Google Professional-Cloud-Architect Google Certified Professional - Cloud Architect (GCP) Exam Practice Test

Option A

Option B

Option C

Option D

Migrate from CSV to binary format, migrate from FTP to SFTP transport, and develop machine learning analysis of metrics.

Migrate from FTP to streaming transport, migrate from CSV to binary format, and develop machine learning analysis of metrics.

Increase fleet cellular connectivity to 80%, migrate from FTP to streaming transport, and develop machine learning analysis of metrics.

Migrate from FTP to SFTP transport, develop machine learning analysis of metrics, and increase dealer local inventory by a fixed factor.

Use one Google Container Engine cluster of FTP servers. Save the data to a Multi-Regional bucket. Run the ETL process using data in the bucket.

Use multiple Google Container Engine clusters running FTP servers located in different regions. Save the data to Multi-Regional buckets in us, eu, and asia. Run the ETL process using the data in the bucket.

Directly transfer the files to different Google Cloud Multi-Regional Storage bucket locations in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process using the data in the bucket.

Directly transfer the files to a different Google Cloud Regional Storage bucket location in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process to retrieve the data from each Regional bucket.

Build or leverage an OAuth-compatible access control system.

Build SAML 2.0 SSO compatibility into your authentication system.

Restrict data access based on the source IP address of the partner systems.

Create secondary credentials for each dealer that can be given to the trusted third party.

Treat every micro service call between modules on the vehicle as untrusted.

Require IPv6 for connectivity to ensure a secure address space.

Use a trusted platform module (TPM) and verify firmware and binaries on boot.

Use a functional programming language to isolate code execution cycles.

Use multiple connectivity subsystems for redundancy.

Enclose the vehicle's drive electronics in a Faraday cage to isolate chips.

Use Google App Engine with Google Cloud Endpoints. Focus on an API for dealers and partners.

Use Google App Engine with a JAX-RS Jersey Java-based framework. Focus on an API for the public.

Use Google App Engine with the Swagger (open API Specification) framework. Focus on an API for the public.

Use Google Container Engine with a Django Python container. Focus on an API for the public.

Use Google Container Engine with a Tomcat container with the Swagger (Open API Specification) framework. Focus on an API for dealers and partners.

Opex/capex allocation, LAN changes, capacity planning

Capacity planning, TCO calculations, opex/capex allocation

Capacity planning, utilization measurement, data center expansion

Data Center expansion, TCO calculations, utilization measurement

Have your engineers inspect the data for patterns, and then create an algorithm with rules that make operational adjustments automatically.

Capture all operating data, train machine learning models that identify ideal operations, and run locally to make operational adjustments automatically.

Implement a Google Cloud Dataflow streaming job with a sliding window, and use Google Cloud Messaging (GCM) to make operational adjustments automatically.

Capture all operating data, train machine learning models that identify ideal operations, and host in Google Cloud Machine Learning (ML) Platform to make operational adjustments automatically.

Store image files in a Google Cloud Storage bucket. Use Google Cloud Datastore to maintain metadata that maps each customer's ID and their image files.

Store image files in a Google Cloud Storage bucket. Add custom metadata to the uploaded images in Cloud Storage that contains the customer's unique ID.

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Assign each customer a unique ID, which sets each file's owner attribute, ensuring privacy of images.

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Use a Google Cloud SQL database to maintain metadata that maps each customer's ID to their image files.

Use regional managed instance groups and a global load balancer to increase performance because the

regional managed instance group can grow instances in each region separately based on traffic.

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines managed by your operations team.

Use regional managed instance groups and a global load balancer to increase reliability by providing

automatic failover between zones in different regions.

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines as part of a separate managed instance groups.

Google Cloud Storage Coldline to store the data, and gsutil to access the data.

Google Cloud Storage Nearline to store the data, and gsutil to access the data.

Google Bigtabte with US or EU as location to store the data, and gcloud to access the data.

BigQuery to store the data, and a web server cluster in a managed instance group to access the data. Google Cloud SQL mirrored across two distinct regions to store the data, and a Redis cluster in a managed instance group to access the data.

Perform a mapping of the on-premises physical hardware cores and RAM to the nearest machine types in the cloud.

Recommend that Dress4Win deploy application servers to machine types that offer the highest RAM to CPU ratio available.

Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.

Identify the number of virtual cores and RAM associated with the application server virtual machines align them to a custom machine type in the cloud, monitor performance, and scale the machine types up until the desired performance is reached.

They should run the end to end tests in the cloud staging environment to determine if the code is working as

intended.

They should enable google stack driver debugger on the application code to show errors in the code

They should add additional unit tests and production scale load tests on their cloud staging environment.

They should add canary tests so developers can measure how much of an impact the new release causes to latency

They should enable Google Stackdriver Debugger on the application code to show errors in the code.

They should add additional unit tests and production scale load tests on their cloud staging environment.

They should run the end-to-end tests in the cloud staging environment to determine if the code is working as intended.

They should add canary tests so developers can measure how much of an impact the new release causes to latency.

Logging, Alerts, Insights, Debug

Monitoring, Trace, Debug, Logging

Monitoring, Logging, Alerts, Error Reporting

Monitoring, Logging, Debug, Error Report

Install the Stackdriver agent on all of the legacy web servers.

In the Cloud Platform Console download the list of the uptime servers' IP addresses and create an inbound firewall rule

Configure their load balancer to pass through the User-Agent HTTP header when the value matches GoogleStackdriverMonitoring-UptimeChecks (https://cloud.google.com/monitoring)

Configure their legacy web servers to allow requests that contain user-Agent HTTP header when the value matches GoogleStackdriverMonitoring— UptimeChecks (https://cloud.google.com/monitoring)

Use Stackdriver Trace to create a trace list analysis.

Use Stackdriver Monitoring to create a dashboard on the project’s activity.

Enable Cloud Identity-Aware Proxy in all projects, and add the group of Administrators as a member.

Use the Activity page in the GCP Console and Stackdriver Logging to provide the required insight.

Web applications deployed using App Engine standard environment

RabbitMQ deployed using an unmanaged instance group

Hadoop/Spark deployed using Cloud Dataproc Regional in High Availability mode

Jenkins, monitoring, bastion hosts, security scanners services deployed on custom machine types

Deploy Nginx and Tomcat using Cloud Deployment Manager to Compute Engine. Deploy a Cloud SQL server to replace MySQL. Deploy Jenkins using Cloud Deployment Manager.

Deploy Nginx and Tomcat using Cloud Launcher. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Deployment Manager scripts.

Migrate Nginx and Tomcat to App Engine. Deploy a Cloud Datastore server to replace the MySQL server in a high-availability configuration. Deploy Jenkins to Compute Engine using Cloud Launcher.

Migrate Nginx and Tomcat to App Engine. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Launcher.

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Enable default storage encryption before storing files in Cloud Storage.

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements.

Utilize Google’s default encryption at rest when storing files in Cloud Storage.

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.

Migrate the web application layer to App Engine, and MySQL to Cloud Datastore, and NAS to Cloud Storage. Deploy RabbitMQ, and deploy Hadoop servers using Deployment Manager.

Migrate RabbitMQ to Cloud Pub/Sub, Hadoop to BigQuery, and NAS to Compute Engine with Persistent Disk storage. Deploy Tomcat, and deploy Nginx using Deployment Manager.

Implement managed instance groups for Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Compute Engine with Persistent Disk storage.

Implement managed instance groups for the Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Cloud Storage.

Replace RabbitMQ with Google Pub/Sub.

Downgrade MySQL to v5.7, which is supported by Cloud SQL for MySQL.

Resize compute resources to match predefined Compute Engine machine types.

Containerize the micro services and host them in Google Kubernetes Engine.

Verify EHR's product usage against the list of compliant products on the Google Cloud compliance page.

Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.

Use Firebase Authentication for EHR's user facing applications.

Implement Prometheus to detect and prevent security breaches on EHR's web-based applications.

Use GKE private clusters for all Kubernetes workloads.

Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.

Revoke the compute.networkAdmin role from all users in the project with front end instances.

Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.

Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.

Store static content such as HTML and images in Cloud CDN. Host the APIs on App Engine and store the user data in Cloud SQL.

Store static content such as HTML and images in a Cloud Storage bucket. Host the APIs on a zonal Google Kubernetes Engine cluster with worker nodes in multiple zones, and save the user data in Cloud Spanner.

Store static content such as HTML and images in Cloud CDN. Use Cloud Run to host the APIs and save the user data in Cloud SQL.

Store static content such as HTML and images in a Cloud Storage bucket. Use Cloud Functions to host the APIs and save the user data in Firestore.

Navigate the predefined dashboards in the Cloud Monitoring workspace, and then add metrics and create alert policies.

Navigate the predefined dashboards in the Cloud Monitoring workspace, create custom metrics, and install alerting software on a Compute Engine instance.

Write a shell script that gathers metrics from GKE nodes, publish these metrics to a Pub/Sub topic, export the data to BigQuery, and make a Data Studio dashboard.

Create a custom dashboard in the Cloud Monitoring workspace for each incident, and then add metrics and create alert policies.

Store time-series data from the game servers in Google Bigtable, and view it using Google Data Studio.

Output custom metrics to Stackdriver from the game servers, and create a Dashboard in Stackdriver

Monitoring Console to view them.

Schedule BigQuery load jobs to ingest analytics files uploaded to Cloud Storage every ten minutes, and visualize the results in Google Data Studio.

Insert the KPIs into Cloud Datastore entities, and run ad hoc analysis and visualizations of them in Cloud Datalab.

Upgrade all instances to the N2 machine series.

Purchase three-year committed use discounts (CUDs) for the existing n1-standard-4 instances.

Re-architect the environments to run on a regional managed instance group (MIG) with autoscaling enabled.

Schedule the virtual machines to start and stop to match your team's work schedule.

Google Cloud Dataflow

Google Cloud Dataproc

Google Compute Engine

Google Container Engine

Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance.

Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP.

Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance.

Create a bastion host in the network to SSH into the bastion host from your office location. From the bastion host, SSH into the desired instance.

Org viewer, project owner

Org viewer, project viewer

Org admin, project browser

Project owner, network admin

Deploy Cloud Run functions with ephemeral local SSD.

Deploy standard VMs with configured accelerators and attached persistent disks.

Deploy spot VMs with local SSD to reduce time for burst workloads.

Deploy spot VMs with attached persistent disks and implement checkpoint mechanisms.

Set up API key validation.

Integrate OAuth 2.0 authorization.

Configure Quota policies.

Activate XML threat protection.

Query logs in Cloud Logging.

Analyze the data via Cloud Profiler.

Instrument the code to use Cloud Trace.

Inspect data from Snapshot Debugger.

Set up VPC Service Controls to restrict access to sensitive resources and prevent data exfiltration.

Configure Cloud Next Generation Firewall (NGFW) with custom rules to filter malicious traffic at the network level.

Deploy Google Cloud Armor with pre-configured and custom rules for L3/L4 and L7 protection.

Activate Security Command Center to monitor security posture and detect potential threats.

Configure reserved VM instances

Deploy spot VM instances.

Set up standard VM instances.

Use Cloud Run functions.

Configure Cloud Storage to use server-side encryption with Google-managed encryption keys. Create a bucket policy to restrict access to only authorized Google groups and required service accounts.

Use Cloud Storage default encryption at rest. Implement fine-grained access control using IAM roles and groups to restrict access to sensitive buckets.

Implement client-side encryption before uploading it to Cloud Storage. Store the encryption keys in a HashiCorp Vault instance deployed on Google Kubernetes Engine (GKE). Implement fine-grained access control to sensitive Cloud Storage buckets using IAM roles.

Use customer-managed encryption keys (CMEK) for all Cloud Storage buckets storing sensitive media content. Implement fine-grained access control using IAM roles and groups to restrict access to sensitive buckets.

Run unit testing.

Use load testing.

Perform end-to-end testing.

Execute integration testing.

Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.

Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.

Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.

Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.

Use Firestore for its scalable and flexible document-based database. Use collections to aggregate race data

by season and event.

Use Cloud Spanner for its scalability and ability to version schemas with zero downtime. Split race data

using season as a primary key.

Use BigQuery for its scalability and ability to add columns to a schema. Partition race data based on

season.

Use Cloud SQL for its ability to automatically manage storage increases and compatibility with MySQL. Use

separate database instances for each season.

Create CPU Utilization and Request Latency as service level indicators.

Create GKE CPU Utilization and Memory Utilization as service level indicators.

Create Request Latency and Error Rate as service level indicators.

Create Server Uptime and Error Rate as service level indicators.

Create a service account (SA) in the legacy game's Google Cloud project, add this SA in the new game's IAM page, and then give it the Firebase Admin role in both projects

Create a service account (SA) in the legacy game's Google Cloud project, add a second SA in the new game's IAM page, and then give the Organization Admin role to both SAs

Create a service account (SA) in the legacy game's Google Cloud project, give it the Firebase Admin role, and then migrate the new game to the legacy game's project.

Create a service account (SA) in the lgacy game's Google Cloud project, give the SA the Organization Admin rule and then give it the Firebase Admin role in both projects

Use gsutil to batch move files in sequence.

Use gsutil to batch copy the files in parallel.

Use gsutil to extract the files as the first part of ETL.

Use gsutil to load the files as the last part of ETL.

Configure an organizational policy which constrains where resources can be deployed.

Configure IAM conditions to limit what resources can be configured.

Configure the quotas for resources in the regions not being used to 0.

Configure a custom alert in Cloud Monitoring so you can disable resources as they are created in other

regions.

Configure Workload Identity and service accounts to be used by the application platform.

Use Kubernetes Secrets, which are obfuscated by default. Configure these Secrets to be used by the

application platform.

Configure Kubernetes Secrets to store the secret, enable Application-Layer Secrets Encryption, and use

Cloud Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to

be used by the application platform.

Configure HashiCorp Vault on Compute Engine, and use customer managed encryption keys and Cloud

Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to be used

by the application platform.

Configure a global load balancer connected to a managed instance group running Compute Engine

instances.

Configure kubemci with a global load balancer and Google Kubernetes Engine.

Configure a global load balancer with Google Kubernetes Engine.

Configure Ingress for Anthos with a global load balancer and Google Kubernetes Engine.

Upload your mobile app to the Firebase Test Lab, and test the mobile app on Android and iOS devices.

Create Android and iOS VMs on Google Cloud, install the mobile app on the VMs, and test the mobile app.

Create Android and iOS containers on Google Kubernetes Engine (GKE), install the mobile app on the

containers, and test the mobile app.

Upload your mobile app with different configurations to Firebase Hosting and test each configuration.

Design a migration plan to move all of Cymbal's data to Cloud Storage, and use Compute Engine for all business logic

Design a migration plan to move all of Cymbal's data to Cloud Storage, and use Cloud Run functions for all business logic

Design a migration plan, starting with a pilot project focusing on a specific product category, and gradually expand to other categories.

Design a migration plan with a scheduled window to move all components at once Perform extensive testing to ensure a successful migration.

Tests should scale well beyond the prior approaches.

Unit tests are no longer required, only end-to-end tests.

Tests should be applied after the release is in the production environment.

Tests should include directly testing the Google Cloud Platform (GCP) infrastructure.

Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine

Google Cloud Storage, Google App Engine, Google Network Load Balancer

Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer

Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager

Verify that the database is online.

Verify that the project quota hasn't been exceeded.

Verify that the new feature code did not introduce any performance bugs.

Verify that the load-testing team is not running their tool against production.

Create a project for development and test and another for staging and production.

Create a network for development and test and another for staging and production.

Create one subnetwork for development and another for staging and production.

Create one project for development, a second for staging and a third for production.

Create a scalable environment in GCP for simulating production load.

Use the existing infrastructure to test the GCP-based backend at scale.

Build stress tests into each component of your application using resources internal to GCP to simulate load.

Create a set of static environments in GCP to test different levels of load — for example, high, medium, and low.

Container Engine, Cloud Pub/Sub, and Cloud SQL

Cloud Dataflow, Cloud Storage, Cloud Pub/Sub, and BigQuery

Cloud SQL, Cloud Storage, Cloud Pub/Sub, and Cloud Dataflow

Cloud Dataproc, Cloud Pub/Sub, Cloud SQL, and Cloud Dataflow

Cloud Pub/Sub, Compute Engine, Cloud Storage, and Cloud Dataproc

Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs).

Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs.

Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs

Deploy a custom authentication service on GCE/Google Container Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs.

A single VPN tunnel, which limits throughput

A tier of Google Cloud Storage that is not suited for this task

A copy command that is not suited to operate over long distances

Fewer virtual machines (VMs) in GCP than on-premises machines

A separate storage layer outside the VMs, which is not suited for this task

Complicated internet connectivity between the on-premises infrastructure and GCP

Deploy failure injection software to the game analytics platform that can inject additional latency to mobile client analytics traffic.

Build a test client that can be run from a mobile phone emulator on a Compute Engine virtual machine, and run multiple copies in Google Cloud Platform regions all over the world to generate realistic traffic.

Add the ability to introduce a random amount of delay before beginning to process analytics files uploaded from mobile devices.

Create an opt-in beta of the game that runs on players' mobile devices and collects response times from analytics endpoints running in Google Cloud Platform regions all over the world.

Create network load balancers. Use preemptible Compute Engine instances.

Create network load balancers. Use non-preemptible Compute Engine instances.

Create a global load balancer with managed instance groups and autoscaling policies. Use preemptible Compute Engine instances.

Create a global load balancer with managed instance groups and autoscaling policies. Use non-preemptible Compute Engine instances.

Use Cloud SQL for time series data, and use Cloud Bigtable for historical data queries.

Use Cloud SQL to replace MySQL, and use Cloud Spanner for historical data queries.

Use Cloud Bigtable to replace MySQL, and use BigQuery for historical data queries.

Use Cloud Bigtable for time series data, use Cloud Spanner for transactional data, and use BigQuery for historical data queries.

Store as much analytics and game activity data as financially feasible today so it can be used to train machine learning models to predict user behavior in the future.

Begin packaging their game backend artifacts in container images and running them on Kubernetes Engine to improve the availability to scale up or down based on game activity.

Set up a CI/CD pipeline using Jenkins and Spinnaker to automate canary deployments and improve development velocity.

Adopt a schema versioning tool to reduce downtime when adding new game features that require storing additional player data in the database.

Implement a weekly rolling maintenance process for the Linux virtual machines so they can apply critical kernel patches and package updates and reduce the risk of 0-day vulnerabilities.

Evaluate the impact of migrating their current batch ETL code to Cloud Dataflow.

Write a schema migration plan to denormalize data for better performance in BigQuery.

Draw an architecture diagram that shows how to move from a single MySQL database to a MySQL cluster.

Load 10 TB of analytics data from a previous game into a Cloud SQL instance, and run test queries against the full dataset to confirm that they complete successfully.

Integrate Cloud Armor to defend against possible SQL injection attacks in analytics files uploaded to Cloud Storage.

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L4 load balancer.

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L4 load balancer.

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L7 load balancer.

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L7 load balancer.

Cloud Bigtable

Cloud Spanner

BigQuery

Cloud Datastore

Create a token and pass it in as an environment variable to func_display. When invoking func_query, include the token in the request Pass the same token to func _query and reject the invocation if the tokens are different.

Make func_query 'Require authentication.' Create a unique service account and associate it to func_display. Grant the service account invoker role for func_query. Create an id token in func_display and include the token to the request when invoking func_query.

Make func _query 'Require authentication' and only accept internal traffic. Create those two functions in the same VPC. Create an ingress firewall rule for func_query to only allow traffic from func_display.

Create those two functions in the same project and VPC. Make func_query only accept internal traffic. Create an ingress firewall for func_query to only allow traffic from func_display. Also, make sure both functions use the same service account.