Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer sample Question + Exam 2024 Practice Exam Dumps

Question # 4

You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?

Create an instance template for the instances. Set the â€˜Automatic Restartâ€™ to on. Set the â€˜On-host maintenanceâ€™ to Migrate VM instance. Add the instance template to an instance group.

Create an instance template for the instances. Set â€˜Automatic Restartâ€™ to off. Set â€˜On-host maintenanceâ€™ to Terminate VM instances. Add the instance template to an instance group.

Create an instance group for the instances. Set the â€˜Autohealingâ€™ health check to healthy (HTTP).

Create an instance group for the instance. Verify that the â€˜Advanced creation optionsâ€™ setting for â€˜do not retry machine creationâ€™ is set to off.

Full Access

Answer:

Explanation:

Create an instance template for the instances so VMs have same specs. Set the "ËœAutomatic Restart' to on to VM automatically restarts upon crash. Set the "ËœOn-host maintenance' to Migrate VM instance. This will take care of VM during maintenance window. It will migrate VM instance making it highly available Add the instance template to an instance group so instances can be managed.

â€¢ onHostMaintenance: Determines the behavior when a maintenance event occurs that might cause your instance to reboot.

â€¢ [Default] MIGRATE, which causes Compute Engine to live migrate an instance when there is a maintenance event.

â€¢ TERMINATE, which stops an instance instead of migrating it.

â€¢ automaticRestart: Determines the behavior when an instance crashes or is stopped by the system.

â€¢ [Default] true, so Compute Engine restarts an instance if the instance crashes or is stopped.

â€¢ false, so Compute Engine does not restart an instance if the instance crashes or is stopped.

Enabling automatic restart ensures that compute engine instances are automatically restarted when they crash. And Enabling Migrate VM Instance enables live migrates i.e. compute instances are migrated during system maintenance and remain running during the migration.

Automatic RestartÂ If your instance is set to terminate when there is a maintenance event, or if your instance crashes because of an underlying hardware issue, you can set up Compute Engine to automatically restart the instance by setting the automaticRestart field to true. This setting does not apply if the instance is taken offline through a user action, such as calling sudo shutdown, or during a zone outage.Ref:Â https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options#autorestart

Enabling the Migrate VM Instance option migrates your instance away from an infrastructure maintenance event, and your instance remains running during the migration. Your instance might experience a short period of decreased performance, although generally, most instances should not notice any difference. This is ideal for instances that require constant uptime and can tolerate a short period of decreased performance.Ref:Â https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options#live_migrate

Question # 5

You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

Set up a high-priority (1000) rule to allow the appropriate ports.

Full Access

Question # 6

You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?

Use a custom mode VPC network, configure static routes, and use active/passive routing

Use an automatic mode VPC network, configure static routes, and use active/active routing

Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing

Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing

Full Access

Question # 7

You want to set up a Google Kubernetes Engine cluster Verifiable node identity and integrity are required for the cluster, and nodes cannot be accessed from the internet. You want to reduce the operational cost of managing your cluster, and you want to follow Google-recommended practices. What should you do?

Deploy a private autopilot cluster

Deploy a public autopilot cluster.

Deploy a standard public cluster and enable shielded nodes.

Deploy a standard private cluster and enable shielded nodes.

Full Access

Question # 8

You have successfully created a development environment in a project for an application. This application uses Compute Engine and Cloud SQL. Now, you need to create a production environment for this application.

The security team has forbidden the existence of network routes between these 2 environments, and asks you to follow Google-recommended practices. What should you do?

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.

Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

Full Access

Question # 9

Your team is building a website that handles votes from a large user population. The incoming votes will arrive at various rates. You want to optimize the storage and processing of the votes. What should you do?

Save the incoming votes to Firestore. Use Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes.

Use a dedicated instance to process the incoming votes. Send the votes directly to this instance.

Save the incoming votes to a JSON file on Cloud Storage. Process the votes in a batch at the end of the day.

Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.

Full Access

Question # 10

A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

In the console, validate which SSH keys have been stored as project-wide keys.

Navigate to Identity-Aware Proxy and check the permissions for these resources.

Enable Audit Logs on the IAM & admin page for all resources, and validate the results.

Use the command gcloud projects getâ€“iamâ€“policy to view the current role assignments.

Full Access

Question # 11

You have files in a Cloud Storage bucket that you need to share with your suppliers. You want to restrict the time that the files are available to your suppliers to 1 hour. You want to follow Google recommended practices. What should you do?

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///**.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///***

Full Access

Question # 12

Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure. You need to assign minimum permissions to these team members and you want to follow Google-recommended practices. What should you do?

Add the users to roles/browser role.

Add the users to roles/iam.roleViewer role.

Add the users to a group, and add this group to roles/browser role.

Add the users to a group, and add this group to roles/iam.roleViewer role.

Full Access

Question # 13

You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate your application to the API. You want to make sure your application can use Cloud Pub/Sub. What should you do?

Enable the Cloud Pub/Sub API in the API Library on the GCP Console.

Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.

Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.

Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.

Full Access

Question # 14

Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization. What should you do?

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.

Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.

Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.

Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.

Full Access

Question # 15

You have an application that uses Cloud Spanner as a database backend to keep current state information about users. Cloud Bigtable logs all events triggered by users. You export Cloud Spanner data to Cloud Storage during daily backups. One of your analysts asks you to join data from Cloud Spanner and Cloud Bigtable for specific users. You want to complete this ad hoc request as efficiently as possible. What should you do?

Create a dataflow job that copies data from Cloud Bigtable and Cloud Storage for specific users.

Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific users.

Create a Cloud Dataproc cluster that runs a Spark job to extract data from Cloud Bigtable and Cloud Storage for specific users.

Create two separate BigQuery external tables on Cloud Storage and Cloud Bigtable. Use the BigQuery console to join these tables through user fields, and apply appropriate filters.

Full Access

Question # 16

You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions. You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?

Create a single budget for all projects and configure budget alerts on this budget.

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

Create a budget per project and configure budget alerts on all of these budgets.

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

Full Access

Question # 17

You have a large 5-TB AVRO file stored in a Cloud Storage bucket. Your analysts are proficient only in SQL and need access to the data stored in this file. You want to find a cost-effective way to complete their request as soon as possible. What should you do?

Load data in Cloud Datastore and run a SQL query against it.

Create a BigQuery table and load data in BigQuery. Run a SQL query on this table and drop this table after you complete your request.

Create external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request.

Create a Hadoop cluster and copy the AVRO file to NDFS by compressing it. Load the file in a hive table and provide access to your analysts so that they can run SQL queries.

Full Access

Question # 18

You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do?

When creating the instances, specify a Service Account for each instance

When creating the instances, assign the name of each Service Account as instance metadata

After starting the instances, use gcloud compute instances update to specify a Service Account for each instance

After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata

Full Access

Question # 19

You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named dev that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster. What should you do?

Use the command gcloud config set container/cluster dev.

Use the command gcloud container clusters update dev.

Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.

Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.

Full Access

Question # 20

You are working for a hospital that stores Its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval

In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket

Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage Schedule the script as a cron job

Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub lope

Full Access

Question # 21

You have an on-premises data analytics set of binaries that processes data files in memory for about 45 minutes every midnight. The sizes of those data files range from 1 gigabyte to 16 gigabytes. You want to migrate this application to Google Cloud with minimal effort and cost. What should you do?

Upload the code to Cloud Functions. Use Cloud Scheduler to start the application.

Create a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.

Create a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.

Lift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.

Full Access

Question # 22

You want to permanently delete a Pub/Sub topic managed by Config Connector in your Google Cloud project. What should you do?

Use kubect1 to delete the topic resource.

Use gcloud CLI to delete the topic.

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

Use gcloud CLI to update the topic label managed-by-cnrm to false.

Full Access

Question # 23

You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do?

Provision preemptible Compute Engine instances.

Provision Compute Engine instances with GPUs attached.

Provision Compute Engine instances with local SSDs attached.

Provision Compute Engine instances with M1 machine type.

Full Access

Question # 24

The DevOps group in your organization needs full control of Compute Engine resources in your development project. However, they should not have permission to create or update any other resources in the project. You want to follow Google's recommendations for setting permissions for the DevOps group. What should you do?

Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps group.

Create an IAM policy and grant all compute. instanceAdmln." permissions to the policy Attach the policy to the DevOps group.

Create a custom role at the folder level and grant all compute. instanceAdmln. * permissions to the role Grant the custom role to the DevOps group.

Grant the basic role roles/editor to the DevOps group.

Full Access

Question # 25

You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?

Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity-Aware Proxy to access the instance.

Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.

Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant.

Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant.

Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.

Full Access

Question # 26

You have a batch workload that runs every night and uses a large number of virtual machines (VMs). It is fault- tolerant and can tolerate some of the VMs being terminated. The current cost of VMs is too high. What should you do?

Run a test using simulated maintenance events. If the test is successful, use preemptible N1 Standard VMs when running future jobs.

Run a test using simulated maintenance events. If the test is successful, use N1 Standard VMs when running future jobs.

Run a test using a managed instance group. If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs.

Run a test using N1 standard VMs instead of N2. If the test is successful, use N1 Standard VMs when running future jobs.

Full Access

Question # 27

You need to add a group of new users to Cloud Identity. Some of the users already have existing Google accounts. You want to follow one of Google's recommended practices and avoid conflicting accounts. What should you do?

Invite the user to transfer their existing account

Invite the user to use an email alias to resolve the conflict

Tell the user that they must delete their existing account

Tell the user to remove all personal email from the existing account

Full Access

Question # 28

You have created a new project in Google Cloud through the gcloud command line interface (CLI) and linked a billing account. You need to create a new Compute

Engine instance using the CLI. You need to perform the prerequisite steps. What should you do?

Create a Cloud Monitoring Workspace.

Create a VPC network in the project.

Enable the compute googleapis.com API.

Grant yourself the IAM role of Compute Admin.

Full Access

Question # 29

You have a Compute Engine instance hosting an application used between 9 AM and 6 PM on weekdays. You want to back up this instance daily for disaster recovery purposes. You want to keep the backups for 30 days. You want the Google-recommended solution with the least management overhead and the least number of services. What should you do?

1. Update your instancesâ€™ metadata to add the following value: snapshotâ€“schedule: 0 1 * * *

2. Update your instancesâ€™ metadata to add the following value: snapshotâ€“retention: 30

1. In the Cloud Console, go to the Compute Engine Disks page and select your instanceâ€™s disk.

2. In the Snapshot Schedule section, select Create Schedule and configure the following parameters:

â€“Schedule frequency: Daily

â€“Start time: 1:00 AM â€“ 2:00 AM

â€“Autodelete snapshots after 30 days

1. Create a Cloud Function that creates a snapshot of your instanceâ€™s disk.

2.Create a Cloud Function that deletes snapshots that are older than 30 days.

3.Use Cloud Scheduler to trigger both Cloud Functions daily at 1:00 AM.

1. Create a bash script in the instance that copies the content of the disk to Cloud Storage.

2.Create a bash script in the instance that deletes data older than 30 days in the backup Cloud Storage bucket.

3.Configure the instanceâ€™s crontab to execute these scripts daily at 1:00 AM.

Full Access

Question # 30

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

Coldline Storage

Nearline Storage

Regional Storage

Multi-Regional Storage

Full Access

Question # 31

You have been asked to migrate a docker application from datacenter to cloud. Your solution architect has suggested uploading docker images to GCR in one project and running an application in a GKE cluster in a separate project. You want to store images in the project img-278322 and run the application in the project prod-278986. You want to tag the image as acme_track_n_trace:v1. You want to follow Google-recommended practices. What should you do?

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace:v1

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace:v1

Full Access

Question # 32

You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Googleâ€™s recommended practices. Which method should you use?

Deployment Manager

Cloud Composer

Managed Instance Group

Unmanaged Instance Group

Full Access

Question # 33

You are building a multi-player gaming application that will store game information in a database. As the popularity of the application increases, you are concerned about delivering consistent performance. You need to ensure an optimal gaming performance for global users, without increasing the management complexity. What should you do?

Use Cloud SQL database with cross-region replication to store game statistics in the EU, US, and APAC regions.

Use Cloud Spanner to store user data mapped to the game statistics.

Use BigQuery to store game statistics with a Redis on Memorystore instance in the front to provide global consistency.

Store game statistics in a Bigtable database partitioned by username.

Full Access

Question # 34

You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

Enable the Node Auto-Repair feature for your GKE cluster.

Enable the Node Auto-Upgrades feature for your GKE cluster.

Select the latest available cluster version for your GKE cluster.

Select â€œContainer-Optimized OS (cos)â€ as a node image for your GKE cluster.

Full Access

Question # 35

You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application are located all over the world. You want to minimize latency for the clients. Which load balancing option should you use?

HTTPS Load Balancer

Network Load Balancer

SSL Proxy Load Balancer

Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.

Full Access

Question # 36

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

Deploy the monitoring pod in a StatefulSet object.

Deploy the monitoring pod in a DaemonSet object.

Reference the monitoring pod in a Deployment object.

Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

Full Access

Question # 37

You need to manage multiple Google Cloud Platform (GCP) projects in the fewest steps possible. You want to configure the Google Cloud SDK command line interface (CLI) so that you can easily manage multiple GCP projects. What should you?

1. Create a configuration for each project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Create a configuration for each project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project

1. Use the default configuration for one project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Use the default configuration for one project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project.

Full Access

Question # 38

You are the organization and billing administrator for your company. The engineering team has the Project Creator role on the organization. You do not want the engineering team to be able to link projects to the billing account. Only the finance team should be able to link a project to a billing account, but they should not be able to make any other changes to projects. What should you do?

Assign the finance team only the Billing Account User role on the billing account.

Assign the engineering team only the Billing Account User role on the billing account.

Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Full Access

Question # 39

Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

Create the instance without a public IP address.

Create the instance with Private Google Access enabled.

Create a deny-all egress firewall rule on the VPC network.

Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

Full Access

Question # 40

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud

Project. What should you do?

Enable Audit Logs for all APIs that are related to data storage.

Review the IAM permissions for any role that allows for data access.

Review the Identity-Aware Proxy settings for each resource.

Create a Data Loss Prevention job.

Full Access

Question # 41

You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same Deployment Manager deployment, you also want to create a DaemonSet in the kube-system namespace of the cluster. You want a solution that uses the fewest possible services. What should you do?

Add the clusterâ€™s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.

Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.

With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.

In the clusterâ€™s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.

Full Access

Question # 42

Your company has a large quantity of unstructured data in different file formats. You want to perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it can be processed by a Dataflow job. What should you do?

Upload the data to BigQuery using the bq command line tool.

Upload the data to Cloud Storage using the gsutil command line tool.

Upload the data into Cloud SQL using the import function in the console.

Upload the data into Cloud Spanner using the import function in the console.

Full Access

Question # 43

You have an application on a general-purpose Compute Engine instance that is experiencing excessive disk read throttling on its Zonal SSD Persistent Disk. The application primarily reads large files from disk. The disk size is currently 350 GB. You want to provide the maximum amount of throughput while minimizing costs. What should you do?

Increase the size of the disk to 1 TB.

Increase the allocated CPU to the instance.

Migrate to use a Local SSD on the instance.

Migrate to use a Regional SSD on the instance.

Full Access

Question # 44

You have just created a new project which will be used to deploy a globally distributed application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You want to perform the first step in preparation of creating the instance. What should you do?

Grant yourself the IAM role of Cloud Spanner Admin

Create a new VPC network with subnetworks in all desired regions

Configure your Cloud Spanner instance to be multi-regional

Enable the Cloud Spanner API

Full Access

Question # 45

You want to select and configure a solution for storing and archiving data on Google Cloud Platform. You need to support compliance objectives for data from one geographic location. This data is archived after 30 days and needs to be accessed annually. What should you do?

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

Full Access

Question # 46

You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

Create a health check on port 443 and use that when creating the Managed Instance Group.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

In the Instance Template, add the label â€˜health-checkâ€™.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

Full Access

Question # 47

You are operating a Google Kubernetes Engine (GKE) cluster for your company where different teams can run non-production workloads. Your Machine Learning (ML) team needs access to Nvidia Tesla P100 GPUs to train their models. You want to minimize effort and cost. What should you do?

Ask your ML team to add the â€œaccelerator: gpuâ€ annotation to their pod specification.

Recreate all the nodes of the GKE cluster to enable GPUs on all of them.

Create your own Kubernetes cluster on top of Compute Engine with nodes that have GPUs. Dedicate this cluster to your ML team.

Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelector to their pod specification.

Full Access

Question # 48

You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

Manual Scaling with 3 instances.

Basic Scaling with min_instances set to 3.

Basic Scaling with max_instances set to 3.

Automatic Scaling with min_idle_instances set to 3.

Full Access

Question # 49

You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

Run gcloud projects list to get the project ID, and then run gcloud services list --project .

Run gcloud init to set the current project to my-project, and then run gcloud services list --available.

Run gcloud info to view the account value, and then run gcloud services list --account .

Run gcloud projects describe to verify the project value, and then run gcloud services list --available.

Full Access

Question # 50

A company wants to build an application that stores images in a Cloud Storage bucket and wants to generate thumbnails as well as resize the images. They want to use a google managed service that can scale up and scale down to zero automatically with minimal effort. You have been asked to recommend a service. Which GCP service would you suggest?

Google Compute Engine

Google App Engine

Cloud Functions

Google Kubernetes Engine

Full Access

Question # 51

Your team maintains the infrastructure for your organization. The current infrastructure requires changes. You need to share your proposed changes with the rest of the team. You want to follow Googleâ€™s recommended best practices. What should you do?

Use Deployment Manager templates to describe the proposed changes and store them in a Cloud Storage bucket.

Use Deployment Manager templates to describe the proposed changes and store them in Cloud Source Repositories.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in a shared Storage bucket.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in Cloud Source Repositories.

Full Access

Question # 52

Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet has no more free IP addresses and you require an additional 10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other without additional routes. What should you do?

Use gcloud to expand the IP range of the current subnet.

Delete the subnet, and recreate it using a wider range of IP addresses.

Create a new project. Use Shared VPC to share the current network with the new project.

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

Full Access

Question # 53

You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

Create a custom Compute Engine image from a snapshot. Create your images from that image.

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

Full Access

Question # 54

You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?

Navigate to Cloud Logging and view the application logs.

Connect to the instanceâ€™s serial console and read the application logs.

Configure a Health Check on the instance and set a Low Healthy Threshold value.

Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

Full Access

Question # 55

You need to verify that a Google Cloud Platform service account was created at a particular time. What should you do?

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

Full Access

Question # 56

Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

Full Access

Question # 57

You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The object should be kept for three years, and you need to minimize cost. What should you do?

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Full Access

Question # 58

Your auditor wants to view your organization's use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need. What should you do?

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

Full Access

Question # 59

Your development team needs a new Jenkins server for their project. You need to deploy the server using the fewest steps possible. What should you do?

Download and deploy the Jenkins Java WAR to App Engine Standard.

Create a new Compute Engine instance and install Jenkins through the command line interface.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

Use GCP Marketplace to launch the Jenkins solution.

Full Access

Question # 60

Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Full Access

Question # 61

You are configuring Cloud DNS. You want !to create DNS records to point home.mydomain.com, mydomain.com. and www.mydomain.com to the IP address of your Google Cloud load balancer. What should you do?

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Full Access

Question # 62

You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.

Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Full Access

Question # 63

A colleague handed over a Google Cloud project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

In the Google Cloud console, validate which SSH keys have been stored as project-wide keys.

Navigate to Identity-Aware Proxy and check the permissions for these resources.

Enable Audit logs on the 1AM & admin page for all resources, and validate the results.

Use the gcloud projects get-iam-policy command to view the current role assignments.

Full Access

Question # 64

Your company wants to migrate their on-premises workloads to Google Cloud. The current on-premises workloads consist of:

â€¢ A Flask web application

â€¢ AbackendAPI

â€¢ A scheduled long-running background job for ETL and reporting.

You need to keep operational costs low You want to follow Google-recommended practices to migrate these workloads to serverless solutions on Google Cloud. What should you do?

Migrate the web application to App Engine and the backend API to Cloud Run Use Cloud Tasks to run your background job on Compute Engine

Migrate the web application to App Engine and the backend API to Cloud Run. Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run. Use Cloud Tasks to run your background job on Compute Engine

Full Access

Question # 65

You need to migrate invoice documents stored on-premises to Cloud Storage. The documents have the following storage requirements:

â€¢ Documents must be kept for five years.

â€¢ Up to five revisions of the same invoice document must be stored, to allow for corrections.

â€¢ Documents older than 365 days should be moved to lower cost storage tiers.

You want to follow Google-recommended practices to minimize your operational and development costs. What should you do?

Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.

Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.

Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.

Full Access

Question # 66

The sales team has a project named Sales Data Digest that has the ID acme-data-digest You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?

Grant the Project Editor role to the Marketing learn for acme data digest

Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team

Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there

Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team.

Full Access

Question # 67

You have developed an application that consists of multiple microservices, with each microservice packaged in its own Docker container image. You want to deploy the entire application on Google Kubernetes Engine so that each microservice can be scaled individually. What should you do?

Create and deploy a Custom Resource Definition per microservice.

Create and deploy a Docker Compose File.

Create and deploy a Job per microservice.

Create and deploy a Deployment per microservice.

Full Access

Question # 68

An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination. What should you do?

View System Event Logs in Stackdriver. Search for the userâ€™s email as the principal.

View System Event Logs in Stackdriver. Search for the service account associated with the user.

View Data Access audit logs in Stackdriver. Search for the userâ€™s email as the principal.

View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

Full Access

Question # 69

Your company wants to standardize the creation and management of multiple Google Cloud resources using Infrastructure as Code. You want to minimize the amount of repetitive code needed to manage the environment What should you do?

Create a bash script that contains all requirement steps as gcloud commands

Develop templates for the environment using Cloud Deployment Manager

Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.

Use the Cloud Console interface to provision and manage all related resources

Full Access

Question # 70

Your company's security vulnerability management policy wonts 3 member of the security team to have visibility into vulnerabilities and other OS metadata for a specific Compute Engine instance This Compute Engine instance hosts a critical application in your Goggle Cloud project. You need to implement your company's security vulnerability management policy. What should you dc?

â€¢ Ensure that the Ops Agent Is Installed on the Compute Engine instance.

â€¢ Create a custom metric in the Cloud Monitoring dashboard.

â€¢ Provide the security team member with access to this dashboard.

â€¢ Ensure that the Ops Agent is installed on tie Compute Engine instance.

â€¢ Provide the security team member roles/configure.inventoryViewer permission.

â€¢ Ensure that the OS Config agent Is Installed on the Compute Engine instance.

â€¢ Provide the security team member roles/configure.vulnerabilityViewer permission.

â€¢ Ensure that the OS Config agent is installed on the Compute Engine instance

â€¢ Create a log sink Co a BigQuery dataset.

â€¢ Provide the security team member with access to this dataset.

Full Access

Question # 71

Your organization uses Active Directory (AD) to manage user identities. Each user uses this identity for federated access to various on-premises systems. Your security team has adopted a policy that requires users to log into Google Cloud with their AD identity instead of their own login. You want to follow the Google-recommended practices to implement this policy. What should you do?

Sync Identities with Cloud Directory Sync, and then enable SAML for single sign-on

Sync Identities in the Google Admin console, and then enable Oauth for single sign-on

Sync identities with 3rd party LDAP sync, and then copy passwords to allow simplified login with (he same credentials

Sync identities with Cloud Directory Sync, and then copy passwords to allow simplified login with the same credentials.

Full Access

Question # 72

You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:

What is the most likely cause?

The pending Pod's resource requests are too large to fit on a single node of the cluster.

Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Podsâ€™ status. It is currently being rescheduled on a new node.

Full Access

Question # 73

Your company implemented BigQuery as an enterprise data warehouse. Users from multiple business units run queries on this data warehouse. However, you notice that query costs for BigQuery are very high, and you need to control costs. Which two methods should you use? (Choose two.)

Split the users from business units to multiple projects.

Apply a user- or project-level custom query quota for BigQuery data warehouse.

Create separate copies of your BigQuery data warehouse for each business unit.

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

Full Access

Question # 74

You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

Use gcloud config configurations describe to review the output.

Use gcloud config configurations activate and gcloud config list to review the output.

Use kubectl config get-contexts to review the output.

Use kubectl config use-context and kubectl config view to review the output.

Full Access

Question # 75

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.

How should you configure the auditor's permissions?

Create a custom role with view-only project permissions. Add the user's account to the custom role.

Create a custom role with view-only service permissions. Add the user's account to the custom role.

Select the built-in IAM project Viewer role. Add the user's account to this role.

Select the built-in IAM service Viewer role. Add the user's account to this role.

Full Access

Question # 76

Your team has developed a stateless application which requires it to be run directly on virtual machines. The application is expected to receive a fluctuating amount of traffic and needs to scale automatically. You need to deploy the application. What should you do?

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

Full Access

Question # 77

The storage costs for your application logs have far exceeded the project budget. The logs are currently being retained indefinitely in the Cloud Storage bucket myapp-gcp-ace-logs. You have been asked to remove logs older than 90 days from your Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?

Write a script that runs gsutil Is -| â€“ gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

Full Access

Answer:

Explanation:

You write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file. is not right.

gsutil lifecycle set enables you to set the lifecycle configuration on one or more buckets based on the configuration file provided. However, XML is not a valid supported type for the configuration file.

Ref:Â https://cloud.google.com/storage/docs/gsutil/commands/lifecycle

Write a script that runsÂ gsutil ls -lr gs://myapp-gcp-ace-logs/**Â to find and remove items older than 90 days. Repeat this process every morning. is not right.

This manual approach is error-prone, time-consuming and expensive. GCP Cloud Storage provides lifecycle management rules that let you achieve this with minimal effort.

Write a script that runsÂ gsutil ls -l gs://myapp-gcp-ace-logs/**Â to find and remove items older than 90 days. Schedule the script with cron. is not right.

This manual approach is error-prone, time-consuming and expensive. GCP Cloud Storage provides lifecycle management rules that let you achieve this with minimal effort.

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file. is the right answer.

You can assign a lifecycle management configuration to a bucket. The configuration contains a set of rules which apply to current and future objects in the bucket. When an object meets the criteria of one of the rules, Cloud Storage automatically performs a specified action on the object. One of the supported actions is to Delete objects. You can set up a lifecycle management to delete objects older than 90 days. gsutil lifecycle set enables you to set the lifecycle configuration on the bucket based on the configuration file. JSON is the only supported type for the configuration file. The config-json-file specified on the command line should be a path to a local file containing the lifecycle configuration JSON document.

Ref:Â https://cloud.google.com/storage/docs/gsutil/commands/lifecycle

Ref:Â https://cloud.google.com/storage/docs/lifecycle

Question # 78

Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

Add your SREs to roles/iam.roleAdmin role.

Add your SREs to roles/accessapproval approver role.

Add your SREs to a group and then add this group to roles/iam roleAdmin role.

Add your SREs to a group and then add this group to roles/accessapproval approver role.

Full Access

Question # 79

Several employees at your company have been creating projects with Cloud Platform and paying for it with their personal credit cards, which the company reimburses. The company wants to centralize all these projects under a single, new billing account. What should you do?

Contact cloud-billing@google.com with your bank account details and request a corporate billing account for your company.

Create a ticket with Google Support and wait for their call to share your credit card details over the phone.

In the Google Platform Console, go to the Resource Manage and move all projects to the root Organization.

In the Google Cloud Platform Console, create a new billing account and set up a payment method.

Full Access

Question # 80

You are hosting an application from Compute Engine virtual machines (VMs) in usâ€“central1â€“a. You want to adjust your design to support the failure of a single Compute Engine zone, eliminate downtime, and minimize cost. What should you do?

â€“ Create Compute Engine resources in usâ€“central1â€“b.

â€“Balance the load across both usâ€“central1â€“a and usâ€“central1â€“b.

â€“ Create a Managed Instance Group and specify usâ€“central1â€“a as the zone.

â€“Configure the Health Check with a short Health Interval.

â€“ Create an HTTP(S) Load Balancer.

â€“Create one or more global forwarding rules to direct traffic to your VMs.

â€“ Perform regular backups of your application.

â€“Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.

â€“Restore from backups when notified.

Full Access

Labour Day Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Question and Answers

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation: