ExamGecko
Search Search Login
Home Home / Google / Associate Cloud Engineer

Google Associate Cloud Engineer Practice Test - Questions Answers, Page 26

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your dat
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?
Users of your application are complaining of slowness when loading the application. You realize the slowness is because the App Engine deployment serving the application is deployed in us-central whereas all users of this application are closest to europe-west3. You want to change the region of the App Engine application to europe-west3 to minimize latency. What's the best way to change the App Engine region?
You are developing a new application and are looking for a Jenkins installation to build and deploy your source code. You want to automate the installation as quickly and easily as possible. What should you do?
You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status: What is the most likely cause?
You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?
You have a development project with appropriate IAM roles defined. You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps. What should you do?
You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps. You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?
You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

Question 251

Report
Export
Collapse

You are planning to migrate your on-premises data to Google Cloud. The data includes:

* 200 TB of video files in SAN storage

* Data warehouse data stored on Amazon Redshift

* 20 GB of PNG files stored on an S3 bucket

You need to load the video files into a Cloud Storage bucket, transfer the data warehouse data into BigQuery, and load the PNG files into a second Cloud Storage bucket. You want to follow Google-recommended practices and avoid writing any code for the migration. What should you do?

A.
Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.
A.
Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.
Answers
B.
Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.
B.
Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.
Answers
C.
Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.
C.
Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.
Answers
D.
Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.
D.
Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.
Answers
Suggested answer: C

Question 252

Report
Export
Collapse

Your application is running on Google Cloud in a managed instance group (MIG). You see errors in Cloud Logging for one VM that one of the processes is not responsive. You want to replace this VM in the MIG quickly. What should you do?

A.
Select the MIG from the Compute Engine console and, in the menu, select Replace VMs.
A.
Select the MIG from the Compute Engine console and, in the menu, select Replace VMs.
Answers
B.
Use the gcloud compute instance-groups managed recreate-instances command to recreate theVM.
B.
Use the gcloud compute instance-groups managed recreate-instances command to recreate theVM.
Answers
C.
Use the gcloud compute instances update command with a REFRESH action for the VM.
C.
Use the gcloud compute instances update command with a REFRESH action for the VM.
Answers
D.
Update and apply the instance template of the MIG.
D.
Update and apply the instance template of the MIG.
Answers
Suggested answer: A

Question 253

Report
Export
Collapse

You are working in a team that has developed a new application that needs to be deployed on Kubernetes. The production application is business critical and should be optimized for reliability. You need to provision a Kubernetes cluster and want to follow Google-recommended practices. What should you do?

A.
Create a GKE Autopilot cluster. Enroll the cluster in the rapid release channel.
A.
Create a GKE Autopilot cluster. Enroll the cluster in the rapid release channel.
Answers
B.
Create a GKE Autopilot cluster. Enroll the cluster in the stable release channel.
B.
Create a GKE Autopilot cluster. Enroll the cluster in the stable release channel.
Answers
C.
Create a zonal GKE standard cluster. Enroll the cluster in the stable release channel.
C.
Create a zonal GKE standard cluster. Enroll the cluster in the stable release channel.
Answers
D.
Create a regional GKE standard cluster. Enroll the cluster in the rapid release channel.
D.
Create a regional GKE standard cluster. Enroll the cluster in the rapid release channel.
Answers
Suggested answer: B

Explanation:

Autopilot is more reliable and stable release gives more time to fix issues in new version of GKE

Question 254

Report
Export
Collapse

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company's security policy also restricts developer permissions to Compute Engine. Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

A.
* Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization. * Copy the role across all projects created within the organization with the gcloud iam roles copy command. * Assign the role to developers in those projects.
A.
* Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization. * Copy the role across all projects created within the organization with the gcloud iam roles copy command. * Assign the role to developers in those projects.
Answers
B.
* Add all developers to a Google group in Google Groups for Workspace. * Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.
B.
* Add all developers to a Google group in Google Groups for Workspace. * Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.
Answers
C.
* Add all developers to a Google group in Cloud Identity. * Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.
C.
* Add all developers to a Google group in Cloud Identity. * Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.
Answers
D.
* Add all developers to a Google group in Cloud Identity. * Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level. * Assign the custom role to the Google group.
D.
* Add all developers to a Google group in Cloud Identity. * Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level. * Assign the custom role to the Google group.
Answers
Suggested answer: D

Explanation:

https://www.cloudskillsboost.google/focuses/1035?parent=catalog#:~:text=custom%20role%20at%20the%20organization%20level


Question 255

Report
Export
Collapse

You used the gcloud container clusters command to create two Google Cloud Kubernetes (GKE) clusters prod-cluster and dev-cluster.

* prod-cluster is a standard cluster.

* dev-cluster is an auto-pilot duster.

When you run the Kubect1 get nodes command, you only see the nodes from prod-cluster Which commands should you run to check the node status for dev-cluster?

A.
A.
Answers
B.
B.
Answers
C.
C.
Answers
D.
D.
Answers
Suggested answer: C

Question 256

Report
Export
Collapse

You have a Bigtable instance that consists of three nodes that store personally identifiable information (Pll) dat a. You need to log all read or write operations, including any metadata or configuration reads of this database table, in your company's Security Information and Event Management (SIEM) system. What should you do?

A.
* Navigate to Cloud Mentioning in the Google Cloud console, and create a custom monitoring job for the Bigtable instance to track all changes. * Create an alert by using webhook endpoints. with the SIEM endpoint as a receiver
A.
* Navigate to Cloud Mentioning in the Google Cloud console, and create a custom monitoring job for the Bigtable instance to track all changes. * Create an alert by using webhook endpoints. with the SIEM endpoint as a receiver
Answers
B.
Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read. Data Write and Admin Read logs for the Bigtable instance * Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.
B.
Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read. Data Write and Admin Read logs for the Bigtable instance * Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.
Answers
C.
* Install the Ops Agent on the Bigtable instance during configuration. K * Create a service account with read permissions for the Bigtable instance. * Create a custom Dataflow job with this service account to export logs to the company's SIEM system.
C.
* Install the Ops Agent on the Bigtable instance during configuration. K * Create a service account with read permissions for the Bigtable instance. * Create a custom Dataflow job with this service account to export logs to the company's SIEM system.
Answers
D.
* Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the Biglable instance. * Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.
D.
* Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the Biglable instance. * Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.
Answers
Suggested answer: B

Question 257

Report
Export
Collapse

You have an on-premises data analytics set of binaries that processes data files in memory for about 45 minutes every midnight. The sizes of those data files range from 1 gigabyte to 16 gigabytes. You want to migrate this application to Google Cloud with minimal effort and cost. What should you do?

A.
Upload the code to Cloud Functions. Use Cloud Scheduler to start the application.
A.
Upload the code to Cloud Functions. Use Cloud Scheduler to start the application.
Answers
B.
Create a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.
B.
Create a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.
Answers
C.
Create a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.
C.
Create a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.
Answers
D.
Lift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.
D.
Lift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.
Answers
Suggested answer: B

Question 258

Report
Export
Collapse

You are in charge of provisioning access for all Google Cloud users in your organization. Your company recently acquired a startup company that has their own Google Cloud organization. You need to ensure that your Site Reliability Engineers (SREs) have the same project permissions in the startup company's organization as in your own organization. What should you do?

A.
In the Google Cloud console for your organization, select Create role from selection, and choose destination as the startup company's organization
A.
In the Google Cloud console for your organization, select Create role from selection, and choose destination as the startup company's organization
Answers
B.
In the Google Cloud console for the startup company, select Create role from selection and choose source as the startup company's Google Cloud organization.
B.
In the Google Cloud console for the startup company, select Create role from selection and choose source as the startup company's Google Cloud organization.
Answers
C.
Use the gcloud iam roles copy command, and provide the Organization ID of the startup company's Google Cloud Organization as the destination.
C.
Use the gcloud iam roles copy command, and provide the Organization ID of the startup company's Google Cloud Organization as the destination.
Answers
D.
Use the gcloud iam roles copy command, and provide the project IDs of all projects in the startup company s organization as the destination.
D.
Use the gcloud iam roles copy command, and provide the project IDs of all projects in the startup company s organization as the destination.
Answers
Suggested answer: D

Explanation:


Question 259

Report
Export
Collapse

After a recent security incident, your startup company wants better insight into what is happening in the Google Cloud environment. You need to monitor unexpected firewall changes and instance creation. Your company prefers simple solutions. What should you do?

A.
Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.
A.
Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.
Answers
B.
Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.
B.
Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.
Answers
C.
Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.
C.
Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.
Answers
D.
Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage. Use BigQuery to periodically analyze log events in the storage bucket.
D.
Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage. Use BigQuery to periodically analyze log events in the storage bucket.
Answers
Suggested answer: D

Explanation:


Question 260

Report
Export
Collapse

Your continuous integration and delivery (CI/CD) server can't execute Google Cloud actions in a specific project because of permission issues. You need to validate whether the used service account has the appropriate roles in the specific project. What should you do?

A.
Open the Google Cloud console, and run a query to determine which resources this service account can access.
A.
Open the Google Cloud console, and run a query to determine which resources this service account can access.
Answers
B.
Open the Google Cloud console, and run a query of the audit logs to find permission denied errors for this service account.
B.
Open the Google Cloud console, and run a query of the audit logs to find permission denied errors for this service account.
Answers
C.
Open the Google Cloud console, and check the organization policies.
C.
Open the Google Cloud console, and check the organization policies.
Answers
D.
Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.
D.
Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.
Answers
Suggested answer: D

Explanation:

This answer is the most effective way to validate whether the service account used by the CI/CD server has the appropriate roles in the specific project. By checking the IAM roles assigned to the service account, you can see which permissions the service account has and which resources it can access. You can also check if the service account inherits any roles from the folder or organization levels, which may affect its access to the project. You can use the Google Cloud console, the gcloud command-line tool, or the IAM API to view the IAM roles of a service account.

Total 289 questions
Go to page: of 29
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms