125 to 200 Sexy Flashcards

Question 1

Q

Your company publishes large files on an Apache web server that runs on a Compute Engine instance.
The Apache web server is not the only application running in the project. You want to receive an email
when the egress network costs for the server exceed 100 dollars for the current month as measured by
Google Cloud.
What should you do?

Answer

A

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the
egress network costs of the exported billing data for the Apache web server for the current month
and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to
run hourly.

Question 2

Q

You have designed a solution on Google Cloud that uses multiple Google Cloud products. Your company
has asked you to estimate the costs of the solution. You need to provide estimates for the monthly total
cost. What should you do?

Answer

A

For each Google Cloud product in the solution, review the pricing details on the products
pricing page. Use the pricing calculator to total the monthly costs for each Google Cloud product.

Question 3

Q

You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application
are located all over the world. You want to minimize latency for the clients. Which load balancing option
should you use?

Answer

A

SSL Proxy Load Balancer

Question 4

Q

You have an application on a general-purpose Compute Engine instance that is experiencing excessive
disk read throttling on its Zonal SSD Persistent Disk. The application primarily reads large files from disk.
The disk size is currently 350 GB. You want to provide the maximum amount of throughput while
minimizing costs.
What should you do?

Answer

A

Migrate to use a Local SSD on the instance.

Question 5

Q

Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range
172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new
VMs to communicate with your cluster using the minimum number of steps. What should you do?

Answer

A

Modify the existing subnet range to 172.16.20.0/24.

Question 6

Q

You manage an App Engine Service that aggregates and visualizes data from BigQuery. The application is
deployed with the default App Engine Service account.
The data that needs to be visualized resides in a different project managed by another team. You do not
have access to this project, but you want your application to be able to read data from the BigQuery
dataset. What should you do?

Answer

A

Ask the other team to grant your default App Engine Service account the role of BigQuery Data
Viewer.

Question 7

Q

You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected
increase in application traffic due to a business acquisition.
What should you do?

Answer

A

Create a Compute Engine snapshot of your base VM. Create your instances from that
snapshot.

Question 8

Q

You have deployed an application on a single Compute Engine instance. The application writes logs to
disk. Users start reporting errors with the application. You want to diagnose the problem. What should
you do?

Answer

A

Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

Question 9

Q

An application generates daily reports in a Compute Engine virtual machine (VM). The VM is in the
project corp-iot-insights. Your team operates only in the project corp-aggregate-reports and needs a copy
of the daily exports in the bucket corp-aggregate-reports-storage. You want to configure access so that
the daily reports from the VM are available in the bucket corp-aggregate-reports-storage and use as few
steps as possible while following Google-recommended practices. What should you do?

Answer

A

Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-
storage.

Question 10

Q

You built an application on your development laptop that uses Google Cloud services. Your application
uses Application Default Credentials for authentication and works fine on your development laptop. You
want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication
using Google- recommended practices and minimal changes. What should you do?

Answer

A

Create a service account with appropriate access for Google services, and configure the
application to use this account.

Question 11

Q

You need to create a Compute Engine instance in a new project that doesn’t exist yet. What should you
do?

Answer

A

Using the Cloud SDK, create a new project, enable the Compute Engine API in that project, and
then create the instance specifying your new project.

Question 12

Q

Your company runs one batch process in an on-premises server that takes around 30 hours to complete.
The task runs monthly, can be performed offline, and must be restarted if interrupted. You want to
migrate this workload to the cloud while minimizing cost. What should you do?

Answer

A

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

Question 13

Q

You are developing a new application and are looking for a Jenkins installation to build and deploy your
source code. You want to automate the installation as quickly and easily as possible. What should you
do?

Answer

A

Deploy Jenkins through the Google Cloud Marketplace.

Question 14

Q

You have downloaded and installed the gcloud command line interface (CLI) and have authenticated with
your Google Account. Most of your Compute Engine instances in your project run in the europe-west1-d
zone. You want to avoid having to specify this zone with each CLI command when managing these
instances.
What should you do?

Answer

A

Set the europe-west1-d zone as the default zone using the gcloud config subcommand.

Question 15

Q

The core business of your company is to rent out construction equipment at large scale. All the
equipment that is being rented out has been equipped with multiple sensors that send event information
every few seconds. These signals can vary from engine status, distance traveled, fuel level, and more.
Customers are billed based on the consumption monitored by these sensors. You expect high throughput
ג€ “up to thousands of events per hour per device ג€ “and need to retrieve consistent data based on the
time of the event. Storing and retrieving individual signals should be atomic. What should you do?

Answer

A

Ingest the data into Cloud Bigtable. Create a row key based on the event timestamp.

Question 16

Q

You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a
single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

Answer

A

Enable API, create a workspace under project A, and then add projects B and C.

Question 17

Q

You created several resources in multiple Google Cloud projects. All projects are linked to different
billing accounts. To better estimate future charges, you want to have a single visual representation of all
costs incurred. You want to include new cost data as soon as possible. What should you do?

Answer

A

Configure Billing Data Export to BigQuery and visualize the data in Data Studio.

Question 18

Q

Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual
Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no
public Internet traffic can be routed to it. What should you do?

Answer

A

Create the instance without a public IP address.

Question 19

Q

Your team maintains the infrastructure for your organization. The current infrastructure requires
changes. You need to share your proposed changes with the rest of the team. You want to follow
Google’s recommended best practices. What should you do?

Answer

A

Use Deployment Manager templates to describe the proposed changes and store them in
Cloud Source Repositories.

Question 20

Q

You have a Compute Engine instance hosting an application used between 9 AM and 6 PM on weekdays.
You want to back up this instance daily for disaster recovery purposes. You want to keep the backups for
30 days. You want the Google-recommended solution with the least management overhead and the least
number of services. What should you do?

Answer

A

In the Cloud Console, go to the Compute Engine Disks page and select your instance’s disk.
In the Snapshot Schedule section, select Create Schedule and configure the following
parameters: - Schedule frequency: Daily - Start time: 1:00 AM 2:00” €ג AM - Autodelete snapshots
after: 30 days

Question 21

Q

Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running
on four GKE n1ג€”standard2”€ג nodes. You need to deploy additional pods requiring n2ג€”highmem16”€ג
nodes without any downtime. What should you do?

Answer

A

Create a new Node Pool and specify machine type n2ג€”highmem16”€ג. Deploy the new pods.

Question 22

Q

You have an application that uses Cloud Spanner as a database backend to keep current state
information about users. Cloud Bigtable logs all events triggered by users. You export Cloud
Spanner data to Cloud Storage during daily backups. One of your analysts asks you to join data
from Cloud Spanner and Cloud Bigtable for specific users. You want to complete this ad hoc request as efficiently as possible.
What should you do?

Answer

A

Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific
users.

Question 23

Q

You are hosting an application from Compute Engine virtual machines (VMs) in usג€”central1ג€”a.
You want to adjust your design to support the failure of a single Compute Engine zone, eliminate downti m e, and minimize cost. What should you do?

Answer

A

ג€ “Create Compute Engine resources in usג€”central1ג€”b. ג€ “Balance the load across both
usג€”central1ג€”a and usג€”central1ג€”b.

Question 24

Q

A colleague handed over a Google Cloud Platform project for you to maintai n. As part of a securi ty
checkup, you want to review who has been granted the Project
Owner role. What should you do?

Answer

A

Use the command gcloud projects getג€”iamג€”policy to view the current role assignments.

Question 25

Q

You are running multiple VPC-native Google Kubernetes Engine clusters in the same subnet. The
IPs available for the nodes are exhausted, and you want to ensure that the clusters can grow in
nodes when needed. What should you do?

Answer

A

Expand the CIDR range of the relevant subnet for the cluster.

Question 26

Q

You have a batch workload that runs every night and uses a large number of virtual machines
(VMs). It is fault-tolerant and can tolerate some of the VMs being terminated. The current cost of
VMs is too high. What should you do?

Answer

A

Run a test using simulated maintenance events. If the test is successful, use preemptible N1
Standard VMs when running future jobs.

Question 27

Q

You are working with a user to set up an application in a new VPC behind a firewall. The user is
concerned about data egress. You want to configure the fewest open egress ports. What should
you do?

