Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Google Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Exam Practice Test

Google Cloud Certified - Associate Cloud Engineer Questions and Answers

Question 1

You need to extract text from audio files by using the Speech-to-Text API. The audio files are pushed to a Cloud Storage bucket. You need to implement a fully managed, serverless compute solution that requires authentication and aligns with Google-recommended practices. You want to automate the call to the API by submitting each file to the API as the audio file arrives in the bucket. What should you do?

Options:

A.

Run a Kubernetes job to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

B.

Create an App Engine standard environment triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

C.

Run a Python script by using a Linux cron job in Compute Engine to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

D.

Create a Cloud Function triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

Question 2

You are managing a web application that needs to read objects from a shared Cloud Storage bucket. You need to grant a Cloud Run service access to objects in the existing bucket that are named with the site1-data/ prefix while ensuring that the Cloud Run service has access to new objects as they are uploaded. Your solution should require minimal work to implement and maintain. What should you do?

Options:

A.

Enable fine-grained access control, and configure the uploader to set a per object access control list for the Cloud Run service identity to have the READER role when objects with the site1-data/ prefix are uploaded.

B.

Create a new bucket to store only objects with the site1-data/ prefix. Grant the Cloud Run service identity the roles/storage.objectViewer IAM role on the bucket.

C.

Enable uniform bucket-level access, and configure an IAM binding on the existing bucket. Grant the Cloud Run service identity the roles/storage.objectViewer IAM role on the bucket with an IAM condition for objects with the site1-data/ prefix.

D.

Create a new bucket to store only objects with the site1-data/ prefix. Grant the Cloud Run service identity the roles/storage.objectViewer IAM role on the project.

Question 3

You are building an application that will run in your data center. The application will use Google Cloud Platform (GCP) services like AutoML. You created a service account that has appropriate access to AutoML. You need to enable authentication to the APIs from your on-premises environment. What should you do?

Options:

A.

Use service account credentials in your on-premises application.

B.

Use gcloud to create a key file for the service account that has appropriate permissions.

C.

Set up direct interconnect between your data center and Google Cloud Platform to enable authentication for your on-premises applications.

D.

Go to the IAM & admin console, grant a user account permissions similar to the service account permissions, and use this user account for authentication from your data center.

Question 4

Your company implemented BigQuery as an enterprise data warehouse. Users from multiple business units run queries on this data warehouse. However, you notice that query costs for BigQuery are very high, and you need to control costs. Which two methods should you use? (Choose two.)

Options:

A.

Split the users from business units to multiple projects.

B.

Apply a user- or project-level custom query quota for BigQuery data warehouse.

C.

Create separate copies of your BigQuery data warehouse for each business unit.

D.

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

E.

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

Question 5

You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do?

Options:

A.

When creating the instances, specify a Service Account for each instance

B.

When creating the instances, assign the name of each Service Account as instance metadata

C.

After starting the instances, use gcloud compute instances update to specify a Service Account for each instance

D.

After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata

Question 6

Your preview application, deployed on a single-zone Google Kubernetes Engine (GKE) cluster in us-centrall, has gained popularity. You are now ready to make the application generally available. You need to deploy the application to production while ensuring high availability and resilience. You also want to follow Google-recommended practices. What should you do?

Options:

A.

Use the gcloud container clusters create command with the options--enable-multi-networking and--enable- autoscaling to create an autoscaling zonal cluster and deploy the application to it.

B.

Use the gcloud container clusters create-auto command to create an autopilot cluster and deploy the application to it.

C.

Use the gcloud container clusters update command with the option—region us-centrall to update the cluster and deploy the application to it.

D.

Use the gcloud container clusters update command with the option—node-locations us-centrall-a,us-centrall-b to update the cluster and deploy the application to the nodes.

Question 7

You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?

Options:

A.

When creating the VM, use machine type n1-standard-96.

B.

When creating the VM, use Intel Skylake as the CPU platform.

C.

Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have 96 vCPUs.

D.

Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

Question 8

Your company is moving its continuous integration and delivery (CI/CD) pipeline to Compute Engine instances. The pipeline will manage the entire cloud infrastructure through code. How can you ensure that the pipeline has appropriate permissions while your system is following security best practices?

Options:

A.

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructureprovisioning.• Use the human approvals IAM account for the provisioning.

B.

• Attach a single service account to the compute instances.• Add minimal rights to the service account.• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

C.

• Attach a single service account to the compute instances.• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

D.

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity andAccess Management (IAM) permissions.• Use a secret manager service to store the key files of the service accounts.• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

Question 9

(You are managing a stateful application deployed on Google Kubernetes Engine (GKE) that can only have one replica. You recently discovered that the application becomes unstable at peak times. You have identified that the application needs more CPU than what has been configured in the manifest at these peak times. You want Kubernetes to allocate the application sufficient CPU resources during these peak times, while ensuring cost efficiency during off-peak periods. What should you do?)

Options:

A.

Enable cluster autoscaling on the GKE cluster.

B.

Configure a Vertical Pod Autoscaler on the Deployment.

C.

Configure a Horizontal Pod Autoscaler on the Deployment.

D.

Enable node auto-provisioning on the GKE cluster.

Question 10

You need to manage a Cloud Spanner Instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

Options:

A.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.

B.

Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage

C.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

D.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Question 11

You are running multiple VPC-native Google Kubernetes Engine clusters in the same subnet. The IPs available for the nodes are exhausted, and you want to ensure that the clusters can grow in nodes when needed. What should you do?

Options:

A.

Create a new subnet in the same region as the subnet being used.

B.

Add an alias IP range to the subnet used by the GKE clusters.

C.

Create a new VPC, and set up VPC peering with the existing VPC.

D.

Expand the CIDR range of the relevant subnet for the cluster.

Question 12

You have a developer laptop with the Cloud SDK installed on Ubuntu. The Cloud SDK was installed from the Google Cloud Ubuntu package repository. You want to test your application locally on your laptop with Cloud Datastore. What should you do?

Options:

A.

Export Cloud Datastore data using gcloud datastore export.

B.

Create a Cloud Datastore index using gcloud datastore indexes create.

C.

Install the google-cloud-sdk-datastore-emulator component using the apt get install command.

D.

Install the cloud-datastore-emulator component using the gcloud components install command.

Question 13

You are planning to migrate your containerized workloads to Google Kubernetes Engine (GKE). You need to determine which GKE option to use. Your solution must have high availability, minimal downtime, and the ability to promptly apply security updates to your nodes. You also want to pay only for the compute resources that your workloads use without managing nodes. You want to follow Google-recommended practices and minimize operational costs. What should you do?

Options:

A.

Configure a Standard multi-zonal GKE cluster.

B.

Configure an Autopilot GKE cluster.

C.

Configure a Standard zonal GKE cluster.

D.

Configure a Standard regional GKE cluster.

Question 14

You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in the crm-databases project. You want to follow Google-recommended practices to grant access to the service account in the web-applications project. What should you do?

Options:

A.

Grant " project owner " for web-applications appropriate roles to crm-databases.

B.

Grant " project owner " role to crm-databases and the web-applications project.

C.

Grant " project owner " role to crm-databases and roles/bigquery.dataViewer role to web-applications.

D.

Grant roles/bigquery.dataViewer role to crm-databases and appropriate roles to web-applications.

Question 15

Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?

Options:

A.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

B.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

C.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

D.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

Question 16

You are building a backend service for an ecommerce platform that will persist transaction data from mobile and web clients. After the platform is launched, you expect a large volume of global transactions. Your business team wants to run SQL queries to analyze the data. You need to build a highly available and scalable data store for the platform. What should you do?

Options:

A.

Create a multi-region Cloud Spanner instance with an optimized schema.

B.

Create a multi-region Firestore database with aggregation query enabled.

C.

Create a multi-region Cloud SQL for PostgreSQL database with optimized indexes.

D.

Create a multi-region BigQuery dataset with optimized tables.

Question 17

You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?

Options:

A.

Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.

B.

Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.

C.

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.

D.

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.

Question 18

Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization. What should you do?

Options:

A.

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.

B.

Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.

C.

Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.

D.

Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.

Question 19

You manage a business-critical backend application running on a Compute Engine managed instance group (MIG). The operations team requires a near-real time notification if the average CPU utilization across all instances in the MIG exceeds 75% for a continuous five-minute period. You need to implement a scalable Google Cloud solution to meet this monitoring requirement. What should you do?

Options:

A.

Create a logs-based metric in Cloud Logging that filters for high CPU usage entries, and then create a Cloud Monitoring alert policy based on that custom metric.

B.

Deploy the Ops Agent to all Compute Engine VM instances to collect the CPU metric. Use a custom script running on a separate Compute Engine instance to poll this metric every five minutes, and send an email notification if the threshold is breached.

C.

Create a Cloud Monitoring alerting policy that targets the compute.googleapis.com/instance/cpu/utilization metric. Set the threshold to 75% and the duration to five minutes.

D.

Configure an autoscaling policy for the MIG to use a CPU utilization target of 75% for five minutes, and then enable a notification channel in the autoscaler settings.

Question 20

You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?

Options:

A.

Use gcloud to create the new project, and then deploy your application to the new project.

B.

Use gcloud to create the new project and to copy the deployed application to the new project.

C.

Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.

D.

Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.

Question 21

You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

Options:

A.

Use the GCP Console to transfer the file instead of gsutil.

B.

Enable parallel composite uploads using gsutil on the file transfer.

C.

Decrease the TCP window size on the machine initiating the transfer.

D.

Change the storage class of the bucket from Nearline to Multi-Regional.

Question 22

You’ve deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below:

Question # 22

You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

Options:

A.

Store the database password inside the Docker image of the container, not in the YAML file.

B.

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

C.

Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.

D.

Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.

Question 23

You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?

Options:

A.

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

B.

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

C.

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

D.

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Question 24

You need to reduce GCP service costs for a division of your company using the fewest possible steps. You need to turn off all configured services in an existing GCP project. What should you do?

Options:

A.

1. Verify that you are assigned the Project Owners IAM role for this project.2. Locate the project in the GCP console, click Shut down and then enter the project ID.

B.

1. Verify that you are assigned the Project Owners IAM role for this project.2. Switch to the project in the GCP console, locate the resources and delete them.

C.

1. Verify that you are assigned the Organizational Administrator IAM role for this project.2. Locate the project in the GCP console, enter the project ID and then click Shut down.

D.

1. Verify that you are assigned the Organizational Administrators IAM role for this project.2. Switch to the project in the GCP console, locate the resources and delete them.

Question 25

(You manage a VPC network in Google Cloud with a subnet that is rapidly approaching its private IP address capacity. You expect the number of Compute Engine VM instances in the same region to double within a week. You need to implement a Google-recommended solution that minimizes operational costs and does not require downtime. What should you do?)

Options:

A.

Create a second VPC with the same subnet IP range, and connect this VPC to the existing VPC by using VPC Network Peering.

B.

Delete the existing subnet, and create a new subnet with double the IP range available.

C.

Use the Google Cloud CLI tool to expand the primary IP range of your subnet.

D.

Permit additional traffic from the expected range of private IP addresses to reach your VMs by configuring firewall rules.

Question 26

(You are migrating your company’s on-premises compute resources to Google Cloud. You need to deploy batch processing jobs that run every night. The jobs require significant CPU and memory for several hours but can tolerate interruptions. You must ensure that the deployment is cost-effective. What should you do?)

Options:

A.

Containerize the batch processing jobs and deploy them on Compute Engine.

B.

Use custom machine types on Compute Engine.

C.

Use the M1 machine series on Compute Engine.

D.

Use Spot VMs on Compute Engine.

Question 27

You manage IAM policies for your organization ' s Google Cloud project. A new operations team needs the capability to start, stop, and reset existing Compute Engine VM instances within this project for basic troubleshooting. Due to strict security requirements, the operations team must be prevented from deleting any instances or modifying any networking or configuration settings. You need to grant the minimum necessary permissions to the team members. What should you do?

Options:

A.

Grant the operations team the roles/writer IAM role, and add the resource.type == ' compute.googleapis.com/Instance ' condition to the role.

B.

Grant the operations team the predefined roles/compute.viewer IAM role to allow them to view the instances. Instruct them to use the Google Cloud Console ' s basic actions such as starting, stopping, and resetting.

C.

Create a custom IAM role that includes only the compute.instances.start, compute.instances.stop, and compute.instances.reset permissions. Assign this role to the operations team on the project.

D.

Grant the operations team the predefined roles/compute.instanceAdmin.v1 IAM role on the project. Apply an IAM condition to exclude the compute.instances.delete permission.

Question 28

You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

Options:

A.

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

B.

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

C.

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

D.

Set up a high-priority (1000) rule to allow the appropriate ports.

Question 29

Your company is active in the European Economic Area (EEA), and will adopt Google Cloud for its workloads. Projects are currently structured within different folders. You need to ensure any resources that will be deployed are using Google Cloud locations within the EEA by using the Organization Policy Service resource locations constraint. What should you do?

Options:

A.

Configure the policy at the organization level, and add all allowed locations to the policy.

B.

Configure the policy at the folder level, and add all disallowed locations to the policy.

C.

Configure the policy at the organization level, and add all disallowed locations to the policy.

D.

Configure the policy at the folder level, and add all allowed locations to the policy.

Question 30

You have developed a containerized web application that will serve Internal colleagues during business hours. You want to ensure that no costs are incurred outside of the hours the application is used. You have just created a new Google Cloud project and want to deploy the application. What should you do?

Options:

A.

Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero

B.

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.

C.

Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml

D.

Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml

Question 31

Your company uses BigQuery to store and analyze data. Upon submitting your query in BigQuery, the query fails with a quotaExceeded error. You need to diagnose the issue causing the error. What should you do?

Choose 2 answers

Options:

A.

Search errors in Cloud Audit Logs to analyze the issue.

B.

Configure Cloud Trace to analyze the issue.

C.

View errors in Cloud Monitoring to analyze the issue.

D.

Use the information schema views to analyze the underlying issue.

E.

Use BigQuery Bl Engine to analyze the issue.

Question 32

Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The DevOps team needs access to all of theproduction services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Google-recommended practices. What should you do?

Options:

A.

Grant all members of the DevOps team the role of Project Editor on the organization level.

B.

Grant all members of the DevOps team the role of Project Editor on the production project.

C.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.

D.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

Question 33

Your team is building a website that handles votes from a large user population. The incoming votes will arrive at various rates. You want to optimize the storage and processing of the votes. What should you do?

Options:

A.

Save the incoming votes to Firestore. Use Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes.

B.

Use a dedicated instance to process the incoming votes. Send the votes directly to this instance.

C.

Save the incoming votes to a JSON file on Cloud Storage. Process the votes in a batch at the end of the day.

D.

Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.

Question 34

Your customer wants you to create a secure, publicly accessible website with autoscaling based on the compute instance CPU load. You want to enhance performance by storing static content in Cloud Storage. Which resources are needed to distribute the user traffic?

Options:

A.

A cross-region internal Application Load Balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

B.

A global external Application Load Balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

C.

A global external Network Load Balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

D.

A global external Application Load Balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

Question 35

Your company uses Cloud Storage to store application backup files for disaster recovery purposes. You want to follow Google’s recommended practices. Which storage option should you use?

Options:

A.

Multi-Regional Storage

B.

Regional Storage

C.

Nearline Storage

D.

Coldline Storage

Question 36

You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The object should be kept for three years, and you need to minimize cost. What should you do?

Options:

A.

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

B.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

C.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

D.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Question 37

Your company has an existing GCP organization with hundreds of projects and a billing account. Your company recently acquired another company that also has hundreds of projects and its own billing account. You would like to consolidate all GCP costs of both GCP organizations onto a single invoice. You would like to consolidate all costs as of tomorrow. What should you do?

Options:

A.

Link the acquired company’s projects to your company ' s billing account.

B.

Configure the acquired company ' s billing account and your company ' s billing account to export the billing data into the same BigQuery dataset.

C.

Migrate the acquired company’s projects into your company’s GCP organization. Link the migrated projects to your company ' s billing account.

D.

Create a new GCP organization and a new billing account. Migrate the acquired company ' s projects and your company ' s projects into the new GCP organization and link the projects to the new billing account.

Question 38

You are assisting a new Google Cloud user who just installed the Google Cloud SDK on their VM. The server needs access to Cloud Storage. The user wants your help to create a new storage bucket. You need to make this change in multiple environments. What should you do?

Options:

A.

Use a Deployment Manager script to automate creating storage buckets in an appropriate region

B.

Use a local SSD to improve performance of the VM for the targeted workload

C.

Use the gsutii command to create a storage bucket in the same region as the VM

D.

Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM

Question 39

(You need to migrate multiple PostgreSQL databases from your on-premises data center to Google Cloud. You want to significantly improve the performance of your databases while minimizing changes to your data schema and application code. You expect to exceed 150 TB of data per geographical region. You want to follow Google-recommended practices and minimize your operational costs. What should you do?)

Options:

A.

Migrate your data to AlloyDB.

B.

Migrate your data to Spanner.

C.

Migrate your data to Firebase.

D.

Migrate your data to Bigtable.

Question 40

Your company wants to migrate your data from an on-premises relational database to Google Cloud. Your current database can no longer scale with respect to the growth of your users and you expect the number of users to rapidly grow. You need to choose a relational database that allows you to globally scale while minimizing your management and administration efforts. You also want to follow Google-recommended practices. What should you do?

Options:

A.

Use Cloud SQL

B.

Use Filestore.

C.

Use Spanner.

D.

Use BigQuery.

Question 41

You are responsible for a web application on Compute Engine. You want your support team to be notified automatically if users experience high latency for at least 5 minutes. You need a Google-recommended solution with no development cost. What should you do?

Options:

A.

Create an alert policy to send a notification when the HTTP response latency exceeds the specified threshold.

B.

Implement an App Engine service which invokes the Cloud Monitoring API and sends a notification in case of anomalies.

C.

Use the Cloud Monitoring dashboard to observe latency and take the necessary actions when the response latency exceeds the specified threshold.

D.

Export Cloud Monitoring metrics to BigQuery and use a Looker Studio dashboard to monitor your web applications latency.

Question 42

You have a Dockerfile that you need to deploy on Kubernetes Engine. What should you do?

Options:

A.

Use kubectl app deploy < dockerfilename > .

B.

Use gcloud app deploy < dockerfilename > .

C.

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

D.

Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

Question 43

You are developing an application that will be deployed on Google Cloud. The application will use a service account to retrieve data from BigGuery. Before you deploy your application, you want to test the permissions of this service account from your local machine to ensure there will be no authentication issues. You want to ensure that you use the most secure method while following Google-recommended practices What should you do?

Options:

A.

Configure the gcloud CLI with Application Default Credentials using your user account. Issue a relevant BigGuery request through the gcloud CLI to test the access.

B.

Grant the service account the BlgQuery Administrator 1AM role to ensure the service account has all required access.

C.

Generate a service account key, and configure the gcloud CLI to use this key. Issue a relevant BlgQuery request through the gcloud CLI to test the access.

D.

Configure the gcloud CLI to use service account impersonation. Issue a relevant BigQuery request through the gcloud CLI to test the access.

Question 44

You are using your personal workstation to develop an application that will be hosted in Google Cloud. You are authenticated using a Google Account (USER). You need to test whether a specific set of permissions assigned to an existing service account (SERVICE_ACCOUNT) are sufficient for a task without handling sensitive secret information. What should you do?

Options:

A.

Grant USER the IAM role roles/iam.workloadIdentityUser on SERVICE_ACCOUNT.

B.

Grant USER the IAM role roles/iam.serviceAccountKeyAdmin on SERVICE_ACCOUNT.

C.

Grant USER the IAM role roles/iam.serviceAccountTokenCreator on SERVICE_ACCOUNT.

D.

Grant USER the IAM role roles/iam.serviceAccountUser on SERVICE_ACCOUNT.

Question 45

Your company wants to migrate their on-premises workloads to Google Cloud. The current on-premises workloads consist of:

• A Flask web application

• AbackendAPI

• A scheduled long-running background job for ETL and reporting.

You need to keep operational costs low You want to follow Google-recommended practices to migrate these workloads to serverless solutions on Google Cloud. What should you do?

Options:

A.

Migrate the web application to App Engine and the backend API to Cloud Run Use Cloud Tasks to run your background job on Compute Engine

B.

Migrate the web application to App Engine and the backend API to Cloud Run. Use Cloud Tasks to run your background job on Cloud Run.

C.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run Use Cloud Tasks to run your background job on Cloud Run.

D.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run. Use Cloud Tasks to run your background job on Compute Engine

Question 46

Your application stores files on Cloud Storage by using the Standard Storage class. The application only requires access to files created in the last 30 days. You want to automatically save costs on files that are no longer accessed by the application. What should you do?

Options:

A.

Create a retention policy on the storage bucket of 30 days, and lock the bucket by using a retention policy lock.

B.

Enable object versioning on the storage bucket and add lifecycle rules to expire non-current versions after 30 days

C.

Create an object lifecycle on the storage bucket to change the storage class to Archive Storage for objects with an age over 30 days.

D.

Create a cron job in Cloud Scheduler to call a Cloud Functions instance every day to delete files older than 30 days.

Question 47

You have a web application deployed as a managed instance group. You have a new version of the application to gradually deploy. Your web application is currently receiving live web traffic. You want to ensure that the available capacity does not decrease during the deployment. What should you do?

Options:

A.

Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1.

B.

Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.

C.

Create a new managed instance group with an updated instance template. Add the group to the backend service for the load balancer. When all instances in the new managed instance group are healthy, delete the old managed instance group.

D.

Create a new instance template with the new application version. Update the existing managed instance group with the new instance template. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template.

Question 48

You need to run an important query in BigQuery but expect it to return a lot of records. You want to find out how much it will cost to run the query. You are using on-demand pricing. What should you do?

Options:

A.

Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.

B.

Use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing Calculator.

C.

Use the command line to run a dry run query to estimate the number of bytes returned. Then convert that bytes estimate to dollars using the Pricing Calculator.

D.

Run a select count (*) to get an idea of how many records your query will look through. Then convert that number of rows to dollars using the Pricing Calculator.

Question 49

Your company runs one batch process in an on-premises server that takes around 30 hours to complete. The task runs monthly, can be performed offline, and must be restarted if interrupted. You want to migrate this workload to the cloud while minimizing cost. What should you do?

Options:

A.

Migrate the workload to a Compute Engine Preemptible VM.

B.

Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.

C.

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

D.

Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload.

Question 50

You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate yourapplication to the API. You want to make sure your application can use Cloud Pub/Sub. What should you do?

Options:

A.

Enable the Cloud Pub/Sub API in the API Library on the GCP Console.

B.

Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.

C.

Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.

D.

Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.

Question 51

You are deploying an application to Cloud Run. Your application requires the use of an API that runs on Google Kubernetes Engine (GKE). You need to ensure that your Cloud Run service can privately reach the API on GKE, and you want to follow Google-recommended practices. What should you do?

Options:

A.

Deploy an ingress resource on the GKE cluster to expose the API to the internet. Use Cloud Armor to filter for IP addresses that can connect to the API. On the Cloud Run service, configure the application to fetch its public IP address and update the Cloud Armor policy on startup to allow this IP address to call the API on ports 80 and 443.

B.

Create an egress firewall rule on the VPC to allow connections to 0.0.0.0/0 on ports 80 and 443.

C.

Create an ingress firewall rule on the VPC to allow connections from 0.0.0.0/0 on ports 80 and 443.

D.

Deploy an internal Application Load Balancer to expose the API on GKE to the VPC. Configure Cloud DNS with the IP address of the internal Application Load Balancer. Deploy a Serverless VPC Access connector to allow the Cloud Run service to call the API through the FQDN on Cloud DNS.

Question 52

You have an application that is currently processing transactions by using a group of managed VM instances. You need to migrate the application so that it is serverless and scalable. You want to implement an asynchronous transaction processing system, while minimizing management overhead. What should you do?

Options:

A.

Install Kafka on VM instances to acknowledge incoming transactions. Use Cloud Run to process transactions.

B.

Install Kafka on VM Instances to acknowledge incoming transactions. Use VM Instances to process transactions.

C.

Use Pub/Sub to acknowledge incoming transactions. Use VM instances to process transactions.

D.

Use Pub/Sub to acknowledge incoming transactions. Use Cloud Run to process transactions.

Question 53

You are working with a Cloud SQL MySQL database at your company. You need to retain a month-end copy of the database for three years for audit purposes. What should you do?

Options:

A.

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

B.

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

C.

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

D.

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

Question 54

You need to host an application on a Compute Engine instance in a project shared with other teams. You want to prevent the other teams from accidentally causing downtime on that application. Which feature should you use?

Options:

A.

Use a Shielded VM.

B.

Use a Preemptible VM.

C.

Use a sole-tenant node.

D.

Enable deletion protection on the instance.

Question 55

You are migrating a business critical application from your local data center into Google Cloud. As part of your high-availability strategy, you want to ensure that any data used by the application will be immediately available if a zonal failure occurs. What should you do?

Options:

A.

Store the application data on a zonal persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone.

B.

Store the application data on a zonal persistent disk. If an outage occurs, create an instance in another zone with this disk attached.

C.

Store the application data on a regional persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone.

D.

Store the application data on a regional persistent disk If an outage occurs, create an instance in another zone with this disk attached.

Question 56

You are in charge of provisioning access for all Google Cloud users in your organization. Your company recently acquired a startup company that has their own Google Cloud organization. You need to ensure that your Site Reliability Engineers (SREs) have the same project permissions in the startup company ' s organization as in your own organization. What should you do?

Options:

A.

In the Google Cloud console for your organization, select Create role from selection, and choose destination as the startup company ' s organization

B.

In the Google Cloud console for the startup company, select Create role from selection and choose source as the startup company ' s Google Cloud organization.

C.

Use the gcloud iam roles copy command, and provide the Organization ID of the startup company ' sGoogle Cloud Organization as the destination.

D.

Use the gcloud iam roles copy command, and provide the project IDs of all projects in the startup company s organization as the destination.

Question 57

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

Options:

A.

Coldline Storage

B.

Nearline Storage

C.

Regional Storage

D.

Multi-Regional Storage

Question 58

You are running a data warehouse on BigQuery. A partner company is offering a recommendation engine based on the data in your data warehouse. The partner company is also running their application on Google Cloud. They manage the resources in their own project, but they need access to the BigQuery dataset in your project. You want to provide the partner company with access to the dataset What should you do?

Options:

A.

Create a Service Account in your own project, and grant this Service Account access to BigGuery in your project

B.

Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project

C.

Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project

D.

Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project

Question 59

You need to create and manage service accounts for your workloads running on Google Cloud. You want to follow Google-recommended practices. What should you do?

Choose 2 answers

Options:

A.

Create as few service accounts as possible.

B.

Delete any unused service accounts immediately.

C.

Create single-purpose service accounts.

D.

Manage service accounts as resources.

E.

Use random names for the service accounts.

Question 60

You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

Options:

A.

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

B.

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.

C.

Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

D.

Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Question 61

Your organization uses G Suite for communication and collaboration. All users in your organization have a G Suite account. You want to grant some G Suite users access to your Cloud Platform project. What should you do?

Options:

A.

Enable Cloud Identity in the GCP Console for your domain.

B.

Grant them the required IAM roles using their G Suite email address.

C.

Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

D.

In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

Question 62

You recently discovered an issue with your rolling update in Google Kubernetes Engine (GKE). You now need to roll back a rolling update. What should you do?

Options:

A.

Manually scale down the new Pods and scale up the old Pods.

B.

Delete the deployment.

C.

Use the kubectl rollout restart command to revert the deployment.

D.

Use the kubectl rollout undo command.

Question 63

Your learn wants to deploy a specific content management system (CMS) solution lo Google Cloud. You need a quick and easy way to deploy and install the solution. What should you do?

Options:

A.

Search for the CMS solution in Google Cloud Marketplace. Use gcloud CLI to deploy the solution.

B.

Search for the CMS solution in Google Cloud Marketplace. Deploy the solution directly from Cloud Marketplace.

C.

Search for the CMS solution in Google Cloud Marketplace. Use Terraform and the Cloud Marketplace ID to deploy the solution with the appropriate parameters.

D.

Use the installation guide of the CMS provider. Perform the installation through your configuration management system.

Question 64

You are building a data lake on Google Cloud for your Internet of Things (loT) application. The loT application has millions of sensors that are constantly streaming structured and unstructured data to your backend in the cloud. You want to build a highly available and resilient architecture based on Google-recommended practices. What should you do?

Options:

A.

Stream data to Pub/Sub, and use Dataflow to send data to Cloud Storage

B.

Stream data to Pub/Sub. and use Storage Transfer Service to send data to BigQuery.

C.

Stream data to Dataflow, and use Storage Transfer Service to send data to BigQuery.

D.

Stream data to Dataflow, and use Dataprep by Trifacta to send data to Bigtable.

Question 65

Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

Options:

A.

Create the instance without a public IP address.

B.

Create the instance with Private Google Access enabled.

C.

Create a deny-all egress firewall rule on the VPC network.

D.

Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

Question 66

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20. and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

Options:

A.

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

B.

Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

C.

Add a secondary IP range 10.1.0.0/20 to the subnet.

D.

Convert the subnet IP range from IPv4 to IPv6

Question 67

You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

Options:

A.

Manual Scaling with 3 instances.

B.

Basic Scaling with min_instances set to 3.

C.

Basic Scaling with max_instances set to 3.

D.

Automatic Scaling with min_idle_instances set to 3.

Question 68

You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost-effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end. What should you do?

Options:

A.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

B.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

C.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

D.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

Question 69

Your organization has decided to deploy all its compute workloads to Kubernetes on Google Cloud and two other cloud providers. You want to build an infrastructure-as-code solution to automate the provisioning process for all cloud resources. What should you do?

Options:

A.

Build the solution by using YAML manifests, and provision the resources.

B.

Build the solution by using Terraform, and provision the resources.

C.

Build the solution by using Python and the cloud SDKs from all providers to provision the resources.

D.

Build the solution by using Config Connector, and provision the resources.

Question 70

Your company has a large quantity of unstructured data in different file formats. You want to perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it can be processed by a Dataflow job. What should you do?

Options:

A.

Upload the data to BigQuery using the bq command line tool.

B.

Upload the data to Cloud Storage using the gsutil command line tool.

C.

Upload the data into Cloud SQL using the import function in the console.

D.

Upload the data into Cloud Spanner using the import function in the console.

Question 71

Your team manages several petabytes of historical, structured transaction data stored in Apache Avro format on-premises. You are migrating this data to Google Cloud for a machine learning project. You must ensure that the data is accessible for large-scale analysis and model training using BigQuery. You must also minimize storage costs and avoid the overhead of loading data into BigQuery ' s managed storage. What should you do?

Options:

A.

Use the BigQuery Data Transfer Service to ingest all Avro files into a BigQuery native table.

B.

Migrate the data to a Cloud SQL for PostgreSQL instance, and use BigQuery federated queries to access the data.

C.

Store the data in a Cloud Storage bucket, and define a BigQuery external table partitioned by a relevant column.

D.

Store the data in a Cloud Storage bucket, define a schema, and then use the bq load command to upload files individually.

Question 72

You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?

Options:

A.

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/devstorage.write_only’.

B.

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/cloud-platform’.

C.

Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket.

D.

Create a service account and add it to the IAM role ‘storage.objectAdmin’ for that bucket.

Question 73

You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?

Options:

A.

Navigate to Cloud Logging and view the application logs.

B.

Connect to the instance’s serial console and read the application logs.

C.

Configure a Health Check on the instance and set a Low Healthy Threshold value.

D.

Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

Question 74

You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?

Options:

A.

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

B.

Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

C.

Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.

D.

Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.

Question 75

You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?

Options:

A.

Create the instance with the default Compute Engine service account Grant the service account permissions on Cloud Storage.

B.

Create the instance with the default Compute Engine service account Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

C.

Create a new service account and assig n this service account to the new instance Grant the service account permissions on Cloud Storage.

D.

Create a new service account and assign this service account to the new instance Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Question 76

Your company plans to migrate its on-premises PostgreSQL database to Google Cloud. The workloads are demanding, requiring fast transactional and analytical performance. You need to select a fully managed database service on Google Cloud. Your solution must also be able to synchronously replicate and optimize the storage layer. What should you do?

Options:

A.

Use the psql client installed on a Compute Engine Instance. Connect to the Cloud SQL instance to perform the database migration.

B.

Migrate the database to AlloyDB for PostgreSQL by using Database Migration Service.

C.

Migrate the database to Cloud SQL for PostgreSQL by using Database Migration Service.

D.

Create a Compute Engine instance. Install and configure PostgreSQL on the instance, and migrate the database.

Question 77

Your team is using Linux instances on Google Cloud. You need to ensure that your team logs in to these instances in the most secure and cost efficient way. What should you do?

Options:

A.

Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.

B.

Use a third party tool to provide remote access to the instances.

C.

Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.

D.

Create a bastion host with public internet access. Create the SSH tunnel to the instance through the bastion host.

Question 78

You are developing a monitoring application that runs on a Google Kubernetes Engine (GKE) cluster. The application requires credentials from a service account to collect performance data. However, your organization has a policy that prohibits the creation of new service account keys. You need to grant the application access while following Google-recommended security practices. What should you do?

Options:

A.

Use your personal user credentials to authenticate the application, ensuring your account has the necessary permissions.

B.

Create a new project, generate a service account key in the new project, and grant the service account the required IAM roles in the application project.

C.

Override the organization policy in the project, and create a long-lived service account key in the GKE cluster.

D.

Configure Workload Identity Federation to allow the application to impersonate a service account.

Question 79

Your company completed the acquisition of a startup and is now merging the IT systems of both companies. The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is billed lo your organization. You want to accomplish this task with minimal effort. What should you do?

Options:

A.

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

B.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup ' s Google Cloud organization, and drag the project to your company ' s organization.

C.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

D.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup ' s Google Cloud organization.

Question 80

Your company would like to store invoices and other financial documents in Google Cloud. You need to identify a Google-managed solution to store this information for your company. You must ensure that the documents are kept for a duration of three years. Your company ' s analysts need frequent access to invoices from the past six months. After six months, invoices should be archived for audit purposes only. You want to minimize costs and follow Google-recommended practices. What should you do?

Options:

A.

Use Cloud Storage with Object Lifecycle Management to change the object storage class to Standard after six months.

B.

Use Cloud Storage with Object Lifecycle Management to change the object storage class to Coldline after six months.

C.

Store your documents on Filestore, and move the documents to Cloud Storage with object storage class set to Standard after six months.

D.

Store your documents on Filestore, and move the documents to Cloud Storage with object storage class set to Coldline after six months.

Question 81

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

Options:

A.

After the VM has been created, use your Google Account credentials to log in into the VM.

B.

After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.

C.

When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value.

D.

After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.

Question 82

You are writing a shell script that includes a few gcloud CLI commands to access some Google Cloud resources. You want to test the script in your local development environment with a service account in the most secure way. What should you do?

Options:

A.

Download the service account key file and save it in a secure location. Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the key file.

B.

Enable service account impersonation, and use the gcloud config set auth/impersonate_service_account command to use it by default.

C.

Generate an ID token for the service account. Use the token with the gcloud CLI commands.

D.

Download the service account key file, and use it to generate an access token. Use the token with the gcloud CLI commands.

Question 83

Your company ' s machine learning team requires a scalable and flexible platform to fine-tune large language models utilizing a large volume of proprietary data on Google Cloud. You are tasked with building a solution for this team. What should you do?

Options:

A.

Use Dataflow as a platform to run the fine-tuning jobs.

B.

Use a Compute Engine managed instance group as a platform to deploy Jupyter Notebooks and run fine-tuning jobs.

C.

Use Google Kubernetes Engine (GKE) and hardware accelerators as a platform to run the fine-tuning jobs.

D.

Use Cloud Run and GPU as a platform to run the fine-tuning jobs.

Question 84

You are the Google Cloud systems administrator for your organization. User A reports that they received an error when attempting to access the Cloud SQL database in their Google Cloud project, while User B can access the database. You need to troubleshoot the issue for User A, while following Google-recommended practices.

What should you do first?

Options:

A.

Confirm that network firewall rules are not blocking traffic for User A.

B.

Review recent configuration changes that may have caused unintended modifications to permissions.

C.

Verify that User A has the Identity and Access Management (IAM) Project Owner role assigned.

D.

Review the error message that User A received.

Question 85

You are managing a fleet of data storage solutions for your company on Google Cloud, including Bigtable, Cloud SQL, Memorystore, and Spanner. You need a single, unified view to monitor the health of all data storage solutions and identify any that are at risk for downtime. What should you do?

Options:

A.

Use Dataplex Universal Catalog to search the metadata of the data storage solutions to obtain the required insights.

B.

In the Google Cloud Console, navigate to Database Center to find an overview of the data storage solutions.

C.

Use the terraform state list command in the directory used to deploy the data storage solutions.

D.

In the Google Cloud Console, use Cloud Asset Inventory to see an overview of the data storage solutions.

Question 86

You need to deploy an application in Google Cloud using savorless technology. You want to test a new version of the application with a small percentage of production traffic. What should you do?

Options:

A.

Deploy the application lo Cloud. Run. Use gradual rollouts for traffic splitting .

B.

Deploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.

C.

Deploy the application to Cloud functions. Saucily the version number in the functions name.

D.

Deploy the application to App Engine. For each new version, create a new service.

Question 87

You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

Options:

A.

Enable API and then share charts from project A, B, and C.

B.

Enable API and then give the metrics.reader role to projects A, B, and C.

C.

Enable API and then use default dashboards to view all projects in sequence.

D.

Enable API, create a workspace under project A, and then add project B and C.

Question 88

Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?

Options:

A.

Add the group for the finance team to roles/billing user role.

B.

Add the group for the finance team to roles/billing admin role.

C.

Add the group for the finance team to roles/billing viewer role.

D.

Add the group for the finance team to roles/billing project/Manager role.

Question 89

You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?

Options:

A.

Export your bill to a Cloud Storage bucket, and then import into Cloud Bigtable for analysis.

B.

Export your bill to a Cloud Storage bucket, and then import into Google Sheets for analysis.

C.

Export your transactions to a local file, and perform analysis with a desktop tool.

D.

Export your bill to a BigQuery dataset, and then write time window-based SQL queries for analysis.

Question 90

Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet has no more free IP addresses and you require an additional 10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other without additional routes. What should you do?

Options:

A.

Use gcloud to expand the IP range of the current subnet.

B.

Delete the subnet, and recreate it using a wider range of IP addresses.

C.

Create a new project. Use Shared VPC to share the current network with the new project.

D.

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

Question 91

Your web application is hosted on Cloud Run and needs to query a Cloud SOL database. Every morning during a traffic spike, you notice API quota errors in Cloud SOL logs. The project has already reached the maximum API quota. You want to make a configuration change to mitigate the issue. What should you do?

Options:

A.

Modify the minimum number of Cloud Run instances.

B.

Set a minimum concurrent requests environment variable for the application.

C.

Modify the maximum number of Cloud Run instances.

D.

Use traffic splitting.

Question 92

Your company is seeking a scalable solution to retain and explore application logs hosted on Compute Engine. You must be able to analyze your logs with SQL queries, and you want to be able to create charts to identify patterns and trends in your logs over time. You want to follow Google-recommended practices and minimize your operational costs. What should you do?

Options:

A.

Use a custom script to push your application logs to Cloud SQL for exploration.

B.

Ingest your application logs to Cloud Logging by using Ops Agent, and explore your logs in Logs Explorer.

C.

Ingest your application logs to Cloud Logging by using Ops Agent, and explore your logs with Log Analytics.

D.

Use a custom script to push your application logs to BigQuery for exploration.

Question 93

You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm. What should you do?

Options:

A.

Download the private key from the service account, and add it to each VMs custom metadata.

B.

Download the private key from the service account, and add the private key to each VM’s SSH keys.

C.

Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

D.

When creating the VMs, set the service account’s API scope for Compute Engine to read/write.

Question 94

You manage an App Engine Service that aggregates and visualizes data from BigQuery. The application is deployed with the default App Engine Service account. The data that needs to be visualized resides in a different project managed by another team. You do not have access to this project, but you want your application to be able to read data from the BigQuery dataset. What should you do?

Options:

A.

Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.

B.

Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.

C.

In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.

D.

In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.

Question 95

You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

Options:

A.

Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.

B.

Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.

C.

Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.

D.

Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

Question 96

Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running on four GKE n1–standard–2 nodes. You need to deploy additional pods requiring n2–highmem–16 nodes without any downtime. What should you do?

Options:

A.

Use gcloud container clusters upgrade. Deploy the new services.

B.

Create a new Node Pool and specify machine type n2–highmem–16. Deploy the new pods.

C.

Create a new cluster with n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

D.

Create a new cluster with both n1–standard–2 and n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

Question 97

You recently deployed a new version of an application to App Engine and then discovered a bug in the release. You need to immediately revert to the prior version of the application. What should you do?

Options:

A.

Run gcloud app restore.

B.

On the App Engine page of the GCP Console, select the application that needs to be reverted and click Revert.

C.

On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version.

D.

Deploy the original version as a separate application. Then go to App Engine settings and split traffic between applications so that the original version serves 100% of the requests.

Question 98

You are planning to move your company ' s website and a specific asynchronous background job to Google Cloud Your website contains only static HTML content The background job is started through an HTTP endpoint and generates monthly invoices for your customers. Your website needs to be available in multiple geographic locations and requires autoscaling. You want to have no costs when your workloads are not In use and follow recommended practices. What should you do?

Options:

A.

Move your website to Google Kubemetes Engine (GKE). and move your background job to Cloud Functions

B.

Move both your website and background job to Compute Engine

C.

Move both your website and background job to Cloud Run.

D.

Move your website to Google Kubemetes Engine (GKE), and move your background job to Compute Engine

Question 99

You created a Kubernetes deployment by running kubectl run nginx image=nginx replicas=1. After a few days, you decided you no longer want this deployment. You identified the pod and deleted it by running kubectl delete pod. You noticed the pod got recreated.

$ kubectlgetpods

NAME READY STATUS RESTARTS AGE

nginx-84748895c4-nqqmt 1/1 Running 0 9m41s

$ kubectldeletepod nginx-84748895c4-nqqmt

pod nginx-84748895c4-nqqmt deleted

$ kubectlgetpods

NAME READY STATUS RESTARTS AGE

nginx-84748895c4-k6bzl 1/1 Running 0 25s

What should you do to delete the deployment and avoid pod getting recreated?

Options:

A.

kubectl delete deployment nginx

B.

kubectl delete –deployment=nginx

C.

kubectl delete pod nginx-84748895c4-k6bzl –no-restart 2

D.

kubectl delete inginx

Question 100

(You have an application running inside a Compute Engine instance. You want to provide the application with secure access to a BigQuery dataset. You must ensure that credentials are only valid for a short period of time, and your application will only have access to the intended BigQuery dataset. You want to follow Google-recommended practices and minimize your operational costs. What should you do?)

Options:

A.

Attach a custom service account to the instance, and grant the service account the BigQuery Data Viewer IAM role on the project.

B.

Attach a new service account to the instance every hour, and grant the service account the BigQuery Data Viewer IAM role on the dataset.

C.

Attach a custom service account to the instance, and grant the service account the BigQuery Data Viewer IAM role on the dataset.

D.

Attach a new service account to the instance every hour, and grant the service account the BigQuery Data Viewer IAM role on the project.

Question 101

Your company is closely monitoring their cloud spend. You need to allow different teams to monitor their Google Cloud costs. You must ensure that team members receive notifications when their cloud spend reaches certain thresholds and give team members the ability to create dashboards for additional insights with detailed billing data. You want to follow Google-recommended practices and minimize engineering costs. What should you do?

Options:

A.

Set up alerts for each team based on required thresholds. Set up billing exports to BigQuery. Grant team members access to BigQuery.

B.

Set up alerts for each team based on required thresholds. Create a shell script to read data from the Cloud Billing API, and push the results to BigQuery. Grant team members access to BigQuery.

C.

Deploy Grafana to Compute Engine. Create a dashboard for each team that uses the data from the Cloud Billing API. Ask each team to create their own alerts in Cloud Monitoring.

D.

Deploy Grafana to Compute Engine. Create a dashboard for each team that uses the data from the Cloud Billing Budget API. Ask each team to create their own alerts in Grafana.

Question 102

You have designed a solution on Google Cloud Platform (GCP) that uses multiple GCP products. Your company has asked you to estimate the costs of the solution. You need to provide estimates for the monthly total cost. What should you do?

Options:

A.

For each GCP product in the solution, review the pricing details on the products pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

B.

For each GCP product in the solution, review the pricing details on the products pricing page. Create a Google Sheet that summarizes the expected monthly costs for each product.

C.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Navigate to the Billing Report page in the Google Cloud Platform Console. Multiply the 1 week cost to determine the monthly costs.

D.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Use Stackdriver to determine the provisioned and used resource amounts. Multiply the 1 week cost to determine the monthly costs.

Question 103

You want to set up a Google Kubernetes Engine cluster Verifiable node identity and integrity are required for the cluster, and nodes cannot be accessed from the internet. You want to reduce the operational cost of managing your cluster, and you want to follow Google-recommended practices. What should you do?

Options:

A.

Deploy a private autopilot cluster

B.

Deploy a public autopilot cluster.

C.

Deploy a standard public cluster and enable shielded nodes.

D.

Deploy a standard private cluster and enable shielded nodes.

Question 104

You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The files are used in a mission-critical analytics pipeline that is used continually. The users are in Boston, MA (United States). What should you do?

Options:

A.

Configure regional storage for the region closest to the users Configure a Nearline storage class

B.

Configure regional storage for the region closest to the users Configure a Standard storage class

C.

Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class

D.

Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class

Question 105

You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application are located all over the world. You want to minimize latency for the clients. Which load balancing option should you use?

Options:

A.

HTTPS Load Balancer

B.

Network Load Balancer

C.

SSL Proxy Load Balancer

D.

Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.

Question 106

You recently received a new Google Cloud project with an attached billing account where you will work. You need to create instances, set firewalls, and store data in Cloud Storage. You want to follow Google-recommended practices. What should you do?

Options:

A.

Use the gcloud CLI services enablecloudresourcemanager.googleapis.comcommand to enable all resources.

B.

Use the gcloud services enablecompute.googleapis.comcommand to enable Compute Engineand thegcloud services enablestorage-api.googleapis.comcommand to enable the Cloud Storage APIs.

C.

Open the Google Cloud console and enable all Google Cloud APIs from the API dashboard.

D.

Open the Google Cloud console and run gcloud init --project < project-id > in a Cloud Shell.

Question 107

Youare configuring Cloud DNS. You want !to create DNS records to pointhome.mydomain.com,mydomain.com. andwww.mydomain.comto the IP address of your Google Cloud load balancer. What should you do?

Options:

A.

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

B.

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

C.

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

D.

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Question 108

You have experimented with Google Cloud using your own credit card and expensed the costs to your company. Your company wants to streamline the billing process and charge the costs of your projects to their monthly invoice. What should you do?

Options:

A.

Grant the financial team the IAM role of ג €Billing Account User ג € on the billing account linked to your credit card.

B.

Set up BigQuery billing export and grant your financial department IAM access to query the data.

C.

Create a ticket with Google Billing Support to ask them to send the invoice to your company.

D.

Change the billing account of your projects to the billing account of your company.