Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

GCP:ACE > ALL GCP Q AND A > Flashcards

ALL GCP Q AND A Flashcards

Jordan's Beast

You may prefer our related Brainscape-certified flashcards:
ACE ® Health Coach flashcards
1
Q

You need to create a custom VPC with a single subnet. The subnet’s range must be as large as
possible. Which range should you use?

A

10.0.0.0/8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You want to select and configure a cost-effective solution for relational data on Google Cloud Platform.
You are working with a small set of operational data in one geographic location. You need to support
point-in-time recovery. What should you do?

A

Select Cloud SQL (MySQL). Verify that the enable binary logging option is
selected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You want to configure autohealing for network load balancing for a group of Compute Engine instances
that run in multiple zones, using the fewest possible steps. You need to configure re-creation of VMs if
they are unresponsive after 3 attempts of 10 seconds each. What should you do?

A

Create a managed instance group. Set the Autohealing health check to healthy
(HTTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are using multiple configurations for gcloud. You want to review the configured Kubernetes
Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

A

Usekubectl config use-context and kubectl config view to review the output.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company uses Cloud Storage to store application backup files for disaster recovery purposes. You want
to follow Google’s recommended practices. Which storage option should you use?

A

Coldline Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Several employees at your company have been creating projects with Cloud Platform and paying for it with
their personal credit cards, which the company reimburses. The company wants to centralize all these
projects under a single, new billing account. What should you do?

A

In the Google Cloud Platform Console, create a new billing account and set up a payment method.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have an application that looks for its licensing server on the IP 10.0.3.21. You need to deploy the
licensing server on Compute Engine. You do not want to change the configuration of the application and want
the application to be able to reach the licensing server. What should you do?

A

Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing
server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are deploying an application to App Engine. You want the number of instances to scale based on request
rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

A

Automatic Scaling with min_idle_instances set to 3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have a development project with appropriate IAM roles defined. You are creating a production project
and want to have the same IAM roles on the new project, using the fewest possible steps. What should you
do?

A

Usegcloud iam roles copy and specify the production project as the destination project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a
dedicated configuration file. You want to follow Google’s recommended practices. Which method should you
use?

A

Deployment Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have a Dockerfile that you need to deploy on Kubernetes Engine. What should you do?

A

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment
YAML file to point to that image. Use kubectl to create the deployment with that file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your development team needs a new Jenkins server for their project. You need to deploy the server using
the fewest steps possible. What should you do?

A

Use GCP Marketplace to launch the Jenkins solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You need to update a deployment in Deployment Manager without any resource downtime in the deployment.
Which command should you use?

A

gcloud deployment-manager deployments update –config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You need to run an important query in BigQuery but expect it to return a lot of records. You want to find out
how much it will cost to run the query. You are using on-demand pricing. What should you do?

A

Use the command line to run a dry run query to estimate the number of bytes read. Then convert that
bytes estimate to dollars using the Pricing Calculator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have a single binary application that you want to run on Google Cloud Platform. You decided to
automatically scale the application based on underlying infrastructure CPU usage. Your organizational
policies require you to use virtual machines directly. You need to ensure that the application scaling is
operationally efficient and completed as quickly as possible. What should you do?

A

Create an instance template, and use the template in a managed instance group with autoscaling
configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this
information to create service cost estimates by service type, daily and monthly, for the next six months using
standard query syntax. What should you do?

A

Export your bill to a BigQuery dataset, and then write time window-based SQL queries for analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You need to set up a policy so that videos stored in a specific Cloud Storage Regional bucket are moved to
Coldline after 90 days, and then deleted after one year from their creation. How should you set up the policy?

A

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete
actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate
access rights. You want to make sure that the VM uses this service account instead of the default Compute
Engine service account. What should you do?

A

When creating the VM via the web console, specify the service account under the ‘Identity and API
Access’ section.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You
want to connect to this instance using the fewest number of steps. What should you do?

A

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use
the credentials to log in to the instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You have one GCP account running in your default region and zone and another account running in a non-
default region and zone. You want to start a new Compute Engine instance in these two Google Cloud
Platform accounts using the command line interface. What should you do?

A

Create two configurations using gcloud config configurations create [NAME]. Run gcloud
config configurations activate [NAME] to switch between accounts when running the
commands to start the Compute Engine instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You significantly changed a complex Deployment Manager template and want to confirm that the
dependencies of all defined resources are properly met before committing it to the project. You want the
most rapid feedback on your changes. What should you do?

A

Execute the Deployment Manager template using the –-preview option in the same project, and
observe the state of interdependent resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Question no 23

A

Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You have a project for your App Engine application that serves a development environment. The required
testing has succeeded and you want to create a new project to serve as your production environment. What
should you do?

A

Use gcloud to create the new project, and then deploy your application to the new project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-
recommended practices. What should you do?

A

Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

You need to set up permissions for a set of Compute Engine instances to enable them to write data into a
particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?

A

Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You have sensitive data stored in three Cloud Storage buckets and have enabled data access logging. You
want to verify activities for a particular user for these buckets, using the fewest possible steps. You need to
verify the addition of metadata labels and which files have been viewed from those buckets. What should
you do?

A

Using the GCP Console, filter the Activity log to view the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets
and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you
grant your colleagues?

A

Storage Admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

You have an object in a Cloud Storage bucket that you want to share with an external company. The object
contains sensitive data. You want access to the content to be removed after four hours. The external
company does not have a Google account to which you can grant specific user-based access privileges. You
want to use the most secure method that requires the fewest steps. What should you do?

A

Create a signed URL with a four-hour expiration and share the URL with the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You
need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a
third-party monitoring solution. What should you do?

A

Deploy the monitoring pod in a DaemonSet object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/
Sub API is currently disabled. You will use a service account to authenticate your application to the API. You
want to make sure your application can use Cloud Pub/Sub. What should you do?

A

Enable the Cloud Pub/Sub API in the API Library on the GCP Console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

You need to monitor resources that are distributed over different projects in Google Cloud Platform. You
want to consolidate reporting under the same Stackdriver Monitoring dashboard. What should you do?

A

Configure a single Stackdriver account, and link all projects to the same account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

You are deploying an application to a Compute Engine VM in a managed instance group. The application
must be running at all times, but only a single instance of the VM should run per GCP project. How should
you configure the instance group?

A

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of
instances to 1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

You want to verify the IAM users and roles assigned within a GCP project named my-project. What should
you do?

A

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

You need to create a new billing account and then link it with an existing Google Cloud Platform project.
What should you do?

A

Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the
new billing account to the existing project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

You have one project called proj-sa where you manage all your service accounts. You want to be able to

use a service account from this project to take snapshots of VMs running in another project called proj-
vm. What should you do?

A

Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

You created a Google Cloud Platform project with an App Engine application inside the project. You initially
configured the application to be served from the us-central region. Now you want the application to be served
from the asia-northeast1 region. What should you do?

A

Create a new GCP project and create an App Engine application inside this new project. Specify asia-
northeast1 as the region to serve your application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

You need to grant access for three users so that they can view and edit table data on a Cloud Spanner
instance. What should you do?

A

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new
group. Add the group to the role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a
supported and stable version of Kubernetes. What should you do?

A

Enable the Node Auto-Upgrades feature for your GKE cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

You have an instance group that you want to load balance. You want the load balancer to terminate the client
SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow
Google-recommended practices. What should you do?

A

Configure an HTTP(S) load balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN
connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as
much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

A

Enable parallel composite uploads using gsutil on the file transfer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Question no 42

A

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

You are running an application on multiple virtual machines within a managed instance group and have
autoscaling enabled. The autoscaling policy is configured so that additional instances are added to the group

if the CPU utilization of instances goes above 80%. VMs are added until the instance group reaches its
maximum limit of five VMs or until CPU utilization of instances lowers to 80%. The initial delay for HTTP
health checks against the instances is set to 30 seconds. The virtual machine instances take around three
minutes to become available for users. You observe that when the instance group autoscales, it adds more
instances then necessary to support the levels of end-user traffic. You want to properly maintain instance
group sizes when autoscaling. What should you do?

A

Increase the initial delay of the HTTP health check to 200 seconds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

You need to select and configure compute resources for a set of batch processing jobs. These jobs take
around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?

A

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

You recently deployed a new version of an application to App Engine and then discovered a bug in the
release. You need to immediately revert to the prior version of the application. What should you do?

A

On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

You deployed an App Engine application using gcloud app deploy, but it did not deploy to the intended
project. You want to find out why this happened and where the application deployed. What should you do?

A

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for
deployment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your
requirements state that these instances should attempt to automatically restart if they crash. Also, the
instances should be highly available including during system maintenance. What should you do?

A

Create an instance template for the instances. Set the ‘Automatic Restart’ to on. Set the ‘On-host
maintenance’ to Migrate VM instance. Add the instance template to an instance group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site.
Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto
their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly,
without prompting the user to save the file locally. What should you do?

A

Set Content-Type metadata to application/pdf on the PDF file objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

You have a virtual machine that is currently configured with 2 vCPUs and 4 GB of memory. It is running out
of memory. You want to upgrade the virtual machine to have 8 GB of memory. What should you do?

A

Stop the VM, increase the memory to 8 GB, and start the VM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

You have production and test workloads that you want to deploy on Compute Engine. Production VMs need
to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP
without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets
these requirements?

A

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different
CIDR range.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

You need to create an autoscaling managed instance group for an HTTPS web application. You want to
make sure that unhealthy VMs are recreated. What should you do?

A

Create a health check on port 443 and use that when creating the Managed Instance Group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Your company has a GoogleCloud Platform project that uses BigQuery for data warehousing. Your data
science team changes frequently and has few members. You need to allow members of this team to perform
queries. You want to follow Google-recommended practices. What should you do?

A
  1. Create a dedicated Google group in Cloud Identity.
  2. Add each data scientist’s user account to the group.
  3. Assign the BigQuery jobUser role to the group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Question 53

A
  1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #2 service
    account ג€¢ Source filter: all instances with tier #1 service account ג€¢ Protocols: allow TCP:8080 2. Create an
    ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #3 service account ג€¢
    Source filter: all instances with tier #2 service account ג€¢ Protocols: allow TCP: 8080
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us-central1
region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a
new instance in the same project in the europe-west1 region. This new instance needs access to the
application. You want to follow Google-recommended practices. What should you do?

A
  1. Create a subnetwork in the same VPC, in europe-west1.
  2. Create the new instance in the new subnetwork and use the first instance’s private address as the
    endpoint.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Your projects incurred more costs than you expected last month. Your research reveals that a development
GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs
quickly using the minimum number of steps. What should you do?

A
  1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE
    container resource.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

You have a website hosted on App Engine standard environment. You want 1% of your users to see a new
test version of the website. You want to minimize complexity. What should you do?

A

Deploy the new version in the same application and use the –splits option to give a weight of 99 to
the current version and a weight of 1 to the new version.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

You have a web application deployed as a managed instance group. You have a new version of the
application to gradually deploy. Your web application is currently receiving live web traffic. You want to
ensure that the available capacity does not decrease during the deployment. What should you do?

A

Performa rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

You are building an application that stores relational data from users. Users across the globe will use this
application. Your CTO is concerned about the scaling requirements because the size of the user base is
unknown. You need to implement a database solution that can scale with your user growth with minimum
configuration changes. Which storage solution should you use?

A

Cloud Spanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

You are the organization and billing administrator for your company. The engineering team has the Project
Creator role on the organization. You do not want the engineering team to be able to link projects to the
billing account. Only the finance team should be able to link a project to a billing account, but they should not
be able to make any other changes to projects. What should you do?

A

Assign the finance team only the Billing Account User role on the billing account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The
application exposes a TCP endpoint. There are several replicas of this application. You have a Compute
Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce-network, that
has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE.
You want to minimize effort. What should you do?

A
  1. In GKE, create a Service of type LoadBalancer that uses the application’s Pods as backend. 2. Add an
    annotation to this service: cloud.google.com/load-balancer-type: Internal 3. Peer the two VPCs together.
  2. Configure the Compute Engine instance to use the address of the load balancer that has been
    created.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Your organization is a financial company that needs to store audit log files for 3 years. Your organization has
hundreds of Google Cloud projects. You need to implement a cost-effective approach for log file retention.
What should you do?

A

Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Your organization is a financial company that needs to store audit log files for 3 years. Your
organization has hundreds of Google Cloud projects. You need to implement a cost-effective
approach for log file retention. What should you do?

A

Create an export to the sink that saves logs from Cloud Audit to Coldline Storage
bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This
specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and
need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How
should you run this reverse proxy?

A

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

You are hosting an application on bare-metal servers in your own data center. The application
needs access to Cloud Storage. However, security policies prevent the servers hosting the
application from having public IP addresses or access to the internet. You want to follow Google-
recommended practices to provide the application with access to Cloud Storage. What should you
do?

A
  1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in Google Cloud. 2.
    Use. 2.Cloud Router to create a custom route advertisement for 199.36.153.4/30.
    Announce that network to your on-premises network through the VPN tunnel. 3. In your
    on-premises network, configure your DNS server to resolve *.googleapis.com as a
    CNAME to restricted.googleapis.com.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub
topic. You want to follow Google-recommended practices. What should you do?

A
  1. Create a service account. 2. Give the Cloud Run Invoker role to that service account
    for your Cloud Run application. 3. Create a Cloud Pub/Sub subscription that uses that
    service account and uses your Cloud Run application as the push endpoint.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

You need to deploy an application, which is packaged in a container image, in a new project. The
application exposes an HTTP endpoint and receives very few requests per day. You want to minimize
costs. What should you do?

A

Deploy the container on Cloud Run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Your company has an existing GCP organization with hundreds of projects and a billing account.
Your company recently acquired another company that also has hundreds of projects and its own
billing account. You would like to consolidate all GCP costs of both GCP organizations onto a
single invoice. You would like to consolidate all costs as of tomorrow. What should you do?

A

Link the acquired company’s projects to your company’s billing account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

You built an application on Google Cloud that uses Cloud Spanner. Your support team needs to
monitor the environment but should not have access to table data.
You need a streamlined solution to grant the correct permissi ons to your support team, and you
want to follow Google-recommended practices. What should you do?

A

Add the support team group to the roles/monitoring.viewer role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

For analysis purposes, you need to send all the logs from all of your Compute Engine instances to
a BigQuery dataset called platform-logs. You have already installed the Cloud Logging agent on all
the instances. You want to minimize cost. What should you do?

A
  1. In Cloud Logging, create a filter to view only Compute Engine logs. 2. Click Create Export. 3.
    Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same
Deployment Manager deployment, you also want to create a
DaemonSet in the kube-system namespace ofthe cluster. You want a solution that uses the fewest
possible services. What should you do?

A

Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to
create the DaemonSet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

You are building an applicati on that will run in your data center. The application will use Google
Cloud Platform (GCP) services like AutoML. You created a service account that has appropriate
access to AutoML. You need to enable authentication to the APIs from your on-premises
environment. What should you do?

A

Use gcloud to create a key file for the service account that has appropriate permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

You are using Container Registry to centrally store your company’s container images in a separate
project. In another project, you want to create a Google
Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from
Container Registry. What should you do?

A

In the project where the images are stored, grant the Storage Object Viewer IAM role to the
service account used by the Kubernetes nodes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Question no 73

A

Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the
VM via RDP. What should you do?

A

After the VM has been created, use gcloud compute reset-windows-password to retrieve the
login credentials for the VM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

You want to configure an SSH connection to a single Compute Engine instance for users in the
dev1 group. This instance is the only resource in this particular
Google Cloud Platform project that the dev1 users should be able to connec t to. What should you
do?

A

Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the
compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

You need to produce a list ofthe enabled Google Cloud Platform APIs for a GCP project using the
gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

A

Run gcloud projects list to get the project ID, and then run gcloud services list –project .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

You are building a new version of an application hosted in an App Engine environment. You want to
test the new version with 1% of users before you completely switch your application over to the
new version. What should you do?

A

Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP
Console and split traffic between the current version and newly deployed versions accordingly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for
Kubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start
by entering the number of nodes, average hours, and average days. What should you do next?

A

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You
want to expose this new application to the public, using HTTPS on a public IP address. What
should you do?

A

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to
expose this Service via a Cloud Load Balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

You need to enable traffic between multiple groups of Compute Engine instances that are currently
running two different GCP projects. Each group of Compute Engine instances is running in its own VPC. What should you do?

A

Verify that both projects are in a GCP Organization. Share the VPC from one project and
request that the Compute Engine instances in the other project use this shared VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed
to read, but not modify, all project items.How should you configure the auditor’s permissions?

A

Select the built-in IAM project Viewer role. Add the user’s account to this role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

You are operati ng a Google Kubernetes Engine (GKE) cluster for your company where different
teams can run non-production workloads. Your Machine Learning
(ML) team needs access to Nvidia Tesla P100 GPUs to train their models. You want to minimize
effort and cost. What should you do?

A

Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the
cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelector to their pod specification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet
has no more free IP addresses and you require an additional
10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other
without additional routes. What should you do?

A

Use gcloud to expand the IP range of the current subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Your organization uses G Suite for communication and collaboration. All users in your organization
have a G Suite account. You want to grant some G Suite users access to your Cloud Platform
project. What should you do?

A

Grant them the required IAM roles using their G Suite email address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

You have a Google Cloud Platform account with access to both production and development
projects. You need to create an automated proces s to list all compute instances in develop ment
and production projects on a daily basis. What should you do?

A

Create two configurations using gcloud config. Write a script that sets configurations as
active, individually. For each configuration, use gcloud compute instances list to get a list of
compute resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

You have a large 5-TB AVRO file stored in a Cloud Storage bucket. Your analysts are proficient only
in SQL and need access to the data stored in this file. You want to find a cost-effective way to
complete their request as soon as possible. What should you do?

A

Create external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on
these external tables to complete your request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

You need to verify that a Google Cloud Platform service account was created at a particular time.
What should you do?

A

Filter the Activity log to view the Configuration category. Filter the Resource type to Service
Account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using
UDP. You want to make sure it is reachable by clients over that port. What should you do?

A

Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP
port 636 for that network tag.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

You need to set a budget alert for use of Compute Engineer services on one of the three Google
Cloud Platform projects that you manage. All three projects are linked to a single billing account.
What should you do?

A

Verify that you are the project billing administrator. Select the associated billing account and
create a budget and alert for the appropriate project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

You are migrating a production-critical on-premises application that requires 96 vCPUs to perform
its task. You want to make sure the application runs in a similar environment on GCP. What should
you do?

A

When creating the VM, use machine type n1-standard-96.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must
be cost-effective. Data with multiple versions should be archived after 30 days. Previous versions
are accessed once a month for reporting. This archive data is also occasionally updated at month-
end. What should you do?

A

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline
Storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Your company’s infrastructure is on-premises, but all machines are running at maximum capacity.
You want to burst to Google Cloud. The workloads on Google Cloud must be able to directly communicate to the workloads on-premises using a private IP
range. What should you do?

A

Set up Cloud VPN between the infrastructure on-premises and Google Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

You want to select and configure a solution for storing and archiving data on Google Cloud
Platform. You need to support compliance objectives for data from one geographic location. This
data is archived after 30 days and needs to be accessed annually. What should you do?

A

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline
Storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Your company uses BigQuery for data warehousing. Over time, many different business units in
your company have created 1000+ datasets across hundreds of projects. Your CIO wants you to
examine all datasets to find tables that contain an employee_ssn column. You want to minimize
effort in performing this task.
What should you do?

A

Go to Data Catalog and search for employee_ssn in the search box.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Question no 95

A

Too many Pods are already running in the cluster, and there are not enough resources left to
schedule the pending Pod.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

You want to find out when users were added to Cloud Spanner Identity Access Management (IAM)
roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

A

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud
Spanner IAM roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Your company implemented BigQuery as an enterprise data warehouse. Users from multiple
business units run queries on this data warehouse. However, you notice that query costs for
BigQuery are very high, and you need to control costs. Which two methods should you use?
(Choose two.)

A

Apply a user- or project-level custom query quota for BigQuery data warehouse. and “Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.” B AND E OPTIONS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE
cluster. For each of your customers, a Pod is running in that cluster, and your customers can run
arbitrary code inside their Pod. You want to maximize the isolation between your customers’ Pods.
What should you do?

A

Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter
runtimeClassName: gvisor to the specification of your customers’ Pods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Question no 99

A

Change the primary key to not have monotonically increasing values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Your finance team wants to view the billing report for your projects. You want to make sure that the
finance team does not get additional permissions to the project. What should you do?

A

Add the group for the finance team to roles/billing viewer role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Your organization has strict requirements to control access to Google Cloud projects. You need to
enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support
team when an SRE opens a support case. You want to follow Google-recommended practices.
What should you do?

A

Add your SREs to a group and then add this group to roles/accessapproval.approver role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

You need to host an application on a Compute Engine instance in a project shared with other
teams. You want to prevent the other teams from accidentally causing downtime on that
application. Which feature should you use?

A

Enable deletion protection on the instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Your organization needs to grant users access to query datasets in BigQuery but prevent them
from accidentally deleting the datasets. You want a solution that follows Google-recomm ended
practices. What should you do?

A

Create a custom role by removing delete permissions. Add users to the group, and then add
the group to the custom role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

You have a developer laptop with the Cloud SDK installed on Ubuntu. The Cloud SDK was installed
from the Google Cloud Ubuntu package repository. You want to test your application locally on
your laptop with Cloud Datastore. What should you do?

A

Install the cloud-datastore-emulator component using the gcloud components install
command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Your company set up a complex organizational structure on Google Cloud. The structure includes
hundreds offolders and projects. Only a few team members should be able to view the hierarchical
structure. You need to assign minimum permissions to these team members, and you want to
follow Google-recommended practices. What should you do?

A

Add the users to a group, and add this group to roles/browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup
Language (SAML) integration with service providers. Your company has users in Cloud Identity.
You would like users to authenticate using your company’s SSO provider. What should you do?

A

In Cloud Identity, set up SSO with a third-party identity provider with Google as a service
provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

Your organization has a dedicated person who creates and manages all service accounts for
Google Cloud projects. You need to assign this person the minimum role for projects. What should
you do?

A

Add the user to roles/iam.serviceAccountAdmin role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

You are building an archival solution for your data warehouse and have selected Cloud Storage to
archive your data. Your users need to be able to access this archived data once a quarter for some
regulatory requirements. You want to select a cost-efficient option. Which storage option should
you use?

A

Nearline Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

A team of data scientists infrequently needs to use a Google Kubernetes Engine (GKE) cluster that
you manage. They require GPUs for some long-running, non- restartable jobs. You want to
minimize cost. What should you do?

A

Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a
minimum size of 1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

Your organization has user identities in Active Directory. Your organization wants to use Active
Directory as their source of truth for identities. Your organizati on wants to have full control over
the Google accounts used by employees for all Google services, including your Google Cloud
Platform (GCP) organization. What should you do?

A

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

You have successfully created a development environment in a project for an application. This
application uses Compute Engine and Cloud SQL. Now you need to create a production
environment for this application. The securi ty team has forbidden the existenc e of network routes
between these 2 environments and has asked you to follow Google-recommended practices. What
should you do?

A

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your
new project, and replicate the setup you have in the development environment in that new project
in the Shared VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

Your management has asked an external auditor to review all the resources in a specifi c project.
The security team has enabled the Organization Policy called
Domai n Restri cted Sharing on the organizati on node by specifyi ng only your Cloud Identity domain.
You want the auditor to only be able to view, but not modify, the resourc es in that project. What
should you do?

A

Ask the auditor for their Google account, and give them the Security Reviewer role on the
project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

You have a workload running on Compute Engine that is critical to your business. You want to
ensure that the data on the boot disk ofthis workload is backed up regularly. You need to be able
to restore a backup as quickly as possible in case of disaster. You also want older backups to be
cleaned automatically to save on cost. You want to follow Google-recommended practices. What
should you do?

A

Create a snapshot schedule for the disk using the desired interval.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external
auditor. The auditor needs to have permissions to review your
Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should
you do?

A

Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also
review the logs for changes to Cloud IAM policy.

114
Q

You are managing several Google Cloud Platform (GCP) projects and need access to all logs for
the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to
follow Google-recommended practices to obtain the combined logs for all projects. What should
you do?

A

Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure
the table expiration to 60 days.

115
Q

You need to reduce GCP service costs for a division of your company using the fewest possible
steps. You need to turn off all configured services in an existing
GCP project. What should you do?

A
  1. Verify that you are assigned the Project Owners IAM role for this project. 2. Locate the
    project in the GCP console, click Shut down and then enter the project ID.
116
Q

You are configuring service accounts for an application that spans multiple projects. Virtual

machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-
databases-proj. You want to follow Google-recommended practices to give access to the service

account in the web-applications project. What should you do?

A

Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-
applications.

117
Q

An employee was terminated, but their access to Google Cloud was not removed until 2 weeks
later. You need to find out this employ ee access ed any sensiti ve custom er information after their
termination. What should you do?

A

View Data Access audit logs in Cloud Logging. Search for the user’s email as the principal.

118
Q

You need to create a custom IAM role for use with a GCP service. All permissions in the role must
be suitable for production use. You also want to clearly share with your organization the status of
the custom role. This will be the first version of the custom role. What should you do?

A

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the
role stage to ALPHA while testing the role permissions.

119
Q

Your company has a large quantity of unstructured data in different file formats. You want to
perform ETL transformations on the data. You need to make the data accessible on Google Cloud
so it can be processed by a Dataflow job. What should you do?

A

Upload the data to Cloud Storage using the gsutil command line tool.

120
Q

You need to manage multiple Google Cloud projects in the fewest steps possible. You want to
configure the Google Cloud SDK command line interface (CLI) so that you can easily manage
multiple projects. What should you do?

A
  1. Create a configuration for each project you need to manage. 2. Activate the appropriate
    configuration when you work with each of your assigned Google Cloud projects.
121
Q

Your managed instance group raised an alert stating that new instance creation has failed to
create new instances. You need to maintain the number of running instances specified by the
template to be able to process expected application traffic. What should you do?

A

Create an instance template that contains valid syntax which will be used by the instance
group. Delete any persistent disks with the same name as instance names.

122
Q

Your company is moving from an on-premises environment to Google Cloud. You have multiple
development teams that use Cassandra environments as backend databases. They all need a
development environment that is isolated from other Cassandra instances. You want to move to
Google Cloud quickly and with minimal support effort. What should you do?

A
  1. Advise your developers to go to Cloud Marketplace. 2. Ask the developers to launch a
    Cassandra image for their development work.
123
Q

You have a Compute Engine instance hosting a production application. You want to receive an
email if the instance consumes more than 90% of its CPU resources for more than 15 minutes. You
want to use Google services. What should you do?

A
  1. Create a Stackdriver Workspace, and associate your Google Cloud Platform (GCP) project
    with it. 2. Create an Alerting Policy in Stackdriver that uses the threshold as a trigger condition. 3.
    Configure your email address in the notification channel.
124
Q

You have an application that uses Cloud Spanner as a backend database. The application has a
very predictable traffic pattern. You want to automati cally scale up or down the number of Spanner
nodes depending on traffic. What should you do?

A

Create a Cloud Monitoring alerting policy to send an alert to webhook when Cloud Spanner
CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes
Spanner resources accordingly.

125
Q

Your company publishes large files on an Apache web server that runs on a Compute Engine instance.
The Apache web server is not the only application running in the project. You want to receive an email
when the egress network costs for the server exceed 100 dollars for the current month as measured by
Google Cloud.
What should you do?

A

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the
egress network costs of the exported billing data for the Apache web server for the current month
and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to
run hourly.

126
Q

You have designed a solution on Google Cloud that uses multiple Google Cloud products. Your company
has asked you to estimate the costs of the solution. You need to provide estimates for the monthly total
cost. What should you do?

A

For each Google Cloud product in the solution, review the pricing details on the products
pricing page. Use the pricing calculator to total the monthly costs for each Google Cloud product.

127
Q

You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application
are located all over the world. You want to minimize latency for the clients. Which load balancing option
should you use?

A

SSL Proxy Load Balancer

128
Q

You have an application on a general-purpose Compute Engine instance that is experiencing excessive
disk read throttling on its Zonal SSD Persistent Disk. The application primarily reads large files from disk.
The disk size is currently 350 GB. You want to provide the maximum amount of throughput while
minimizing costs.
What should you do?

A

Migrate to use a Local SSD on the instance.

129
Q

Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range
172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new
VMs to communicate with your cluster using the minimum number of steps. What should you do?

A

Modify the existing subnet range to 172.16.20.0/24.

130
Q

You manage an App Engine Service that aggregates and visualizes data from BigQuery. The application is
deployed with the default App Engine Service account.
The data that needs to be visualized resides in a different project managed by another team. You do not
have access to this project, but you want your application to be able to read data from the BigQuery
dataset. What should you do?

A

Ask the other team to grant your default App Engine Service account the role of BigQuery Data
Viewer.

131
Q

You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected
increase in application traffic due to a business acquisition.
What should you do?

A

Create a Compute Engine snapshot of your base VM. Create your instances from that
snapshot.

132
Q

You have deployed an application on a single Compute Engine instance. The application writes logs to
disk. Users start reporting errors with the application. You want to diagnose the problem. What should
you do?

A

Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

133
Q

An application generates daily reports in a Compute Engine virtual machine (VM). The VM is in the
project corp-iot-insights. Your team operates only in the project corp-aggregate-reports and needs a copy
of the daily exports in the bucket corp-aggregate-reports-storage. You want to configure access so that
the daily reports from the VM are available in the bucket corp-aggregate-reports-storage and use as few
steps as possible while following Google-recommended practices. What should you do?

A

Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-
storage.

134
Q

You built an application on your development laptop that uses Google Cloud services. Your application
uses Application Default Credentials for authentication and works fine on your development laptop. You
want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication
using Google- recommended practices and minimal changes. What should you do?

A

Create a service account with appropriate access for Google services, and configure the
application to use this account.

135
Q

You need to create a Compute Engine instance in a new project that doesn’t exist yet. What should you
do?

A

Using the Cloud SDK, create a new project, enable the Compute Engine API in that project, and
then create the instance specifying your new project.

136
Q

Your company runs one batch process in an on-premises server that takes around 30 hours to complete.
The task runs monthly, can be performed offline, and must be restarted if interrupted. You want to
migrate this workload to the cloud while minimizing cost. What should you do?

A

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

137
Q

You are developing a new application and are looking for a Jenkins installation to build and deploy your
source code. You want to automate the installation as quickly and easily as possible. What should you
do?

A

Deploy Jenkins through the Google Cloud Marketplace.

138
Q

You have downloaded and installed the gcloud command line interface (CLI) and have authenticated with
your Google Account. Most of your Compute Engine instances in your project run in the europe-west1-d
zone. You want to avoid having to specify this zone with each CLI command when managing these
instances.
What should you do?

A

Set the europe-west1-d zone as the default zone using the gcloud config subcommand.

139
Q

The core business of your company is to rent out construction equipment at large scale. All the
equipment that is being rented out has been equipped with multiple sensors that send event information
every few seconds. These signals can vary from engine status, distance traveled, fuel level, and more.
Customers are billed based on the consumption monitored by these sensors. You expect high throughput
ג€ “up to thousands of events per hour per device ג€ “and need to retrieve consistent data based on the
time of the event. Storing and retrieving individual signals should be atomic. What should you do?

A

Ingest the data into Cloud Bigtable. Create a row key based on the event timestamp.

140
Q

You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a
single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

A

Enable API, create a workspace under project A, and then add projects B and C.

141
Q

You created several resources in multiple Google Cloud projects. All projects are linked to different
billing accounts. To better estimate future charges, you want to have a single visual representation of all
costs incurred. You want to include new cost data as soon as possible. What should you do?

A

Configure Billing Data Export to BigQuery and visualize the data in Data Studio.

142
Q

Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual
Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no
public Internet traffic can be routed to it. What should you do?

A

Create the instance without a public IP address.

143
Q

Your team maintains the infrastructure for your organization. The current infrastructure requires
changes. You need to share your proposed changes with the rest of the team. You want to follow
Google’s recommended best practices. What should you do?

A

Use Deployment Manager templates to describe the proposed changes and store them in
Cloud Source Repositories.

144
Q

You have a Compute Engine instance hosting an application used between 9 AM and 6 PM on weekdays.
You want to back up this instance daily for disaster recovery purposes. You want to keep the backups for
30 days. You want the Google-recommended solution with the least management overhead and the least
number of services. What should you do?

A
  1. In the Cloud Console, go to the Compute Engine Disks page and select your instance’s disk.
  2. In the Snapshot Schedule section, select Create Schedule and configure the following
    parameters: - Schedule frequency: Daily - Start time: 1:00 AM 2:00” €ג AM - Autodelete snapshots
    after: 30 days
145
Q

Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running
on four GKE n1ג€”standard2”€ג nodes. You need to deploy additional pods requiring n2ג€”highmem16”€ג
nodes without any downtime. What should you do?

A

Create a new Node Pool and specify machine type n2ג€”highmem16”€ג. Deploy the new pods.

146
Q

You have an application that uses Cloud Spanner as a database backend to keep current state
information about users. Cloud Bigtable logs all events triggered by users. You export Cloud
Spanner data to Cloud Storage during daily backups. One of your analysts asks you to join data
from Cloud Spanner and Cloud Bigtable for specific users. You want to complete this ad hoc request as efficiently as possible.
What should you do?

A

Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific
users.

147
Q

You are hosting an application from Compute Engine virtual machines (VMs) in usג€”central1ג€”a.
You want to adjust your design to support the failure of a single Compute Engine zone, eliminate downti m e, and minimize cost. What should you do?

A

ג€ “Create Compute Engine resources in usג€”central1ג€”b. ג€ “Balance the load across both
usג€”central1ג€”a and usג€”central1ג€”b.

148
Q

A colleague handed over a Google Cloud Platform project for you to maintai n. As part of a securi ty
checkup, you want to review who has been granted the Project
Owner role. What should you do?

A

Use the command gcloud projects getג€”iamג€”policy to view the current role assignments.

149
Q

You are running multiple VPC-native Google Kubernetes Engine clusters in the same subnet. The
IPs available for the nodes are exhausted, and you want to ensure that the clusters can grow in
nodes when needed. What should you do?

A

Expand the CIDR range of the relevant subnet for the cluster.

150
Q

You have a batch workload that runs every night and uses a large number of virtual machines
(VMs). It is fault-tolerant and can tolerate some of the VMs being terminated. The current cost of
VMs is too high. What should you do?

A

Run a test using simulated maintenance events. If the test is successful, use preemptible N1
Standard VMs when running future jobs.

151
Q

You are working with a user to set up an application in a new VPC behind a firewall. The user is
concerned about data egress. You want to configure the fewest open egress ports. What should
you do?

A

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that
allows only the appropriate ports.

152
Q

Your company runs its Linux workloads on Compute Engine instances. Your company will be
working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can
maintain the installed tooling. What should you do?

A

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud
IAP Tunnel User.

153
Q

You have created a code snippet that should be triggered whenever a new file is uploaded to a
Cloud Storage bucket. You want to deploy this code snippet. What should you do?

A

Use Cloud Functions and configure the bucket as a trigger resource.

154
Q

You have been asked to set up Object Lifecycle Management for objects stored in storage buckets.
The objects are written once and accessed frequently for 30 days. After 30 days, the objects are
not read again unless there is a special need. The objects should be kept for three years, and you
need to minimize cost. What should you do?

A

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for
three years.

155
Q

You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be
able to record all requests that read any of the stored data. You want to make sure you comply
with these requirements. What should you do?

A

Enable Data Access audit logs for the Cloud Storage API.

156
Q

You are the team lead of a group of 10 developers. You provided each developer with an individual
Google Cloud Project that they can use as their personal sandbox to experiment with different
Google Cloud solutions. You want to be notified if any of the developers are spending above $500
per month on their sandbox environment. What should you do?

A

Create a budget per project and configure budget alerts on all of these budgets.

157
Q

You are deployi ng a produc tion applicati on on Compute Engine. You want to prevent anyone from
accidentally destroying the instance by clicking the wrong button. What should you do?

A

Enable delete protection on the instance.

158
Q

Your company uses a large number of Google Cloud services centralized in a single project. All
teams have specific projects for testing and development. The DevOps team needs access to all of the produc tion services in order to perform their job. You want
to prevent Google Cloud product changes from broadening their permissions in the future. You
want to follow Google-recommended practices. What should you do?

A

Create a custom role that combines the required permissions. Grant the DevOps team the
custom role on the production project.

159
Q

You are building an application that processes data files uploaded from thousands of suppliers.
Your primary goals for the application are data security and the expiration of aged data. You need
to design the application to:
ג€¢ Restrict access so that suppliers can access only their own data.
ג€¢ Give suppliers write access to data only for 30 minutes.
ג€¢ Delete data that is over 45 days old.
You have a very short developm ent cycle, and you need to make sure that the application requires
minimal maintenance. Which two strategies should you use?
(Choose two.)

A

A AND B - Build a lifecycle policy to delete Cloud Storage objects after 45 days. + Use signed URLs to allow suppliers limited time access to store their objects.

160
Q

Your company wants to standardize the creation and management of multiple Google Cloud
resources using Infrastructure as Code. You want to minimize the amount of repetitive code
needed to manage the environment. What should you do?

A

Develop templates for the environment using Cloud Deployment Manager.

161
Q

You are performi ng a monthly security check of your Google Cloud environm ent and want to know
who has access to view data stored in your Google Cloud
Project. What should you do?

A

Review the IAM permissions for any role that allows for data access.

162
Q

Your company has embraced a hybrid cloud strategy where some of the applications are deployed
on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC)
in Google Cloud with your company’s on-premises network. Multiple applications in Google Cloud
need to connect to an on-premises database server, and you want to avoid having to change the IP
configuration in all of your applications when the IP of the database changes.
What should you do?

A

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

163
Q

You have developed a containerized web application that will serve internal colleagues during
business hours. You want to ensure that no costs are incurred outside of the hours the application
is used. You have just created a new Google Cloud project and want to deploy the application.
What should you do?

A

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances
to zero.

164
Q

You have experimented with Google Cloud using your own credit card and expensed the costs to
your company. Your company wants to streamline the billing process and charge the costs of your
projects to their monthly invoice. What should you do?

A

Change the billing account of your projects to the billing account of your company.

165
Q

You are running a data warehouse on BigQuery. A partner company is offering a recommendation
engine based on the data in your data warehouse. The partner company is also running their
application on Google Cloud. They manage the resources in their own project, but they need
access to the BigQuery dataset in your project. You want to provide the partner company with
access to the dataset. What should you do?

A

Ask the partner to create a Service Account in their project, and grant their Service Account
access to the BigQuery dataset in your project.

166
Q

Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate
an updated version of the application with a specific percentage of your production users (canary
deployment). What should you do?

A

Create a new revision with the new version of the application. Split traffic between this version
and the version that is currently running.

167
Q

Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting
to the game with their personal phones over the Internet. The game sends UDP packets to update
the servers about the gamers’ actions while they are playing in multiplayer mode. Your game
backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a
single IP address. What should you do?

A

Configure an External Network load balancer in front of the application servers.

168
Q

You are working for a hospital that stores its medical images in an on-premises data room. The
hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an
automated process to upload any new medical images to Cloud Storage. You need to design and
implement a solution. What should you do?

A

Create a script that uses the gsutil command line interface to synchronize the on-premises
storage with Cloud Storage. Schedule the script as a cron job.

169
Q

Your auditor wants to view your organization’s use of data in Google Cloud. The auditor is most
interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor
access the data they need. What should you do?

A

Turn on Data Access Logs for the buckets they want to audit, and then build a query in the log
viewer that filters on Cloud Storage.

170
Q

You received a JSON file that contained a private key of a Service Account in order to get access to
several resources in a Google Cloud project. You downloaded and installed the Cloud SDK and
want to use this private key for authentication and authorization when performing gcloud
commands. What should you do?

A

Use the command gcloud auth activate-service-account and point it to the private key.

171
Q

You are working with a Cloud SQL MySQL database at your company. You need to retain a month-
end copy ofthe database for three years for audit purposes.

What should you do?

A

Set up an export job for the first of the month. Write the export file to an Archive class Cloud
Storage bucket.

172
Q

You are monitoring an application and receive user feedback that a specific error is spiking. You
notice that the error is caused by a Service Account having insufficient permissions. You are able
to solve the problem but want to be notified if the problem recurs. What should you do?

A

Create a custom log-based metric for the specific error to be used in an Alerting Policy.

173
Q

You are developing a financial trading application that will be used globally. Data is stored and
queried using a relational structure, and clients from all over the world should get the exact
identical state of the data. The application will be deployed in multiple regions to provide the
lowest latency to end users. You need to select a storage option for the application data while
minimizing latency. What should you do?

A

Use Cloud Spanner for data storage.

174
Q

You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The
application holds the full database in-memory for fast data access, and you need to configure the
most appropriate resources on Google Cloud for this application. What should you do?

A

Provision Compute Engine instances with M1 machine type.

175
Q

You have developed an application that consists of multiple microservices, with each microservice
packaged in its own Docker container image. You want to deploy the entire application on Google
Kubernetes Engine so that each microservice can be scaled individually. What should you do?

A

Create and deploy a Deployment per microservice.

176
Q

You will have several applications running on different Compute Engine instances in the same
project. You want to specify at a more granular level the service account each instance uses when
calling Google Cloud APIs. What should you do?

A

When creating the instances, specify a Service Account for each instance.

177
Q

You are creating an applicati on that will run on Google Kubernetes Engine. You have identified
MongoDB as the most suitable database system for your application and want to deploy a
managed MongoDB environment that provides a support SLA. What should you do?

A

Deploy MongoDB Atlas from the Google Cloud Marketplace.

178
Q

You are managing a project for the Business Intelligence (BI) department in your company. A data
pipeline ingests data into BigQuery via streaming. You want the users in the BI department to be
able to run the custom SQL queries against the latest data in BigQuery. What should you do?

A

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI
team.

179
Q

Your company is moving its entire workload to Compute Engine. Some servers should be
accessible through the Internet, and other servers should only be accessible over the internal
network. All servers need to be able to talk to each other over specific ports and protocols. The
current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a
Local Area Network (LAN) for the private servers. You need to design the networki ng infrastructure
on
Google Cloud to match these requirements. What should you do?

A
  1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall
    rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule
    to allow public ingress traffic for the DMZ.
180
Q

You have just created a new project which will be used to deploy a globally distributed applicati on.
You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You
want to perform the first step in preparation of creating the instance. What should you do?

A

Enable the Cloud Spanner API.

181
Q

You have created a new project in Google Cloud through the gcloud command line interface (CLI)
and linked a billing account. You need to create a new Compute Engine instance using the CLI. You need to perform the prerequisite stops. What should you do?

A

Enable the compute googleapis.com API.

182
Q

Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

A

Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.

183
Q

You need to manage a third-party application that will run on a Compute Engine instance. Other
Compute Engine instances are already running with default configuration. Application installation
files are hosted on Cloud Storage. You need to access these files from the new instance without
allowing other virtual machines (VMs) to access these files. What should you do?

A

Create a new service account and assign this service account to the new instance. Grant the
service account permissions on Cloud Storage.

184
Q

You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The
files are used in a mission-critical analytics pipeline that is used continually The users are in
Boston, MA (United States). What should you do?

A

Configure dual-regional storage for the dual region closest to the users. Configure a Standard
storage class.

185
Q

You are developing a new web application that will be deployed on Google Cloud Platform . As part
of your release cycle, you want to test updates to your application on a small portion of real user
traffic. The majority of the users should still be directed towards a stable version of your
application. What should you do?

A

Deploy the application on App Engine. For each update, create a new version of the same
service. Configure traffic splitting to send a small percentage of traffic to the new version.

186
Q

You need to add a group of new users to Cloud Identity. Some of the users already have existing
Google accounts. You want to follow one of Google’s recommended practices and avoid
conflicting accounts. What should you do?

A

Invite the user to transfer their existing account.

187
Q

You need to manage a Cloud Spanner instance for best query performance. Your instance in
production runs in a single Google Cloud region. You need to improve performance in the
shortestamount of time. You want to follow Google best practi ces for service configurati on. What
should you do?

A

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization
reaches 65%. If you exceed this threshold, add nodes to your instance.

188
Q

Your company has an internal application for managing transactional orders. The application is
used exclusively by employees in a single physical location. The application requires strong
consistency, fast queries, and ACID guarantees for multi-table transactional updates. The first
version ofthe application is implemented in PostgreSQL, and you want to display it to the cloud
with minimal code changes. Which database is most appropriate for this application?

A

Cloud SQL

189
Q

You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named ‘dev’ that was
deployed on Google Cloud. You want to manage the GKE configuration using the command line
interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that
future CLI commands by default address this specific cluster What should you do?

A

Use the command gcloud config set container/cluster dev.

190
Q

You have created an application that is packaged into a Docker image. You want to deploy the
Docker image as a workload on Google Kubernetes Engine. What should you do?

A

Upload the image to Container Registry and create a Kubernetes Deployment referencing the
image.

191
Q

The sales team has a project named Sales Data Digest that has the ID acme-data-digest. You need
to set up similar Google Cloud resources for the marketing team but their resources must be
organized independently of the sales team. What should you do?

A

Create another project with the ID acme-marketing-data-digest for the Marketing team and
deploy the resources there.

192
Q

You have deployed multiple Linux instances on Compute Engine. You plan on adding more
instances in the coming weeks. You want to be able to access all of these instances through your
SSH client over the internet without having to configure specific access on the existing and new
instances. You do not want the
Compute Engine instances to have a public IP. What should you do?

A

Configure Cloud Identity-Aware Proxy for SSH and TCP resources

193
Q

You are using data Studio to
visualize a table from your data
warehouse that is built on top of big
query. Data is appended to the data
warehouse during the day. At night, the
daily summary is recalculated by
overwriting the table. You just noticed
that the charts in data Studio are
broken, and you want to analyze the
problem, what should you do?

A

Cloud logging, create a
filter for your data Studio report

194
Q

You have been asked to set up the billing configuration for a new Google Cloud customer. Your customer wants to group resources that share common IAM policies. What should you do?

A

Use folders to group resources that share common IAM policies.

195
Q

You have been asked to create robust virtual private network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 1.19.1.22, and no overprovisioning of tunnels during a failover event. You want to follow Google recommended practices to set up a high availability Cloud VPN. What should you do?

A

Use a custom mode VPC network, use Cloud Router Border Gateway Protocol (BGP) routes, and use active/passive routing.

196
Q

You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images. The microservice responsible for image rendering requires a large amount of CPU time compared to the memory it requires. The other microservices are workloads that are optimized for N1 standard machine types. You need to optimize your cluster so that all workloads are using resources as efficiently as possible. What should you do?

A

Create a node pool with compute optimized machine type nodes for the image rendering microservice. Use the node pool with general-purpose machine type nodes for the other microservices.

197
Q

Your organization has three existing Google Cloud projects. You need to build the marketing department for only their Google Cloud services for a new initiative within their group. What should you do?

A
  1. verify that you are assigned the billing administrator role for your organization’s Google Cloud project for the marketing department. 2. link the new project to a marketing billing account.
198
Q

You deployed an application on a managed instance group in Compute Engine. The application accepts Transmission Control Protocol (TCP) traffic on port 389 and requires you to preserve the IP address of the client who is making a request. You want to expose the application to the internet by using a load balancer. What should you do?

A

Expose the application by using an external TCP Network Load Balancer.

199
Q

You have designed a solution on Google Cloud Platform (GCP) that uses multiple GCP products. Your company has asked you to estimate the costs of the solution. You need to provide estimates for the monthly total cost. What should you do?

A

For each GCP product in the solution, review the pricing details on the product’s pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

200
Q

You are building an application that stores relational data from users. Users across the globe will use this application. Your CTO is concerned about the scaling requirements because the size of the user base is unknown. You need to implement a database solution that can scale with your user growth with minimum configuration changes. Which storage solution should you use?

A

Cloud Spanner

201
Q

In your company, multiple projects are linked to a single billing account in Google Cloud. You need to visualize the costs with specific metrics that should be dynamically calculated based on company-specific criteria. You want to automate the process. What should you do?

A

Configure Cloud Billing Data Export to BigQuery for the billing account, then create a Looker Studio dashboard on top of the BigQuery export.

202
Q

You have an application that runs on Compute Engine VM instances in a custom Virtual Private Cloud (VPC). Your company’s security policies only allow the use of internal IP addresses on VM instances and do not permit VM instances to connect to the internet. You need to ensure that the application can access a file hosted in a Cloud Storage bucket within your project. What should you do?

A

Enable private Google access on the subnet within the custom VPC.

203
Q

Your company completed the acquisition of a startup and is now merging the IT systems of both companies. The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is built to your organization’s standards. You want to accomplish this task with minimal effort. What should you do?

A

Use the projects.move method to move the project to your organization. Update the billing account of the project to that of your organization. Ensure that you have an organization administrator identity and access management (IAM) role assigned to you in both organizations.

204
Q

All development (Dev) teams in your organization are located in the United States. Each Dev team has its own Google Cloud project. You want to restrict access so that each Dev team can only create Cloud resources in the United States (US). What should you do?

A

Create a folder to contain all the Dev projects. Create an organization policy to limit resources in US locations.

205
Q

You are configuring Cloud DNS. You want to create DNS records to point home.mydomain.com and www.mydomain.com to the IP address of your Google Cloud load balancer. What should you do?

A

Create one A record to point mydomain.com to the load balancer and create two CNAME records to point www and home to mydomain.com, respectively.

206
Q

You have two subnets, Subnet A and Subnet B, in the default VPC. Your database servers are running in Subnet A, and your application servers and web servers are running in Subnet B. You want to configure a firewall rule that only allows database traffic from the application servers to the database servers. What should you do?

A

Create service accounts ‘sa_app’ and ‘sa_db’. Associate service account ‘sa_app’ with the application servers and the service account ‘sa_db’ with the database servers. Create an Ingress firewall rule to allow network traffic from Source service account ‘sa_app’ to Target service account ‘sa_db’.

207
Q

Your team wants to deploy a specific content management system (CMS) solution to Google Cloud. You need a quick and easy way to deploy and install the solution. What should you do?

A

Search for the CMS solution in Google Cloud Marketplace, then deploy the solution directly from Cloud Marketplace.

208
Q

You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

A

Create a billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

209
Q

Your continuous integration and delivery (CI/CD) server can’t execute Google Cloud actions in a specific project because of permission issues. You need to validate whether the used service account has the appropriate roles in the specific project. What should you do?

A

Open the Google Cloud console and check the identity and access management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.

210
Q

Your team is using Linux instances on Google Cloud. You need to ensure that your team logs into these instances in the most secure and cost-efficient way. What should you do?

A

Use the Cloud Compute SSH command with the tunnel through a proxy flag, allowing SSH traffic from the IP range 352.352.40.20/20 on Port 22.

211
Q

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google recommended practices when you grant the required permissions to this user. What should you do?

A

Create a custom role and add all the required compute.disks.list and compute.images.list permissions as included permissions. Grant the custom role to the user at the project level.

212
Q

You are running a web application on Cloud Run for a few hundred users. Some of your users complain that the initial web page of the application takes much longer to load than the following pages. You want to follow Google’s recommendations to mitigate the issue. What should you do?

A

Set the minimum number of instances for your Cloud Run service to three.

213
Q

You are building a data lake on Google Cloud for your Internet of Things (IoT) application. The IoT application has millions of sensors that are constantly streaming structured and unstructured data to your backend in the cloud. You want to build a highly available and resilient architecture based on Google recommended practices. What should you do?

A

Stream data to Pub/Sub and use Dataflow to send data to Cloud Storage.

214
Q

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20, and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

A

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/18.

215
Q

Your company requires all developers to have the same permissions regardless of the Google Cloud project they are working on. Your company’s security policy also restricts developer permissions to Compute Engine, Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

A

Add all developers to a Google Group in Cloud Identity. Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level. Assign the custom role to the Google Group.

216
Q

You are working for a hospital that stores its medical images in an on-premises data room. The hospital wants to use cloud storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to cloud storage. You need to design and implement a solution. What should you do?

A

Create a script that uses the Cloud Storage command to synchronize the on-premises storage with cloud storage. Schedule the script as a cron job.

217
Q

Your company has an internal application for managing transactional orders. The application is used exclusively by employees in a single physical location. The application requires strong consistency, fast queries, and guaranteed availability for multiple transactional updates. The first version of the application is implemented in PostgreSQL, and you want to deploy it to the cloud with minimal code changes. Which database is most appropriate for this application?

A

Cloud SQL

218
Q

Your company runs one batch process on an on-premises server that takes around 30 hours to complete. The task runs monthly, can be performed offline, and must be restarted if interrupted. You want to migrate this workload to the cloud while minimizing cost. What should you do?

A

Migrate the workload to a Compute Engine VM, starting and stopping the instance as needed.

219
Q

You are planning to migrate the following on-premises data management solutions to Google Cloud: one MySQL cluster for your main database, Apache Kafka for your event streaming platform, and one Cloud SQL for PostgreSQL database for your analytical and reporting needs. You want to implement Google recommended solutions for the migration. You need to ensure that the new solutions provide global scalability and require minimal operational and infrastructure management. What should you do?

A

Migrate from MySQL to Cloud Spanner, from Kafka to Pub/Sub, and from Cloud SQL for PostgreSQL to BigQuery.

220
Q

During a recent audit of your existing Google Cloud resources, you discovered several users with email addresses outside of your Google Workspace domain. You want to ensure that your resources are only shared with users whose email addresses match your domain. You need to remove any mismatched users and want to avoid having to audit your resources to identify mismatched users. What should you do?

A

Set an organizational policy constraint to limit identities by domain and then retroactively remove the existing mismatched users.

221
Q

Your application is running on Google Cloud in a Managed Instance Group (MIG). You notice errors in Cloud Logging indicating that one of the processes is not responsive. You want to replace this VM in the MIG quickly. What should you do?

A

Use the gcloud compute instance-groups managed recreate-instances command to recreate the VM.

222
Q

You want to permanently delete a pub/sub topic managed by Config Connector in your Google Cloud project. What should you do?

A

Use kubectl to delete the topic resource.

223
Q

Your company is using Google Workspace to manage employee accounts. Anticipated growth will increase the number of personnel from 100 employees to 1,000 employees within 2 years. Most employees will need access to your company’s Google Cloud account. The systems processes will need to support 10x growth without performance degradation, unnecessary complexity, or security issues. What should you do?

A

Turn on identity federation between Cloud Identity and Google Workspace, enforce multi-factor authentication for domain-wide delegation.

224
Q

You want to host your video encoding software on Compute Engine. Your user base is growing rapidly, and users need to be able to encode their videos at any time without interruption or CPU limitations. You must ensure that your encoding solution is highly available and you want to follow Google recommended practice to automate operations. What should you do?

A

Deploy your solution to an instance group and set the autoscaling based on CPU utilization.

225
Q

Your managed instance group raised an alert stating that new instance creation has failed to create new instances. You need to solve the instance creation problem. What should you do?

A

Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names.

226
Q

You have created an application that is packaged into a Docker image. You want to deploy the Docker image as a workload on Google Kubernetes Engine. What should you do?

A

Upload the image to Artifact Registry and create a Kubernetes deployment referencing the image.

227
Q

You are using Looker Studio to visualize a table from your data warehouse that is built on top of BigQuery. Data is appended to the data warehouse during the day. At night, the daily summary is recalculated by overwriting the table. You just noticed that the charts in Looker Studio are broken and you want to analyze the problem. What should you do?

A

Use the BigQuery interface to review the nightly job and look for any errors.

228
Q

You have a batch workload that runs every night and uses a large number of virtual machines (VMs). It is fault-tolerant and can tolerate some of the VMs being terminated. The current cost of VMs is too high. What should you do?

A

Run a test using simulated maintenance events. If the test is successful, you spot in two standard VMs when running future jobs.

229
Q

You created several resources in multiple Google Cloud projects. All projects are linked to different billing accounts. To better estimate future charges, you want to have a single visual representation of all costs incurred. You want to include new cost data as soon as possible. What should you do?

A

Configure billing data export to BigQuery and visualize the data in Looker Studio.

230
Q

Your company has a large quantity of unstructured data in different file formats. You want to perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it can be processed by a Dataflow job. What should you do?

A

Upload the data to Cloud Storage using the Cloud Storage command.

231
Q

You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?

A

Install and configure the Ops Agent and view the logs from Cloud Logging.

232
Q

You recently received a new Google Cloud project with an attached billing account where you will work. You need to create instances, set firewalls, and store data in Cloud Storage. You want to follow Google recommended practices. What should you do?

A

Use the Cloud services enable Compute.googleapis.com command to enable Compute Engine and the Cloud services enable Storage-api.googleapis.com command to enable the Cloud Storage APIs.

233
Q

Your application development team has created Docker images for an application that will be deployed on Google Cloud. Your team does not want to manage the infrastructure associated with this application. You need to ensure that the application can scale automatically as it gains popularity.

A

Upload Docker images to Artifact Registry and deploy the application on Cloud Run.

234
Q

You are migrating a business-critical application from your local data center into Google Cloud as part of your high availability strategy. You want to ensure that any data used by the application will be immediately available if a zonal failure occurs. What should you do?

A

Store the application data on a regional persistent disk. If an outage occurs, create an instance in another Zone with this disk attached.

235
Q

The devops group in your organization needs full control of compute engine resources in your development project. However, they should not have permission to create or update any other resources in the project. You want to follow Google’s recommendations for setting permissions for the devops group. What should you do?

A

Grant the basic role roles/viewer and the predefined role roles/compute.admin to the devops group.

236
Q

Your team is running an on-premises e-commerce application. The application contains a complex set of microservices written in Python, and each microservice is running on Docker containers. Configurations are injected by using environment variables. You need to deploy your current application to a serverless Google Cloud solution. What should you do?

A

Use your existing CI/CD pipeline, use the generated Docker images, and deploy them to Cloud Run. Update the configurations and the required endpoints.

237
Q

You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images, requiring a large amount of CPU time compared to memory. The other microservices are optimized for N2 standard machine types. You need to optimize your cluster so that all workloads are using resources efficiently. What should you do?

A

Create a node pool with compute-optimized machine type nodes for the image rendering microservice. Use the node pool with general-purpose machine type nodes for the other microservices.

238
Q

You are working in a team that has developed a new application that needs to be deployed on Kubernetes. The production application is business critical and should be optimized for reliability. You need to provision a Kubernetes cluster and want to follow Google recommended practices. What should you do?

A

Create a GKE Autopilot cluster and enroll the cluster in the stable release Channel.

239
Q

You are responsible for a web application on Compute Engine. You want your support team to be notified automatically if users experience high latency for at least 5 minutes. You need a Google recommended solution with no development cost. What should you do?

A

Create an alert policy to send a notification when the HTTP response latency exceeds the specified threshold.

240
Q

You have an on-premises data analytics set of binaries that processes data files in memory for about 45 minutes every midnight. The sizes of those data files range from 1 GB to 16 GB. You want to migrate this application to Google Cloud with minimal effort and cost. What should you do?

A

Lift and shift to a VM on Compute Engine, use an instance schedule to start and stop the instance.

241
Q

When you use the cloud container clusters command to create two Google Cloud Kubernetes GKE clusters, prod cluster and Dev cluster, where prod cluster is a standard cluster and Dev cluster is an autopilot cluster, and when you run the kubectl get nodes command, you only see the nodes from prod cluster. Which command should you run to check the node status for Dev cluster?

A

cloud container clusters get credentials Dev cluster; kubectl get nodes

242
Q

You recently discovered that your developers are using many service account Keys during their development process. While you work on a long-term Improvement, you need to quickly Implement a process to enforce shortlived service account credentials in your company. You have the following requirements :

  1. All service accounts requiring a key should be created in a centralized project called “pj-sa”.
  2. Service account keys should only be valid for one day.

You need a Google recommended solution that minimizes cost,
what should you?

A

Enforce IAM policy constraints allowing a 24-hour lifetime for service account keys: This option directly addresses the one-day validity requirement and can be a cost-effective solution. It’s in line with Google’s recommended practices.

243
Q

Your company is running a three-tier web application on virtual machines that use a MySQL database. You need to create an estimated total cost of cloud infrastructure to run this application on Google Cloud instances and Cloud SQL. What should you do?

A

Use the Google Cloud pricing calculator to determine the cost of every Google Cloud resource you expect to use. Use similar size instances for the web server and use your current on-premises machines as a comparison for Cloud SQL.

244
Q

You have a big table instance that consists of three nodes that store personally identifiable information (PII) data. You need to log all read or write operations, including any metadata or configuration reads of this database table, in your company’s security information and event management (SIEM) system. What should you do?

A

Navigate to the audit logs page in the Google Cloud console and enable data read, data write, and admin read logs for the Bigtable instance. Create a Pub/Sub topic as a Cloud Logging sync destination and add your SIEM as a subscriber to the topic.

245
Q

You want to set up a Google Kubernetes Engine cluster. Verifiable node identity and integrity are required for the cluster, and nodes cannot be accessed from the internet. You want to reduce the operational cost of managing your cluster, and you want to follow Google recommended practices. What should you do?

A

Deploy a private autopilot cluster.

246
Q

Your company wants to migrate their on-premises workloads to Google Cloud. The current on-premises workloads consist of
1. A Flask web application
2. A backend API
3. A scheduled long-running background job for ETL and Reporting

You need to keep operational costs low. You want to follow Google recommended practices to migrate these workloads to serverless solutions on Google Cloud. What should you do?

A

Migrate the web application to App Engine and the backend API to Cloud Run. Use Cloud Tasks to run your background job on Cloud Run.

247
Q

Your company is moving its continuous integration and delivery (CI/CD) pipeline to Compute Engine instances. The pipeline will manage the entire Cloud infrastructure through code. How can you ensure that the pipeline has appropriate permissions while your system is following security best practices?

A

Create multiple service accounts, one for each pipeline, with the appropriate minimal Identity and Access Management (IAM) permissions
Use a Secret Manager service to store the key files of the service accounts
Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

248
Q

Your application stores files on cloud storage by using the standard storage class. The application only requires access to files created in the last 30 days. You want to automatically save costs on files that are no longer accessed by the application. What should you do?

A

Create an object lifecycle on the storage bucket to change the storage class to Archive storage for objects with an age over 30 days.

249
Q

Your manager asks you to deploy a workload to a Kubernetes cluster. You are not sure of the workload’s resource requirements or how the requirements might vary depending on usage patterns, external dependencies, or other factors. You need a solution that makes cost-effective recommendations regarding CPU and memory requirements and allows the workload to function consistently in any situation. You want to follow Google recommended practices. What should you do?

A

Configure the horizontal pod autoscaler for availability and configure the vertical pod autoscaler recommendations for suggestions

250
Q

You need to migrate invoice
documents stored on premises to cloud
storage. The documents have the following
storage requirements:

  1. Documents must be kept for 5 years.
    2Up to five revisions of the same invoice document must be stored
    t o allow for Corrections.
  2. Documents older than 365 days should be moved to lower cost storage tiers.

You want to follow Google recommended practices to minimize your operational and development costs. What should you do?

A

Enable object versioning on the bucket, use lifecycle conditions to change the storage class of objects, set the number of versions, and delete old files.

251
Q

You’ve installed the Google Cloud CLI on your workstation and configured the proxy settings. However, you’re concerned about your proxy credentials potentially being logged in the cloud CLI logs. What action should you take to prevent your proxy credentials from being logged?

A

Set the CLOUDSDK_PROXY_USERNAME and CLOUDSDK_PROXY_PASSWORD properties using environment variables in your command-line tool.

252
Q

Your company developed an application to deploy on Google Kubernetes Engine. Certain parts of the application are not fault-tolerant and are allowed to have downtime. Other parts of the application are critical and must always be available. You need to configure a Google Kubernetes Engine cluster while optimizing for cost. What should you do?

A

Create a cluster with both a Spot VM node pool and a nods pool by using standard VMs. Deploy the critical deployments on the node pool by using standard VMs and the fault-tolerant deployments on the Spot VM node pool.

253
Q

You need to deploy an application in Google Cloud using serverless technology. You want to test a new version of the application with a small percentage of production traffic. What should you do?

A

Deploy the application to Cloud Run. Use gradual rollouts for traffic splitting.

254
Q

Your company’s security vulnerability management policy wants a member of the security team to have visibility into vulnerabilities and other OS metadata for a specific Compute Engine instance. This Compute Engine instance hosts a critical application in your Google Cloud project. You need to implement your company’s security vulnerability management policy. What should you do?

A

• Ensure that the OS Config agent is installed on the Compute Engine instance.
• Provide the security team member roles/osconfig.vulnerabilityReportViewer permission.

255
Q

You want to enable your development team to deploy new features to an existing Cloud Run service in production. To minimize the risk associated with a new revision, you want to reduce the number of customers who might be affected by an outage without introducing any development or operational costs to your customers. You want to follow Google-recommended practices for managing revisions to a service. What should you do?

A

Gradually roll out the new revision and split customer traffic between the revisions to allow rollback in case a problem occurs.

256
Q

You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?

A

Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

257
Q

After a recent security incident, your startup company wants better insight into what is happening in the Google Cloud environment. You need to monitor unexpected firewall changes and instance creation. Your company prefers simple solutions. What should you do?

A

Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts. Most Voted

258
Q

You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web-applications project. What should you do?

A

Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.

259
Q

Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?

A

Modify the existing subnet range to 172.16.20.0/24.

260
Q

You are building a backend service for an ecommerce platform that will persist transaction data from mobile and web clients. After the platform is launched, you expect a large volume of global transactions. Your business team wants to run SQL queries to analyze the data. You need to build a highly available and scalable data store for the platform. What should you do?

A

Create a multi-region Cloud Spanner instance with an optimized schema.

261
Q

You are in charge of provisioning access for all Google Cloud users in your organization. Your company recently acquired a startup company that has their own Google Cloud organization. You need to ensure that your Site Reliability Engineers (SREs) have the same project permissions in the startup company’s organization as in your own organization. What should you do?

A

Use the gcloud iam roles copy command, and provide the Organization ID of the startup company’s Google Cloud Organization as the destination.

262
Q

You need to extract text from audio files by using the Speech-to-Text API. The audio files are pushed to a Cloud Storage bucket. You need to implement a fully managed, serverless compute solution that requires authentication and aligns with Google-recommended practices. You want to automate the call to the API by submitting each file to the API as the audio file arrives in the bucket. What should you do?

A

Create a Cloud Function triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

263
Q

Your customer wants you to create a secure website with autoscaling based on the compute instance CPU load. You want to enhance performance by storing static content in Cloud Storage. Which resources are needed to distribute the user traffic?

A

An external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

264
Q

The core business of your company is to rent out construction equipment at large scale. All the equipment that is being rented out has been equipped with multiple sensors that send event information every few seconds. These signals can vary from engine status, distance traveled, fuel level, and more. Customers are billed based on the consumption monitored by these sensors. You expect high throughput – up to thousands of events per hour per device – and need to retrieve consistent data based on the time of the event. Storing and retrieving individual signals should be atomic. What should you do?

A

Ingest the data into Bigtable. Create a row key based on the event timestamp.

265
Q

You just installed the Google Cloud CLI on your new corporate laptop. You need to list the existing instances of your company on Google Cloud. What must you do before you run the gcloud compute instances list command? (Choose two.)

A

A AND E - Run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI. + Run gcloud config set project $my_project to set the default project for gcloud CLI.

266
Q

You are planning to migrate your on-premises data to Google Cloud. The data includes:

• 200 TB of video files in SAN storage
• Data warehouse data stored on Amazon Redshift
• 20 GB of PNG files stored on an S3 bucket

You need to load the video files into a Cloud Storage bucket, transfer the data warehouse data into BigQuery, and load the PNG files into a second Cloud Storage bucket. You want to follow Google-recommended practices and avoid writing any code for the migration. What should you do?

A

Use Transfer Appliance for the videos, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

267
Q

Your company requires that google cloud products are created with a specific configuration to comply with your company’s security policies . You need to implement a mechanism that will allow software engineers at your company to deploy and update Google Cloud products in a preconfigured and approved manner. What should you do ?

A

Create terraform modules that utilize the google cloud terraform provider to configure google cloud products . Store and share the modules in a source code repository

268
Q

you have two gcp projects project-a with vpc vpc-a(10.0.0.0/16) and project-b with vpc
vpc-b (75.0.67.34/16) . Your frontend application resides in vpc-a and backend API services are deployed in vpc-b . You need to efficiently and cost effectively handle communication between these google cloud projects . You also want to follow google recommended practises . What should you do ?

A

create vpc network peering between vpc-a and vpc-b

269
Q

You use cloud logging to capture application logs . You now need to use SQL to analyze applicgation logs in cloud logging by following google recommended practices, What should you do ?

A

enable log analytics for log bucket and create export dataset to bigquery

270
Q

You want to deploy a new containerized application into Google Cloud by using a Kubernetes manifest. You want to have full control over the Kubernetes deployment, and at the same time, you want to minimize configuring infrastructure. What should you do?

A

Deploy the application on GKE Standard.

271
Q

Your team is building a website that handles votes from a large user population. The incoming votes will arrive at various rates. You want to optimize the storage and processing of the votes. What should you do?

A

Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.

272
Q

You are deploying an application on Google Cloud that requires a relational database for storage. To satisfy your company’s security policies, your application must connect to your database through an encrypted and authenticated connection that requires minimal management and integrates with Identity and Access Management (IAM). What should you do?

A

Deploy a Cloud SQL database and configure IAM database authentication. Access the database through the Cloud SQL Auth Proxy.

273
Q

You have two Google Cloud projects: project-a with VPC vpc-a (10.0.0.0/16) and project-b with VPC vpc-b (10.8.0.0/16). Your frontend application resides in vpc-a and the backend API services are deployed in vpc-b. You need to efficiently and cost-effectively enable communication between these Google Cloud projects. You also want to follow Google-recommended practices. What should you do?

A

Create VPC Network Peering between vpc-a and vpc-b.

274
Q

Your company is running a critical workload on a single Compute Engine VM instance. Your company’s disaster recovery policies require you to back up the entire instance’s disk data every day. The backups must be retained for 7 days. You must configure a backup solution that complies with your company’s security policies and requires minimal setup and configuration. What should you do?

A

. Configure daily scheduled persistent disk snapshots with a retention period of 7 days.

275
Q

Your company requires that Google Cloud products are created with a specific configuration to comply with your company’s security policies. You need to implement a mechanism that will allow software engineers at your company to deploy and update Google Cloud products in a preconfigured and approved manner. What should you do?

A

Create Terraform modules that utilize the Google Cloud Terraform Provider to configure Google Cloud products. Store and share the modules in a source code repository.

276
Q

You are a Google Cloud organization administrator. You need to configure organization policies and log sinks on Google Cloud projects that cannot be removed by project users to comply with your company’s security policies. The security policies are different for each company department. Each company department has a user with the Project Owner role assigned to their projects. What should you do?

A

Organize projects under folders for each department. Configure both organization policies and log sinks on the folders.

277
Q

You are deploying a web application using Compute Engine. You created a managed instance group (MIG) to host the application. You want to follow Google-recommended practices to implement a secure and highly available solution. What should you do?

A

Use HTTP(S) load balancing for the MIG and an A record in your DNS public zone with the load balancer’s IP address.

278
Q

You have several hundred microservice applications running in a Google Kubernetes Engine (GKE) cluster. Each microservice is a deployment with resource limits configured for each container in the deployment. You’ve observed that the resource limits for memory and CPU are not appropriately set for many of the microservices. You want to ensure that each microservice has right sized limits for memory and CPU. What should you do?

A

Configure a Vertical Pod Autoscaler for each microservice.

279
Q

Your company uses BigQuery to store and analyze data. Upon submitting your query in BigQuery, the query fails with a quotaExceeded error. You need to diagnose the issue causing the error. What should you do? (Choose two.)

A

B AND D = . Use the INFORMATION_SCHEMA views to analyze the underlying issue. + . Search errors in Cloud Audit Logs to analyze the issue.

280
Q

Your team has developed a stateless application which requires it to be run directly on virtual machines. The application is expected to receive a fluctuating amount of traffic and needs to scale automatically. You need to deploy the application. What should you do?

A

Deploy the application on a managed instance group and configure autoscaling.

281
Q

Your web application is hosted on Cloud Run and needs to query a Cloud SQL database. Every morning during a traffic spike, you notice API quota errors in Cloud SQL logs. The project has already reached the maximum API quota. You want to make a configuration change to mitigate the issue. What should you do?

A

Modify the maximum number of Cloud Run instances.

282
Q

You need to deploy a single stateless web application with a web interface and multiple endpoints. For security reasons, the web application must be reachable from an internal IP address from your company’s private VPC and on-premises network. You also need to update the web application multiple times per day with minimal effort and want to manage a minimal amount of cloud infrastructure. What should you do?

A

Deploy the web application on Cloud Run with Private Service Connect configured.

GCP:ACE (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions