Associate-Cloud-Engineer Questions and Answers

Question # 6

You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

Grant all engineer’s permission to create their own billing accounts for each new project.

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

Full Access

Question # 7

During a recent audit of your existing Google Cloud resources, you discovered several users with email addresses outside of your Google Workspace domain.

You want to ensure that your resources are only shared with users whose email addresses match your domain. You need to remove any mismatched users, and you want to avoid having to audit your resources to identify mismatched users. What should you do?

Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.

Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.

Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.

Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

Full Access

Question # 8

You are working with a Cloud SQL MySQL database at your company. You need to retain a month-end copy of the database for three years for audit purposes. What should you do?

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

Full Access

Question # 9

You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

Full Access

Question # 10

You are deploying an application on Google Cloud that requires a relational database for storage. To satisfy your company's security policies, your application must connect to your database through an encrypted and authenticated connection that requires minimal management and integrates with Identity and Access Management (IAM). What should you do?

Deploy a Cloud SQL database with the SSL mode set to encrypted only, configure SSL/TLS client certificates, and configure a database user and password.

Deploy a Cloud SOL database and configure IAM database authentication. Access the database through the Cloud SQL Auth Proxy.

Deploy a Cloud SQL database with the SSL mode set to encrypted only, configure SSL/TLS client certificates, and configure IAM database authentication.

Deploy a Cloud SQL database and configure a database user and password. Access the database through the Cloud SQL Auth Proxy.

Full Access

Question # 11

The sales team has a project named Sales Data Digest that has the ID acme-data-digest You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?

Grant the Project Editor role to the Marketing learn for acme data digest

Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team

Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there

Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team.

Full Access

Question # 12

You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Full Access

Question # 13

You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

Create a health check on port 443 and use that when creating the Managed Instance Group.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

In the Instance Template, add the label ‘health-check’.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

Full Access

Question # 14

(Your company uses a multi-cloud strategy that includes Google Cloud. You want to centralize application logs in a third-party software-as-a-service (SaaS) tool from all environments. You need tointegrate logs originating from Cloud Logging, and you want to ensure the export occurs with the least amount of delay possible. What should you do?)

Use a Cloud Scheduler cron job to trigger a Cloud Function that queries Cloud Logging and sends the logs to the SaaS tool.

Create a Cloud Logging sink and configure Pub/Sub as the destination. Configure the SaaS tool to subscribe to the Pub/Sub topic to retrieve the logs.

Create a Cloud Logging sink and configure Cloud Storage as the destination. Configure the SaaS tool to read the Cloud Storage bucket to retrieve the logs.

Create a Cloud Logging sink and configure BigQuery as the destination. Configure the SaaS tool to query BigQuery to retrieve the logs.

Full Access

Answer:

Explanation:

Comprehensive and Detailed In Depth Explanation:

The requirement is to export logs from Cloud Logging to a third-party SaaS tool with the least amount of delay possible. Let's analyze each option:

A. Cloud Scheduler, Cloud Function, and querying Cloud Logging: This approach introduces a delay based on the Cloud Scheduler's cron job frequency. The Cloud Function would periodically query Cloud Logging, which might not capture the logs in real-time. This does not meet the "least amount of delay possible" requirement.

B. Cloud Logging sink to Pub/Sub, SaaS tool subscribing to Pub/Sub: Cloud Logging sinks can be configured to export logs in near real-time as they are ingested into Cloud Logging. Pub/Sub is a messaging service designed for asynchronous and near real-time message delivery. By configuring the sink to send logs to a Pub/Sub topic, and having the SaaS tool subscribe to this topic, logs can be delivered to the SaaS tool with minimal delay. This aligns with the requirement for immediate export.

C. Cloud Logging sink to Cloud Storage, SaaS tool reading Cloud Storage: Exporting logs to Cloud Storage involves a batch-oriented approach. Logs are typically written to files periodically. The SaaS tool would then need to poll or be configured to read these files, introducing a significant delay compared to a streaming approach.

D. Cloud Logging sink to BigQuery, SaaS tool querying BigQuery: Similar to Cloud Storage, exporting to BigQuery is more suitable for analytical purposes. The SaaS tool would need to periodically queryBigQuery, which introduces latency and is not the most efficient way to achieve near real-time log delivery.

Therefore, configuring a Cloud Logging sink to Pub/Sub and having the SaaS tool subscribe to the Pub/Sub topic provides the lowest latency for exporting logs.

Google Cloud Documentation References:

Cloud Logging Sinks Overview: https://cloud.google.com/logging/docs/export/configure_export_v2 - This document explains how to create and manage Cloud Logging sinks, including the available destinations.

Pub/Sub Overview: https://cloud.google.com/pubsub/docs/overview - This highlights Pub/Sub's capabilities for real-time message delivery and its use cases in streaming data.

Exporting Logs with Cloud Logging: https://cloud.google.com/logging/docs/export - This provides a comprehensive guide to exporting logs from Cloud Logging to various destinations, emphasizing Pub/Sub for streaming.

===========

Question # 15

You are managing a project for the Business Intelligence (BI) department in your company. A data pipeline ingests data into BigQuery via streaming. You want the users in the BI department to be able to run the custom SQL queries against the latest data in BigQuery. What should you do?

Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard.

Create a Service Account for the BI team and distribute a new private key to each member of the BI team.

Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team's internal data warehouse.

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team.

Full Access

Question # 16

Your company stores data from multiple sources that have different data storage requirements. These data include:

1. Customer data that is structured and read with complex queries

2. Historical log data that is large in volume and accessed infrequently

3. Real-time sensor data with high-velocity writes, which needs to be available for analysis but can tolerate some data loss

You need to design the most cost-effective storage solution that fulfills all data storage requirements. What should you do?

Use Spanner for all data.

Use Cloud SQL for customer data, Cloud Storage (Coldline) for historical logs, and BigQuery for sensor data.

Use Cloud SQL for customer data, Cloud Storage (Archive) for historical logs, and Bigtable for sensor data.

Use Firestore for customer data, Cloud Storage (Nearline) for historical logs, and Bigtable for sensor data.

Full Access

Question # 17

You need to deploy a third-party software application onto a single Compute Engine VM instance. The application requires the highest speed read and write disk access for the internal database. You need to ensure the instance will recover on failure. What should you do?

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateful managed instance group.

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateless managed instance group.

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateful managed instance group.

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateless managed instance group.

Full Access

Question # 18

You need to manage a Cloud Spanner Instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.

Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Full Access

Question # 19

You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost-effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end. What should you do?

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

Full Access

Question # 20

(Your company is modernizing its applications and refactoring them to containerized microservices. You need to deploy the infrastructure on Google Cloud so that teams can deploy their applications. The applications cannot be exposed publicly. You want to minimize management and operational overhead. What should you do?)

Provision a Standard zonal Google Kubernetes Engine (GKE) cluster.

Provision a fleet of Compute Engine instances and install Kubernetes.

Provision a Google Kubernetes Engine (GKE) Autopilot cluster.

Provision a Standard regional Google Kubernetes Engine (GKE) cluster.

Full Access

Question # 21

You want to deploy a new containerized application into Google Cloud by using a Kubernetes manifest. You want to have full control over the Kubernetes deployment, and at the same time, you want to minimize configuring infrastructure. What should you do?

Deploy the application on GKE Autopilot.

Deploy the application on GKE Standard.

Deploy the application on Cloud Functions.

Deploy the application on Cloud Run.

Full Access

Question # 22

You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

Use the GCP Console to transfer the file instead of gsutil.

Enable parallel composite uploads using gsutil on the file transfer.

Decrease the TCP window size on the machine initiating the transfer.

Change the storage class of the bucket from Nearline to Multi-Regional.

Full Access

Question # 23

You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in the crm-databases project. You want to follow Google-recommended practices to grant access to the service account in the web-applications project. What should you do?

Grant "project owner" for web-applications appropriate roles to crm-databases.

Grant "project owner" role to crm-databases and the web-applications project.

Grant "project owner" role to crm-databases and roles/bigquery.dataViewer role to web-applications.

Grant roles/bigquery.dataViewer role to crm-databases and appropriate roles to web-applications.

Full Access

Question # 24

(You are migrating your company’s on-premises compute resources to Google Cloud. You need to deploy batch processing jobs that run every night. The jobs require significant CPU and memory for several hours but can tolerate interruptions. You must ensure that the deployment is cost-effective. What should you do?)

Containerize the batch processing jobs and deploy them on Compute Engine.

Use custom machine types on Compute Engine.

Use the M1 machine series on Compute Engine.

Use Spot VMs on Compute Engine.

Full Access

Question # 25

You have successfully created a development environment in a project for an application. This application uses Compute Engine and Cloud SQL. Now, you need to create a production environment for this application.

The security team has forbidden the existence of network routes between these 2 environments, and asks you to follow Google-recommended practices. What should you do?

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.

Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

Full Access

Question # 26

You’ve deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below:

You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

Store the database password inside the Docker image of the container, not in the YAML file.

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.

Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.

Full Access

Question # 27

Your team has developed a stateless application which requires it to be run directly on virtual machines. The application is expected to receive a fluctuating amount of traffic and needs to scale automatically. You need to deploy the application. What should you do?

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

Full Access

Question # 28

You are using Data Studio to visualize a table from your data warehouse that is built on top of BigQuery. Data is appended to the data warehouse during the day. At night, the daily summary is recalculated by overwriting the table. You just noticed that the charts in Data Studio are broken, and you want to analyze the problem. What should you do?

Use the BigQuery interface to review the nightly Job and look for any errors

Review the Error Reporting page in the Cloud Console to find any errors.