Answer

A

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that
allows only the appropriate ports.

Question 28

Q

Your company runs its Linux workloads on Compute Engine instances. Your company will be
working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can
maintain the installed tooling. What should you do?

Answer

A

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud
IAP Tunnel User.

Question 29

Q

You have created a code snippet that should be triggered whenever a new file is uploaded to a
Cloud Storage bucket. You want to deploy this code snippet. What should you do?

Answer

A

Use Cloud Functions and configure the bucket as a trigger resource.

Question 30

Q

You have been asked to set up Object Lifecycle Management for objects stored in storage buckets.
The objects are written once and accessed frequently for 30 days. After 30 days, the objects are
not read again unless there is a special need. The objects should be kept for three years, and you
need to minimize cost. What should you do?

Answer

A

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for
three years.

Question 31

Q

You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be
able to record all requests that read any of the stored data. You want to make sure you comply
with these requirements. What should you do?

Answer

A

Enable Data Access audit logs for the Cloud Storage API.

Question 32

Q

You are the team lead of a group of 10 developers. You provided each developer with an individual
Google Cloud Project that they can use as their personal sandbox to experiment with different
Google Cloud solutions. You want to be notified if any of the developers are spending above $500
per month on their sandbox environment. What should you do?

Answer

A

Create a budget per project and configure budget alerts on all of these budgets.

Question 33

Q

You are deployi ng a produc tion applicati on on Compute Engine. You want to prevent anyone from
accidentally destroying the instance by clicking the wrong button. What should you do?

Answer

A

Enable delete protection on the instance.

Question 34

Q

Your company uses a large number of Google Cloud services centralized in a single project. All
teams have specific projects for testing and development. The DevOps team needs access to all of the produc tion services in order to perform their job. You want
to prevent Google Cloud product changes from broadening their permissions in the future. You
want to follow Google-recommended practices. What should you do?

Answer

A

Create a custom role that combines the required permissions. Grant the DevOps team the
custom role on the production project.

Question 35

Q

You are building an application that processes data files uploaded from thousands of suppliers.
Your primary goals for the application are data security and the expiration of aged data. You need
to design the application to:
ג€¢ Restrict access so that suppliers can access only their own data.
ג€¢ Give suppliers write access to data only for 30 minutes.
ג€¢ Delete data that is over 45 days old.
You have a very short developm ent cycle, and you need to make sure that the application requires
minimal maintenance. Which two strategies should you use?
(Choose two.)

Answer

A

A AND B - Build a lifecycle policy to delete Cloud Storage objects after 45 days. + Use signed URLs to allow suppliers limited time access to store their objects.

Question 36

Q

Your company wants to standardize the creation and management of multiple Google Cloud
resources using Infrastructure as Code. You want to minimize the amount of repetitive code
needed to manage the environment. What should you do?

Answer

A

Develop templates for the environment using Cloud Deployment Manager.

Question 37

Q

You are performi ng a monthly security check of your Google Cloud environm ent and want to know
who has access to view data stored in your Google Cloud
Project. What should you do?

Answer

A

Review the IAM permissions for any role that allows for data access.

Question 38

Q

Your company has embraced a hybrid cloud strategy where some of the applications are deployed
on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC)
in Google Cloud with your company’s on-premises network. Multiple applications in Google Cloud
need to connect to an on-premises database server, and you want to avoid having to change the IP
configuration in all of your applications when the IP of the database changes.
What should you do?

Answer

A

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

Question 39

Q

You have developed a containerized web application that will serve internal colleagues during
business hours. You want to ensure that no costs are incurred outside of the hours the application
is used. You have just created a new Google Cloud project and want to deploy the application.
What should you do?

Answer

A

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances
to zero.

Question 40

Q

You have experimented with Google Cloud using your own credit card and expensed the costs to
your company. Your company wants to streamline the billing process and charge the costs of your
projects to their monthly invoice. What should you do?

Answer

A

Change the billing account of your projects to the billing account of your company.

Question 41

Q

You are running a data warehouse on BigQuery. A partner company is offering a recommendation
engine based on the data in your data warehouse. The partner company is also running their
application on Google Cloud. They manage the resources in their own project, but they need
access to the BigQuery dataset in your project. You want to provide the partner company with
access to the dataset. What should you do?

