ExamGecko
Login
Home / Google / Associate Cloud Engineer / List of questions
Ask Question

Google Associate Cloud Engineer Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report
Export
Collapse

You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?

Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.
Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.
Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.
Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.
Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.
Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.
Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.
Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.
Suggested answer: A

Explanation:

Ref:https://cloud.google.com/sdk/gcloud/reference/config/configurations/activate

Finally, while each configuration is active, you can run the gcloud compute instances start [NAME] command to start the instance in the configurations region. https://cloud.google.com/sdk/gcloud/reference/compute/instances/start

asked 18/09/2024
Website Subscription
37 questions

Question 22

Report
Export
Collapse

You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?

Use granular logging statements within a Deployment Manager template authored in Python.
Use granular logging statements within a Deployment Manager template authored in Python.
Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.
Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.
Execute the Deployment Manager template using the ---preview option in the same project, and observe the state of interdependent resources.
Execute the Deployment Manager template using the ---preview option in the same project, and observe the state of interdependent resources.
Suggested answer: D
asked 18/09/2024
Chris Ngobili
39 questions

Question 23

Report
Export
Collapse

You are building a pipeline to process time-series data. Which Google Cloud Platform services should you put in boxes 1,2,3, and 4?


Google Associate Cloud Engineer image Question 23 27538 09182024191153000000

Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery
Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery
Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery
Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery
Suggested answer: D

Explanation:

https://cloud.google.com/blog/products/data-analytics/handling-duplicate-data-in-streaming-pipeline-using-pubsub-dataflow

https://cloud.google.com/bigtable/docs/schema-design-time-series

asked 18/09/2024
Ajayi Johnson
45 questions

Question 24

Report
Export
Collapse

You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?

Use gcloud to create the new project, and then deploy your application to the new project.
Use gcloud to create the new project, and then deploy your application to the new project.
Use gcloud to create the new project and to copy the deployed application to the new project.
Use gcloud to create the new project and to copy the deployed application to the new project.
Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.
Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.
Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.
Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.
Suggested answer: A

Explanation:

You can deploy to a different project by using --project flag.

By default, the service is deployed the current project configured via:

$ gcloud config set core/project PROJECT

To override this value for a single deployment, use the --project flag:

$ gcloud app deploy ~/my_app/app.yaml --project=PROJECT

Ref: https://cloud.google.com/sdk/gcloud/reference/app/deploy

asked 18/09/2024
Fabio Morais Melo
37 questions

Question 25

Report
Export
Collapse

You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?

Add the auditors group to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
Add the auditors group to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
Add the auditors group to two new custom IAM roles.
Add the auditors group to two new custom IAM roles.
Add the auditor user accounts to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
Add the auditor user accounts to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
Add the auditor user accounts to two new custom IAM roles.
Add the auditor user accounts to two new custom IAM roles.
Suggested answer: A

Explanation:

https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors

Because if you directly add users to the IAM roles, then if any users left the organization then you have to remove the users from multiple places and need to revoke his/her access from multiple places. But, if you put a user into a group then its very easy to manage these type of situations. Now, if any user left then you just need to remove the user from the group and all the access got revoked

The organization creates a Google group for these external auditors and adds the current auditor to the group. This group is monitored and is typically granted access to the dashboard application. During normal access, the auditors' Google group is only granted access to view the historic logs stored in BigQuery. If any anomalies are discovered, the group is granted permission to view the actual Cloud Logging Admin Activity logs via the dashboard's elevated access mode. At the end of each audit period, the group's access is then revoked. Data is redacted using Cloud DLP before being made accessible for viewing via the dashboard application. The table below explains IAM logging roles that an Organization Administrator can grant to the service account used by the dashboard, as well as the resource level at which the role is granted.

asked 18/09/2024
Jovin Jose
32 questions

Question 26

Report
Export
Collapse

You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?

Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/devstorage.write_only'.
Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/devstorage.write_only'.
Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/cloud-platform'.
Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/cloud-platform'.
Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket.
Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket.
Create a service account and add it to the IAM role 'storage.objectAdmin' for that bucket.
Create a service account and add it to the IAM role 'storage.objectAdmin' for that bucket.
Suggested answer: C

Explanation:

https://cloud.google.com/iam/docs/understanding-service-accounts#using_service_accounts_with_compute_engine

https://cloud.google.com/storage/docs/access-control/iam-roles

asked 18/09/2024
Tebogo Maphafo
36 questions

Question 27

Report
Export
Collapse

You have sensitive data stored in three Cloud Storage buckets and have enabled data access logging. You want to verify activities for a particular user for these buckets, using the fewest possible steps. You need to verify the addition of metadata labels and which files have been viewed from those buckets. What should you do?

Using the GCP Console, filter the Activity log to view the information.
Using the GCP Console, filter the Activity log to view the information.
Using the GCP Console, filter the Stackdriver log to view the information.
Using the GCP Console, filter the Stackdriver log to view the information.
View the bucket in the Storage section of the GCP Console.
View the bucket in the Storage section of the GCP Console.
Create a trace in Stackdriver to view the information.
Create a trace in Stackdriver to view the information.
Suggested answer: A

Explanation:

https://cloud.google.com/storage/docs/audit-logs

https://cloud.google.com/compute/docs/logging/audit-logging#audited_operations

asked 18/09/2024
Ray Hato
38 questions

Question 28

Report
Export
Collapse

You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you grant your colleagues?

Project Editor
Project Editor
Storage Admin
Storage Admin
Storage Object Admin
Storage Object Admin
Storage Object Creator
Storage Object Creator
Suggested answer: B

Explanation:

Storage Admin (roles/storage.admin) Grants full control of buckets and objects.

When applied to an individual bucket, control applies only to the specified bucket and objects within the bucket.

firebase.projects.get

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.*

storage.objects.*

https://cloud.google.com/storage/docs/access-control/iam-roles

This role grants full control of buckets and objects. When applied to an individual bucket, control applies only to the specified bucket and objects within the bucket.

Ref:https://cloud.google.com/iam/docs/understanding-roles#storage-roles

asked 18/09/2024
Mpho Ntshontsi
41 questions

Question 29

Report
Export
Collapse

You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive data. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?


Create a signed URL with a four-hour expiration and share the URL with the company.
Create a signed URL with a four-hour expiration and share the URL with the company.
Set object access to 'public' and use object lifecycle management to remove the object after four hours.
Set object access to 'public' and use object lifecycle management to remove the object after four hours.
Configure the storage bucket as a static website and furnish the object's URL to the company. Delete the object from the storage bucket after four hours.
Configure the storage bucket as a static website and furnish the object's URL to the company. Delete the object from the storage bucket after four hours.
Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.
Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.
Suggested answer: A

Explanation:

Signed URLs are used to give time-limited resource access to anyone in possession of the URL, regardless of whether they have a Google account. https://cloud.google.com/storage/docs/access-control/signed-urls

asked 18/09/2024
Saeed Awwad
46 questions

Question 30

Report
Export
Collapse

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

Deploy the monitoring pod in a StatefulSet object.
Deploy the monitoring pod in a StatefulSet object.
Deploy the monitoring pod in a DaemonSet object.
Deploy the monitoring pod in a DaemonSet object.
Reference the monitoring pod in a Deployment object.
Reference the monitoring pod in a Deployment object.
Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.
Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.
Suggested answer: B

Explanation:

https://cloud.google.com/kubernetes-engine/docs/concepts/daemonset

https://cloud.google.com/kubernetes-engine/docs/concepts/daemonset#usage_patterns

DaemonSets attempt to adhere to a one-Pod-per-node model, either across the entire cluster or a subset of nodes. As you add nodes to a node pool, DaemonSets automatically add Pods to the new nodes as needed.

In GKE, DaemonSets manage groups of replicated Pods and adhere to a one-Pod-per-node model, either across the entire cluster or a subset of nodes. As you add nodes to a node pool, DaemonSets automatically add Pods to the new nodes as needed. So, this is a perfect fit for our monitoring pod.

Ref:https://cloud.google.com/kubernetes-engine/docs/concepts/daemonset

DaemonSets are useful for deploying ongoing background tasks that you need to run on all or certain nodes, and which do not require user intervention. Examples of such tasks include storage daemons like ceph, log collection daemons like fluentd, and node monitoring daemons like collectd. For example, you could have DaemonSets for each type of daemon run on all of your nodes. Alternatively, you could run multiple DaemonSets for a single type of daemon, but have them use different configurations for different hardware types and resource needs.

asked 18/09/2024
Shaun Kilmartin
26 questions
Total 296 questions
Go to page: of 30
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below: You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status: What is the most likely cause?
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?
Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?
You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your dat
Users of your application are complaining of slowness when loading the application. You realize the slowness is because the App Engine deployment serving the application is deployed in us-central whereas all users of this application are closest to europe-west3. You want to change the region of the App Engine application to europe-west3 to minimize latency. What's the best way to change the App Engine region?
You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?
You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?
You have downloaded and installed the gcloud command line interface (CLI) and have authenticated with your Google Account. Most of your Compute Engine instances in your project run in the europe-west1-d zone. You want to avoid having to specify this zone with each CLI command when managing these instances. What should you do?
You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?