ExamGecko
Login
Home / Google / Associate Cloud Engineer / List of questions
Ask Question

Google Associate Cloud Engineer Practice Test - Questions Answers, Page 8

List of questions

Question 71

Report
Export
Collapse

You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under 'Access scopes'.
Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.
Suggested answer: A

Explanation:

As mentioned above, Container Registry ignores permissions set on individual objects within the storage bucket so this isnt going to work.

Ref:https://cloud.google.com/container-registry/docs/access-control

asked 18/09/2024
Narender B
31 questions

Question 72

Report
Export
Collapse

You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.

Google Associate Cloud Engineer image Question 72 27587 09182024191153000000

You check the status of the deployed pods and notice that one of them is still in PENDING status:

Google Associate Cloud Engineer image Question 72 27587 09182024191153000000

You want to find out why the pod is stuck in pending status. What should you do?

Review details of the myapp-service Service object and check for error messages.
Review details of the myapp-service Service object and check for error messages.
Review details of the myapp-deployment Deployment object and check for error messages.
Review details of the myapp-deployment Deployment object and check for error messages.
Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
Suggested answer: C

Explanation:

https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/#debugging-pods

asked 18/09/2024
kinshuk choubisa
30 questions

Question 73

Report
Export
Collapse

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

After the VM has been created, use your Google Account credentials to log in into the VM.
After the VM has been created, use your Google Account credentials to log in into the VM.
After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.
After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.
When creating the VM, add metadata to the instance using 'windows-password' as the key and a password as the value.
When creating the VM, add metadata to the instance using 'windows-password' as the key and a password as the value.
After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.
After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.
Suggested answer: B

Explanation:

You can generate Windows passwords using either the Google Cloud Console or the gcloud command-line tool. This option uses the right syntax to reset the windows password.

gcloud compute reset-windows-password windows-instance

Ref:https://cloud.google.com/compute/docs/instances/windows/creating-passwords-for-windows-instances#gcloud

asked 18/09/2024
Farah Fauzi
41 questions

Question 74

Report
Export
Collapse

You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.
Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.
Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.
Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.
Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.
Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.
Suggested answer: A

Explanation:

After you enable OS Login on one or more instances in your project, those VMs accept connections only from user accounts that have the necessary IAM roles in your project or organization. In this case, we are granting the group compute.osLogin which lets them log in as non-administrator account. And since we are directing them to use Cloud Shell to ssh, we dont need to add their SSH keys to the instance metadata. Ref:https://cloud.google.com/compute/docs/instances/managing-instance-access#configure_users Ref:https://cloud.google.com/compute/docs/instances/managing-instance-access#add_oslogin_keys

asked 18/09/2024
Renier Janse van Rensburg
42 questions

Question 75

Report
Export
Collapse

You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

Run gcloud projects list to get the project ID, and then run gcloud services list --project .
Run gcloud projects list to get the project ID, and then run gcloud services list --project .
Run gcloud init to set the current project to my-project, and then run gcloud services list --available.
Run gcloud init to set the current project to my-project, and then run gcloud services list --available.
Run gcloud info to view the account value, and then run gcloud services list --account <Account>.
Run gcloud info to view the account value, and then run gcloud services list --account <Account>.
Run gcloud projects describe to verify the project value, and then run gcloud services list --available.
Run gcloud projects describe to verify the project value, and then run gcloud services list --available.
Suggested answer: A

Explanation:

`gcloud services list --available` returns not only the enabled services in the project but also services that CAN be enabled.

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

Run the following command to list the enabled APIs and services in your current project:

gcloud services list

whereas, Run the following command to list the APIs and services available to you in your current project:

gcloud services list --available

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

--available

Return the services available to the project to enable. This list will include any services that the project has already enabled.

To list the services the current project has enabled for consumption, run:

gcloud services list --enabled

To list the services the current project can enable for consumption, run:

gcloud services list --available

asked 18/09/2024
Liaqat Bashir
31 questions

Question 76

Report
Export
Collapse

You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.
Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.
Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.
Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.
Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.
Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.
Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.
Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.
Suggested answer: D

Explanation:

GCP App Engine natively offers traffic splitting functionality between versions. You can use traffic splitting to specify a percentage distribution of traffic across two or more of the versions within a service. Splitting traffic allows you to conduct A/B testing between your versions and provides control over the pace when rolling out features.

Ref:https://cloud.google.com/appengine/docs/standard/python/splitting-traffic

asked 18/09/2024
Dang Xuan Bao
41 questions

Question 77

Report
Export
Collapse

You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?

Fill in local SSD. Fill in persistent disk storage and snapshot storage.
Fill in local SSD. Fill in persistent disk storage and snapshot storage.
Fill in local SSD. Add estimated cost for cluster management.
Fill in local SSD. Add estimated cost for cluster management.
Select Add GPUs. Fill in persistent disk storage and snapshot storage.
Select Add GPUs. Fill in persistent disk storage and snapshot storage.
Select Add GPUs. Add estimated cost for cluster management.
Select Add GPUs. Add estimated cost for cluster management.
Suggested answer: A

Explanation:

https://cloud.google.com/compute/docs/disks/local-ssd

asked 18/09/2024
TIAM HERVE
47 questions

Question 78

Report
Export
Collapse

You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.
Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.
Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.
Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.
Suggested answer: A

Explanation:

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service. is not right.

Kubernetes Service of type ClusterIP exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster so you can not route external traffic to this IP.

Ref:https://kubernetes.io/docs/concepts/services-networking/service/

asked 18/09/2024
Hassene SAADI
30 questions

Question 79

Report
Export
Collapse

You need to enable traffic between multiple groups of Compute Engine instances that are currently running two different GCP projects. Each group of Compute Engine instances is running in its own VPC. What should you do?

Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.
Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.
Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.
Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.
Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.
Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.
Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.
Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.
Suggested answer: B

Explanation:

Shared VPC allows an organization to connect resources from multiple projects to a common Virtual Private Cloud (VPC) network, so that they can communicate with each other securely and efficiently using internal IPs from that network. When you use Shared VPC, you designate a project as a host project and attach one or more other service projects to it. The VPC networks in the host project are called Shared VPC networks. Eligible resources from service projects can use subnets in the Shared VPC network

https://cloud.google.com/vpc/docs/shared-vpc

'For example, an existing instance in a service project cannot be reconfigured to use a Shared VPC network, but a new instance can be created to use available subnets in a Shared VPC network.'

asked 18/09/2024
rami Awad
36 questions

Question 80

Report
Export
Collapse

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.

How should you configure the auditor's permissions?

Create a custom role with view-only project permissions. Add the user's account to the custom role.
Create a custom role with view-only project permissions. Add the user's account to the custom role.
Create a custom role with view-only service permissions. Add the user's account to the custom role.
Create a custom role with view-only service permissions. Add the user's account to the custom role.
Select the built-in IAM project Viewer role. Add the user's account to this role.
Select the built-in IAM project Viewer role. Add the user's account to this role.
Select the built-in IAM service Viewer role. Add the user's account to this role.
Select the built-in IAM service Viewer role. Add the user's account to this role.
Suggested answer: C

Explanation:

The primitive role roles/viewer provides read access to all resources in the project. The permissions in this role are limited to Get and list access for all resources. As we have an out of the box role that exactly fits our requirement, we should use this.

Ref:https://cloud.google.com/resource-manager/docs/access-control-proj

It is advisable to use the existing GCP provided roles over creating custom roles with similar permissions as this becomes a maintenance overhead. If GCP modifies how permissions are handled or adds/removes permissions, the default GCP provided roles are automatically updated by Google whereas if they were custom roles, the responsibility is with us and this adds to the operational overhead and needs to be avoided.

asked 18/09/2024
Scott Whitney
43 questions
Total 296 questions
Go to page: of 30
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below: You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status: What is the most likely cause?
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?
Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?
You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your dat
Users of your application are complaining of slowness when loading the application. You realize the slowness is because the App Engine deployment serving the application is deployed in us-central whereas all users of this application are closest to europe-west3. You want to change the region of the App Engine application to europe-west3 to minimize latency. What's the best way to change the App Engine region?
You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?
You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?
You have downloaded and installed the gcloud command line interface (CLI) and have authenticated with your Google Account. Most of your Compute Engine instances in your project run in the europe-west1-d zone. You want to avoid having to specify this zone with each CLI command when managing these instances. What should you do?
You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?