Answer

A

Ask the partner to create a Service Account in their project, and grant their Service Account
access to the BigQuery dataset in your project.

Question 42

Q

Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate
an updated version of the application with a specific percentage of your production users (canary
deployment). What should you do?

Answer

A

Create a new revision with the new version of the application. Split traffic between this version
and the version that is currently running.

Question 43

Q

Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting
to the game with their personal phones over the Internet. The game sends UDP packets to update
the servers about the gamers’ actions while they are playing in multiplayer mode. Your game
backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a
single IP address. What should you do?

Answer

A

Configure an External Network load balancer in front of the application servers.

Question 44

Q

You are working for a hospital that stores its medical images in an on-premises data room. The
hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an
automated process to upload any new medical images to Cloud Storage. You need to design and
implement a solution. What should you do?

Answer

A

Create a script that uses the gsutil command line interface to synchronize the on-premises
storage with Cloud Storage. Schedule the script as a cron job.

Question 45

Q

Your auditor wants to view your organization’s use of data in Google Cloud. The auditor is most
interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor
access the data they need. What should you do?

Answer

A

Turn on Data Access Logs for the buckets they want to audit, and then build a query in the log
viewer that filters on Cloud Storage.

Question 46

Q

You received a JSON file that contained a private key of a Service Account in order to get access to
several resources in a Google Cloud project. You downloaded and installed the Cloud SDK and
want to use this private key for authentication and authorization when performing gcloud
commands. What should you do?

Answer

A

Use the command gcloud auth activate-service-account and point it to the private key.

Question 47

Q

You are working with a Cloud SQL MySQL database at your company. You need to retain a month-
end copy ofthe database for three years for audit purposes.

What should you do?

Answer

A

Set up an export job for the first of the month. Write the export file to an Archive class Cloud
Storage bucket.

Question 48

Q

You are monitoring an application and receive user feedback that a specific error is spiking. You
notice that the error is caused by a Service Account having insufficient permissions. You are able
to solve the problem but want to be notified if the problem recurs. What should you do?

Answer

A

Create a custom log-based metric for the specific error to be used in an Alerting Policy.

Question 49

Q

You are developing a financial trading application that will be used globally. Data is stored and
queried using a relational structure, and clients from all over the world should get the exact
identical state of the data. The application will be deployed in multiple regions to provide the
lowest latency to end users. You need to select a storage option for the application data while
minimizing latency. What should you do?

Answer

A

Use Cloud Spanner for data storage.

Question 50

Q

You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The
application holds the full database in-memory for fast data access, and you need to configure the
most appropriate resources on Google Cloud for this application. What should you do?

Answer

A

Provision Compute Engine instances with M1 machine type.

Question 51

Q

You have developed an application that consists of multiple microservices, with each microservice
packaged in its own Docker container image. You want to deploy the entire application on Google
Kubernetes Engine so that each microservice can be scaled individually. What should you do?

Answer

A

Create and deploy a Deployment per microservice.

Question 52

Q

You will have several applications running on different Compute Engine instances in the same
project. You want to specify at a more granular level the service account each instance uses when
calling Google Cloud APIs. What should you do?

Answer

A

When creating the instances, specify a Service Account for each instance.

Question 53

Q

You are creating an applicati on that will run on Google Kubernetes Engine. You have identified
MongoDB as the most suitable database system for your application and want to deploy a
managed MongoDB environment that provides a support SLA. What should you do?

Answer

A

Deploy MongoDB Atlas from the Google Cloud Marketplace.

Question 54

Q

You are managing a project for the Business Intelligence (BI) department in your company. A data
pipeline ingests data into BigQuery via streaming. You want the users in the BI department to be
able to run the custom SQL queries against the latest data in BigQuery. What should you do?

Answer

A

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI
team.

Question 55

Q

Your company is moving its entire workload to Compute Engine. Some servers should be
accessible through the Internet, and other servers should only be accessible over the internal
network. All servers need to be able to talk to each other over specific ports and protocols. The
current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a
Local Area Network (LAN) for the private servers. You need to design the networki ng infrastructure
on
Google Cloud to match these requirements. What should you do?

Answer

A

Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall
rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule
to allow public ingress traffic for the DMZ.

Question 56

Q

You have just created a new project which will be used to deploy a globally distributed applicati on.
You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You
want to perform the first step in preparation of creating the instance. What should you do?

Answer

A

Enable the Cloud Spanner API.

Question 57

Q

You have created a new project in Google Cloud through the gcloud command line interface (CLI)
and linked a billing account. You need to create a new Compute Engine instance using the CLI. You need to perform the prerequisite stops. What should you do?

Answer

A

Enable the compute googleapis.com API.

Question 58

Q

Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

Answer

A

Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.

Question 59

Q

You need to manage a third-party application that will run on a Compute Engine instance. Other
Compute Engine instances are already running with default configuration. Application installation
files are hosted on Cloud Storage. You need to access these files from the new instance without
allowing other virtual machines (VMs) to access these files. What should you do?

Answer

A

Create a new service account and assign this service account to the new instance. Grant the
service account permissions on Cloud Storage.

Question 60

Q

You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The
files are used in a mission-critical analytics pipeline that is used continually The users are in
Boston, MA (United States). What should you do?

Answer

A

Configure dual-regional storage for the dual region closest to the users. Configure a Standard
storage class.

Question 61

Q

You are developing a new web application that will be deployed on Google Cloud Platform . As part
of your release cycle, you want to test updates to your application on a small portion of real user
traffic. The majority of the users should still be directed towards a stable version of your
application. What should you do?

Answer

A

Deploy the application on App Engine. For each update, create a new version of the same
service. Configure traffic splitting to send a small percentage of traffic to the new version.

Question 62

Q

You need to add a group of new users to Cloud Identity. Some of the users already have existing
Google accounts. You want to follow one of Google’s recommended practices and avoid
conflicting accounts. What should you do?

Answer

A

Invite the user to transfer their existing account.

Question 63

Q

You need to manage a Cloud Spanner instance for best query performance. Your instance in
production runs in a single Google Cloud region. You need to improve performance in the
shortestamount of time. You want to follow Google best practi ces for service configurati on. What
should you do?

Answer

A

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization
reaches 65%. If you exceed this threshold, add nodes to your instance.

Question 64

Q

Your company has an internal application for managing transactional orders. The application is
used exclusively by employees in a single physical location. The application requires strong
consistency, fast queries, and ACID guarantees for multi-table transactional updates. The first
version ofthe application is implemented in PostgreSQL, and you want to display it to the cloud
with minimal code changes. Which database is most appropriate for this application?

Answer

A

Cloud SQL

Answer 65

A

Use the command gcloud config set container/cluster dev.

Answer 66

A

Upload the image to Container Registry and create a Kubernetes Deployment referencing the
image.

Answer 67

A

Create another project with the ID acme-marketing-data-digest for the Marketing team and
deploy the resources there.

Answer 68

A

Configure Cloud Identity-Aware Proxy for SSH and TCP resources

Answer 69

A

Cloud logging, create a
filter for your data Studio report

Answer 70

A

Use folders to group resources that share common IAM policies.

Answer 71

A

Use a custom mode VPC network, use Cloud Router Border Gateway Protocol (BGP) routes, and use active/passive routing.

Answer 72

A

Create a node pool with compute optimized machine type nodes for the image rendering microservice. Use the node pool with general-purpose machine type nodes for the other microservices.

Answer 73

A

verify that you are assigned the billing administrator role for your organization’s Google Cloud project for the marketing department. 2. link the new project to a marketing billing account.

Answer 74

A

Expose the application by using an external TCP Network Load Balancer.

Answer 75

A

For each GCP product in the solution, review the pricing details on the product’s pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

Answer 76

A

Cloud Spanner

Answer 77

A

Configure Cloud Billing Data Export to BigQuery for the billing account, then create a Looker Studio dashboard on top of the BigQuery export.

Answer 78

A

Enable private Google access on the subnet within the custom VPC.

Brainscape's Knowledge GenomeTM

125 to 200 Sexy Flashcards

Jordan's Beast

Brainscape's Knowledge Genome^TM