ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Architect

Google Professional Cloud Architect Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires private address space communication. Which networking approach should you use?
Your company has a Google Cloud project that uses BigQuery for data warehousing on a pay-per-use basis. You want to monitor queries in real time to discover the most costly queries and which users spend the most. What should you do?
Dress4Win has asked you to recommend machine types they should deploy their application servers to. How should you proceed?
For this question, refer to the TerramEarth case study. You start to build a new application that uses a few Cloud Functions for the backend. One use case requires a Cloud Function func_display to invoke another Cloud Function func_query. You want func_query only to accept invocations from func_display. You also want to follow Google's recommended best practices. What should you do?
You are implementing Firestore for Mountkirk Games. Mountkirk Games wants to give a new game programmatic access to a legacy game's Firestore database. Access should be as restricted as possible. What should you do?
Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster When releasing new versions of the application via a rolling deployment, the team has been causing outages The root cause of the outages is misconfigurations with parameters that are only used in production You want to put preventive measures for this in the platform to prevent outages What should you do?
A development manager is building a new application. He asks you to review his requirements and identify what cloud technologies he can use to meet them. The application must:
Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process. What should you do?
Your company's user-feedback portal comprises a standard LAMP stack replicated across two zones. It is deployed in the us-central1 region and uses autoscaled managed instance groups on all layers, except the database. Currently, only a small group of select customers have access to the portal. The portal meets a 99,99% availability SLA under these conditions. However next quarter, your company will be making the portal available to all users, including unauthenticated users. You need to develop a resiliency testing strategy to ensure the system maintains the SLA once they introduce additional user load. What should you do?
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?

Question 21

Report
Export
Collapse

For this question, refer to the EHR Healthcare case study. You need to define the technical architecture for hybrid connectivity between EHR's on-premises systems and Google Cloud. You want to follow Google's recommended practices for production-level applications. Considering the EHR Healthcare business and technical requirements, what should you do?

A.
Configure two Partner Interconnect connections in one metro (City), and make sure the Interconnect connections are placed in different metro zones.
A.
Configure two Partner Interconnect connections in one metro (City), and make sure the Interconnect connections are placed in different metro zones.
Answers
B.
Configure two VPN connections from on-premises to Google Cloud, and make sure the VPN devices on-premises are in separate racks.
B.
Configure two VPN connections from on-premises to Google Cloud, and make sure the VPN devices on-premises are in separate racks.
Answers
C.
Configure Direct Peering between EHR Healthcare and Google Cloud, and make sure you are peering at least two Google locations.
C.
Configure Direct Peering between EHR Healthcare and Google Cloud, and make sure you are peering at least two Google locations.
Answers
D.
Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.
D.
Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.
Answers
Suggested answer: D

Question 22

Report
Export
Collapse

For this question, refer to the EHR Healthcare case study. You are a developer on the EHR customer portal team. Your team recently migrated the customer portal application to Google Cloud. The load has increased on the application servers, and now the application is logging many timeout errors. You recently incorporated Pub/Sub into the application architecture, and the application is not logging any Pub/Sub publishing errors. You want to improve publishing latency.

What should you do?

A.
Increase the Pub/Sub Total Timeout retry value.
A.
Increase the Pub/Sub Total Timeout retry value.
Answers
B.
Move from a Pub/Sub subscriber pull model to a push model.
B.
Move from a Pub/Sub subscriber pull model to a push model.
Answers
C.
Turn off Pub/Sub message batching.
C.
Turn off Pub/Sub message batching.
Answers
D.
Create a backup Pub/Sub message queue.
D.
Create a backup Pub/Sub message queue.
Answers
Suggested answer: C

Question 23

Report
Export
Collapse

For this question, refer to the EHR Healthcare case study. In the past, configuration errors put public IP addresses on backend servers that should not have been accessible from the Internet. You need to ensure that no one can put external IP addresses on backend Compute Engine instances and that external IP addresses can only be configured on frontend Compute Engine instances. What should you do?

A.
Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
A.
Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
Answers
B.
Revoke the compute.networkAdmin role from all users in the project with front end instances.
B.
Revoke the compute.networkAdmin role from all users in the project with front end instances.
Answers
C.
Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.
C.
Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.
Answers
D.
Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.
D.
Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.
Answers
Suggested answer: A

Question 24

Report
Export
Collapse

For this question, refer to the EHR Healthcare case study. You are responsible for designing the Google Cloud network architecture for Google Kubernetes Engine. You want to follow Google best practices. Considering the EHR Healthcare business and technical requirements, what should you do to reduce the attack surface?

A.
Use a private cluster with a private endpoint with master authorized networks configured.
A.
Use a private cluster with a private endpoint with master authorized networks configured.
Answers
B.
Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.
B.
Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.
Answers
C.
Use a private cluster with a public endpoint with master authorized networks configured.
C.
Use a private cluster with a public endpoint with master authorized networks configured.
Answers
D.
Use a public cluster with master authorized networks enabled and firewall rules.
D.
Use a public cluster with master authorized networks enabled and firewall rules.
Answers
Suggested answer: A

Explanation:

Question 25

Report
Export
Collapse

For this question, refer to the Helicopter Racing League (HRL) case study. Your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. You need to implement a custom card tokenization service that meets the following requirements:

• It must provide low latency at minimal cost.

• It must be able to identify duplicate credit cards and must not store plaintext card numbers.

• It should support annual key rotation.

Which storage approach should you adopt for your tokenization service?

A.
Store the card data in Secret Manager after running a query to identify duplicates.
A.
Store the card data in Secret Manager after running a query to identify duplicates.
Answers
B.
Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode.
B.
Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode.
Answers
C.
Encrypt the card data with a deterministic algorithm and shard it across multiple Memorystore instances.
C.
Encrypt the card data with a deterministic algorithm and shard it across multiple Memorystore instances.
Answers
D.
Use column-level encryption to store the data in Cloud SQL.
D.
Use column-level encryption to store the data in Cloud SQL.
Answers
Suggested answer: B

Question 26

Report
Export
Collapse

For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer. Which command should you use?

A.
gcloud compute security-policies rules update 1000 \--security-policy from-fastly \--src-ip-ranges * \--action "allow"
A.
gcloud compute security-policies rules update 1000 \--security-policy from-fastly \--src-ip-ranges * \--action "allow"
Answers
B.
gcloud compute firewall rules update sourceiplist-fastly \--priority 100 \--allow tcp:443
B.
gcloud compute firewall rules update sourceiplist-fastly \--priority 100 \--allow tcp:443
Answers
C.
gcloud compute firewall rules update hir-policy \--priority 100 \--target-tags=sourceiplist-fastly \--allow tcp:443
C.
gcloud compute firewall rules update hir-policy \--priority 100 \--target-tags=sourceiplist-fastly \--allow tcp:443
Answers
D.
gcloud compute security-policies rules update 1000 \--security-policy hir-policy \--expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \--action "allow"
D.
gcloud compute security-policies rules update 1000 \--security-policy hir-policy \--expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \--action "allow"
Answers
Suggested answer: D

Explanation:

Reference: https://cloud.google.com/load-balancing/docs/https

Question 27

Report
Export
Collapse

For this question, refer to the Helicopter Racing League (HRL) case study. The HRL development team releases a new version of their predictive capability application every Tuesday evening at 3 a.m. UTC to a repository. The security team at HRL has developed an in-house penetration test Cloud Function called Airwolf. The security team wants to run Airwolf against the predictive capability application as soon as it is released every Tuesday. You need to set up Airwolf to run at the recurring weekly cadence. What should you do?

A.
Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.
A.
Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.
Answers
B.
Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.
B.
Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.
Answers
C.
Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.
C.
Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.
Answers
D.
Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.
D.
Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.
Answers
Suggested answer: C

Question 28

Report
Export
Collapse

For this question, refer to the Helicopter Racing League (HRL) case study. HRL wants better prediction accuracy from their ML prediction models. They want you to use Google's AI Platform so HRL can understand and interpret the predictions. What should you do?

A.
Use Explainable AI.
A.
Use Explainable AI.
Answers
B.
Use Vision AI.
B.
Use Vision AI.
Answers
C.
Use Google Cloud's operations suite.
C.
Use Google Cloud's operations suite.
Answers
D.
Use Jupyter Notebooks.
D.
Use Jupyter Notebooks.
Answers
Suggested answer: A

Explanation:

Reference: https://cloud.google.com/ai-platform/prediction/docs/ai-explanations/preparing-metadata

Question 29

Report
Export
Collapse

For this question, refer to the Helicopter Racing League (HRL) case study. HRL is looking for a cost-effective approach for storing their race data such as telemetry. They want to keep all historical records, train models using only the previous season's data, and plan for data growth in terms of volume and information collected. You need to propose a data solution. Considering HRL business requirements and the goals expressed by CEO S. Hawke, what should you do?

A.
Use Firestore for its scalable and flexible document-based database. Use collections to aggregate race data by season and event.
A.
Use Firestore for its scalable and flexible document-based database. Use collections to aggregate race data by season and event.
Answers
B.
Use Cloud Spanner for its scalability and ability to version schemas with zero downtime. Split race data using season as a primary key.
B.
Use Cloud Spanner for its scalability and ability to version schemas with zero downtime. Split race data using season as a primary key.
Answers
C.
Use BigQuery for its scalability and ability to add columns to a schema. Partition race data based on season.
C.
Use BigQuery for its scalability and ability to add columns to a schema. Partition race data based on season.
Answers
D.
Use Cloud SQL for its ability to automatically manage storage increases and compatibility with MySQL. Use separate database instances for each season.
D.
Use Cloud SQL for its ability to automatically manage storage increases and compatibility with MySQL. Use separate database instances for each season.
Answers
Suggested answer: C

Explanation:

Reference: https://cloud.google.com/bigquery/public-data

Question 30

Report
Export
Collapse

For this question, refer to the Helicopter Racing League (HRL) case study. A recent finance audit of cloud infrastructure noted an exceptionally high number of Compute Engine instances are allocated to do video encoding and transcoding.

You suspect that these Virtual Machines are zombie machines that were not deleted after their workloads completed. You need to quickly get a list of which VM instances are idle. What should you do?

A.
Log into each Compute Engine instance and collect disk, CPU, memory, and network usage statistics for analysis.
A.
Log into each Compute Engine instance and collect disk, CPU, memory, and network usage statistics for analysis.
Answers
B.
Use the gcloud compute instances list to list the virtual machine instances that have the idle: true label set.
B.
Use the gcloud compute instances list to list the virtual machine instances that have the idle: true label set.
Answers
C.
Use the gcloud recommender command to list the idle virtual machine instances.
C.
Use the gcloud recommender command to list the idle virtual machine instances.
Answers
D.
From the Google Console, identify which Compute Engine instances in the managed instance groups are no longer responding to health check probes.
D.
From the Google Console, identify which Compute Engine instances in the managed instance groups are no longer responding to health check probes.
Answers
Suggested answer: C

Explanation:

Reference: https://cloud.google.com/compute/docs/instances/viewing-and-applying-idle-vm-recommendations

Total 285 questions
Go to page: of 29
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms