ExamGecko
Login
Home / Google / Associate Cloud Engineer / List of questions
Ask Question

Google Associate Cloud Engineer Practice Test - Questions Answers, Page 11

List of questions

Question 101

Report
Export
Collapse

You need to host an application on a Compute Engine instance in a project shared with other teams. You want to prevent the other teams from accidentally causing downtime on that application. Which feature should you use?

Use a Shielded VM.
Use a Shielded VM.
Use a Preemptible VM.
Use a Preemptible VM.
Use a sole-tenant node.
Use a sole-tenant node.
Enable deletion protection on the instance.
Enable deletion protection on the instance.
Suggested answer: D

Explanation:

As part of your workload, there might be certain VM instances that are critical to running your application or services, such as an instance running a SQL server, a server used as a license manager, and so on. These VM instances might need to stay running indefinitely so you need a way to protect these VMs from being deleted. By setting the deletionProtection flag, a VM instance can be protected from accidental deletion. If a user attempts to delete a VM instance for which you have set the deletionProtection flag, the request fails. Only a user that has been granted a role with compute.instances.create permission can reset the flag to allow the resource to be deleted. Ref:https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion

asked 18/09/2024
Alex Bu
45 questions

Question 102

Report
Export
Collapse

Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?

Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.
Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.
Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.
Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.
Create a custom role by removing delete permissions, and add users to that role only.
Create a custom role by removing delete permissions, and add users to that role only.
Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.
Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.
Suggested answer: D

Explanation:

https://cloud.google.com/bigquery/docs/access-control#custom_roles

Custom roles enable you to enforce the principle of least privilege, ensuring that the user and service accounts in your organization have only the permissions essential to performing their intended functions.

asked 18/09/2024
Shaunt Khalatian
38 questions

Question 103

Report
Export
Collapse

You have a developer laptop with the Cloud SDK installed on Ubuntu. The Cloud SDK was installed from the Google Cloud Ubuntu package repository. You want to test your application locally on your laptop with Cloud Datastore. What should you do?

Export Cloud Datastore data using gcloud datastore export.
Export Cloud Datastore data using gcloud datastore export.
Create a Cloud Datastore index using gcloud datastore indexes create.
Create a Cloud Datastore index using gcloud datastore indexes create.
Install the google-cloud-sdk-datastore-emulator component using the apt get install command.
Install the google-cloud-sdk-datastore-emulator component using the apt get install command.
Install the cloud-datastore-emulator component using the gcloud components install command.
Install the cloud-datastore-emulator component using the gcloud components install command.
Suggested answer: D

Explanation:

The Datastore emulator provides local emulation of the production Datastore environment. You can use the emulator to develop and test your application locally Ref:https://cloud.google.com/datastore/docs/tools/datastore-emulator

asked 18/09/2024
Tyrome Myatt
35 questions

Question 104

Report
Export
Collapse

Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure. You need to assign minimum permissions to these team members and you want to follow Google-recommended practices. What should you do?

Add the users to roles/browser role.
Add the users to roles/browser role.
Add the users to roles/iam.roleViewer role.
Add the users to roles/iam.roleViewer role.
Add the users to a group, and add this group to roles/browser role.
Add the users to a group, and add this group to roles/browser role.
Add the users to a group, and add this group to roles/iam.roleViewer role.
Add the users to a group, and add this group to roles/iam.roleViewer role.
Suggested answer: C

Explanation:


asked 18/09/2024
Lethabane Reuben
33 questions

Question 105

Report
Export
Collapse

Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup Language (SAML) integration with service providers. Your company has users in Cloud Identity. You would like users to authenticate using your company's SSO provider. What should you do?

In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.
In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.
In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.
In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.
Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps.
Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps.
Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.
Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.
Suggested answer: B

Explanation:

https://support.google.com/cloudidentity/answer/6262987?hl=en&ref_topic=7558767

asked 18/09/2024
xingrui li
36 questions

Question 106

Report
Export
Collapse

Your organization has a dedicated person who creates and manages all service accounts for Google Cloud projects. You need to assign this person the minimum role for projects. What should you do?

Add the user to roles/iam.roleAdmin role.
Add the user to roles/iam.roleAdmin role.
Add the user to roles/iam.securityAdmin role.
Add the user to roles/iam.securityAdmin role.
Add the user to roles/iam.serviceAccountUser role.
Add the user to roles/iam.serviceAccountUser role.
Add the user to roles/iam.serviceAccountAdmin role.
Add the user to roles/iam.serviceAccountAdmin role.
Suggested answer: D

Explanation:

Service Account User (roles/iam.serviceAccountUser): Includes permissions to list service accounts, get details about a service account, and impersonate a service account. Service Account Admin (roles/iam.serviceAccountAdmin): Includes permissions to list service accounts and get details about a service account. Also includes permissions to create, update, and delete service accounts, and to view or change the IAM policy on a service account.

asked 18/09/2024
Maurice Nicholson
43 questions

Question 107

Report
Export
Collapse

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your dat

Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?
Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?
Coldline Storage
Coldline Storage
Nearline Storage
Nearline Storage
Regional Storage
Regional Storage
Multi-Regional Storage
Multi-Regional Storage
Suggested answer: A

Explanation:

Coldline Storage is a very-low-cost, highly durable storage service for storing infrequently accessed data. Coldline Storage is ideal for data you plan to read or modify at most once a quarter. Since we have a requirement to access data once a quarter and want to go with the most cost-efficient option, we should select Coldline Storage.

Ref:https://cloud.google.com/storage/docs/storage-classes#coldline

Google Associate Cloud Engineer image Question 107 explanation 27622 09182024191153000000

asked 18/09/2024
Simone Somacal
31 questions

Question 108

Report
Export
Collapse

A team of data scientists infrequently needs to use a Google Kubernetes Engine (GKE) cluster that you manage. They require GPUs for some long-running, non-restartable jobs. You want to minimize cost. What should you do?

Enable node auto-provisioning on the GKE cluster.
Enable node auto-provisioning on the GKE cluster.
Create a VerticalPodAutscaler for those workloads.
Create a VerticalPodAutscaler for those workloads.
Create a node pool with preemptible VMs and GPUs attached to those VMs.
Create a node pool with preemptible VMs and GPUs attached to those VMs.
Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a minimum size of 1.
Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a minimum size of 1.
Suggested answer: A

Explanation:

auto-provisioning = Attaches and deletes node pools to cluster based on the requirements. Hence creating a GPU node pool, and auto-scaling would be better https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning

asked 18/09/2024
Maria Telan
32 questions

Question 109

Report
Export
Collapse

Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization. What should you do?

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.
Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.
Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.
Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.
Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.
Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.
Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.
Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.
Suggested answer: A

Explanation:

Directory Sync Google Cloud Directory Sync enables administrators to synchronize users, groups and other data from an Active Directory/LDAP service to their Google Cloud domain directory https://tools.google.com/dlpage/dirsync/

asked 18/09/2024
Sanjay R Khiani
42 questions

Question 110

Report
Export
Collapse

You have successfully created a development environment in a project for an application. This application uses Compute Engine and Cloud SQL. Now, you need to create a production environment for this application.

The security team has forbidden the existence of network routes between these 2 environments, and asks you to follow Google-recommended practices. What should you do?

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.
Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.
Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.
Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.
Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.
Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.
Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.
Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.
Suggested answer: A

Explanation:

This aligns with Googles recommended practices. By creating a new project, we achieve complete isolation between development and production environments; as well as isolate this production application from production applications of other departments.

Ref:https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#define-hierarchy

asked 18/09/2024
Ronald Buffing
40 questions
Total 296 questions
Go to page: of 30
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below: You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status: What is the most likely cause?
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?
Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?
You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your dat
Users of your application are complaining of slowness when loading the application. You realize the slowness is because the App Engine deployment serving the application is deployed in us-central whereas all users of this application are closest to europe-west3. You want to change the region of the App Engine application to europe-west3 to minimize latency. What's the best way to change the App Engine region?
You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?
You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?
You have downloaded and installed the gcloud command line interface (CLI) and have authenticated with your Google Account. Most of your Compute Engine instances in your project run in the europe-west1-d zone. You want to avoid having to specify this zone with each CLI command when managing these instances. What should you do?
You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?