In Cloud Logging create a filter for your Data Studio report

Use the open source CLI tool. Snapshot Debugger, to find out why the data was not refreshed correctly.

Full Access

Question # 29

You want to enable your development team to deploy new features to an existing Cloud Run service in production. To minimize the risk associated with a new revision, you want to reduce the number ofcustomers who might be affected by an outage without introducing any development or operational costs to your customers. You want to follow Google-recommended practices for managing revisions to a service. What should you do9

Deploy your application to a second Cloud Run service, and ask your customers to use the second Cloud Run service.

Ask your customers to retry access to your service with exponential backoff to mitigate any potential problems after the new revision is deployed.

Gradually roll out the new revision and split customer traffic between the revisions to allow rollback in case a problem occurs.

Send all customer traffic to the new revision, and roll back to a previous revision if you witness any problems in production.

Full Access

Question # 30

You need to verify that a Google Cloud Platform service account was created at a particular time. What should you do?

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

Full Access

Question # 31

You need to add a group of new users to Cloud Identity. Some of the users already have existing Google accounts. You want to follow one of Google's recommended practices and avoid conflicting accounts. What should you do?

Invite the user to transfer their existing account

Invite the user to use an email alias to resolve the conflict

Tell the user that they must delete their existing account

Tell the user to remove all personal email from the existing account

Full Access

Question # 32

You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive data. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?

Create a signed URL with a four-hour expiration and share the URL with the company.

Set object access to ‘public’ and use object lifecycle management to remove the object after four hours.

Configure the storage bucket as a static website and furnish the object’s URL to the company. Delete the object from the storage bucket after four hours.

Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.

Full Access

Question # 33

You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?

Run gcloud iam roles list. Review the output section.

Run gcloud iam service-accounts list. Review the output section.

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

Full Access

Question # 34

You are deploying an application to Cloud Run. Your application requires the use of an API that runs on Google Kubernetes Engine (GKE). You need to ensure that your Cloud Run service can privately reach the API on GKE, and you want to follow Google-recommended practices. What should you do?

Deploy an ingress resource on the GKE cluster to expose the API to the internet. Use Cloud Armor to filter for IP addresses that can connect to the API. On the Cloud Run service, configure the application to fetch its public IP address and update the Cloud Armor policy on startup to allow this IP address to call the API on ports 80 and 443.

Create an egress firewall rule on the VPC to allow connections to 0.0.0.0/0 on ports 80 and 443.

Create an ingress firewall rule on the VPC to allow connections from 0.0.0.0/0 on ports 80 and 443.

Deploy an internal Application Load Balancer to expose the API on GKE to the VPC. Configure Cloud DNS with the IP address of the internal Application Load Balancer. Deploy a Serverless VPC Access connector to allow the Cloud Run service to call the API through the FQDN on Cloud DNS.

Full Access

Answer:

Explanation:

The requirement is for private communication between a Cloud Run service and a GKE API, following best practices.

Option A exposes the GKE API to the public internet, which violates the "privately reach" requirement. Relying on dynamic IP allowlisting with Cloud Armor is complex and less secure than private networking.

Options B and C configure overly permissive firewall rules (allowing all egress or ingress) and do not establish the necessary private network path between Cloud Run (which normally runs outside your VPC) and the GKE cluster within your VPC.

Option D describes the standard Google-recommended pattern for this scenario:

Internal Application Load Balancer (ILB): Expose the GKE service (API) using an ILB. This gives the service a private IP address accessible only within the VPC network (or connected networks).

Cloud DNS: Create a private DNS zone and record pointing a fully qualified domain name (FQDN) to the ILB's private IP address. This allows services to reach the API via a stable name instead of an IP.

Serverless VPC Access Connector: This connector creates a bridge allowing serverless services like Cloud Run to send traffic into your VPC network.

Cloud Run Configuration: Configure the Cloud Run service to use the VPC Access connector. The application code can then call the GKE API using its private FQDN registered in Cloud DNS.

This setup ensures traffic flows entirely over private networks (within the VPC via the ILB and through the VPC Access connector), meeting the private communication requirement securely and reliably.

[References:, Serverless VPC Access: "Serverless VPC Access lets your serverless environment send requests to your VPC network..." - https://cloud.google.com/vpc/docs/serverless-vpc-access, Internal Application Load Balancer Overview: "Google Cloud internal Application Load Balancers are regional, proxy-based Layer 7 load balancers that enable you to run and scale your services behind an internal IP address..." - https://cloud.google.com/load-balancing/docs/internal, Connecting from Cloud Run to a VPC network: Documentation often outlines patterns using VPC Access Connectors and Internal Load Balancers or Private Service Connect. - https://cloud.google.com/run/docs/configuring/connecting-vpc, GKE Internal Load Balancing: How to expose GKE services internally. - https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing, , , ]

Question # 35

You use Cloud Logging lo capture application logs. You now need to use SOL to analyze the application logs in Cloud Logging, and you want to follow Google-recommended practices. What should you do?

Develop SQL queries by using Gemini for Google Cloud.

Enable Log Analytics for the log bucket and create a linked dataset in BigQuery.

Create a schema for the storage bucket and run SQL queries for the data in the bucket.

Export logs to a storage bucket and create an external view in BigQuery.

Full Access

Question # 36

You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

Open the Cloud Spanner console to review configurations.

Open the IAM & admin console to review IAM policies for Cloud Spanner roles.

Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Full Access

Question # 37

You want to host your video encoding software on Compute Engine. Your user base is growing rapidly, and users need to be able 3 to encode their videos at any time without interruption or CPU limitations. You must ensure that your encoding solution is highly available, and you want to follow Google-recommended practices to automate operations. What should you do?

Deploy your solution on multiple standalone Compute Engine instances, and increase the number of existing instances wnen CPU utilization on Cloud Monitoring reaches a certain threshold.

Deploy your solution on multiple standalone Compute Engine instances, and replace existing instances with high-CPUinstances when CPU utilization on Cloud Monitoring reaches a certain threshold.

Deploy your solution to an instance group, and increase the number of available instances whenever you see high CPU utilization in Cloud Monitoring.

Deploy your solution to an instance group, and set the autoscaling based on CPU utilization.

Full Access

Question # 38

You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.

Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.

Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.

Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

Full Access

Question # 39

(Your company was recently impacted by a service disruption that caused multiple Dataflow jobs to get stuck, resulting in significant downtime in downstream applications and revenue loss. You were able to resolve the issue by identifying and fixing an error you found in the code. You need to design a solution with minimal management effort to identify when jobs are stuck in the future to ensure that this issue does not occur again. What should you do?)

Set up Error Reporting to identify stack traces that indicate slowdowns in Dataflow jobs. Set up alerts based on these log entries.

Use the Personalized Service Health dashboard to identify issues with Dataflow jobs across regions.

Update the Dataflow job configurations to send messages to a Pub/Sub topic when there are delays. Configure a backup Dataflow job to process jobs that are delayed. Use Cloud Tasks to trigger an alert when messages are pushed to the Pub/Sub topic.

Set up Cloud Monitoring alerts on the data freshness metric for the Dataflow jobs to receive a notification when a certain threshold is reached.

Full Access

Answer:

Explanation:

Comprehensive and Detailed In Depth Explanation:

The goal is to proactively identify stuck Dataflow jobs with minimal management effort. Let's analyze each option:

A. Error Reporting for slowdowns: Error Reporting primarily focuses on capturing and aggregating exceptions and errors (stack traces). While a stuck job might eventually throw an error, it might also just become unresponsive without generating explicit errors. Relying solely on Error Reporting might not provide timely detection of stuck jobs. Identifying stack traces that indicate slowdowns can also be complex and require significant manual configuration and analysis.

B. Personalized Service Health dashboard: The Personalized Service Health dashboard provides information about Google Cloud service incidents that might be affecting your resources. While it can alert you to broader Dataflow service outages, it won't specifically identify individual stuck jobs due to application-level errors or logic within your Dataflow pipeline.

C. Pub/Sub messages for delays, backup job, and Cloud Tasks alerts: This approach involves significant custom implementation and management. You would need to instrument your Dataflow jobs to detect delays, send messages to Pub/Sub, manage a backup job, and configure Cloud Tasks for alerting. This adds considerable operational overhead and complexity.

D. Cloud Monitoring alerts on data freshness metric: Dataflow provides built-in metrics, including "data freshness" (or similar metrics like "system lag" or "processing time"), which indicate how far behind the pipeline is in processing data. If a job gets stuck, the data freshness will deteriorate beyond an acceptable threshold. Cloud Monitoring allows you to easily set up alerts based on these built-in metrics. This requires minimal custom coding and leverages the platform's existing monitoring capabilities, aligning with the "minimal management effort" requirement.

Therefore, setting up Cloud Monitoring alerts on relevant Dataflow metrics like data freshness is the most efficient and recommended way to detect stuck Dataflow jobs with minimal management overhead.

Google Cloud Documentation References:

Monitoring Dataflow Pipelines: https://cloud.google.com/dataflow/docs/guides/monitoring-your-pipeline - This document details the various metrics available for monitoring Dataflow jobs in Cloud Monitoring, including metrics related to processing time, system lag, and data freshness.

Creating Alerts in Cloud Monitoring: https://cloud.google.com/monitoring/alerts/create - Explains how to set up alerts based on metrics collected by Cloud Monitoring.

Dataflow Metrics: https://cloud.google.com/dataflow/docs/reference/monitoring-metrics - Provides a comprehensive list of Dataflow metrics that can be used for monitoring and alerting.

Question # 40

You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/devstorage.write_only’.

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/cloud-platform’.

Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket.

Create a service account and add it to the IAM role ‘storage.objectAdmin’ for that bucket.

Full Access

Question # 41

You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

Use gcloud config configurations describe to review the output.

Use gcloud config configurations activate and gcloud config list to review the output.

Use kubectl config get-contexts to review the output.

Use kubectl config use-context and kubectl config view to review the output.

Full Access

Question # 42

You need to update a deployment in Deployment Manager without any resource downtime in the deployment. Which command should you use?

gcloud deployment-manager deployments create --config

gcloud deployment-manager deployments update --config

gcloud deployment-manager resources create --config

gcloud deployment-manager resources update --config

Full Access

Question # 43

Your company has many legacy third-party applications that rely on a shared NFS server for file sharing between these workloads. You want to modernize the NFS server by using a Google Cloud managed service. You need to select the solution that requires the least amount of change to the application. What should you do?

Configure Firestore. Configure all applications to use Firestore instead of the NFS server.

Deploy a Filestore instance. Replace all NFS mounts with a Filestore mount.

Create a Cloud Storage bucket. Configure all applications to use Cloud Storage client libraries instead of the NFS server.

Create a Compute Engine instance and configure an NFS server on the instance. Point all NFS mounts to the Compute Engine instance.

Full Access

Question # 44

Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running on four GKE n1–standard–2 nodes. You need to deploy additional pods requiring n2–highmem–16 nodes without any downtime. What should you do?

Use gcloud container clusters upgrade. Deploy the new services.

Create a new Node Pool and specify machine type n2–highmem–16. Deploy the new pods.

Create a new cluster with n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

Create a new cluster with both n1–standard–2 and n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

Full Access

Question # 45

You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

Configure an HTTP(S) load balancer.

Configure an internal TCP load balancer.

Configure an external SSL proxy load balancer.

Configure an external TCP proxy load balancer.

Full Access

Question # 46

(You are deploying a web application using Compute Engine. You created a managed instance group (MIG) to host the application. You want to follow Google-recommended practices to implement a secure and highly available solution. What should you do?)

Use a proxy Network Load Balancer for the MIG and an A record in your DNS private zone with the load balancer's IP address.

Use a proxy Network Load Balancer for the MIG and a CNAME record in your DNS public zone with the load balancer's IP address.

Use an Application Load Balancer for the MIG and a CNAME record in your DNS private zone with the load balancer's IP address.

Use an Application Load Balancer for the MIG and an A record in your DNS public zone with the load balancer's IP address.

Full Access

Question # 47

You recently received a new Google Cloud project with an attached billing account where you will work. You need to create instances, set firewalls, and store data in Cloud Storage. You want to follow Google-recommended practices. What should you do?

Use the gcloud CLI services enablecloudresourcemanager.googleapis.comcommand to enable all resources.

Use the gcloud services enablecompute.googleapis.comcommand to enable Compute Engineand thegcloud services enablestorage-api.googleapis.comcommand to enable the Cloud Storage APIs.

Open the Google Cloud console and enable all Google Cloud APIs from the API dashboard.

Open the Google Cloud console and run gcloud init --project in a Cloud Shell.

Full Access

Question # 48

Your organization has three existing Google Cloud projects. You need to bill the Marketing department for only their Google Cloud services for a new initiative within their group. What should you do?

1. Verify that you ace assigned the Billing Administrator IAM role tor your organization's Google Cloud Project for the Marketing department2. Link the new project to a Marketing Billing Account

1. Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud account2. Create a new Google Cloud Project for the Marketing department3. Set the default key-value project labels to department marketing for all services in this project

1. Verify that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account2. Create a new Google Cloud Project for the Marketing department 3. Link the new project to a Marketing Billing Account.

1. Verity that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account2. Create a new Google Cloud Project for the Marketing department3. Set the default key value project labels to department marketing for all services in this protect

Full Access

Question # 49

You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images. The microservice responsible for the image rendering requires a large amount of CPU time compared to the memory it requires. The other microservices are workloads that are optimized for n1-standard machine types. You need to optimize your cluster so that all workloads are using resources as efficiently as possible. What should you do?

Assign the pods of the image rendering microservice a higher pod priority than the older microservices

Create a node pool with compute-optimized machine type nodes for the image rendering microservice Use the node pool with general-purposemachine type nodes for the other microservices

Use the node pool with general-purpose machine type nodes for lite mage rendering microservice Create a nodepool with compute-optimized machine type nodes for the other microservices

Configure the required amount of CPU and memory in the resource requests specification of the image rendering microservice deployment Keep the resource requests for the other microservices at the default

Full Access

Question # 50

You have developed an application that consists of multiple microservices, with each microservice packaged in its own Docker container image. You want to deploy the entire application on Google Kubernetes Engine so that each microservice can be scaled individually. What should you do?

Create and deploy a Custom Resource Definition per microservice.

Create and deploy a Docker Compose File.

Create and deploy a Job per microservice.

Create and deploy a Deployment per microservice.

