ExamGecko
Login
Home / Google / Professional Cloud Architect / List of questions
Ask Question

Google Professional Cloud Architect Practice Test - Questions Answers, Page 4

List of questions

Question 31

Report
Export
Collapse

The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources.

What Google domain and project structure should you recommend?

Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application
Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application
Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications
Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications
Create a single G Suite account to manage users with each stage of each application in its own project
Create a single G Suite account to manage users with each stage of each application in its own project
Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment
Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment
Suggested answer: D

Explanation:

Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need

Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates for which they are not authorized.

Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action.

References: https://cloud.google.com/kms/docs/separation-of-duties

asked 18/09/2024
Francis Sailer
43 questions

Question 32

Report
Export
Collapse

A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops responding to SSH connections. It is still serving database requests to the application servers correctly.

What three steps should you take to diagnose the problem? Choose 3 answers.

Delete the virtual machine (VM) and disks and create a new one
Delete the virtual machine (VM) and disks and create a new one
Delete the instance, attach the disk to a new VM, and investigate
Delete the instance, attach the disk to a new VM, and investigate
Take a snapshot of the disk and connect to a new machine to investigate
Take a snapshot of the disk and connect to a new machine to investigate
Check inbound firewall rules for the network the machine is connected to
Check inbound firewall rules for the network the machine is connected to
Connect the machine to another network with very simple firewall rules and investigate
Connect the machine to another network with very simple firewall rules and investigate
Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
Suggested answer: C, D, F

Explanation:

D: Handling "Unable to connect on port 22" error message Possible causes include:

There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Compute Engine instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than 22, you need to enable the access to that port with a custom firewall rule.

The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from session to session.

F: Handling "Could not connect, retrying..." error

You can verify that the daemon is running by navigating to the serial console output page and looking for output lines prefixed with the accounts-from-metadata: string. If you are using a standard image but you do not see these output prefixes in the serial console output, the daemon might be stopped. Reboot the instance to restart the daemon.

References:

https://cloud.google.com/compute/docs/ssh-in-browser https://cloud.google.com/compute/docs/ssh-in-browser

asked 18/09/2024
federico monaco
35 questions

Question 33

Report
Export
Collapse

JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.

What service account key-management strategy should you recommend?

Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs
Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs
Suggested answer: C

Explanation:

Migrating data to Google Cloud Platform

Let's say that you have some data processing that happens on another cloud provider and you want to transfer the processed data to Google Cloud Platform. You can use a service account from the virtual machines on the external cloud to push the data to Google Cloud Platform. To do this, you must create and download a service account key when you create the service account and then use that key from the external process to call the Cloud Platform APIs.

References: https://cloud.google.com/iam/docs/understanding-service-accounts#migrating_data_to_google_cloud_platform

asked 18/09/2024
Azwihangwisi Ntikane
38 questions

Question 34

Report
Export
Collapse

JencoMart has built a version of their application on Google Cloud Platform that serves traffic to Asia. You want to measure success against their business and technical goals.

Which metrics should you track?

Error rates for requests from Asia
Error rates for requests from Asia
Latency difference between US and Asia
Latency difference between US and Asia
Total visits, error rates, and latency from Asia
Total visits, error rates, and latency from Asia
Total visits and average latency for users from Asia
Total visits and average latency for users from Asia
The number of character sets present in the database
The number of character sets present in the database
Suggested answer: D

Explanation:

From scenario:

Business Requirements include: Expand services into Asia

Technical Requirements include: Decrease latency in Asia

asked 18/09/2024
karl hickey
42 questions

Question 35

Report
Export
Collapse

The migration of JencoMart's application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is shown in the diagram. You want to maximize throughput.

What are three potential bottlenecks? Choose 3 answers.

Google Professional Cloud Architect image Question 5 28266 09182024191247000000

A single VPN tunnel, which limits throughput
A single VPN tunnel, which limits throughput
A tier of Google Cloud Storage that is not suited for this task
A tier of Google Cloud Storage that is not suited for this task
A copy command that is not suited to operate over long distances
A copy command that is not suited to operate over long distances
Fewer virtual machines (VMs) in GCP than on-premises machines
Fewer virtual machines (VMs) in GCP than on-premises machines
A separate storage layer outside the VMs, which is not suited for this task
A separate storage layer outside the VMs, which is not suited for this task
Complicated internet connectivity between the on-premises infrastructure and GCP
Complicated internet connectivity between the on-premises infrastructure and GCP
Suggested answer: A, C, E
asked 18/09/2024
Beatriz Mejia
42 questions

Question 36

Report
Export
Collapse

JencoMart wants to move their User Profiles database to Google Cloud Platform.

Which Google Database should they use?

Cloud Spanner
Cloud Spanner
Google BigQuery
Google BigQuery
Google Cloud SQL
Google Cloud SQL
Google Cloud Datastore
Google Cloud Datastore
Suggested answer: D

Explanation:

Common workloads for Google Cloud Datastore:

User profiles

Product catalogs

Game state

References: https://cloud.google.com/storage-options/ https://cloud.google.com/datastore/docs/concepts/overview"ƒ

asked 18/09/2024
Adrian Kustosz
36 questions

Question 37

Report
Export
Collapse

Your company's test suite is a custom C++ application that runs tests throughout each day on Linux virtual machines. The full test suite takes several hours to complete, running on a limited number of on-premises servers reserved for testing. Your company wants to move the testing infrastructure to the cloud, to reduce the amount of time it takes to fully test a change to the system, while changing the tests as little as possible.

Which cloud infrastructure should you recommend?

Google Compute Engine unmanaged instance groups and Network Load Balancer
Google Compute Engine unmanaged instance groups and Network Load Balancer
Google Compute Engine managed instance groups with auto-scaling
Google Compute Engine managed instance groups with auto-scaling
Google Cloud Dataproc to run Apache Hadoop jobs to process each test
Google Cloud Dataproc to run Apache Hadoop jobs to process each test
Google App Engine with Google StackDriver for logging
Google App Engine with Google StackDriver for logging
Suggested answer: B

Explanation:

Google Compute Engine enables users to launch virtual machines (VMs) on demand. VMs can be launched from the standard images or custom images created by users.

Managed instance groups offer autoscaling capabilities that allow you to automatically add or remove instances from a managed instance group based on increases or decreases in load. Autoscaling helps your applications gracefully handle increases in traffic and reduces cost when the need for resources is lower.

Incorrect Answers:

B: There is no mention of incoming IP data traffic for the custom C++ applications.

C: Apache Hadoop is not fit for testing C++ applications. Apache Hadoop is an open-source software framework used for distributed storage and processing of datasets of big data using the MapReduce programming model.

D: Google App Engine is intended to be used for web applications.

Google App Engine (often referred to as GAE or simply App Engine) is a web framework and cloud computing platform for developing and hosting web applications in Google-managed data centers. References: https://cloud.google.com/ compute/docs/autoscaler/

asked 18/09/2024
ONWUDIWE NYENKE
36 questions

Question 38

Report
Export
Collapse

A lead software engineer tells you that his new application design uses websockets and HTTP sessions that are not distributed across the web servers. You want to help him ensure his application will run properly on Google Cloud Platform.

What should you do?

Help the engineer to convert his websocket code to use HTTP streaming
Help the engineer to convert his websocket code to use HTTP streaming
Review the encryption requirements for websocket connections with the security team
Review the encryption requirements for websocket connections with the security team
Meet with the cloud operations team and the engineer to discuss load balancer options
Meet with the cloud operations team and the engineer to discuss load balancer options
Help the engineer redesign the application to use a distributed user session service that does not rely on websockets and HTTP sessions.
Help the engineer redesign the application to use a distributed user session service that does not rely on websockets and HTTP sessions.
Suggested answer: C

Explanation:

Google Cloud Platform (GCP) HTTP(S) load balancing provides global load balancing for HTTP(S) requests destined for your instances. The HTTP(S) load balancer has native support for the WebSocket protocol.

Incorrect Answers:

A: HTTP server push, also known as HTTP streaming, is a client-server communication pattern that sends information from an HTTP server to a client asynchronously, without a client request. A server push architecture is especially effective for highly interactive web or mobile applications, where one or more clients need to receive continuous information from the server. References: https://cloud.google.com/compute/docs/load-balancing/http/

asked 18/09/2024
Rodolfo Ponce
38 questions

Question 39

Report
Export
Collapse

The application reliability team at your company this added a debug feature to their backend service to send all server events to Google Cloud Storage for eventual analysis. The event records are at least 50 KB and at most 15 MB and are expected to peak at 3,000 events per second. You want to minimize data loss.

Which process should you implement?

- Append metadata to file body- Compress individual files- Name files with serverName - Timestamp- Create a new bucket if bucket is older than 1 hour and save individual files to the new bucket. Otherwise, save files to existing bucket.
- Append metadata to file body- Compress individual files- Name files with serverName - Timestamp- Create a new bucket if bucket is older than 1 hour and save individual files to the new bucket. Otherwise, save files to existing bucket.
- Batch every 10,000 events with a single manifest file for metadata- Compress event files and manifest file into a single archive file- Name files using serverName - EventSequence- Create a new bucket if bucket is older than 1 day and save the single archive file to the new bucket. Otherwise, save the single archive file to existing bucket.
- Batch every 10,000 events with a single manifest file for metadata- Compress event files and manifest file into a single archive file- Name files using serverName - EventSequence- Create a new bucket if bucket is older than 1 day and save the single archive file to the new bucket. Otherwise, save the single archive file to existing bucket.
- Compress individual files- Name files with serverName - EventSequence- Save files to one bucket- Set custom metadata headers for each object after saving
- Compress individual files- Name files with serverName - EventSequence- Save files to one bucket- Set custom metadata headers for each object after saving
- Append metadata to file body- Compress individual files- Name files with a random prefix pattern- Save files to one bucket
- Append metadata to file body- Compress individual files- Name files with a random prefix pattern- Save files to one bucket
Suggested answer: D
asked 18/09/2024
Tiago Carvalho
47 questions

Question 40

Report
Export
Collapse

A recent audit revealed that a new network was created in your GCP project. In this network, a GCE instance has an SSH port open to the world. You want to discover this network's origin.

What should you do?

Search for Create VM entry in the Stackdriver alerting console
Search for Create VM entry in the Stackdriver alerting console
Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry
Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry
In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry
In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry
Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list
Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list
Suggested answer: C

Explanation:

Incorrect Answers:

A: To use the Stackdriver alerting console we must first set up alerting policies.

B: Data access logs only contain read-only operations.

Audit logs help you determine who did what, where, and when.

Cloud Audit Logging returns two types of logs:

Admin activity logs

Data access logs: Contains log entries for operations that perform read-only operations do not modify any data, such as get, list, and aggregated list methods.

asked 18/09/2024
alain giansily
40 questions
Total 285 questions
Go to page: of 29
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Mountkirk Games wants to set up a real-time analytics platform for their new game. The new platform must meet their technical requirements. Which combination of Google technologies will meet all of their requirements?
You are responsible for the Google Cloud environment in your company Multiple departments need access to their own projects and the members within each department will have the same project responsibilities You want to structure your Google Cloud environment for minimal maintenance and maximum overview of 1AM permissions as each department's projects start and end You want to follow Google-recommended practices What should you do?
Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster When releasing new versions of the application via a rolling deployment, the team has been causing outages The root cause of the outages is misconfigurations with parameters that are only used in production You want to put preventive measures for this in the platform to prevent outages What should you do?
Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires private address space communication. Which networking approach should you use?
TerramEarth's 20 million vehicles are scattered around the world. Based on the vehicle's location, its telemetry data is stored in a Google Cloud Storage (GCS) regional bucket (US, Europe, or Asia). The CTO has asked you to run a report on the raw telemetry data to determine why vehicles are breaking down after 100 K miles. You want to run this job on all the data. What is the most cost-effective way to run this job?
JencoMart wants to move their User Profiles database to Google Cloud Platform. Which Google Database should they use?
Your company has a Google Cloud project that uses BigQuery for data warehousing on a pay-per-use basis. You want to monitor queries in real time to discover the most costly queries and which users spend the most. What should you do?
Dress4Win has asked you to recommend machine types they should deploy their application servers to. How should you proceed?
One of the developers on your team deployed their application in Google Container Engine with the Dockerfile below. They report that their application deployments are taking too long. You want to optimize this Dockerfile for faster deployment times without adversely affecting the app's functionality. Which two actions should you take? Choose 2 answers.
You are implementing Firestore for Mountkirk Games. Mountkirk Games wants to give a new game programmatic access to a legacy game's Firestore database. Access should be as restricted as possible. What should you do?