ExamGecko
Search Search Login
Home Home / Google / Associate Cloud Engineer

Google Associate Cloud Engineer Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your dat
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?
Users of your application are complaining of slowness when loading the application. You realize the slowness is because the App Engine deployment serving the application is deployed in us-central whereas all users of this application are closest to europe-west3. You want to change the region of the App Engine application to europe-west3 to minimize latency. What's the best way to change the App Engine region?
You are developing a new application and are looking for a Jenkins installation to build and deploy your source code. You want to automate the installation as quickly and easily as possible. What should you do?
You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?
You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status: What is the most likely cause?
You have a development project with appropriate IAM roles defined. You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps. What should you do?
You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps. You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?
The storage costs for your application logs have far exceeded the project budget. The logs are currently being retained indefinitely in the Cloud Storage bucket myapp-gcp-ace-logs. You have been asked to remove logs older than 90 days from your Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?

Question 71

Report
Export
Collapse

You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

A.
In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
A.
In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
Answers
B.
When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
B.
When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
Answers
C.
Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
C.
Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
Answers
D.
Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
D.
Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
Answers
Suggested answer: A

Explanation:

As mentioned above, Container Registry ignores permissions set on individual objects within the storage bucket so this isnt going to work.

Ref:https://cloud.google.com/container-registry/docs/access-control

Question 72

Report
Export
Collapse

You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.

You check the status of the deployed pods and notice that one of them is still in PENDING status:

You want to find out why the pod is stuck in pending status. What should you do?

A.
Review details of the myapp-service Service object and check for error messages.
A.
Review details of the myapp-service Service object and check for error messages.
Answers
B.
Review details of the myapp-deployment Deployment object and check for error messages.
B.
Review details of the myapp-deployment Deployment object and check for error messages.
Answers
C.
Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
C.
Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
Answers
D.
View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
D.
View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
Answers
Suggested answer: C

Explanation:

https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/#debugging-pods

Question 73

Report
Export
Collapse

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

A.
After the VM has been created, use your Google Account credentials to log in into the VM.
A.
After the VM has been created, use your Google Account credentials to log in into the VM.
Answers
B.
After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.
B.
After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.
Answers
C.
When creating the VM, add metadata to the instance using 'windows-password' as the key and a password as the value.
C.
When creating the VM, add metadata to the instance using 'windows-password' as the key and a password as the value.
Answers
D.
After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.
D.
After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.
Answers
Suggested answer: B

Explanation:

You can generate Windows passwords using either the Google Cloud Console or the gcloud command-line tool. This option uses the right syntax to reset the windows password.

gcloud compute reset-windows-password windows-instance

Ref:https://cloud.google.com/compute/docs/instances/windows/creating-passwords-for-windows-instances#gcloud

Question 74

Report
Export
Collapse

You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

A.
Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.
A.
Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.
Answers
B.
Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.
B.
Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.
Answers
C.
Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
C.
Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
Answers
D.
Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.
D.
Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.
Answers
Suggested answer: A

Explanation:

After you enable OS Login on one or more instances in your project, those VMs accept connections only from user accounts that have the necessary IAM roles in your project or organization. In this case, we are granting the group compute.osLogin which lets them log in as non-administrator account. And since we are directing them to use Cloud Shell to ssh, we dont need to add their SSH keys to the instance metadata. Ref:https://cloud.google.com/compute/docs/instances/managing-instance-access#configure_users Ref:https://cloud.google.com/compute/docs/instances/managing-instance-access#add_oslogin_keys

Question 75

Report
Export
Collapse

You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

A.
Run gcloud projects list to get the project ID, and then run gcloud services list --project .
A.
Run gcloud projects list to get the project ID, and then run gcloud services list --project .
Answers
B.
Run gcloud init to set the current project to my-project, and then run gcloud services list --available.
B.
Run gcloud init to set the current project to my-project, and then run gcloud services list --available.
Answers
C.
Run gcloud info to view the account value, and then run gcloud services list --account <Account>.
C.
Run gcloud info to view the account value, and then run gcloud services list --account <Account>.
Answers
D.
Run gcloud projects describe to verify the project value, and then run gcloud services list --available.
D.
Run gcloud projects describe to verify the project value, and then run gcloud services list --available.
Answers
Suggested answer: A

Explanation:

`gcloud services list --available` returns not only the enabled services in the project but also services that CAN be enabled.

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

Run the following command to list the enabled APIs and services in your current project:

gcloud services list

whereas, Run the following command to list the APIs and services available to you in your current project:

gcloud services list --available

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

--available

Return the services available to the project to enable. This list will include any services that the project has already enabled.

To list the services the current project has enabled for consumption, run:

gcloud services list --enabled

To list the services the current project can enable for consumption, run:

gcloud services list --available

Question 76

Report
Export
Collapse

You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

A.
Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.
A.
Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.
Answers
B.
Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.
B.
Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.
Answers
C.
Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.
C.
Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.
Answers
D.
Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.
D.
Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.
Answers
Suggested answer: D

Explanation:

GCP App Engine natively offers traffic splitting functionality between versions. You can use traffic splitting to specify a percentage distribution of traffic across two or more of the versions within a service. Splitting traffic allows you to conduct A/B testing between your versions and provides control over the pace when rolling out features.

Ref:https://cloud.google.com/appengine/docs/standard/python/splitting-traffic

Question 77

Report
Export
Collapse

You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?

A.
Fill in local SSD. Fill in persistent disk storage and snapshot storage.
A.
Fill in local SSD. Fill in persistent disk storage and snapshot storage.
Answers
B.
Fill in local SSD. Add estimated cost for cluster management.
B.
Fill in local SSD. Add estimated cost for cluster management.
Answers
C.
Select Add GPUs. Fill in persistent disk storage and snapshot storage.
C.
Select Add GPUs. Fill in persistent disk storage and snapshot storage.
Answers
D.
Select Add GPUs. Add estimated cost for cluster management.
D.
Select Add GPUs. Add estimated cost for cluster management.
Answers
Suggested answer: A

Explanation:

https://cloud.google.com/compute/docs/disks/local-ssd

Question 78

Report
Export
Collapse

You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

A.
Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
A.
Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
Answers
B.
Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.
B.
Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.
Answers
C.
Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
C.
Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
Answers
D.
Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.
D.
Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.
Answers
Suggested answer: A

Explanation:

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service. is not right.

Kubernetes Service of type ClusterIP exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster so you can not route external traffic to this IP.

Ref:https://kubernetes.io/docs/concepts/services-networking/service/

Question 79

Report
Export
Collapse

You need to enable traffic between multiple groups of Compute Engine instances that are currently running two different GCP projects. Each group of Compute Engine instances is running in its own VPC. What should you do?

A.
Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.
A.
Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.
Answers
B.
Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.
B.
Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.
Answers
C.
Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.
C.
Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.
Answers
D.
Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.
D.
Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.
Answers
Suggested answer: B

Explanation:

Shared VPC allows an organization to connect resources from multiple projects to a common Virtual Private Cloud (VPC) network, so that they can communicate with each other securely and efficiently using internal IPs from that network. When you use Shared VPC, you designate a project as a host project and attach one or more other service projects to it. The VPC networks in the host project are called Shared VPC networks. Eligible resources from service projects can use subnets in the Shared VPC network

https://cloud.google.com/vpc/docs/shared-vpc

'For example, an existing instance in a service project cannot be reconfigured to use a Shared VPC network, but a new instance can be created to use available subnets in a Shared VPC network.'

Question 80

Report
Export
Collapse

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.

How should you configure the auditor's permissions?

A.
Create a custom role with view-only project permissions. Add the user's account to the custom role.
A.
Create a custom role with view-only project permissions. Add the user's account to the custom role.
Answers
B.
Create a custom role with view-only service permissions. Add the user's account to the custom role.
B.
Create a custom role with view-only service permissions. Add the user's account to the custom role.
Answers
C.
Select the built-in IAM project Viewer role. Add the user's account to this role.
C.
Select the built-in IAM project Viewer role. Add the user's account to this role.
Answers
D.
Select the built-in IAM service Viewer role. Add the user's account to this role.
D.
Select the built-in IAM service Viewer role. Add the user's account to this role.
Answers
Suggested answer: C

Explanation:

The primitive role roles/viewer provides read access to all resources in the project. The permissions in this role are limited to Get and list access for all resources. As we have an out of the box role that exactly fits our requirement, we should use this.

Ref:https://cloud.google.com/resource-manager/docs/access-control-proj

It is advisable to use the existing GCP provided roles over creating custom roles with similar permissions as this becomes a maintenance overhead. If GCP modifies how permissions are handled or adds/removes permissions, the default GCP provided roles are automatically updated by Google whereas if they were custom roles, the responsibility is with us and this adds to the operational overhead and needs to be avoided.

Total 289 questions
Go to page: of 29
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms