete an instance)
- SSH/RDP to the instance
- Attaching a GPU to a new instance and installing CUDA libraries
- Viewing current running VM inventory (instance IDs, details)
- Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a snapshot)
- Working with images (e.g., create an image from a VM or a snapshot, view images, delete an image)
- Working with instance groups (e.g., set autoscaling parameters, assign instance template, create an instance template, remove instance group)
- Working with management interfaces (e.g., Cloud Console, Cloud Shell, GCloud SDK)
4.2 Managing Google Kubernetes Engine resources. Tasks include:
- Viewing current running cluster inventory (nodes, pods, services)
- Browsing the container image repository and viewing container image details
- Working with node pools (e.g., add, edit, or remove a node pool)
- Working with pods (e.g., add, edit, or remove pods)
- Working with services (e.g., add, edit, or remove a service)
- Working with stateful applications (e.g. persistent volumes, stateful sets)
- Working with management interfaces (e.g., Cloud Console, Cloud Shell, Cloud SDK)
4.3 Managing App Engine and Cloud Run resources. Tasks include:
- Adjusting application traffic splitting parameters
- Setting scaling parameters for autoscaling instances
- Working with management interfaces (e.g., Cloud Console, Cloud Shell, Cloud SDK)
4.4 Managing storage and database solutions. Tasks include:
- Moving objects between Cloud Storage buckets
- Converting Cloud Storage buckets between storage classes
- Setting object life cycle management policies for Cloud Storage buckets
- Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery, Cloud Spanner, Cloud Datastore, Cloud Bigtable)
- Estimating costs of a BigQuery query
- Backing up and restoring data instances (e.g., Cloud SQL, Cloud Datastore)
- Reviewing job status in Cloud Dataproc, Cloud Dataflow, or BigQuery
- Working with management interfaces (e.g., Cloud Console, Cloud Shell, Cloud SDK)
4.5 Managing networking resources. Tasks include:
- Adding a subnet to an existing VPC
- Expanding a subnet to have more IP addresses
- Reserving static external or internal IP addresses
- Working with management interfaces (e.g., Cloud Console, Cloud Shell, Cloud SDK)
4.6 Monitoring and logging. Tasks include:
- Creating Stackdriver alerts based on resource metrics
- Creating Stackdriver custom metrics
- Configuring log sinks to export logs to external systems (e.g., on-premises or BigQuery)
- Viewing and filtering logs in Stackdriver
- Viewing specific log message details in Stackdriver
- Using cloud diagnostics to research an application issue (e.g., viewing Cloud Trace data, using Cloud Debug to view an application point-in-time)
- Viewing Google Cloud Platform status
- Working with management interfaces (e.g., Cloud Console, Cloud Shell, Cloud SDK)
5. Configuring access and security
5.1 Managing identity and access management (IAM). Tasks include:
- Viewing IAM role assignments
- Assigning IAM roles to accounts or Google Groups
- Defining custom IAM roles
5.2 Managing service accounts. Tasks include:
- Managing service accounts with limited privileges
- Assigning a service account to VM instances
- Granting access to a service account in another project
5.3 Viewing audit logs for the project and managed services.