ExamGecko
Login
Home / Google / Associate Cloud Engineer / List of questions
Ask Question

Google Associate Cloud Engineer Practice Test - Questions Answers, Page 12

List of questions

Question 111

Report
Export
Collapse

Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

Ask the auditor for their Google account, and give them the Viewer role on the project.
Ask the auditor for their Google account, and give them the Viewer role on the project.
Ask the auditor for their Google account, and give them the Security Reviewer role on the project.
Ask the auditor for their Google account, and give them the Security Reviewer role on the project.
Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.
Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.
Suggested answer: C

Explanation:

Using primitive roles The following table lists the primitive roles that you can grant to access a project, the description of what the role does, and the permissions bundled within that role. Avoid using primitive roles except when absolutely necessary. These roles are very powerful, and include a large number of permissions across all Google Cloud services. For more details on when you should use primitive roles, see the Identity and Access Management FAQ. IAM predefined roles are much more granular, and allow you to carefully manage the set of permissions that your users have access to. See Understanding Roles for a list of roles that can be granted at the project level. Creating custom roles can further increase the control you have over user permissions. https://cloud.google.com/resource-manager/docs/access-control-proj#using_primitive_roles

https://cloud.google.com/iam/docs/understanding-custom-roles

asked 18/09/2024
Luis Hernaiz
40 questions

Question 112

Report
Export
Collapse

You have a workload running on Compute Engine that is critical to your business. You want to ensure that the data on the boot disk of this workload is backed up regularly. You need to be able to restore a backup as quickly as possible in case of disaster. You also want older backups to be cleaned automatically to save on cost. You want to follow Google-recommended practices. What should you do?

Create a Cloud Function to create an instance template.
Create a Cloud Function to create an instance template.
Create a snapshot schedule for the disk using the desired interval.
Create a snapshot schedule for the disk using the desired interval.
Create a cron job to create a new disk from the disk using gcloud.
Create a cron job to create a new disk from the disk using gcloud.
Create a Cloud Task to create an image and export it to Cloud Storage.
Create a Cloud Task to create an image and export it to Cloud Storage.
Suggested answer: B

Explanation:

Best practices for persistent disk snapshots

You can create persistent disk snapshots at any time, but you can create snapshots more quickly and with greater reliability if you use the following best practices.

Creating frequent snapshots efficiently

Use snapshots to manage your data efficiently.

Create a snapshot of your data on a regular schedule to minimize data loss due to unexpected failure.

Improve performance by eliminating excessive snapshot downloads and by creating an image and reusing it.

Set your snapshot schedule to off-peak hours to reduce snapshot time.

Snapshot frequency limits

Creating snapshots from persistent disks

You can snapshot your disks at most once every 10 minutes. If you want to issue a burst of requests to snapshot your disks, you can issue at most 6 requests in 60 minutes.

If the limit is exceeded, the operation fails and returns the following error:

https://cloud.google.com/compute/docs/disks/snapshot-best-practices

asked 18/09/2024
VEDA VIKASH Matam Shashidhar
37 questions

Question 113

Report
Export
Collapse

You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?

Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.
Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.
Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.
Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.
Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage.
Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage.
Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.
Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.
Suggested answer: B

Explanation:

Google Cloud provides Cloud Audit Logs, which is an integral part of Cloud Logging. It consists of two log streams for each project: Admin Activity and Data Access, which are generated by Google Cloud services to help you answer the question of who did what, where, and when? within your Google Cloud projects.

Ref:https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors

asked 18/09/2024
Carlos Cabezas
49 questions

Question 114

Report
Export
Collapse

You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google- recommended practices to obtain the combined logs for all projects. What should you do?

Navigate to Stackdriver Logging and select resource.labels.project_id='*'
Navigate to Stackdriver Logging and select resource.labels.project_id='*'
Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.
Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.
Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.
Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.
Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.
Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.
Suggested answer: B

Explanation:

Ref:https://cloud.google.com/logging/docs/export/aggregated_sinks

Either way, we now have the data in a BigQuery Dataset. Querying information from a Big Query dataset is easier and quicker than analyzing contents in Cloud Storage bucket. As our requirement is to Quickly analyze the log contents, we should prefer Big Query over Cloud Storage.

Also, You can control storage costs and optimize storage usage by setting the default table expiration for newly created tables in a dataset. If you set the property when the dataset is created, any table created in the dataset is deleted after the expiration period. If you set the property after the dataset is created, only new tables are deleted after the expiration period. For example, if you set the default table expiration to 7 days, older data is automatically deleted after 1 week. Ref:https://cloud.google.com/bigquery/docs/best-practices-storage

asked 18/09/2024
Ranjan Gupta
33 questions

Question 115

Report
Export
Collapse

You need to reduce GCP service costs for a division of your company using the fewest possible steps. You need to turn off all configured services in an existing GCP project. What should you do?

1. Verify that you are assigned the Project Owners IAM role for this project. 2. Locate the project in the GCP console, click Shut down and then enter the project ID.
1. Verify that you are assigned the Project Owners IAM role for this project. 2. Locate the project in the GCP console, click Shut down and then enter the project ID.
1. Verify that you are assigned the Project Owners IAM role for this project. 2. Switch to the project in the GCP console, locate the resources and delete them.
1. Verify that you are assigned the Project Owners IAM role for this project. 2. Switch to the project in the GCP console, locate the resources and delete them.
1. Verify that you are assigned the Organizational Administrator IAM role for this project. 2. Locate the project in the GCP console, enter the project ID and then click Shut down.
1. Verify that you are assigned the Organizational Administrator IAM role for this project. 2. Locate the project in the GCP console, enter the project ID and then click Shut down.
1. Verify that you are assigned the Organizational Administrators IAM role for this project. 2. Switch to the project in the GCP console, locate the resources and delete them.
1. Verify that you are assigned the Organizational Administrators IAM role for this project. 2. Switch to the project in the GCP console, locate the resources and delete them.
Suggested answer: A

Explanation:

https://cloud.google.com/run/docs/tutorials/gcloud

https://cloud.google.com/resource-manager/docs/creating-managing-projects

https://cloud.google.com/iam/docs/understanding-roles#primitive_roles

You can shut down projects using the Cloud Console. When you shut down a project, this immediately happens: All billing and traffic serving stops, You lose access to the project, The owners of the project will be notified and can stop the deletion within 30 days, The project will be scheduled to be deleted after 30 days. However, some resources may be deleted much earlier.

asked 18/09/2024
Stan Nichols
32 questions

Question 116

Report
Export
Collapse

You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web-applications project. What should you do?

Give ''project owner'' for web-applications appropriate roles to crm-databases- proj
Give ''project owner'' for web-applications appropriate roles to crm-databases- proj
Give ''project owner'' role to crm-databases-proj and the web-applications project.
Give ''project owner'' role to crm-databases-proj and the web-applications project.
Give ''project owner'' role to crm-databases-proj and bigquery.dataViewer role to web-applications.
Give ''project owner'' role to crm-databases-proj and bigquery.dataViewer role to web-applications.
Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
Suggested answer: C

Explanation:

bigquery.dataViewer role provides permissions to read the datasets metadata and list tables in the dataset as well as Read data and metadata from the datasets tables. This is exactly what we need to fulfil this requirement and follows the least privilege principle.

Ref:https://cloud.google.com/iam/docs/understanding-roles#bigquery-roles

asked 18/09/2024
tho nguyen
32 questions

Question 117

Report
Export
Collapse

An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination. What should you do?

View System Event Logs in Stackdriver. Search for the user's email as the principal.
View System Event Logs in Stackdriver. Search for the user's email as the principal.
View System Event Logs in Stackdriver. Search for the service account associated with the user.
View System Event Logs in Stackdriver. Search for the service account associated with the user.
View Data Access audit logs in Stackdriver. Search for the user's email as the principal.
View Data Access audit logs in Stackdriver. Search for the user's email as the principal.
View the Admin Activity log in Stackdriver. Search for the service account associated with the user.
View the Admin Activity log in Stackdriver. Search for the service account associated with the user.
Suggested answer: C

Explanation:

https://cloud.google.com/logging/docs/audit

Data Access audit logs Data Access audit logs contain API calls that read the configuration or metadata of resources, as well as user-driven API calls that create, modify, or read user-provided resource data.

https://cloud.google.com/logging/docs/audit#data-access

asked 18/09/2024
Reaper Gamer
43 questions

Question 118

Report
Export
Collapse

You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to BETA while testing the role permissions.
Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to BETA while testing the role permissions.
Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to BETA while testing the role permissions.
Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to BETA while testing the role permissions.
Suggested answer: A

Explanation:

When setting support levels for permissions in custom roles, you can set to one of SUPPORTED, TESTING or NOT_SUPPORTED.

Ref:https://cloud.google.com/iam/docs/custom-roles-permissions-support

asked 18/09/2024
Shivanth Jha
36 questions

Question 119

Report
Export
Collapse

Your company has a large quantity of unstructured data in different file formats. You want to perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it can be processed by a Dataflow job. What should you do?


Upload the data to BigQuery using the bq command line tool.
Upload the data to BigQuery using the bq command line tool.
Upload the data to Cloud Storage using the gsutil command line tool.
Upload the data to Cloud Storage using the gsutil command line tool.
Upload the data into Cloud SQL using the import function in the console.
Upload the data into Cloud SQL using the import function in the console.
Upload the data into Cloud Spanner using the import function in the console.
Upload the data into Cloud Spanner using the import function in the console.
Suggested answer: B

Explanation:

'large quantity' : Cloud Storage or BigQuery 'files' a file is nothing but an Object

asked 18/09/2024
Joseph Martin
29 questions

Question 120

Report
Export
Collapse

You need to manage multiple Google Cloud Platform (GCP) projects in the fewest steps possible. You want to configure the Google Cloud SDK command line interface (CLI) so that you can easily manage multiple GCP projects. What should you?

1. Create a configuration for each project you need to manage. 2. Activate the appropriate configuration when you work with each of your assigned GCP projects.
1. Create a configuration for each project you need to manage. 2. Activate the appropriate configuration when you work with each of your assigned GCP projects.
1. Create a configuration for each project you need to manage. 2. Use gcloud init to update the configuration values when you need to work with a non-default project
1. Create a configuration for each project you need to manage. 2. Use gcloud init to update the configuration values when you need to work with a non-default project
1. Use the default configuration for one project you need to manage. 2. Activate the appropriate configuration when you work with each of your assigned GCP projects.
1. Use the default configuration for one project you need to manage. 2. Activate the appropriate configuration when you work with each of your assigned GCP projects.
1. Use the default configuration for one project you need to manage. 2. Use gcloud init to update the configuration values when you need to work with a non-default project.
1. Use the default configuration for one project you need to manage. 2. Use gcloud init to update the configuration values when you need to work with a non-default project.
Suggested answer: A

Explanation:

https://cloud.google.com/sdk/gcloud

https://cloud.google.com/sdk/docs/configurations#multiple_configurations

asked 18/09/2024
Borja Arranz Palenzuela
38 questions
Total 296 questions
Go to page: of 30
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below: You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status: What is the most likely cause?
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?
Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?
You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your dat
Users of your application are complaining of slowness when loading the application. You realize the slowness is because the App Engine deployment serving the application is deployed in us-central whereas all users of this application are closest to europe-west3. You want to change the region of the App Engine application to europe-west3 to minimize latency. What's the best way to change the App Engine region?
You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?
You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?
You have downloaded and installed the gcloud command line interface (CLI) and have authenticated with your Google Account. Most of your Compute Engine instances in your project run in the europe-west1-d zone. You want to avoid having to specify this zone with each CLI command when managing these instances. What should you do?
You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?