Professional-Cloud-Architect Questions and Answers

Build or leverage an OAuth-compatible access control system.

Build SAML 2.0 SSO compatibility into your authentication system.

Restrict data access based on the source IP address of the partner systems.

Create secondary credentials for each dealer that can be given to the trusted third party.

Move all the data into 1 zone, then launch a Cloud Dataproc cluster to run the job.

Move all the data into 1 region, then launch a Google Cloud Dataproc cluster to run the job.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a multi region bucket and use a Dataproc cluster to finish the job.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a region bucket and use a Cloud Dataproc cluster to finish the jo

Use one Google Container Engine cluster of FTP servers. Save the data to a Multi-Regional bucket. Run the ETL process using data in the bucket.

Use multiple Google Container Engine clusters running FTP servers located in different regions. Save the data to Multi-Regional buckets in us, eu, and asia. Run the ETL process using the data in the bucket.

Directly transfer the files to different Google Cloud Multi-Regional Storage bucket locations in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process using the data in the bucket.

Directly transfer the files to a different Google Cloud Regional Storage bucket location in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process to retrieve the data from each Regional bucket.

Migrate from CSV to binary format, migrate from FTP to SFTP transport, and develop machine learning analysis of metrics.

Migrate from FTP to streaming transport, migrate from CSV to binary format, and develop machine learning analysis of metrics.

Increase fleet cellular connectivity to 80%, migrate from FTP to streaming transport, and develop machine learning analysis of metrics.

Migrate from FTP to SFTP transport, develop machine learning analysis of metrics, and increase dealer local inventory by a fixed factor.

Vehicles write data directly to GCS.

Vehicles write data directly to Google Cloud Pub/Sub.

Vehicles stream data directly to Google BigQuery.

Vehicles continue to write data using the existing system (FTP).

Have your engineers inspect the data for patterns, and then create an algorithm with rules that make operational adjustments automatically.

Capture all operating data, train machine learning models that identify ideal operations, and run locally to make operational adjustments automatically.

Implement a Google Cloud Dataflow streaming job with a sliding window, and use Google Cloud Messaging (GCM) to make operational adjustments automatically.

Capture all operating data, train machine learning models that identify ideal operations, and host in Google Cloud Machine Learning (ML) Platform to make operational adjustments automatically.

Set up API key validation.

Integrate OAuth 2.0 authorization.

Configure Quota policies.

Activate XML threat protection.

Design a migration plan to move all of Cymbal's data to Cloud Storage, and use Compute Engine for all business logic

Design a migration plan to move all of Cymbal's data to Cloud Storage, and use Cloud Run functions for all business logic

Design a migration plan, starting with a pilot project focusing on a specific product category, and gradually expand to other categories.

Design a migration plan with a scheduled window to move all components at once Perform extensive testing to ensure a successful migration.

Use a bastion host to provide secure access lo Google Cloud resources from Cymbal's on-premises systems.

Configure a static VPN connection using SSH tunnels to connect the on-premises systems to Google Cloud

Configure a Cloud VPN gateway and establish a VPN tunnel Configure firewall rules to restrict access to specific resources and services based on IP addresses and ports.

Use Google Cloud's VPC peering to connect Cymbal's on-premises network to Google Cloud.

Use Cloud SQL to store the customer data and product catalog.

Configure Cloud Build to call Al Applications (formerly Vertex Al Agent Builder).

Deploy a Google Kubernetes Engine (GKE) cluster with autoscaling enabled

Create a single, large Compute Engine VM instance with a high CPU allocation.

Migrate all databases to Spanner for consistency, and use Cloud Storage Standard for image storage

Migrate all databases to self-managed instances on Compute Engino. and use a persistent disk for image storage.

Migrate MySQL and SQL Server to Spanner. Redis to Memorystore. and MongoDB to Firestore Use Cloud Storage Standard for image storage, and move

images to Cloud Storage Nearline storage when products become less popular.

Migrate MySQL to Cloud SQL. SQL Server to Cloud SQL. Redis to Memorystore. and MongoDB to Firestore. Use Cloud Storage Standard for image storage, and move images to Cloud Storage Coldline storage when products become less popular

Investigate if the project owner disabled a soft-delete policy on the bucket holding the video files.

Investigate if the project owner moved from dual-region storage to region storage

Investigate If the project owner enabled a soft-delete policy on the bucket holding the video files.

Investigate if the project owner moved from multi-region storage to region stotage.

Use AlloyDB for structured product data, and Cloud Storage for product images

Use Spanner for the structured product data, and BigTable for product images

Use Filestore for the structured product data and Cloud Storage for product images

Use Cloud Storage for structured product data, and BigQuery for product images

Use a Cloud Storage bucket in the same region as your virtual machines Configure lifecycle policies to delete files after processing

Use Filestore to store temporary files

Use performance persistent disks.

Use Local SSDs attached to the VMs running the generative Al models

Log into each Compute Engine instance and collect disk, CPU, memory, and network usage statistics for

analysis.

Use the gcloud compute instances list to list the virtual machine instances that have the idle: true label set.

Use the gcloud recommender command to list the idle virtual machine instances.

From the Google Console, identify which Compute Engine instances in the managed instance groups are

no longer responding to health check probes.

Tests should scale well beyond the prior approaches.

Unit tests are no longer required, only end-to-end tests.

Tests should be applied after the release is in the production environment.

Tests should include directly testing the Google Cloud Platform (GCP) infrastructure.

Apply a Cloud Armor security policy to external load balancers using a named IP list for Fastly.

Apply a Cloud Armor security policy to external load balancers using the IP addresses that Fastly has published. C. Apply a VPC firewall rule on port 443 for Fastly IP address ranges.

Apply a VPC firewall rule on port 443 for network resources tagged with scurceiplisr-fasrly.

Verify that the database is online.

Verify that the project quota hasn't been exceeded.

Verify that the new feature code did not introduce any performance bugs.

Verify that the load-testing team is not running their tool against production.

Create a project for development and test and another for staging and production.

Create a network for development and test and another for staging and production.

Create one subnetwork for development and another for staging and production.

Create one project for development, a second for staging and a third for production.

Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine

Google Cloud Storage, Google App Engine, Google Network Load Balancer

Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer

Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager

Create a scalable environment in GCP for simulating production load.

Use the existing infrastructure to test the GCP-based backend at scale.

Build stress tests into each component of your application using resources internal to GCP to simulate load.

Create a set of static environments in GCP to test different levels of load — for example, high, medium, and low.

Container Engine, Cloud Pub/Sub, and Cloud SQL

Cloud Dataflow, Cloud Storage, Cloud Pub/Sub, and BigQuery

Cloud SQL, Cloud Storage, Cloud Pub/Sub, and Cloud Dataflow

Cloud Dataproc, Cloud Pub/Sub, Cloud SQL, and Cloud Dataflow

Cloud Pub/Sub, Compute Engine, Cloud Storage, and Cloud Dataproc

Request Transfer Appliances from Google Cloud, export the data to appliances, and return the appliances to Google Cloud.

Configure the Storage Transfer service from Google Cloud to send the data from your data center to Cloud Storage

Make sure there are no other users consuming the 1 Gbps link, and use multi-thread transfer to upload the data to Cloud Storage.

Export files to an encrypted USB device, send the device to Google Cloud, and request an import of the data to Cloud Storage

Configure an organizational policy which constrains where resources can be deployed.

Configure IAM conditions to limit what resources can be configured.

Configure the quotas for resources in the regions not being used to 0.

Configure a custom alert in Cloud Monitoring so you can disable resources as they are created in other

regions.

Create CPU Utilization and Request Latency as service level indicators.

Create GKE CPU Utilization and Memory Utilization as service level indicators.

Create Request Latency and Error Rate as service level indicators.

Create Server Uptime and Error Rate as service level indicators.

Upload your mobile app to the Firebase Test Lab, and test the mobile app on Android and iOS devices.

Create Android and iOS VMs on Google Cloud, install the mobile app on the VMs, and test the mobile app.

Create Android and iOS containers on Google Kubernetes Engine (GKE), install the mobile app on the

containers, and test the mobile app.

Upload your mobile app with different configurations to Firebase Hosting and test each configuration.

Use gsutil to batch move files in sequence.

Use gsutil to batch copy the files in parallel.

Use gsutil to extract the files as the first part of ETL.

Use gsutil to load the files as the last part of ETL.

Configure a global load balancer connected to a managed instance group running Compute Engine

instances.

Configure kubemci with a global load balancer and Google Kubernetes Engine.

Configure a global load balancer with Google Kubernetes Engine.

Configure Ingress for Anthos with a global load balancer and Google Kubernetes Engine.

Configure Workload Identity and service accounts to be used by the application platform.

Use Kubernetes Secrets, which are obfuscated by default. Configure these Secrets to be used by the

application platform.

Configure Kubernetes Secrets to store the secret, enable Application-Layer Secrets Encryption, and use

Cloud Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to

be used by the application platform.

Configure HashiCorp Vault on Compute Engine, and use customer managed encryption keys and Cloud

Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to be used

by the application platform.

Create a service account (SA) in the legacy game's Google Cloud project, add this SA in the new game's IAM page, and then give it the Firebase Admin role in both projects

Create a service account (SA) in the legacy game's Google Cloud project, add a second SA in the new game's IAM page, and then give the Organization Admin role to both SAs

Create a service account (SA) in the legacy game's Google Cloud project, give it the Firebase Admin role, and then migrate the new game to the legacy game's project.

Create a service account (SA) in the lgacy game's Google Cloud project, give the SA the Organization Admin rule and then give it the Firebase Admin role in both projects

Perform a mapping of the on-premises physical hardware cores and RAM to the nearest machine types in the cloud.

Recommend that Dress4Win deploy application servers to machine types that offer the highest RAM to CPU ratio available.

Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.

Identify the number of virtual cores and RAM associated with the application server virtual machines align them to a custom machine type in the cloud, monitor performance, and scale the machine types up until the desired performance is reached.

Use regional managed instance groups and a global load balancer to increase performance because the

regional managed instance group can grow instances in each region separately based on traffic.

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines managed by your operations team.

Use regional managed instance groups and a global load balancer to increase reliability by providing

automatic failover between zones in different regions.

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines as part of a separate managed instance groups.

Install the Stackdriver agent on all of the legacy web servers.

In the Cloud Platform Console download the list of the uptime servers' IP addresses and create an inbound firewall rule

Configure their load balancer to pass through the User-Agent HTTP header when the value matches GoogleStackdriverMonitoring-UptimeChecks (https://cloud.google.com/monitoring)

Configure their legacy web servers to allow requests that contain user-Agent HTTP header when the value matches GoogleStackdriverMonitoring— UptimeChecks (https://cloud.google.com/monitoring)

They should run the end to end tests in the cloud staging environment to determine if the code is working as

intended.

They should enable google stack driver debugger on the application code to show errors in the code

They should add additional unit tests and production scale load tests on their cloud staging environment.

They should add canary tests so developers can measure how much of an impact the new release causes to latency

They should enable Google Stackdriver Debugger on the application code to show errors in the code.

They should add additional unit tests and production scale load tests on their cloud staging environment.

They should run the end-to-end tests in the cloud staging environment to determine if the code is working as intended.

They should add canary tests so developers can measure how much of an impact the new release causes to latency.

Store image files in a Google Cloud Storage bucket. Use Google Cloud Datastore to maintain metadata that maps each customer's ID and their image files.

Store image files in a Google Cloud Storage bucket. Add custom metadata to the uploaded images in Cloud Storage that contains the customer's unique ID.

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Assign each customer a unique ID, which sets each file's owner attribute, ensuring privacy of images.

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Use a Google Cloud SQL database to maintain metadata that maps each customer's ID to their image files.

Google Cloud Storage Coldline to store the data, and gsutil to access the data.

Google Cloud Storage Nearline to store the data, and gsutil to access the data.

Google Bigtabte with US or EU as location to store the data, and gcloud to access the data.

BigQuery to store the data, and a web server cluster in a managed instance group to access the data. Google Cloud SQL mirrored across two distinct regions to store the data, and a Redis cluster in a managed instance group to access the data.

Create a cron script using gsutil to copy the files to a Coldline Storage bucket.

Create a cron script using gsutil to copy the files to a Regional Storage bucket.

Create a Cloud Storage Transfer Service Job to copy the files to a Coldline Storage bucket.

Create a Cloud Storage Transfer Service job to copy the files to a Regional Storage bucket.

Migrate the web application layer to App Engine, and MySQL to Cloud Datastore, and NAS to Cloud Storage. Deploy RabbitMQ, and deploy Hadoop servers using Deployment Manager.

Migrate RabbitMQ to Cloud Pub/Sub, Hadoop to BigQuery, and NAS to Compute Engine with Persistent Disk storage. Deploy Tomcat, and deploy Nginx using Deployment Manager.

Implement managed instance groups for Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Compute Engine with Persistent Disk storage.

Implement managed instance groups for the Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Cloud Storage.

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Enable default storage encryption before storing files in Cloud Storage.

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements.

Utilize Google’s default encryption at rest when storing files in Cloud Storage.

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.

Delete the virtual machine (VM) and disks and create a new one.

Delete the instance, attach the disk to a new VM, and investigate.

Take a snapshot of the disk and connect to a new machine to investigate.

Check inbound firewall rules for the network the machine is connected to.

Connect the machine to another network with very simple firewall rules and investigate.

Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate.

Error rates for requests from Asia

Latency difference between US and Asia

Total visits, error rates, and latency from Asia

Total visits and average latency for users in Asia

The number of character sets present in the database

Cloud Spanner

Google BigQuery

Google Cloud SQL

Google Cloud Datastore

A single VPN tunnel, which limits throughput

A tier of Google Cloud Storage that is not suited for this task

A copy command that is not suited to operate over long distances

Fewer virtual machines (VMs) in GCP than on-premises machines

A separate storage layer outside the VMs, which is not suited for this task

Complicated internet connectivity between the on-premises infrastructure and GCP

Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs).

Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs.

Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs

Deploy a custom authentication service on GCE/Google Container Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs.

Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application.

Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications.

Create a single G Suite account to manage users with each stage of each application in its own project.

Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment.

Enable the Cloud Trace API on your project and use Cloud Monitoring Alerts to send an alert based on the Cloud Trace metrics

Configure Anthos Config Management on your cluster and create a yaml file that defines the SLO and alerting policy you want to deploy in your cluster

Use Cloud Profiler to follow up the request latency. Create a custom metric in Cloud Monitoring based on the results of Cloud Profiler, and create an Alerting Policy in case this metric exceeds the threshold

Install Anthos Service Mesh on your cluster. Use the Google Cloud Console to define a Service Level Objective (SLO)

Create an egress rule with priority 1000 to deny all traffic for all instances. Create another egress rule with priority 100 to allow the Active Directory traffic for all instances.

Create an egress rule with priority 100 to deny all traffic for all instances. Create another egress rule with priority 1000 to allow the Active Directory traffic for all instances.

Create an egress rule with priority 1000 to allow the Active Directory traffic. Rely on the implied deny

egress rule with priority 100 to block all traffic for all instances.

Create an egress rule with priority 100 to allow the Active Directory traffic. Rely on the implied deny egress rule with priority 1000 to block all traffic for all instances.

Schedule a cron job with Cloud Scheduler. The scheduled job queries the logs every minute for the relevant events.

Export logs to BigQuery, and trigger a query in BigQuery to process the log data for the relevant events.

Export logs to a Pub/Sub topic, and trigger Cloud Function with the relevant log events.

Export logs to a Cloud Storage bucket, and trigger Cloud Run with the relevant log events.

Move your data onto a Transfer Appliance. Use a Transfer Appliance Rehydrator to decrypt the data into Cloud Storage.

Move your data onto a Transfer Appliance. Use Cloud Dataprep to decrypt the data into Cloud Storage.

Install gsutil on each server that contains data. Use resumable transfers to upload the data into Cloud Storage.

Install gsutil on each server containing data. Use streaming transfers to upload the data into Cloud

Storage.

Measure the Latency of your requests.

Track the Online serving throughput of your requests.

Observe the Request size in your featurestore.

Monitor the Queries per second for your featurestore.

Upgrade all instances to the N2 machine series.

Purchase three-year committed use discounts (CUDs) for the existing n1-standard-4 instances.

Re-architect the environments to run on a regional managed instance group (MIG) with autoscaling enabled.

Schedule the virtual machines to start and stop to match your team's work schedule.

1. Create an image of the on-premises virtual machines and upload into Cloud Storage.

2. Import the image as a virtual disk on Compute Engine.

1. Create standard instances on Compute Engine.

2. Select as the OS the same Microsoft Windows version that is currently in use in the on-premises environment.

1. Create an image of the on-premises virtual machine.

2. Import the image as a virtual disk on Compute Engine.

3. Create a standard instance on Compute Engine, selecting as the OS the same Microsoft Windows version that is currently in use in the on-premises environment.

4. Attach a data disk that includes data that matches the created image.

1. Create an image of the on-premises virtual machines.

2. Import the image as a virtual disk on Compute Engine using --os=windows-2022-dc-v.

3. Create a sole-tenancy instance on Compute Engine that uses the imported disk as a boot disk.

Create Cloud SQL read replicas in regions in Europe and Asia, and direct all database read traffic from those continents to their local replica.

Use a regional external Network Load Balancer in us-central1 to better distribute the incoming global traffic.

Enable Cloud CDN for the backend service that serves the static assets, and configure it as part of a global external HTTP(S) Load Balancer.

Deploy the application frontend service to Compute Engine managed instance groups in regions in Europe and Asia. Use a global external HTTP(S) Load Balancer to route user traffic to the nearest region.

Cloud Bigtable

Cloud Spanner

BigQuery

Cloud Datastore

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L4 load balancer.

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L4 load balancer.

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L7 load balancer.

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L7 load balancer.

Create network load balancers. Use preemptible Compute Engine instances.

Create network load balancers. Use non-preemptible Compute Engine instances.

Create a global load balancer with managed instance groups and autoscaling policies. Use preemptible Compute Engine instances.

Create a global load balancer with managed instance groups and autoscaling policies. Use non-preemptible Compute Engine instances.

Evaluate the impact of migrating their current batch ETL code to Cloud Dataflow.

Write a schema migration plan to denormalize data for better performance in BigQuery.

Draw an architecture diagram that shows how to move from a single MySQL database to a MySQL cluster.

Load 10 TB of analytics data from a previous game into a Cloud SQL instance, and run test queries against the full dataset to confirm that they complete successfully.

Integrate Cloud Armor to defend against possible SQL injection attacks in analytics files uploaded to Cloud Storage.

Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.

Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.

Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry.

Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.