Full Access

Question # 51

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

Coldline Storage

Nearline Storage

Regional Storage

Multi-Regional Storage

Full Access

Question # 52

Youare configuring Cloud DNS. You want !to create DNS records to pointhome.mydomain.com,mydomain.com. andwww.mydomain.comto the IP address of your Google Cloud load balancer. What should you do?

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Full Access

Question # 53

A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

In the console, validate which SSH keys have been stored as project-wide keys.

Navigate to Identity-Aware Proxy and check the permissions for these resources.

Enable Audit Logs on the IAM & admin page for all resources, and validate the results.

Use the command gcloud projects get–iam–policy to view the current role assignments.

Full Access

Question # 54

You have two Google Cloud projects: project-a with VPC vpc-a (10.0.0.0/16) and project-b with VPC vpc-b (10.8.0.0/16). Your frontend application resides in vpc-a and the backend API services ate deployed in vpc-b. You need to efficiently and cost-effectively enable communication between these Google Cloud projects. You also want to follow Google-recommended practices. What should you do?

Configure a Cloud Router in vpc-a and another Cloud Router in vpc-b.

Configure a Cloud Interconnect connection between vpc-a and vpc-b.

Create VPC Network Peering between vpc-a and vpc-b.

Create an OpenVPN connection between vpc-a and vpc-b.

Full Access

Question # 55

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

Create a custom role based on the Compute Image User role Add the compute.disks, list to theincludedPermissions field Grant the custom role to the user at the project level

Grant the Compute Storage Admin role at the project level.

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Full Access

Question # 56

Your company is using Google Workspace to manage employee accounts. Anticipated growth will increase the number of personnel from 100 employees to 1.000 employees within 2 years. Most employees will need access to your company's Google Cloud account. The systems and processes will need to support 10x growth without performance degradation, unnecessary complexity, or security issues. What should you do?

Migrate the users to Active Directory. Connect the Human Resources system to Active Directory. Turn on Google Cloud Directory Sync (GCDS) for Cloud Identity. Turn on Identity Federation from Cloud Identity to Active Directory.

Organize the users in Cloud Identity into groups. Enforce multi-factor authentication in Cloud Identity.

Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation.

Use a third-party identity provider service through federation. Synchronize the users from Google Workplace to the third-party provider in real time.

Full Access

Question # 57

Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to design the networking infrastructure on

Google Cloud to match these requirements. What should you do?

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

Full Access

Question # 58

You need to extract text from audio files by using the Speech-to-Text API. The audio files are pushed to a Cloud Storage bucket. You need to implement a fully managed, serverless compute solution that requires authentication and aligns with Google-recommended practices. You want to automate the call to the API by submitting each file to the API as the audio file arrives in the bucket. What should you do?

Run a Kubernetes job to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

Create an App Engine standard environment triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

Run a Python script by using a Linux cron job in Compute Engine to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

Create a Cloud Function triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

Full Access

Question # 59

Your development team needs a new Jenkins server for their project. You need to deploy the server using the fewest steps possible. What should you do?

Download and deploy the Jenkins Java WAR to App Engine Standard.

Create a new Compute Engine instance and install Jenkins through the command line interface.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

Use GCP Marketplace to launch the Jenkins solution.

Full Access

Question # 60

Your application development team has created Docker images for an application that will be deployed on Google Cloud. Your team does not want to manage the infrastructure associated with this application. You need to ensure that the application can scale automatically as it gains popularity. What should you do?

Create an Instance template with the container image, and deploy a Managed Instance Group withAutoscaling.

Upload Docker images to Artifact Registry, and deploy the application on Google Kubernetes Engine usingStandard mode.

Upload Docker images to the Cloud Storage, and deploy the application on Google Kubernetes Engine usingStandard mode.

Upload Docker images to Artifact Registry, and deploy the application on Cloud Run.

Full Access

Question # 61

You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions. You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?

Create a single budget for all projects and configure budget alerts on this budget.

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

Create a budget per project and configure budget alerts on all of these budgets.

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

Full Access

Question # 62

You are operating a Google Kubernetes Engine (GKE) cluster for your company where different teams can run non-production workloads. Your Machine Learning (ML) team needs access to Nvidia Tesla P100 GPUs to train their models. You want to minimize effort and cost. What should you do?

Ask your ML team to add the “accelerator: gpu” annotation to their pod specification.

Recreate all the nodes of the GKE cluster to enable GPUs on all of them.

Create your own Kubernetes cluster on top of Compute Engine with nodes that have GPUs. Dedicate this cluster to your ML team.

Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelector to their pod specification.

Full Access

Question # 63

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

After the VM has been created, use your Google Account credentials to log in into the VM.

After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.

When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value.

After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.

Full Access

Question # 64

You are planning to move your company's website and a specific asynchronous background job to Google Cloud Your website contains only static HTML content The background job is started through an HTTP endpoint and generates monthly invoices for your customers. Your website needs to be available in multiple geographic locations and requires autoscaling. You want to have no costs when your workloads are not In use and follow recommended practices. What should you do?

Move your website to Google Kubemetes Engine (GKE). and move your background job to Cloud Functions

Move both your website and background job to Compute Engine

CMove both your website and background job to Cloud Run.

Move your website to Google Kubemetes Engine (GKE), and move your background job to Compute Engine

Full Access

Question # 65

You have an application that uses Cloud Spanner as a backend database. The application has a very predictable traffic pattern. You want to automatically scale up or down the number of Spanner nodes depending on traffic. What should you do?

Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.

Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.

Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.

Full Access

Question # 66

Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Full Access

Question # 67

You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.

You check the status of the deployed pods and notice that one of them is still in PENDING status:

You want to find out why the pod is stuck in pending status. What should you do?

Review details of the myapp-service Service object and check for error messages.

Review details of the myapp-deployment Deployment object and check for error messages.

Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.

View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.

Full Access

Question # 68

Your application stores files on Cloud Storage by using the Standard Storage class. The application only requires access to files created in the last 30 days. You want to automatically save costs on files that are no longer accessed by the application. What should you do?

Create a retention policy on the storage bucket of 30 days, and lock the bucket by using a retention policy lock.

Enable object versioning on the storage bucket and add lifecycle rules to expire non-current versions after 30 days

Create an object lifecycle on the storage bucket to change the storage class to Archive Storage for objects with an age over 30 days.

Create a cron job in Cloud Scheduler to call a Cloud Functions instance every day to delete files older than 30 days.

Full Access

Question # 69

Your company completed the acquisition of a startup and is now merging the IT systems of both companies. The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is billed lo your organization. You want to accomplish this task with minimal effort. What should you do?

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

Full Access

Question # 70

Your company wants to standardize the creation and management of multiple Google Cloud resources using Infrastructure as Code. You want to minimize the amount of repetitive code needed to manage the environment What should you do?

Create a bash script that contains all requirement steps as gcloud commands

Develop templates for the environment using Cloud Deployment Manager

Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.

Use the Cloud Console interface to provision and manage all related resources

Full Access

Question # 71

Your auditor wants to view your organization's use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need. What should you do?

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

Full Access

Question # 72

You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.

Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.

Full Access

Question # 73

Your company has an internal application for managing transactional orders. The application is used exclusively by employees in a single physical location. The application requires strong consistency, fast queries, and ACID guarantees for multi-table transactional updates. The first version of the application is implemented inPostgreSQL, and you want to deploy it to the cloud with minimal code changes. Which database is most appropriate for this application?

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Full Access

Question # 74

You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?

Use a custom mode VPC network, configure static routes, and use active/passive routing

Use an automatic mode VPC network, configure static routes, and use active/active routing

Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing

Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing

Full Access

Question # 75

You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

Change the default region property setting in the existing GCP project to asia-northeast1.

Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.

Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.

Full Access

Question # 76

The DevOps group in your organization needs full control of Compute Engine resources in your development project. However, they should not have permission to create or update any other resources in the project. You want to follow Google's recommendations for setting permissions for the DevOps group. What should you do?

Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps group.

Create an IAM policy and grant all compute. instanceAdmln." permissions to the policy Attach the policy to the DevOps group.

Create a custom role at the folder level and grant all compute. instanceAdmln. * permissions to the role Grant the custom role to the DevOps group.

Grant the basic role roles/editor to the DevOps group.

Full Access

Question # 77

You are planning to migrate a database and a backend application to a Standard Google Kubernetes Engine (GKE) cluster. You need to prevent data loss and make sure there are enough nodes available for your backend application based on the demands of your workloads. You want to follow Google-recommended practices and minimize the amount of manual work required. What should you do?

Run your database as a StatefulSet. Configure cluster autoscaling to handle changes in the demands of your workloads.

Run your database as a single Pod. Run the resize command when you notice changes in the demands of your workloads.

Run your database as a Deployment. Configure cluster autoscaling to handle changes in the demands of your workloads.

Run your database as a DaemonSet. Run the resize command when you notice changes in the demands of your workloads.

Full Access

Question # 78

You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.

Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.

Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.

Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

Full Access

Question # 79

Your continuous integration and delivery (CI/CD) server can't execute Google Cloud actions in a specific project because of permission issues. You need to validate whether the used service account has the appropriate roles in the specific project. What should you do?

Open the Google Cloud console, and run a query to determine which resources this service account can access.

Open the Google Cloud console, and run a query of the audit logs to find permission denied errors for this service account.

Open the Google Cloud console, and check the organization policies.

Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.

Full Access

Question # 80

Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting to the game with their personal phones over the Internet. The game sends UDP packets to update the servers about the gamers' actions while they are playing in multiplayer mode. Your game backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a single IP address. What should you do?

Configure an SSL Proxy load balancer in front of the application servers.

Configure an Internal UDP load balancer in front of the application servers.

Configure an External HTTP(s) load balancer in front of the application servers.

Configure an External Network load balancer in front of the application servers.

Full Access

Question # 81

Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization. What should you do?

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.

Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.

Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.

Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.

Full Access

Question # 82

You need to monitor resources that are distributed over different projects in Google Cloud Platform. You want to consolidate reporting under the same Stackdriver Monitoring dashboard. What should you do?

Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.

For each project, create a Stackdriver account. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects.

Configure a single Stackdriver account, and link all projects to the same account.

Configure a single Stackdriver account for one of the projects. In Stackdriver, create a Group and add the other project names as criteria for that Group.

Full Access

Question # 83

Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?

Modify the existing subnet range to 172.16.20.0/24.

Create a new Secondary IP Range in the VPC and configure the VMs to use that range.

Create a new VPC network for the VMs. Enable VPC Peering between the VMs’ VPC network and the Dataproc cluster VPC network.

Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC network. Configure a custom Route exchange.

Full Access

Question # 84

You are building an application that will run in your data center. The application will use Google Cloud Platform (GCP) services like AutoML. You created a service account that has appropriate access to AutoML. You need to enable authentication to the APIs from your on-premises environment. What should you do?

Use service account credentials in your on-premises application.

Use gcloud to create a key file for the service account that has appropriate permissions.

Set up direct interconnect between your data center and Google Cloud Platform to enable authentication for your on-premises applications.

Go to the IAM & admin console, grant a user account permissions similar to the service account permissions, and use this user account for authentication from your data center.

Full Access

Question # 85

You are designing an application that uses WebSockets and HTTP sessions that are not distributed across the web servers. You want to ensure the application runs properly on Google Cloud Platform. What should you do?

Meet with the cloud enablement team to discuss load balancer options.

Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.

Review the encryption requirements for WebSocket connections with the security team.

Convert the WebSocket code to use HTTP streaming.

Full Access

Question # 86

You need to host an application on a Compute Engine instance in a project shared with other teams. You want to prevent the other teams from accidentally causing downtime on that application. Which feature should you use?

Use a Shielded VM.

Use a Preemptible VM.

Use a sole-tenant node.

Enable deletion protection on the instance.

Full Access

Question # 87

Your coworker has helped you set up several configurations for gcloud. You've noticed that you're running commands against the wrong project. Being new to the company, you haven't yet memorized any of the projects. With the fewest steps possible, what's the fastest way to switch to the correct configuration?

Run gcloud configurations list followed by gcloud configurations activate .

Run gcloud config list followed by gcloud config activate.

Run gcloud config configurations list followed by gcloud config configurations activate.

Re-authenticate with the gcloud auth login command and select the correct configurations on login.

Full Access

Question # 88

You need to set a budget alert for use of Compute Engineer services on one of the three Google Cloud Platform projects that you manage. All three projects are linked to a single billing account. What should you do?

Verify that you are the project billing administrator. Select the associated billing account and create a budget and alert for the appropriate project.

Verify that you are the project billing administrator. Select the associated billing account and create a budget and a custom alert.

Verify that you are the project administrator. Select the associated billing account and create a budget for the appropriate project.

Verify that you are project administrator. Select the associated billing account and create a budget and a custom alert.

Full Access

Question # 89

You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Full Access

Question # 90

Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate an updated version of the application with a specific percentage of your production users (canary deployment). What should you do?

Create a new service with the new version of the application. Split traffic between this version and the version that is currently running.

Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.

Create a new service with the new version of the application. Add an HTTP Load Balancer in front of both services.

Create a new revision with the new version of the application. Add an HTTP Load Balancer in front of both revisions.

Full Access

Question # 91

Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup Language (SAML) integration with service providers. Your company has users in Cloud Identity. You would like users to authenticate using your company’s SSO provider. What should you do?

In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.

In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.

Full Access

Question # 92

You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you grant your colleagues?

Project Editor

Storage Admin

Storage Object Admin

Storage Object Creator

Full Access

Question # 93

You have just created a new project which will be used to deploy a globally distributed application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You want to perform the first step in preparation of creating the instance. What should you do?

Grant yourself the IAM role of Cloud Spanner Admin

Create a new VPC network with subnetworks in all desired regions

Configure your Cloud Spanner instance to be multi-regional

Enable the Cloud Spanner API

Full Access

Question # 94

Several employees at your company have been creating projects with Cloud Platform and paying for it with their personal credit cards, which the company reimburses. The company wants to centralize all these projects under a single, new billing account. What should you do?

Contact cloud-billing@google.com with your bank account details and request a corporate billing account for your company.

Create a ticket with Google Support and wait for their call to share your credit card details over the phone.

In the Google Platform Console, go to the Resource Manage and move all projects to the root Organization.

In the Google Cloud Platform Console, create a new billing account and set up a payment method.

Full Access

Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

DumpsTool Header

dumpstool logo

Associate-Cloud-Engineer Questions and Answers

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer: