ACE Exam Cheat Sheet

Ultimate Reference: Storage, Compute, Net, Security, Ops & DevOps

Last Updated: Jan 2026 | Version 6.0
Object
Relational
NoSQL
Analytics

Cloud Storage

Bucket
  • Objects: Immutable (versions)
  • Classes: Standard, Nearline (30d), Coldline (90d), Archive (365d)
  • Transfer: Transfer Appliance (Physical, >20TB)
ACE Tip Lifecycle: "Delete data > 5 years" = Lifecycle Policy. Transfer Service: "Online transfer from AWS S3/Azure" = Storage Transfer Service (not Appliance). Signed URLs: "Temp access for user without Google account."

Filestore

NFS
  • Protocol: NFSv3 compliant file server.
  • Use Case: Shared filesystem for VMs/GKE.
  • Performance: Low latency for "Lift & Shift".
ACE Tip "Legacy app needs a file share?" or "Multiple VMs need read/write access to the same directory?" → Filestore.

Cloud SQL

SQL
  • Engine: MySQL, Postgres, SQL Server
  • Scale: Vertical (Downtime required)
  • Scope: Regional
ACE Tip "Lift & Shift" SQL. Max 64TB.
Constraint: Regional only. For Global scale/consistency, use Cloud Spanner.

Cloud Spanner

SQL
  • Engine: Proprietary (ANSI SQL)
  • Scale: Horizontal (Unlimited)
  • Scope: Global
ACE Tip Expensive. Key phrases: "Global transactional consistency," "Horizontal scaling for relational data."

Firestore

NoSQL Doc
  • Scale: Horizontal / Serverless
  • Features: Offline Sync, Real-time
  • Use Case: Mobile Apps, User Profiles
ACE Tip Replaced "Datastore". Key phrases: "Offline Sync," "Mobile/Web clients," "Real-time updates."

Cloud Bigtable

Wide Column
  • Use Case: IoT, AdTech, High Throughput (Petabytes)
  • Performance: Sub-millisecond latency
  • Anti-Pattern: NOT for SQL queries or "Ad-hoc" analytics (Use BigQuery)
ACE Tip Key exam combo: "IoT sensors" + "High speed Read/Write" + "Simple Schema" = Bigtable

Memorystore

Cache
  • Engine: Managed Redis or Memcached.
  • Performance: Sub-millisecond (In-memory).
  • Use Case: Caching, Gaming leaderboards.
ACE Tip "Reduce load on Cloud SQL?" or "Speed up data retrieval?" → Put Memorystore in front.

BigQuery

Warehouse
  • Engine: Serverless SQL
  • Scale: Petabyte / Exabyte
  • Use Case: Analytics, Reporting, ML
ACE Tip For Analysis, not serving apps.
Key phrases: "Historical data," "Analyze Logs," "Business Intelligence."

Storage Decision Logic

Unstructured Files (Images/PDFs)? âž” Cloud Storage
Structured (SQL) + Regional? âž” Cloud SQL
Structured (SQL) + Global Scale? âž” Spanner
Mobile App + Offline Sync? âž” Firestore
High Velocity Writes (IoT)? âž” Bigtable
IaaS
GKE
Serverless
PaaS

Compute Engine

IaaS
  • Unit: Virtual Machine (VM)
  • Control: Full (OS, Kernel, Disk)
  • Use Case: Legacy apps, Specific OS
ACE Tip Default for "Lift & Shift". Key phrases: "Install custom GPU driver," "Specific OS kernel."

Managed Instance Groups

IaaS
  • MIGs: Stateless (common) or Stateful
  • Healing: Auto-recreates failed VMs
  • Scope: Zonal or Regional
ACE Tip "Ensure High Availability for VMs?" → Regional MIG (spreads VMs across zones).
"Application crashed?" → Auto-healing (Health Check) restarts it automatically.

GKE

K8s
  • Modes: Standard vs Autopilot
  • Security: Binary Authorization (Trusted image signing)
  • Networking: Use Service to expose Pods (Stable IP)
ACE Tip Cost: "Minimize idle node costs?" → Use GKE Autopilot. Security: "Ensure only signed images deploy?" → Binary Authorization.

K8s Workloads

Objects
  • Deployment: Stateless apps (Web servers).
  • StatefulSet: Stateful apps (Databases). Stable network ID.
  • DaemonSet: Runs 1 Pod on every node (Logging agents).
ACE Tip "Deploy a monitoring agent on every node?" → DaemonSet.
"Deploy a database like Mongo/Kafka on GKE?" → StatefulSet.

Cloud Run

Serverless
  • Unit: Stateless Container (HTTP/gRPC)
  • Scaling: 0 to N instances (Fast)
  • Config: max-instances vs concurrency
ACE Tip DB Crash? If your DB crashes from too many connections, → set max-instances (limit total containers), NOT concurrency. Secrets: Mount via Secret Manager.

Cloud Run functions

FaaS
  • Unit: Single Function (Code snippets)
  • Trigger: Event (Http, PubSub, Storage)
  • Note: Recently renamed from "Cloud Functions"
ACE Tip Not for full apps. Good for "Reactions".
Key phrases: "Trigger on file upload," "Lightweight event handler."

App Engine (Std)

PaaS
  • Unit: Source Code
  • Lang: Py, Java, Go, Node, PHP
  • Scale: To Zero (Super fast)
ACE Tip Zero config. "Just upload code." Key phrases: "Standard languages," "Sandbox," "Rapid deployment."

App Engine (Flex)

PaaS
  • Unit: Container (Docker)
  • Scale: Min 1 Instance (No Zero)
  • Startup: Slow (Minutes)
ACE Tip Use only if you need custom runtimes/background threads not supported by Cloud Run. It is slower and more expensive (no scale to zero).
VPC
Hybrid
Load Balancing

VPC & Firewall

Core
  • Scope: Global
  • Subnets: Regional. Can expand CIDR (e.g., /24 > /20) but CANNOT shrink.
  • Firewall: Implied Deny Ingress, Implied Allow Egress.
ACE Tip Exhausted IPs? "Expand the CIDR range" is the least effort solution (don't create new subnets). Logging: Enable "Flow Logs" for network troubleshooting.

Shared VPC

Core
  • Host Project: Central IT manages Network/Firewall.
  • Service Project: Devs manage VMs/Apps.
  • Connectivity: Private IP communication between projects.
ACE Tip "Allow departments to create VMs but keep central control of firewalls?" → Shared VPC (Not Peering).

Cloud NAT

Core
  • Function: Outbound internet for Private VMs
  • Config: Regional
ACE Tip "Private VMs (no public IP) need to download OS updates from internet?" → Cloud NAT. (Security Best Practice: Don't give VMs public IPs just for updates).

Cloud DNS

DNS
  • Type: Managed authoritative DNS
  • Zones: Public (Internet) & Private (VPC internal)
ACE Tip "Service needs a constant address even if server crashes?" → Static External IP + Cloud DNS A-Record.

Cloud VPN

Hybrid
  • Type: HA VPN (High Availability)
  • Transport: Public Internet (IPsec)
  • Cost: Low
ACE Tip Best for low traffic or tight budgets. Requires "Cloud Router" for dynamic routing (BGP).

Cloud Interconnect

Hybrid
  • Transport: Physical Wire (Private)
  • Speed: 10 Gbps - 100 Gbps
  • Cost: High
ACE Tip Choose this if you need "RFC1918 (Private IP)" communication with high bandwidth or SLA requirement.

HTTP(S) LB

Layer 7
  • Traffic: HTTP / HTTPS
  • Scope: Global (Anycast IP)
  • Features: CDN, WAF (Armor)
ACE Tip The default for Web Apps. Distributes traffic to the closest region automatically. Terminates SSL.

Network LB

Layer 4
  • Passthrough: Preserves Client IP. Regional.
  • Proxy: Terminates connection. Global or Regional.
ACE Tip "Need to see original Client IP?" or "UDP traffic?" → External Passthrough Network LB. "Global TCP/SSL offload?" → Proxy Network LB.

Networking Decision Logic

Connect On-Prem cheap + fast? âž” Cloud VPN
Connect On-Prem heavy data/critical? âž” Interconnect
Private VM accessing Google APIs? âž” Private Google Access
Web App (HTTP) Global Users? âž” HTTP(S) LB
Need Client IP / UDP? âž” Passthrough NLB
IAM
Hierarchy
Access

IAM Best Practices

Access
  • Structure: Users > Groups > Roles
  • Principle: Least Privilege (Always).
  • Hierarchy: Org > Folder > Project > Resource
ACE Tip Maintenance: ALWAYS assign roles to Groups, never individuals. Predefined vs Custom: Prefer Predefined unless you explicitly need to filter permissions (Custom = high maintenance).

Service Accounts

Machine ID
  • Used By: Apps, VMs (Not Humans)
  • Keys: Google-managed (Safer) vs User-managed
  • Scopes: Legacy access method (deprecated but tested).
ACE Tip Default Compute SA has "Editor" (Too risky). Always create a User-Managed SA.
Troubleshooting: If IAM role is correct but VM gets 403, check Access Scopes (must be "Allow Full Access" or specific API enabled).

IAP

Access
  • Function: HTTPS/SSH access control
  • Benefit: No VPN, No Public IP needed
ACE Tip The answer to "SSH to VM with no Public IP?"is always IAP. (Requires "IAP-secured Tunnel User" role).

KMS & Secrets

Data
  • KMS: Encryption Keys (CMEK)
  • Secret Manager: Passwords, API Keys
ACE Tip Don't put passwords in Source Code or Env Vars. Use Secret Manager.
Monitoring
Logging

Cloud Monitoring

Metrics
  • Default: CPU, Network, Disk I/O
  • Ops Agent: REQUIRED for Memory & Disk Space
  • Alerting: Email, SMS, Pub/Sub channels
ACE Tip Logs-based Metric: "Count specific error messages in logs?" → Create a Counter Metric (don't script it). Uptime Checks: Verify availability from outside Google.

Billing & Quotas

Mgmt
  • Budgets: Send ALERTS (emails) only. Do NOT stop spending.
  • Quotas: Hard limits. STOP resource creation (prevent overspend).
ACE Tip "Stop malicious consumption?" → Quotas. "Analyze costs by department?" → Labels.
Warning: Tags are for Networking/Firewalls ONLY, not Billing!

Cloud Logging

Logs
  • Centralized: Aggregates all service logs
  • Sinks: Export logs to Storage, Pub/Sub, or BigQuery
  • Exclusions: Discard noisy logs to save money
ACE Tip "Retain logs for 5 years for audit?" → Export Sink to Archive Storage.
"Analyze logs with SQL?" → Export Sink to BigQuery.

Trace & Profiler

Perf
  • Trace: Latency breakdown per request
  • Profiler: CPU/RAM usage of functions
  • Error Reporting: Groups similar stack traces
ACE Tip "App is slow, need to see which microservice takes time?" → Cloud Trace.
"Function costing too much CPU?" → Profiler.
Pipeline
Processing
CI/CD

Pub/Sub

Messaging
  • Pattern: Publisher → Topic → Subscription → Subscriber
  • Benefit: Async Decoupling
  • Global: Yes
ACE Tip "Decouple services," "Handle spike in traffic," or "Ingest IoT data." Use Push for Webhooks (Cloud Run), Pull for workers.

Dataflow

ETL
  • Engine: Apache Beam
  • Type: Serverless (Streaming & Batch)
  • Use Case: Transformation, Pipeline
ACE Tip "Transform data before loading to BigQuery." Prefer Dataflow over Dataproc for new pipelines (Serverless).

Dataproc

Hadoop
  • Engine: Hadoop, Spark, Hive
  • Type: Managed Cluster (VMs)
  • Use Case: Legacy Big Data migration
ACE Tip "Lift & Shift existing Hadoop/Spark jobs."
Use Preemptible VMs for worker nodes to save cost on batch jobs.

Pre-trained ML

API
  • Vision API: Detect text/objects/faces in images.
  • Speech API: Transcribe audio to text.
  • Translation: Language translation.
ACE Tip "Analyze images/text without ML expertise?" or "No data scientists on team?" → Use Pre-trained APIs (Avoid AutoML unless you need custom training).

Cloud Build

CI/CD
  • Function: Builds containers/artifacts
  • Config: `cloudbuild.yaml`
  • Serverless: Yes
ACE Tip "Automate deployment to GKE/Cloud Run." Can run vulnerability scans.

Artifact Registry

Storage
  • Stores: Docker Images, Maven/npm packages
  • Security: Granular IAM access
ACE Tip The replacement for "Container Registry." If the exam mentions storing images securely, choose this.