ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Architect

Google Professional Cloud Architect Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires private address space communication. Which networking approach should you use?
Your company has a Google Cloud project that uses BigQuery for data warehousing on a pay-per-use basis. You want to monitor queries in real time to discover the most costly queries and which users spend the most. What should you do?
Dress4Win has asked you to recommend machine types they should deploy their application servers to. How should you proceed?
You are implementing Firestore for Mountkirk Games. Mountkirk Games wants to give a new game programmatic access to a legacy game's Firestore database. Access should be as restricted as possible. What should you do?
Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process. What should you do?
For this question, refer to the TerramEarth case study. You start to build a new application that uses a few Cloud Functions for the backend. One use case requires a Cloud Function func_display to invoke another Cloud Function func_query. You want func_query only to accept invocations from func_display. You also want to follow Google's recommended best practices. What should you do?
Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster When releasing new versions of the application via a rolling deployment, the team has been causing outages The root cause of the outages is misconfigurations with parameters that are only used in production You want to put preventive measures for this in the platform to prevent outages What should you do?
A development manager is building a new application. He asks you to review his requirements and identify what cloud technologies he can use to meet them. The application must:
Your company's user-feedback portal comprises a standard LAMP stack replicated across two zones. It is deployed in the us-central1 region and uses autoscaled managed instance groups on all layers, except the database. Currently, only a small group of select customers have access to the portal. The portal meets a 99,99% availability SLA under these conditions. However next quarter, your company will be making the portal available to all users, including unauthenticated users. You need to develop a resiliency testing strategy to ensure the system maintains the SLA once they introduce additional user load. What should you do?
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?

Question 31

Report
Export
Collapse

The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources.

What Google domain and project structure should you recommend?

A.
Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application
A.
Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application
Answers
B.
Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications
B.
Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications
Answers
C.
Create a single G Suite account to manage users with each stage of each application in its own project
C.
Create a single G Suite account to manage users with each stage of each application in its own project
Answers
D.
Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment
D.
Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment
Answers
Suggested answer: D

Explanation:

Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need

Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates for which they are not authorized.

Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action.

References: https://cloud.google.com/kms/docs/separation-of-duties

Question 32

Report
Export
Collapse

A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops responding to SSH connections. It is still serving database requests to the application servers correctly.

What three steps should you take to diagnose the problem? Choose 3 answers.

A.
Delete the virtual machine (VM) and disks and create a new one
A.
Delete the virtual machine (VM) and disks and create a new one
Answers
B.
Delete the instance, attach the disk to a new VM, and investigate
B.
Delete the instance, attach the disk to a new VM, and investigate
Answers
C.
Take a snapshot of the disk and connect to a new machine to investigate
C.
Take a snapshot of the disk and connect to a new machine to investigate
Answers
D.
Check inbound firewall rules for the network the machine is connected to
D.
Check inbound firewall rules for the network the machine is connected to
Answers
E.
Connect the machine to another network with very simple firewall rules and investigate
E.
Connect the machine to another network with very simple firewall rules and investigate
Answers
F.
Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
F.
Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
Answers
Suggested answer: C, D, F

Explanation:

D: Handling "Unable to connect on port 22" error message Possible causes include:

There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Compute Engine instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than 22, you need to enable the access to that port with a custom firewall rule.

The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from session to session.

F: Handling "Could not connect, retrying..." error

You can verify that the daemon is running by navigating to the serial console output page and looking for output lines prefixed with the accounts-from-metadata: string. If you are using a standard image but you do not see these output prefixes in the serial console output, the daemon might be stopped. Reboot the instance to restart the daemon.

References:

https://cloud.google.com/compute/docs/ssh-in-browser https://cloud.google.com/compute/docs/ssh-in-browser

Question 33

Report
Export
Collapse

JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.

What service account key-management strategy should you recommend?

A.
Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
A.
Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
Answers
B.
Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
B.
Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
Answers
C.
Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
C.
Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
Answers
D.
Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs
D.
Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs
Answers
Suggested answer: C

Explanation:

Migrating data to Google Cloud Platform

Let's say that you have some data processing that happens on another cloud provider and you want to transfer the processed data to Google Cloud Platform. You can use a service account from the virtual machines on the external cloud to push the data to Google Cloud Platform. To do this, you must create and download a service account key when you create the service account and then use that key from the external process to call the Cloud Platform APIs.

References: https://cloud.google.com/iam/docs/understanding-service-accounts#migrating_data_to_google_cloud_platform

Question 34

Report
Export
Collapse

JencoMart has built a version of their application on Google Cloud Platform that serves traffic to Asia. You want to measure success against their business and technical goals.

Which metrics should you track?

A.
Error rates for requests from Asia
A.
Error rates for requests from Asia
Answers
B.
Latency difference between US and Asia
B.
Latency difference between US and Asia
Answers
C.
Total visits, error rates, and latency from Asia
C.
Total visits, error rates, and latency from Asia
Answers
D.
Total visits and average latency for users from Asia
D.
Total visits and average latency for users from Asia
Answers
E.
The number of character sets present in the database
E.
The number of character sets present in the database
Answers
Suggested answer: D

Explanation:

From scenario:

Business Requirements include: Expand services into Asia

Technical Requirements include: Decrease latency in Asia

Question 35

Report
Export
Collapse

The migration of JencoMart's application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is shown in the diagram. You want to maximize throughput.

What are three potential bottlenecks? Choose 3 answers.

A.
A single VPN tunnel, which limits throughput
A.
A single VPN tunnel, which limits throughput
Answers
B.
A tier of Google Cloud Storage that is not suited for this task
B.
A tier of Google Cloud Storage that is not suited for this task
Answers
C.
A copy command that is not suited to operate over long distances
C.
A copy command that is not suited to operate over long distances
Answers
D.
Fewer virtual machines (VMs) in GCP than on-premises machines
D.
Fewer virtual machines (VMs) in GCP than on-premises machines
Answers
E.
A separate storage layer outside the VMs, which is not suited for this task
E.
A separate storage layer outside the VMs, which is not suited for this task
Answers
F.
Complicated internet connectivity between the on-premises infrastructure and GCP
F.
Complicated internet connectivity between the on-premises infrastructure and GCP
Answers
Suggested answer: A, C, E

Question 36

Report
Export
Collapse

JencoMart wants to move their User Profiles database to Google Cloud Platform.

Which Google Database should they use?

A.
Cloud Spanner
A.
Cloud Spanner
Answers
B.
Google BigQuery
B.
Google BigQuery
Answers
C.
Google Cloud SQL
C.
Google Cloud SQL
Answers
D.
Google Cloud Datastore
D.
Google Cloud Datastore
Answers
Suggested answer: D

Explanation:

Common workloads for Google Cloud Datastore:

User profiles

Product catalogs

Game state

References: https://cloud.google.com/storage-options/ https://cloud.google.com/datastore/docs/concepts/overview"ƒ

Question 37

Report
Export
Collapse

Your company's test suite is a custom C++ application that runs tests throughout each day on Linux virtual machines. The full test suite takes several hours to complete, running on a limited number of on-premises servers reserved for testing. Your company wants to move the testing infrastructure to the cloud, to reduce the amount of time it takes to fully test a change to the system, while changing the tests as little as possible.

Which cloud infrastructure should you recommend?

A.
Google Compute Engine unmanaged instance groups and Network Load Balancer
A.
Google Compute Engine unmanaged instance groups and Network Load Balancer
Answers
B.
Google Compute Engine managed instance groups with auto-scaling
B.
Google Compute Engine managed instance groups with auto-scaling
Answers
C.
Google Cloud Dataproc to run Apache Hadoop jobs to process each test
C.
Google Cloud Dataproc to run Apache Hadoop jobs to process each test
Answers
D.
Google App Engine with Google StackDriver for logging
D.
Google App Engine with Google StackDriver for logging
Answers
Suggested answer: B

Explanation:

Google Compute Engine enables users to launch virtual machines (VMs) on demand. VMs can be launched from the standard images or custom images created by users.

Managed instance groups offer autoscaling capabilities that allow you to automatically add or remove instances from a managed instance group based on increases or decreases in load. Autoscaling helps your applications gracefully handle increases in traffic and reduces cost when the need for resources is lower.

Incorrect Answers:

B: There is no mention of incoming IP data traffic for the custom C++ applications.

C: Apache Hadoop is not fit for testing C++ applications. Apache Hadoop is an open-source software framework used for distributed storage and processing of datasets of big data using the MapReduce programming model.

D: Google App Engine is intended to be used for web applications.

Google App Engine (often referred to as GAE or simply App Engine) is a web framework and cloud computing platform for developing and hosting web applications in Google-managed data centers. References: https://cloud.google.com/ compute/docs/autoscaler/

Question 38

Report
Export
Collapse

A lead software engineer tells you that his new application design uses websockets and HTTP sessions that are not distributed across the web servers. You want to help him ensure his application will run properly on Google Cloud Platform.

What should you do?

A.
Help the engineer to convert his websocket code to use HTTP streaming
A.
Help the engineer to convert his websocket code to use HTTP streaming
Answers
B.
Review the encryption requirements for websocket connections with the security team
B.
Review the encryption requirements for websocket connections with the security team
Answers
C.
Meet with the cloud operations team and the engineer to discuss load balancer options
C.
Meet with the cloud operations team and the engineer to discuss load balancer options
Answers
D.
Help the engineer redesign the application to use a distributed user session service that does not rely on websockets and HTTP sessions.
D.
Help the engineer redesign the application to use a distributed user session service that does not rely on websockets and HTTP sessions.
Answers
Suggested answer: C

Explanation:

Google Cloud Platform (GCP) HTTP(S) load balancing provides global load balancing for HTTP(S) requests destined for your instances. The HTTP(S) load balancer has native support for the WebSocket protocol.

Incorrect Answers:

A: HTTP server push, also known as HTTP streaming, is a client-server communication pattern that sends information from an HTTP server to a client asynchronously, without a client request. A server push architecture is especially effective for highly interactive web or mobile applications, where one or more clients need to receive continuous information from the server. References: https://cloud.google.com/compute/docs/load-balancing/http/

Question 39

Report
Export
Collapse

The application reliability team at your company this added a debug feature to their backend service to send all server events to Google Cloud Storage for eventual analysis. The event records are at least 50 KB and at most 15 MB and are expected to peak at 3,000 events per second. You want to minimize data loss.

Which process should you implement?

A.
- Append metadata to file body- Compress individual files- Name files with serverName - Timestamp- Create a new bucket if bucket is older than 1 hour and save individual files to the new bucket. Otherwise, save files to existing bucket.
A.
- Append metadata to file body- Compress individual files- Name files with serverName - Timestamp- Create a new bucket if bucket is older than 1 hour and save individual files to the new bucket. Otherwise, save files to existing bucket.
Answers
B.
- Batch every 10,000 events with a single manifest file for metadata- Compress event files and manifest file into a single archive file- Name files using serverName - EventSequence- Create a new bucket if bucket is older than 1 day and save the single archive file to the new bucket. Otherwise, save the single archive file to existing bucket.
B.
- Batch every 10,000 events with a single manifest file for metadata- Compress event files and manifest file into a single archive file- Name files using serverName - EventSequence- Create a new bucket if bucket is older than 1 day and save the single archive file to the new bucket. Otherwise, save the single archive file to existing bucket.
Answers
C.
- Compress individual files- Name files with serverName - EventSequence- Save files to one bucket- Set custom metadata headers for each object after saving
C.
- Compress individual files- Name files with serverName - EventSequence- Save files to one bucket- Set custom metadata headers for each object after saving
Answers
D.
- Append metadata to file body- Compress individual files- Name files with a random prefix pattern- Save files to one bucket
D.
- Append metadata to file body- Compress individual files- Name files with a random prefix pattern- Save files to one bucket
Answers
Suggested answer: D

Question 40

Report
Export
Collapse

A recent audit revealed that a new network was created in your GCP project. In this network, a GCE instance has an SSH port open to the world. You want to discover this network's origin.

What should you do?

A.
Search for Create VM entry in the Stackdriver alerting console
A.
Search for Create VM entry in the Stackdriver alerting console
Answers
B.
Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry
B.
Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry
Answers
C.
In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry
C.
In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry
Answers
D.
Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list
D.
Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list
Answers
Suggested answer: C

Explanation:

Incorrect Answers:

A: To use the Stackdriver alerting console we must first set up alerting policies.

B: Data access logs only contain read-only operations.

Audit logs help you determine who did what, where, and when.

Cloud Audit Logging returns two types of logs:

Admin activity logs

Data access logs: Contains log entries for operations that perform read-only operations do not modify any data, such as get, list, and aggregated list methods.

Total 285 questions
Go to page: of 29
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms