GCP Flashcards
1
Q
Your company decided to use the Google Kubernetes Engine service with local PersistentVolumes to handle its batch processing jobs. These jobs only run overnight to process non-critical workloads and can be restarted at any time. You are tasked to
deploy the most cost-effective solution
What should you do?
A. Create a Google Kubernetes Engine Cluster. Enable autoscaling to automatically create and delete nodes.
B. Create a Google Kubernetes Engine Cluster and enable the node
auto-provisioning feature.
C. Create a Google Kubernetes Engine Cluster and enable Vertical Pod Autoscaling using the VerticalPodAutoscaler custom resource.
D. Create a Google Kubernetes Engine Cluster. Create a node pool and select the Enable preemptible nodes checkbox
A
D. Create a Google Kubernetes Engine Cluster. Create a node pool and select the Enable preemptible nodes checkbox.
2
Q
Your team manager wants you to configure a group of autohealing Compute Engine instances that run on multiple zones for network load balancing. You want to accomplish this task with the least amount of steps possible. You have to ensure that all the Compute Engine instances are automatically recreated if they are unresponsive after three attempts with a 10-second interval.
What should you do?
A. Build a managed instance group. Activate the autoscaling setting.
B. Provision an HTTP load balancer that references its backend to an existinginstance group. Specify a balancing mode and set the maximum RPS (request per second) to 10.
C. Build a managed instance group. Set the Autohealing health check to healthy (HTTP).
D. Provision an HTTP load balancer that references its backend to an existing instance group. Configure the health check to healthy (HTTP).
A
C. Build a managed instance group. Set the Autohealing health check to healthy (HTTP).
3
Q
Your team is developing a new application for your company. You want to use Jenkins as your CI/CD solution for your application. You want to deploy this solution as quickly as possible.
What should you do?
A. Deploy a new Kubernetes Engine cluster. Use kubectl to create deployment using Jenkins docker image.
B. Create an instance template with the Jenkins installation script as a startup script. Use the template to launch a managed instance group.
C. Go to Google Cloud Marketplace in the GCP console and search for Jenkins. Select and configure the appropriate Jenkins solution.
D. Deploy a new Compute Engine instance. Download and execute the Jenkins installer.
A
C. Go to Google Cloud Marketplace in the GCP console and search for Jenkins. Select and configure the appropriate Jenkins solution.
4
Q
Your company has a live application deployed in a Google App Engine environment. You developed a new version of the application containing several new enhancements and you want to test it first with only 1% of users before entirely switching over to the
new version.
What should you do?
A. Use gcloud app create to deploy a new app with –traffic-split flag to split the traffic between the current and new app.
B. Deploy a new application that includes the enhancements. Configure App Engine to split traffic between the two applications.
C. Use gcloud app deploy to deploy a new version of the app with
–traffic-split flag to split the traffic between the current and new version.
D. Deploy a new version of the app that includes the enhancements. Configure App Engine to split traffic between the current and new versions.
A
D. Deploy a new version of the app that includes the enhancements. Configure App Engine to split traffic between the current and new versions.
5
Q
Your team leader wants to get an email whenever a file is deleted from a Cloud Storage bucket. In relation to this, you created a program that accomplishes this requirement
and you are now ready to deploy.
What should you do?
A. Create a batch job with your code by using Cloud Dataflow. Configure the bucket as a data source.
B. Deploy your program to Google Kubernetes Engine (GKE). Configure a cron job to trigger the application using Cloud Pub/Sub.
C. Utilize App Engine and configure Cloud Scheduler to trigger the application using a Pub/Sub subscription.
D. Deploy your code to Google Cloud Functions. Set a Cloud Storage trigger when an object is deleted from your bucket.
A
D. Deploy your code to Google Cloud Functions. Set a Cloud Storage trigger when an object is deleted from your bucket.
6
Q
Your company is planning to launch a web application to App Engine. It is crucial that your application can dynamically scale up and down based on the request rate. Moreover, you want to ensure that you have at least 3 unoccupied VMs at all times.
How should you configure your App Engine to support these scaling requirements?
A. Configure Basic Scaling setting with min_instances set to 3.
B. Configure Basic Scaling setting with max_instances set to 3.
C. Set Automatic Scaling settings with min_idle_instances set to 3.
D. Set Manual Scaling settings to 3 instances.
A
C. Set Automatic Scaling settings with min_idle_instances set to 3.
7
Q
You are in charge of maintaining your organization’s GCP infrastructure and you need to perform some significant changes. You have to find a way to share the proposed changes with your entire team before deployment. You want to follow Google’s
recommended best practices.
What should you do?
A. Create Deployment Manager templates to define the proposed changes and save them into a Cloud Storage bucket.
B. Create Deployment Manager templates to define the proposed changes and save them into Cloud Source Repositories.
C. Manually perform the changes in the development environment. Execute the gcloud compute instances list command and store the displayed output into Cloud Source Repositories.
C. Manually perform the changes in the development environment. Execute the gcloud compute instances list command and store the displayed output into a Cloud Storage bucket.
A
A. Create Deployment Manager templates to define the proposed changes and save them into a Cloud Storage bucket.
8
Q
You developed an application packaged in a container image and you are ready to deploy it on the Google Cloud Platform. You want to deploy the application to a cost-effective GCP service that provides a stable out-of-the-box HTTPS endpoint. The application only receives few client requests per day.
What should you do?
A. Use Cloud Run to deploy the container image.
B. Use a Compute Engine instance with Cloud IAP enabled to deploy the container image.
C. Use App Engine Flexible to deploy the container image.
D. Use Google Kubernetes Engine to create a cluster with horizontal pod scaling and cluster autoscaling enabled. Deploy the container image on the infrastructure you just created.
A
A. Use Cloud Run to deploy the container image.
9
Q
You are training four newly hired junior cloud engineers in your company. Part of their training is to familiarize themselves with Cloud Spanner. You need to provide access to these four users to view and edit table information on a Cloud Spanner instance found in the test project.
What should you do?
A. Using the gcloud tool, execute the gcloud iam roles describe
roles/spanner.databaseUser command on Cloud Shell. Attach the users to the role.
B. Using the gcloud tool, execute the gcloud iam roles describe
roles/spanner.databaseUser command on Cloud Shell. Attach the users to a newly created Google group and add the group to the role.
C. Using the gcloud tool, execute the gcloud iam roles describe
roles/spanner.viewer –project my-project command on Cloud Shell.
Attach the users to the role.
D. Using the gcloud tool, execute the gcloud iam roles describe
roles/spanner.viewer –project my-project command on Cloud Shell.
Attach the users to a newly created Google group and add the group to the role
A
B. Using the gcloud tool, execute the gcloud iam roles describe
roles/spanner.databaseUser command on Cloud Shell. Attach the users to a
newly created Google group and add the group to the role.
10
Q
Your team is building a cost-effective Disaster Recovery solution for your company.
You are tasked to archive 5 TB worth of data in Cloud Storage that is only accessed quarterly.
What should you do?
A. Use the Archive Storage class to store the data.
B. Use the Coldline Storage class to store the data.
C. Use the Nearline Storage class to store the data.
D. Use the Standard Storage class to store the data.
A
B. Use the Coldline Storage class to store the data.
11
Q
You are asked to get a list of all the enabled APIs for all of the GCP Projects on your company’s GCP account as preparation for the upcoming audit. You have been instructed to use the gcloud command-line tool to complete this task.
What should you do?
A. Use the gcloud projects get-list command to get the Project ID. Invoke the gcloud services list –project {ProjectID} command to get the list of enabled GCP APIs.
B. Use the gcloud projects list command to get the Project ID. Invoke the gcloud services list –project {ProjectID} command to get the list of enabled GCP APIs.
C. Use the gcloud projects list command to get the Project ID. Invoke the gcloud services list –available –project {ProjectID} command to
get the list of enabled GCP APIs.
D. Use gcloud projects get-list command to get the Project ID. Invoke the gcloud services list –available –project {ProjectID} command to
get the list of enabled GCP APIs.
A
B. Use the gcloud projects list command to get the Project ID. Invoke the gcloud services list –project {ProjectID} command to get the list of enabled GCP APIs.
12
Q
Your team is hosting a website on Google Cloud Storage (GCS). On the website, you provided links to PDF files found on your Cloud Storage. You noticed that the browser always prompts you to save the files on your local machine when you click the links on
the website. You want the PDF files to be displayed on the browser window right away instead of prompting users to save the files locally.
What should you do?
A. Activate Cloud CDN on your website
B. Edit the PDF objects in Cloud Storage and reconfigure their Content-Type metadata into application/pdf.
C. Activate the “Share publicly” setting on all the PDF objects in the bucket.
D. Add a new label to the GCS bucket with a key of Content-Type and value of application/pdf.
A
B. Edit the PDF objects in Cloud Storage and reconfigure their Content-Type metadata into application/pdf.
13
Q
Your team is building an application hosted on a VM instance in Compute Engine. The application is designed to enhance and resize images. You want your application to be able to upload images on a Cloud Storage bucket. You want to do this with the least
number of steps possible without compromising security.
What should you do?
A. Create a Service Account with roles/storage.objectCreator (Storage Object Creator) role. Configure the VM instance to use the Service Account.
B. Create a Service Account with roles/storage.objectAdmin (Storage Object Admin) role. Configure the VM instance to use the Service Account.
C. Verify if the VM instance and the bucket have the same region.
D. Set the Cloud Storage bucket to public and configure the objects to have a randomized suffix in its object name.
A
A. Create a Service Account with roles/storage.objectCreator (Storage Object Creator) role. Configure the VM instance to use the Service Account.
14
Q
Your company has decided to use Google Cloud Platform to host their applications. Your network team created a VPC on GCP and connected it to your company’s on-premises network via a secure VPN. You need to create a GCE instance to host an application. This instance should not be accessible from the public Internet.
What should you do?
A. Create the GCE instance outside the VPC.
B. Create the GCE instance with a deny-all egress firewall.
C. Create the GCE instance and enable the Private Google Access option.
D. Create the GCE instance with no External IP address.
A
D. Create the GCE instance with no External IP address.
15
Q
Your development team wants to migrate an on-premises web application, which is hosted in multiple VMs, to the Google Cloud Platform. The new cloud infrastructure must be highly available and can scale automatically based on CPU usage. You must also be able to access the new VMs directly. You need to implement this with the least number of steps while maintaining operational efficiency.
What should you do?
A. Build an instance template on Compute Engine. Using the template, configure a managed instance group that scales vertically based on your preferred time of day.
B. Build an instance template on Compute Engine. Using the template, configure a managed instance group and enable autoscaling.
C. Deploy your application using Google Kubernetes Engine and enable horizontal pod autoscaling.
D. Research and implement third-party tools to build an automated workflow that scales the application up and down accordingly based on Cloud Monitoring CPU usage metrics.
A
B. Build an instance template on Compute Engine. Using the template, configure a managed instance group and enable autoscaling.
16
Q
Your company created a Dataproc cluster running on a Virtual Private Cloud (VPC) network within a single subnet with a CIDR range of 10.0.0.0/24. You have to deploy new VMs that can communicate with your existing cluster. However, there are neither private nor alias IP addresses available that you can use in the VPC network. You must deploy the VMs with the least possible steps.
What should you do?
A. Expand the existing subnet range to 10.0.0.0/23.
B. Set up a new Secondary CIDR Range in the VPC. Configure the VMs to use IPs from the new CIDR range.
C. Set up a new VPC network and deploy the new VMs to it. Activate VPC Peering between the new VPC network and the Dataproc cluster’s VPC network.
D. Set up a new VPC network and deploy the new VMs to it with a subnet of 10.0.1.0/24. Perform VPC Network Peering between the Dataproc VPC network and the new VPC network. Set up a custom Route exchange between these networks.
A
C. Set up a new VPC network and deploy the new VMs to it. Activate VPC Peering between the new VPC network and the Dataproc cluster’s VPC network.
17
Q
Your team deployed a new application on a VM instance on Google Compute Engine. You are expecting large traffic in the next coming weeks as your application becomes more popular. You want to launch multiple copies of your instance to handle this
traffic. You want to follow Google’s recommended best practices.
What should you do?
A. Create a snapshot of your instance’s base VM. Use the snapshot to launch new instances.
B. Create a snapshot of your instance boot disk. Create a custom image from the snapshot. Use the custom image to launch new instances.
C. Create a snapshot of your instance’s base VM. Use the snapshot to handle the large traffic.
D. Create a snapshot of your instance boot disk. Create a custom image from the snapshot to handle the large traffic
A
B. Create a snapshot of your instance boot disk. Create a custom image from the snapshot. Use the custom image to launch new instances.
18
Q
Your team wants to deploy several VMs on Compute Engine. Part of the plan is to spin up the required VMs using a dedicated YAML file to ensure that all VMs are deployed correctly and consistently. You want to follow Google’s best practices.
Which method should you choose?
A. Managed Instance Group
B. Unmanaged Instance Group
C. Deployment Manager
D. Cloud Composer
A
A. Managed Instance Group
19
Q
You have created a GCP project in the development environment to build and test various applications. Cloud SQL, Compute Engine, and Cloud Storage service are being heavily utilized by your applications and other system components. You need to set up a production environment for the company’s enterprise applications. You have to
ensure that the new production environment cannot connect or share resources with the development environment via any routes.
What should you do?
A. Create a new subnet for the production environment under the existing VPC. Verify if the necessary APIs are enabled. Ask the developer team to deploy the application in the new subnet.
B. Create a new project for the production environment. Enable APIs necessary for the application. Establish VPC Peering between the VPC on development and production environment. Ask the developer team to deploy the application in the
new project.
C. Create a new project as a host project for the Shared VPC. Attach the VPC from the development environment to the host project. Ask the developer team to deploy the application in the host project.
D. Create a new project for the production environment. Enable APIs necessary for the application. Ask the developer team to deploy the application in the new
project.
A
D. Create a new project for the production environment. Enable APIs necessary for the application. Ask the developer team to deploy the application in the new
project.
20
Q
You are sharing a GCP project with your company’s mobile app development team. You are ready to deploy your web application, and you need to provision a Compute Engine instance. You don’t want the mobile development team accidentally deleting your instance from the project.
What should you do?
A. Provision a Preemptible VM.
B. Utilize a Shielded VM.
C. Activate the Enable Deletion Protection setting in the Compute Engine page using the Cloud Console.
D. Build an instance group
A
C. Activate the Enable Deletion Protection setting in the Compute Engine page using the Cloud Console.
21
Q
You have a microservice running on Google Kubernetes Engine (GKE) cluster running on asia-southeast1 region. The GKE cluster has the autoscaler feature enabled. You realized that you need to monitor containers in your cluster. You have to deploy a monitoring pod on each node of your cluster that transmits container metrics to a
third-party cloud monitoring system.
What should you do?
A. Create a Service object that references the monitoring pod.
B. Deploy the monitoring pod into your GKE cluster inside a StatefulSet object.
C. Reference the monitoring pod into your cluster in a Deployment object.
D. Deploy the monitoring pod into your cluster in a DaemonSet object.
A
D. Deploy the monitoring pod into your cluster in a DaemonSet object.
22
Q
Your team recently created a new deployment that creates two replicas in a Google Kubernetes Engine (GKE) cluster configured with a single preemptible node pool. After waiting for a few minutes, you noticed that the Pod’s status is still Pending after running kubectl get pods command.
What is the most likely cause of this issue? (*theres a screen shot in docs)
A. The pending Pod’s resource request is too small for the single cluster node
B. The pending Pod is stuck and can’t be scheduled to a node. There are too many Pods running in the cluster, and you don’t have enough node resources left.
C. The pending Pod was scheduled on a node that was getting preempted. You need to wait while it’s being scheduled to a new node.
D. The service account used for the node pool does not have the right permissions to pull images from Container Registry
A
B. The pending Pod is stuck and can’t be scheduled to a node. There are too many Pods running in the cluster, and you don’t have enough node resources left.
23
Q
Your company has deployed multiple GCP resources that span across various projects and are linked to different billing accounts. Your finance team is currently analyzing cost patterns on your company’s cloud expenditure and asked you to provide a
dashboard to visualize all the costs incurred. You want to finish the task as quickly as possible.
What should you do?
A. Export your Cloud Billing data to BigQuery. Use the Data Catalog to visualize the Cloud Billing data.
B. Export your Cloud Billing data to BigQuery. Use Google Data Studio to visualize the data.Go to the Billing page in the GCP Console.
C. Export your Cloud Billing data to a CSV file.
D. Use the GCP Pricing Calculator to analyze the cost.
A
B. Export your Cloud Billing data to BigQuery. Use Google Data Studio to visualize the data.Go to the Billing page in the GCP Console.
24
Q
You are the head engineer of a software development organization, and you control the IAM access for everyone. You granted the Project Creator role to all engineering team users, but you don’t want them to link projects to a billing account. It is also
essential that the finance team can link projects to a billing account, but they should not have the privilege to access or perform changes on any resource in the organization.
What should you do?
A. Grant the Billing Account User role on the billing account to all of the users in the finance team.
B. Grant the Billing Account User role on the billing account to all of the users in the engineering team.
C. Grant the Billing Account User role on the billing account as well as the Project Billing Manager role on the organization to all of the users in the finance team.
D. Grant the Billing Account User role on the billing account as well as the Project Billing Manager role on the organization to all of the users in the engineering team.
A
C. Grant the Billing Account User role on the billing account as well as the Project Billing Manager role on the organization to all of the users in the finance team.
25
You are working for a finance company and are assigned to configure a relational database solution on Google Cloud Platform to support a small set of operational data in a particular geographical location. Your company requires the database to be highly
reliable and supports point-in-time recovery while minimizing operating costs.
What should you do?
A. Choose Cloud Spanner and set up your instance as multi-regional.
B. Choose Cloud SQL (MySQL) and select the create failover replicas option.
C. Choose Cloud SQL (MySQL) and verify that the enable binary logging option is selected.
D. Choose Cloud Spanner and configure your instance with 2 nodes.
C. Choose Cloud SQL (MySQL) and verify that the enable binary logging option is selected.
26
Your company has a mission-critical application deployed on Google Compute Engine.
You want to avoid the accidental deletion of this instance.
What should you do?
A. Create a snapshot of the instance.
B. Turn on the Deletion Protection feature on the instance.
C. Add the tag DeletionProtection with the value set to Yes.
D. Deploy the application in a Managed Instance Group and add a health check to monitor the instance.
B. Turn on the Deletion Protection feature on the instance.
27
You are assigned to set up a solution that stores a large amount of financial data in a cost-effective manner and archive it after 30 days. The data will only be accessed once a year for auditing purposes. As part of compliance objectives, you also have to
ensure that the data is stored in a single geographic location.
What should you do?
A. Create a Cloud Storage bucket and set its location to Multi-Regional. Configure an object lifecycle rule that transitions the bucket into Cloud Storage after 30 days.
B. Create a Cloud Storage bucket and set its location to Regional. Configure an object lifecycle rule that transitions the bucket into Coldline Storage after 30 days.
C. Create a Cloud Storage bucket and set its location to Dual-Region. Configure an object bucket lifecycle rule that transitions the bucket into Nearline Storage after 30 days.
D. Create a Cloud Storage bucket and set its location to Regional. Configure an object lifecycle rule that transitions the bucket into Nearline Storage after 30 days
B. Create a Cloud Storage bucket and set its location to Regional. Configure an object lifecycle rule that transitions the bucket into Coldline Storage after 30 days.
28
You have three different projects for your development, staging, and production environments in your GCP account. You want to use Cloud SDK to develop a script that generates a list of all Google Compute Engine instances in your account.
What should you do?
A. Create three different configurations using the gcloud config command for your development, staging, and production environments. Use the gcloud compute instances list command to list all the compute resources for each configuration.
B. Create one configuration for your development, staging, and production environments using the gcloud config command. Use the gsutil compute instances list command to list all the compute resources in your account.
C. Use the bq compute instances list command to list all the available
compute resources in your entire account.
D. Set up three different configurations using the gsutil config command for your development, staging, and production environments. Invoke the gsutil compute instances list command to list all the compute resources for each configuration.
D. Set up three different configurations using the gsutil config command for your development, staging, and production environments. Invoke the gsutil compute instances list command to list all the compute resources for each configuration.
29
You are setting up a new billing account for your team. You want to link this billing account with an existing project called proj-dev.
What should you do?
A. Confirm that you have the Billing Administrator role for the billing account. Using the Cloud Console, link the existing billing account to the proj-dev project.
B. Confirm that you have the Billing Administrator role for the billing account. Create a new project. Link the newly created project to the existing billing account.
C. Confirm that you have the Project Billing Manager role for the project. Using the Cloud Console, link the existing billing account to the proj-dev project.
D. Confirm that you have the Project Billing Manager role for the project. Create a new billing account. Update the proj-dev project to use the billing account that
you just created
D. Confirm that you have the Project Billing Manager role for the project. Create a new billing account. Update the proj-dev project to use the billing account that
you just created
30
You created a test project on GCP and defined the appropriate IAM roles that will be used by the users. You now need to replicate the exact same IAM roles on the production project. Your manager wants you to accomplish this task with the fewest possible steps.
What should you do?
A. Using the Cloud Shell, run the gcloud iam roles copy command and specify the production project as the destination project.
B. Utilize the CREATE ROLE functionality in the Cloud Console and select all applicable permissions.
C. Utilize the CREATE ROLE FROM SELECTION functionality found in the IAM page.
D. Using the Cloud Shell, run the gcloud iam roles copy command and specify your organization as the destination organization.
A. Using the Cloud Shell, run the gcloud iam roles copy command and specify the production project as the destination project.
31
Your organization plans to backup a 32 GB CCTV footage stored in a single file to a Nearline Storage bucket. For this task, a 1 Gbps WAN connection has been dedicated for your exclusive use. You want to maximize your connection speed as much as possible so you can upload the files to Cloud Storage at the quickest time.
What do you think should be done to upload the file rapidly?
A. Lower down the value of the TCP window size when you upload the file to Cloud Storage.
B Using gsutil, activate parallel composite uploads during the file transfer for faster upload.
C. Set the storage class of the bucket from Nearline to Regional.
D. Use the Cloud Storage browser in the Google Cloud Console to upload the file.
B Using gsutil, activate parallel composite uploads during the file transfer for faster upload.
32
You are hosting a web application in your on-premises data center that needs to fetch files from a Cloud Storage bucket. However, your company strictly implements security policies that prohibit your bare-metal servers from having a public IP address or having any access to the Internet. You want to follow Google-recommended
practices to provide your web application the necessary access to Cloud Storage.
What should you do?
A.)1. Issue nslookup command on your command-line to get the IP address for
storage.googleapis.com.
2.Discuss with the security team why you need to have a public IP address for
the servers.
3.Explicitly allow egress traffic from your servers to the IP address of
storage.googleapis.com.
B.)1. Migrate your on-premises server using Migrate for Compute Engine
(formerly known as Velostrata).
2.Provision an internal load balancer (ILB) that uses storage.googleapis.com
as a backend
3.Set up the new instances to use the ILB as a proxy to connect to the Cloud
Storage.
C.) 1. Create a VPN tunnel connecting to a custom-mode VPC in the Google Cloud
Platform using Cloud VPN.
2. Create a Compute Engine instance and install the Squid Proxy Server. Use the
custom-mode VPC as the location.
3. Configure your on-premises servers to use the new instance as a proxy to
access the Cloud Storage bucket
D.)1.Create a VPN tunnel to GCP using Cloud VPN or Cloud Interconnect
2. Use Cloud Router to create a custom route advertisement for
199.36.153.4/30. Announce that network to your on-premises network via
VPN tunnel
3. Configure the DNS server in your on-premises network to resolve
*.googleapis.com as a CNAME to restricted.googleapis.com.
D.)1.Create a VPN tunnel to GCP using Cloud VPN or Cloud Interconnect
2. Use Cloud Router to create a custom route advertisement for
199.36.153.4/30. Announce that network to your on-premises network via
VPN tunnel
3. Configure the DNS server in your on-premises network to resolve
*.googleapis.com as a CNAME to restricted.googleapis.com.
33
You are working for a tech company that plans to deploy a web application that serves HTTPS requests. You need to build a managed instance group that scales automatically for this application. Part of the requirement is to have the capability to
recreate unhealthy virtual instances automatically.
What should you do?
A. Build an instance template and add a startup script that sends a message to a Cloud Pub/Sub topic via Cloud Function that triggers recreating the instance if it is unhealthy.
B. Configure a health check and set the Protocol settings to HTTPS. Define the appropriate health criteria. Use this health check when you create a managed instance group.
C. In the Instance Group page, create a managed instance group and select Multi-Zone instead of Single-Zone.
D. Add the health-check label with a value of https when creating an instance template.
B. Configure a health check and set the Protocol settings to HTTPS. Define the appropriate health criteria. Use this health check when you create a managed instance group.
34
Your DevOps team plans to provision a Jenkins server for their project on the Google Cloud Platform. The server needs to be deployed quickly, so the group decided to minimize the number of steps necessary to accomplish this task.
What should you do?
A. Download the Jenkins Java WAR file and deploy it to App Engine Standard.
B. Build a new Compute Engine instance and install Jenkins through the Google Cloud Shell command-line interface.
C. Provision a Kubernetes cluster on Compute Engine and build a deployment using the Jenkins Docker image.
D. Utilize the GCP Marketplace to launch the Jenkins server
D. Utilize the GCP Marketplace to launch the Jenkins server
35
Your company is running an application in a Managed Instance Group (MIG) on Compute Engine. You noticed that your MIG fails to create new instances even though the scale-up was triggered. You want to maintain your instance count defined on the
instance template to efficiently handle the traffic.
What should you do? (Choose two.)
A. Ensure that the instance template used by the instance group is valid.
B. Ensure that the tags applied on instances are the same.
C. Ensure that disks.autoDelete property is set to False in the instance
template.
D. Ensure that snapshots from boot disks are successfully created.
E. Ensure that existing persistent disks and instances have different names
A. Ensure that the instance template used by the instance group is valid.
E. Ensure that existing persistent disks and instances have different names
36
You have an App Engine application built by your team that is running in your development environment. The application has successfully passed the necessary regression tests and you need to build a new project for your production environment.
What should you do?
A. Deploy your application again using the gcloud tool and supply the project parameter named production to create the new project.
B. Utilize the gcloud tool to build a new project named production. Deploy your team’s application to the newly created project.
C. Create a new project named production using the Cloud Console. Set up a Deployment Manager configuration file that replicates the current App Engine deployment into the newly created project.
D. Utilize the gcloud tool to build the new project named production. Copy the deployed application to the new project.
B. Utilize the gcloud tool to build a new project named production. Deploy your team’s application to the newly created project.
37
You have two groups of Compute Engine instances deployed in separate GCP projects. Each group of instances runs on its own VPC. You need to enable network traffic between the two groups.
What should you do?
A. Check if you have the Project Administrator role for both projects. Set up a new Shared VPC host project that will automatically add all the instances from the two projects.
B. Check if you have the Project Administrator role for both projects. Build two new VPCs and deploy all the instances.
C. Confirm that both projects belong to a single Organization. Set up a new Shared VPC host project from the first project and send a request to allow the Compute Engine instances from the other project to use this Shared VPC.
D. Confirm that both projects belong to a single Organization. Set up a new VPC and add all the instances from the two projects.
C. Confirm that both projects belong to a single Organization. Set up a new Shared VPC host project from the first project and send a request to allow the Compute Engine instances from the other project to use this Shared VPC.
38
Your development team deployed a CRM web application on a managed instance group (MIG) and is ready to serve customers all over the world. You continuously update your application every week, and you are preparing to deploy the new version
gradually. You need to ensure that during the deployment, the available number of instances does not decrease.
What should you do?
A. On the Cloud Console, choose the managed instance group you want to update and click Rolling Action. Set the Maximum surge to 0 and Maximum unavailable to 1.
B. On the Cloud Console, select the managed instance group you want to update and click Rolling Action. Configure the Maximum surge to 1 and Maximum unavailable to 0.
C. Build a new managed instance group using an instance template that uses your web application's recent image version. Use a load balancer to direct traffic to the newly created instance group. Delete the old instance group once the instances on the new managed instance group are healthy.
D. Build a new instance template that contains the latest version of your application. Update the managed instance group to use this new template.
Delete the instances in the managed instance group to rebuild new instances using the new instance template.
B. On the Cloud Console, select the managed instance group you want to update and click Rolling Action. Configure the Maximum surge to 1 and Maximum unavailable to 0.
39
Your company wants to review the IAM users and roles assigned on a specific Google Cloud project named finance-project.
What should you do to fulfill this requirement?
A. Set up the Cloud SDK to run the gcloud iam roles list command and review the output.
B. Using the Cloud Console, navigate to the finance-project, and go to the IAM section. Under the 'Permissions' tab, review the Members and Roles section.
C. Using the Cloud Console, navigate to the finance-project, and go to the Roles section. From there, review the Roles and Status of the project.
D. Use the Cloud Shell to run the gcloud iam service-accounts list command and then review the output.
B. Using the Cloud Console, navigate to the finance-project, and go to the IAM section. Under the 'Permissions' tab, review the Members and Roles section.
40
You are a team leader for a project that builds a microservice application on a Google Kubernetes (GKE) cluster. You need to ensure that this GKE cluster is up-to-date and always supports a stable version of Kubernetes.
What should you do?
A. In the Cloud Console, activate the Node Auto-Repair feature for your Google Kubernetes Engine cluster.
B. In the Cloud Console, activate the Node Auto-Upgrades configuration for your Google Kubernetes Engine cluster.
C. Explicitly define the latest available cluster version for your Google Kubernetes Engine when creating the cluster.
D. When choosing a node image for the GKE cluster on Cloud Console, select the default value of "Container-Optimized OS (cos)".
B. In the Cloud Console, activate the Node Auto-Upgrades configuration for your Google Kubernetes Engine cluster.
41
Your company strictly observes the best practice of giving least-privilege access to control the GCP projects and other resources. Your Site Reliability Engineers (SRE) team recently opened a support case to Google Cloud Support. The SREs should be able to grant permission requests from the Google Cloud Support team while working through the case. You want to follow Google-recommended practices.
What should you do?
A. Create a Google group named sre-group. Use the predefined
roles/accessapproval role and assign it to the newly created group.
B. Use the predefined roles/iam.organizationRoleAdmin role and assign it to the accounts of your SREs.
C. Use the predefined roles/iam.roleAdmin role and assign it to the accounts of your SREs.
D. Create a Google group named sre-group. Use the predefined
roles/iam.roleAdmin role and assign it to the newly created group.
A. Create a Google group named sre-group. Use the predefined
roles/accessapproval role and assign it to the newly created group.
42
Your company conducts a quarterly security audit as part of its effort to comply with government requirements. You are assigned to provide IAM access to some external auditors on your company's BigQuery audit logs. You want to follow Google-recommended practices.
What should you do?
A. Create two new custom IAM roles. Add the auditors' group to the new custom roles.
B. Attach the auditors' accounts to the logging.viewer and
bigQuery.dataViewer predefined IAM roles.
C. Create two new custom IAM roles. Add the auditor user accounts to the new custom roles.
D. Create a new Google group for the auditors. Attach the logging.viewer and bigQuery.dataViewer predefined IAM roles to the newly created group.
D. Create a new Google group for the auditors. Attach the logging.viewer and bigQuery.dataViewer predefined IAM roles to the newly created group.
43
You created a Dockerfile, and you plan to deploy it on Google Kubernetes Engine (GKE).
What should you do?
A. Build a docker image using the Dockerfile and upload it to Cloud Storage. Then, create a Deployment YAML file to point to the image you uploaded on Cloud Storage. Utilize the kubectl command to create the deployment using the YAML file.
B. Run kubectl app deploy dockerfilename on Cloud Console.
C. Build a docker image using the Dockerfile and upload it to the Google Container Registry (GCR). Create a Deployment YAML file to point to the image you just uploaded on the Container Registry. Utilize the kubectl command to create the deployment using the YAML file.
D. Run gcloud app deploy dockerfilename on Cloud Console.
C. Build a docker image using the Dockerfile and upload it to the Google Container Registry (GCR). Create a Deployment YAML file to point to the image you just uploaded on the Container Registry. Utilize the kubectl command to create the deployment using the YAML file.
44
Your company has an application hosted on a VM instance in Google Compute Engine. This application is configured to persist its system logs on the disk. You want to stream the application logs to troubleshoot a user-reported issue.
What should you do?
A. Connect to the instance using the interactive serial console and download the application logs.
B. Configure the Cloud Logging Agent on the VM instance to collect the logs. Navigate to Cloud Logging in the GCP console to view the logs.
C. In the GCP Console, go to Cloud Logging and view the application logs.
D. Configure a custom script that copies application logs to a Cloud Storage Bucket
B. Configure the Cloud Logging Agent on the VM instance to collect the logs. Navigate to Cloud Logging in the GCP console to view the logs.
45
Your company is reviewing its GCP expenses in order to determine ways to reduce its monthly expenditure. You are tasked to decommission all resources on one particular
GCP project that is used in the previous testing activities, and you need to do this with the fewest possible steps. You want to follow Google-recommended practices.
What should you do?
A. 1. Confirm that you have the Organizational Administrators IAM role for this project.
● 2. Select the project in the GCP console, find the resources, and delete them.
B. 1. Confirm that you have the Organizational Administrator IAM role for this project.
● 2. Select the project in the GCP console, go to Admin > Settings, click Shut down and enter the Project ID to confirm the deletion.
C. 1. Confirm that you have the Project Owners IAM role for this project.
● 2. Select the project in the GCP console, find the resources, and delete them.
D. 1. Confirm that you have the Project Owners IAM role for this project.
● 2. Select the project in the GCP console, go to Admin > Settings, click Shut down and enter the Project ID to confirm the deletion.
D. 1. Confirm that you have the Project Owners IAM role for this project.
● 2. Select the project in the GCP console, go to Admin > Settings, click Shut down and enter the Project ID to confirm the deletion.
46
You are developing an application that stores and processes files from thousands of producers. Data security and expiration of obsolete data are your top priorities in building the application. Moreover, the application has to:
Provide producers write permissions to data for 30 minutes only.
Delete files that are stored for over 45 days
Restrict producers from reading files they don’t own.
The development timeline for the application is short, and you need to ensure that the solution has a low maintenance overhead.
Which strategies should you implement to satisfy the requirements? (Choose two.)
A. Create an object lifecycle configuration to delete Cloud Storage objects after 45 days of storage.
B. Generate signed URLs to give limited-time access for producers to store objects.
C. Set up an SFTP server on a Compute Engine instance and create user accounts for each producer.
D. Deploy a Cloud function that triggers a countdown timer of 45 days and deletes the expired objects.
E. Create a script written in Python that loops through all objects inside a Cloud Storage bucket and deletes objects that are 45 days old.
A. Create an object lifecycle configuration to delete Cloud Storage objects after 45 days of storage.
B. Generate signed URLs to give limited-time access for producers to store objects.
47
You are currently investigating an issue that requires you to access and analyze the audit logs of several GCP projects. You need to run custom queries against these logs for the past 60 days in the easiest way possible. You want to follow Google-recommended best practices.
What should you do?
A. In the Google Cloud Console, export the audit logs from Cloud Logging and select Cloud Storage as the Sink destination. Create a bucket lifecycle rule to remove objects after 60 days.
B. Export the audit logs from Cloud Logging and select a BigQuery dataset as the Sink destination. Configure the table expiration to 60 days.
C. Go to Cloud Logging and select all projects in the search filter.
D. Configure a Cloud Function that will export all the logs to a Cloud Engine instance from Cloud Logging. Delete the Cloud Engine instance after 60 days
B. Export the audit logs from Cloud Logging and select a BigQuery dataset as the Sink destination. Configure the table expiration to 60 days.
48
Your company has hundreds of user identities in Microsoft Active Directory. Your company needs to retain the use of your Active Directory as your source of truth for user identities and authorization. Your company requires to have full control over the
employees’ Google accounts for all Google services as well as your Google Cloud Platform (GCP) organization.
What should you do?
A. Require each employee to set up a Google account using the self signup process. Mandate each employee to use their corporate email address and password.
B. Export the company’s users from the Microsoft Active Directory as a CSV file.
Import them into Google Cloud Identity via the Admin Console.
C. Utilize Google Cloud Directory Sync (GCDS) to synchronize users into Google Cloud Identity.
D. Write a custom script using the Cloud Identity APIs to synchronize users to Cloud Identity.
C. Utilize Google Cloud Directory Sync (GCDS) to synchronize users into Google Cloud Identity.
49
Your company is in the process of merging with another company that also uses GCP as its cloud infrastructure. Both companies manage hundreds of GCP projects and have their own billing accounts. Your company’s finance officer asked you to
consolidate the costs for both GCP Organizations into a single invoice and submit it by tomorrow.
What should you do?
A. Attach your Organization's billing account to the projects of the other Organization.
B. Open a support case to Google to migrate the projects of the other company into your Organization. Link your billing account to your Organization.
C. Configure a third GCP Organization linked to a new billing account. Migrate the projects of both Organizations into the newly created Organization by creating a support case to Google. Configure the projects to use the newly created billing account.
D. Create a BigQuery dataset and configure both Organizations to export their billing data into the same dataset.
A. Attach your Organization's billing account to the projects of the other Organization.
50
You have a Google Cloud Platform (GCP) project in your organization that is used for managing confidential files and documents. There is a need to delegate the management of buckets and files in Cloud Storage to your co-workers. You want to follow Google-recommended practices.
Which of the following IAM roles should you grant to your co-workers?
A. Storage Object Creator
B. Storage Object Admin
C. Storage Admin
D. Project Editor
C. Storage Admin
51
In your organization, employees pay for their Google Cloud Platform projects using their personal credit cards, which will be refunded by the finance team at the end of each month. Your management team decided to centralize all projects under a new single billing account.
What should you do?
A. In the GCP Console, navigate to the Resource Manage section and move all projects to the root Organization.
B. Using the GCP Console, create a new billing account and set up a payment method. Afterward, associate all of the projects in this newly created billing account.
C. Create a support ticket with Google Support and be ready for their call when they ask to share the corporate credit card details over the phone.
D. Send an email to cloud-billing@google.com detailing your bank account information. Afterward, request a corporate billing account for your organization.
A. In the GCP Console, navigate to the Resource Manage section and move all projects to the root Organization.
52
Your mobile app development company uses G Suite to run your regular daily communication and team collaboration. You need to give some of these G Suite users access to a newly created GCP project.
What should you do?
A. Create a Google group called gcp-console-sers@tutorialsdojo.com. Wait for Google Cloud to automatically grant the permissions needed to access the project once users join the newly created group.
B. Generate a CSV file that contains a list of users. Utilize the gcloud tool to convert the CSV into Google Cloud accounts.
C. Go to the IAM page and grant the G Suite email addresses with appropriate IAM roles to access the project.
D. Activate the Cloud Identity API in the GCP Console for your domain.
C. Go to the IAM page and grant the G Suite email addresses with appropriate IAM roles to access the project.
53
You are using Cloud SDK to interact with Google Cloud services. You have two GCP accounts and you need to create new Compute Engine instances on each account using the command-line interface. The first account runs on the us-west1 region and zone while the other runs on us-central1.
What should you do?
A. Set up two configurations and activate both of them using the gcloud config configurations activate [CONFIG_NAME] command. Launch the Compute Engine instances for both the accounts simultaneously using the gcloud compute instances start command.
B. Set up two configurations with the appropriate properties by running the gcloud config configurations command. Issue the gcloud compute instances start command to create the instances.
C. Set up two configurations with the appropriate properties by running the gcloud config configurations command. Issue the gcloud config configurations activate [CONFIG_NAME] command to switch accounts when running the necessary commands to create the Compute Engine instances.
D. Set up two configurations and activate both of them using the gcloud config configurations activate [CONFIG_NAME] command. Create the instances for both the accounts at the same time using the gcloud config list command.
C. Set up two configurations with the appropriate properties by running the gcloud config configurations command. Issue the gcloud config configurations activate [CONFIG_NAME] command to switch accounts when running the necessary commands to create the Compute Engine instances
54
You are working for a startup that wants to track the operational costs of its cloud resources. The startup has three separate projects on the Google Cloud Platform. You need to analyze your cost estimates on a daily and monthly basis as well as by service
type across all projects for the next six months. You also want to use standard query syntax for cost analysis.
What should you do?
A. Enable billing data export on your Cloud Billing Account. Export your billing to a Cloud Storage bucket and import it into Cloud Bigtable to conduct the analysis.
B. Enable billing data export on your Cloud Billing Account. Export your billing report to a BigQuery dataset and write SQL queries for analysis.
C. Enable billing data export on your Cloud Billing Account. Export your billing report to a Cloud Storage bucket and import it into Google Sheets to conduct the analysis.
D. Enable billing data export on your Cloud Billing Account. Export your billing transactions to a JSON file, and produce a summary report using a desktop tool
B. Enable billing data export on your Cloud Billing Account. Export your billing report to a BigQuery dataset and write SQL queries for analysis.
55
Your company’s finance team needs to back up data on a Cloud Storage bucket for disaster recovery purposes. You want to comply with Google’s recommended practices in implementing the solution for this task.
Which storage class do you think would be the best option?
A. Coldline Storage
B. Archive Storage
C. Multi-Regional Storage
D. Nearline Storage
B. Archive Storage
56
A company hires you to set up its test and production VMs on Google Compute Engine. You have to ensure that all the production virtual machines are located on a separate subnet from the test workloads. Moreover, you need to configure the VMs in such a
way that they can communicate using Internal IP addresses in a VPC without the need to create additional custom routes.
How should you set up your VPC to comply with these requirements?
A. Set up a custom mode VPC configured with 2 subnets on different regions. Configure the subnets to have different CIDR ranges.
B. Set up 2 custom mode VPCs, with a single subnet on each one. Create each subnet in the same region and with the same CIDR range.
C. Set up 2 custom mode VPCs, each with a single subnet and similar CIDR ranges. Create each subnet in a different region.
D. Set up a custom mode VPC configured with 2 subnets on the same region. Configure the subnets with a similar CIDR range.
A. Set up a custom mode VPC configured with 2 subnets on different regions. Configure the subnets to have different CIDR ranges.
57
Your team is maintaining an application that receives SSL/TLS-encrypted traffic on port 443. Your customers from various parts of the globe are reporting latency issues when accessing your application.
What should you do?
A. Use an External HTTP(S) Load Balancer in front of your application.
B. Use an SSL Proxy Load Balancer in front of your application.
C. Use a TCP Proxy in front of your application.
D. Use an Internal HTTP(S) Load Balancer in front of your application
B. Use an SSL Proxy Load Balancer in front of your application.
58
It’s the end of the quarter and you are required to generate a report for data found in your BigQuery dataset. You want to execute a query in BigQuery, but you suspect it will return a large chunk of records. You need to find out how much your query would cost
before running it, especially since you are using on-demand pricing.
What should you do?
A. Switch to Flat-Rate pricing and run the query. Once done, change it back to on-demand pricing to avoid any additional cost.
B. Execute a SELECT COUNT (*) query against your BigQuery dataset to get an idea of the total number of records your query will look through. Convert the total number of records to dollars using the Pricing Calculator.
C. Use Cloud Shell to execute a dry run query to determine the number of bytes read for the query. Utilize the Pricing Calculator to convert that bytes estimate to dollars.
D. Utilize Cloud Shell to execute a dry run query to determine the number of bytes returned by your query. Utilize the Pricing Calculator to convert that bytes
estimate to dollars.
C. Use Cloud Shell to execute a dry run query to determine the number of bytes read for the query. Utilize the Pricing Calculator to convert that bytes estimate to dollars.
59
Your company runs hundreds of projects on the Google Cloud Platform. You are tasked to store the company’s audit log files for three years for compliance purposes. You need to implement a solution to store these audit logs in a cost-effective manner.
What should you do?
A. Develop a custom script written in Python that utilizes the Logging API to duplicate the logs generated by Operations Suite to BigQuery.
B. Create a Cloud Storage bucket using a Coldline storage class. Then on the Logs Router, create a sink. Choose Cloud Storage as a sink service and select the bucket you previously created.
C. On the Logs Router, create a sink with Cloud BigQuery as a destination to save audit logs.
D. Configure all resources to be a publisher on a Cloud Pub/Sub topic and publish all the message logs received from the topic to Cloud SQL to store the logs.
B. Create a Cloud Storage bucket using a Coldline storage class. Then on the Logs Router, create a sink. Choose Cloud Storage as a sink service and select the bucket you previously created.
60
You deploy a web application running on a Cloud Engine instance in the asia-northeast1-a zone. You want to eliminate the risk of possible downtime due to the failure of a single Compute Engine zone while minimizing costs.
What should you do?
A. Deploy another instance in asia-northeast1-b. Balance the load in
asia-northeast1-a, and asia-northeast1-b using an Internal Load Balancer (ILB).
B. Deploy multiple instances on asia-northeast1-a, asia-northeast1-b, and asia-northeast1-c. Balance the load across all zones using an Internal Load Balancer (ILB).
C. Create an instance template and deploy a managed instance group in a single zone. Configure a health check to monitor the instances.
D. Create a snapshot schedule for your instance. Set up a Cloud Monitoring Alert to monitor the instance. Restore the instance using the snapshot when the instance goes down.
A. Deploy another instance in asia-northeast1-b. Balance the load in
asia-northeast1-a, and asia-northeast1-b using an Internal Load Balancer (ILB).
61
Your company stores all of its container images on Google Container Registry in a project called td-devops. The development team created a Google Kubernetes Engine (GKE) cluster on a separate project and needs to download container images from the
td-devops project.
What should you do to ensure that Kubernetes can download the images from Container Registry securely?
A. In the Google Cloud Storage, configure the ACLs on each container image stored and provide read-write access to the service account used by the GKE nodes.
B. Generate a P12 key for a new service account. Use the generated key as an imagePullSecrets in Kubernetes to access the private registry.
C. Upon creating the GKE cluster, set the Access Scopes setting under Node Security to Allow Full Access to all Cloud APIs.
D. In the td-devops project, assign the Storage Object Viewer IAM role to the service account used by the GKE nodes.
D. In the td-devops project, assign the Storage Object Viewer IAM role to the service account used by the GKE nodes.
62
You have designed a cloud solution that uses a wide variety of Google Cloud Platform Services. Your company agreed to use these cloud services but asked you to provide an estimated cost of running this cloud solution. You need to submit an estimate to properly forecast future expenses.
What should you do?
A. Deploy the solution on Google Cloud Platform. Leave the solution running for a week. Go to the GCP console and navigate to the Billing Report page. Multiply the 1-week cost by four to determine the monthly costs.
B. Provide a list of GCP services of your cloud solution and check its pricing details on the GCP products pricing page. Create a Google Sheet with a monthly estimate of GCP services cost.
C. Provide a list of GCP services of your cloud solution. Submit an email to GCP support with your GCP services list and ask them to estimate the monthly cost.
D. Provide a list of GCP services of your cloud solution. Use the GCP Pricing Calculator and input the necessary details to get an estimated monthly cost for each GCP product.
D. Provide a list of GCP services of your cloud solution. Use the GCP Pricing Calculator and input the necessary details to get an estimated monthly cost for each GCP product.
63
You built an application and deployed it to the Google Cloud Platform. This application needs to connect to a licensing server that you plan to host on Compute Engine. You configure the application to connect to the licensing server on the 10.146.0.17 IP
address. You intend to keep this setting intact to avoid manually reconfiguring the application.
What should you do?
A. Start the licensing server with an automatically generated ephemeral IP address. Afterward, promote it to a static external IP address set to 10.0.146.0.17.
B. Do not assign an IP while creating the licensing server on Compute Engine to automatically get an ephemeral internal IP address.
C. Using the Cloud Console, create a Compute Engine instance. Configure the External IP as a static IP address and set it to 10.146.0.17.
D. Using the Cloud Console, create a Compute Engine instance. Configure the Primary internal IP as a static internal IP address and set it to 10.146.0.17
D. Using the Cloud Console, create a Compute Engine instance. Configure the Primary internal IP as a static internal IP address and set it to 10.146.0.17
64
You have been assigned to launch three new Compute Engine instances in your test environment in GCP. These servers should accept incoming TCP traffic on port 8080 and can be managed using RDP. You want to follow Google-recommended best
practices in configuring an instance firewall.
What should you do?
A. Create an egress firewall rule using gcloud compute firewall-rules create command and specify the network tags and ports.
B. Create a network tag for the three instances. Create an ingress firewall rule that allows TCP traffic in ports 8080 and 3389 then specify the instance’s network tag as target tags.
C. Add a network tag for the three instances. Create an ingress firewall rule that allows UDP traffic in ports 8080 and 636 then specify the instance’s network tag as target tags.
D. Create a firewall rule to allow incoming TCP traffic in ports 8080 and 3389 then leave the firewall target to default.
B. Create a network tag for the three instances. Create an ingress firewall rule that allows TCP traffic in ports 8080 and 3389 then specify the instance’s network tag as target tags
65
You plan to implement new changes to a previous production deployment using the Google Cloud Deployment Manager. You want to achieve this without any resource downtime during the deployment.
What command should you utilize to accomplish this?
A. gcloud deployment-manager deployments update --config
{deployment-config-path}
B. gcloud deployment-manager deployments create --properties
{deployment-config-path}
C. gcloud deployment-manager resources describe {resource-name>} --deployment {deployment-name}
D. gcloud deployment-manager resources list --deployment
{deployment-name}
A. gcloud deployment-manager deployments update --config
{deployment-config-path}
66
Your company has a 5 TB file in Parquet format stored in Google Cloud Storage bucket. A team of analysts, who are only proficient in SQL, needs to temporarily access these files to run ad-hoc queries. You need a cost-effective solution to fulfill their request as soon as possible.
What should you do?
A. Create external tables in BigQuery. Use the Cloud Storage URL as a data source.
B. Import the data to Memorystore to provide quick access to Parquet data in the Cloud Storage bucket.
C. Load the data in BigTable. Give the analysts the necessary IAM roles to run SQL queries.
D. Load the data in a new BigQuery table. Use the bq load command, specify PARQUET using the --source_format flag, and include a Cloud Storage
A. Create external tables in BigQuery. Use the Cloud Storage URL as a data source.
67
Your company wants to set up a new Virtual Private Cloud (VPC) behind a firewall to secure the data egress. You have to filter the traffic flowing out of the VPC. You need to configure the VPC to have the least possible number of open egress ports.
What should you do?
A. Create a firewall rule that blocks all egress traffic with a high-priority number of 200. Create another firewall rule that allows egress traffic for specific ports needed with a high-priority number of 65534.
B. Create a firewall rule that allows inbound traffic to specific ports needed and set its priority to 1000. Remove both the implied allow egress rule and implied allow egress rule.
C. Create a firewall rule that blocks all egress traffic with a low-priority number of 65534. Create another firewall rule that allows egress traffic for specific ports needed with a high-priority number set to 200.
D. Create a firewall rule that blocks all egress traffic and allows specific ports with the same priority number.
C. Create a firewall rule that blocks all egress traffic with a low-priority number of 65534. Create another firewall rule that allows egress traffic for specific ports needed with a high-priority number set to 200.
68
You have installed the gcloud command-line interface (CLI) on your windows machine and have successfully authenticated it with your corporate Google Account. You are working on a project in which resources are mostly deployed in asia-southeast1-a zone. You want to deploy instances on this region but you don’t want to define its zone every time you run a gcloud command.
What should you do?
A. On your CLI, set the asia-southeast1-a as the default compute zone by using the gcloud config set zone ZONE command.
B. On your Windows machine, go to the C:\Windows\System32\drivers\etc directory. Open your host file and add this line: asia-southeast1-a compute/zone.
C. On your CLI, set the default compute zone by running the gcloud init command.
D. On your CLI, set the asia-southeast1-a as the default compute zone by using the gcloud config set compute/zone ZONE command
D. On your CLI, set the asia-southeast1-a as the default compute zone by using the gcloud config set compute/zone ZONE command
69
Your team is testing a new application hosted on a general-purpose Compute Engine instance that uses Zonal SSD Persistent Disk and Google Cloud Storage (GCS) to process and store data. Upon testing, you found out that the application encounters
excessive disk read throttling. You have to provide the maximum disk throughput to improve performance in a cost-effective manner.
What should you do?
A. Create a disk partition on the Zonal SSD Persistent Disk.
B. Increase the number of CPU cores of the instance.
C. Use a Local SSD instead of Zonal SSD Persistent Disk.
D. Use a Regional SSD Persistent Disk instead of Zonal SSD Persistent Disk
C. Use a Local SSD instead of Zonal SSD Persistent Disk.
70
You have a technical report stored in an object in Google Cloud Storage (GCS) that needs to be evaluated by an external auditing firm. The report contains sensitive information, so you decided to limit the object’s access to four hours only. The auditing
firm does not own a Google account where you can delegate the necessary privileges to access the object. You must implement a secure approach to do this task and have it done with the fewest possible steps.
What should you do?
A. Set up the storage bucket to host a static website and submit the object’s URL to the auditing firm. Manually delete the object from the Cloud Storage bucket after four hours.
B. Provision a new bucket dedicated for the auditing firm. Move the object to the new bucket. Create an object lifecycle policy to remove the object after four hours.
C. Generate a signed URL and specify the expiration to four hours. Share the signed URL with the auditing firm.
D. Edit the object’s permission to allow allUsers access. Add an object lifecycle policy to delete the object after four hours.
C. Generate a signed URL and specify the expiration to four hours. Share the signed URL with the auditing firm
71
A new auditor joins your organization and you need to add him to your team’s Google Cloud project. The auditor needs to have read access permissions but should be restricted from modifying resources in the project.
How should you grant the necessary permissions to the new auditor?
A. Build a custom IAM role with view-only project permissions and attach it to the user's account.
B. Build a custom IAM role with view-only service permissions and attach it to the user's account.
C. Use the built-in IAM project Viewer role to grant the required permissions. Attach this role to the user's account.
D. Use the built-in existing IAM service Viewer role to grant the required permissions. Attach this role to the user's account.
C. Use the built-in IAM project Viewer role to grant the required permissions. Attach this role to the user's account.
72
Your company just deployed a major version release of its web application to Google App Engine. A few hours later, users started reporting a critical issue with the latest release. You decided to quickly revert back to the previous version of the application
while your team is investigating the issue.
What should you do?
A. Deploy the working version of your web app as a separate application. Go to App Engine settings and configure the application to route 100% of the traffic to the original version.
B. Use the Cloud Console to go to the App Engine Versions page. Choose the previous web application version to split the traffic between the current and previous versions.
C. On the Cloud Shell, execute the command gcloud components restore.
D. Use the Cloud Console to go to the App Engine Versions page. Reroute 100% of the traffic to the previous working version of the application.
D. Use the Cloud Console to go to the App Engine Versions page. Reroute 100% of the traffic to the previous working version of the application.
73
A company has an application that uses Cloud Spanner as its backend database. After a few months of monitoring your Cloud Spanner resource, you noticed that the incoming traffic of the application has a predictable pattern. You need to set up
automatic scaling that will scale up or scale down your Spanner nodes based on the incoming traffic.
What should you do?
A. Set up an alerting policy on Cloud Monitoring that sends an email alert to on-call Site Reliability Engineers (SRE) when the Cloud Spanner CPU metric exceeds the desired threshold. The SREs shall scale the resources up or down appropriately.
B. Set up an alerting policy on Cloud Monitoring that sends an alert to a webhook when the Cloud Spanner CPU metric is over or under your desired threshold. Create a Cloud Function that listens to this HTTP webhook and resizes Spanner resources appropriately.
C. Set up an alerting policy on Cloud Monitoring that sends an email alert to Google Cloud Support email when the Cloud Spanner CPU metric exceeds the desired threshold. The Google Support team shall scale the resources up or down appropriately.
D. Build a cron job that executes based on a schedule to review Cloud Monitoring metrics, and then resize the Spanner resources appropriately.
B. Set up an alerting policy on Cloud Monitoring that sends an alert to a webhook when the Cloud Spanner CPU metric is over or under your desired threshold. Create a Cloud Function that listens to this HTTP webhook and resizes Spanner resources appropriately.
74
You just finished building an application and you deployed it on a Google Kubernetes Engine (GKE) cluster in a custom-mode VPC in the us-west1 region. The application exposes a TCP endpoint backed with several replicas of the application. You are running another Compute Engine instance located in the same region as your
cluster, but in a different custom-mode VPC called td-compute-network. The CIDR ranges of the two VPCs do not overlap. You have to establish a connection between your Compute Engine instance and the application on GKE. You want to reduce the amount of work required to accomplish the task. What should
you do?
A● 1. Provision a Service of type LoadBalancer that uses the application’s Pods as its backend.
● 2. Set the externalTrafficPolicy value to Cluster in the Service
configuration file.
● 3. Configure the Compute Engine instance to use the IP address of the load balancer that you just created.
B● 1. Provision a Service of type LoadBalancer that uses the application’s Pods as its backend.
● 2. Use Cloud Armor Security Policy to the load balancer to whitelist the internal IP addresses of the instances found in the managed instance group.
● 3. Connect the two VPCs using VPC Peering.
● 4. Configure the Compute Engine instance to use the IP address of the load balancer that you just created.
C● 1. Provision a Service of type NodePort that uses the application’s Pods as its backend.
● 2. Build a new Compute Engine instance named proxy with two network interfaces, each assigned to a VPC.
● 3. Manage iptables rule on the new instance to forward traffic coming from the td-compute-network to the GKE nodes.
4. Set up your Compute Engine instance to use the address of proxy in td-compute-network as endpoint.
D● 1. Provision a Service of type LoadBalancer that uses the application’s Pods as its backend.
● 2. Set the annotation for the service’s metadata to service:
cloud.google.com/load-balancer-type: "Internal"
● 3. Connect the two VPCs using VPC Peering.
●4. Configure the Compute Engine instance to use the IP address of the load balancer that you just created.
D● 1. Provision a Service of type LoadBalancer that uses the application’s Pods as its backend.
● 2. Set the annotation for the service’s metadata to service:
cloud.google.com/load-balancer-type: "Internal"
● 3. Connect the two VPCs using VPC Peering.
●4. Configure the Compute Engine instance to use the IP address of the load balancer that you just created.
75
You are working as a Cloud Security Officer in your company. You are asked to log all read requests and activities on your Cloud Storage bucket where you store all of the company’s sensitive data. You need to enable this feature as soon as possible because
this is also a compliance requirement that will be checked on the next audit.
What should you do?
A.Enable Data Access audit logs for Cloud Storage
B. Enable Identity-Aware Proxy feature on the Cloud Storage.
C. Enable Certificate Authority (CA) Service on the bucket.
D. Enable Object Versioning on the bucket
A. Enable Data Access audit logs for Cloud Storage
76
A senior developer in your company is assigned to manage and create service accounts for your company’s Google Cloud projects. You have to make sure that the assigned personnel is granted the least permissions to manage the projects.
What should you do?
A. Grant the roles/iam.roleAdmin role to the senior developer’s account.
B. Grant the roles/iam.serviceAccountUser role to the senior developer’s account.
C. Grant the roles/iam.serviceAccountAdmin role to the senior developer’s account.
D. Grant the roles/iam.serviceAccountKeyAdmin role to the senior developer’s account.
C. Grant the roles/iam.serviceAccountAdmin role to the senior developer’s account.
77
Your company is having its yearly audit. You need to grant access to a group of auditors who want to view the folders and project hierarchy on your company’s GCP account. You want to follow Google-recommended best practices.
What should you do?
A. Grant roles/browser role to the auditors individually.
B. Create a group for the auditors. Grant roles/viewer role to the group.
C.Create a group for the auditors. Grant roles/browser role to the group.
D. Grant roles/viewer role to the auditors individually.
C. Create a group for the auditors. Grant roles/browser role to the group.
78
All employees in your organization have a Google account. Your operations team
needs to manage over a hundred Compute Engine instances. The members of this team must be provided only with administrative access to the VM instances. Moreover, the security team wants to audit instance logins and ensure that the provision of credentials is operationally efficient.
What should you do?
A. Create a new SSH key pair. Issue the private key to each member of the operations team. Configure the public key as a project-wide public SSH key in your project. Lastly, allow project-wide public SSH keys on each instance.
B. Require each member of the team to generate a new SSH key pair. Have them send their public key to you. Utilize a configuration management tool to deploy those SSH keys on each instance.
C. Create a new SSH key pair. Issue the private key to each member of the team. Configure the public key in the metadata of each instance.
D. Require each member of the team to generate a new SSH key pair and to add the public key to their respective Google account. Then grant the compute.osAdminLogin role to the corresponding Google group of the operations team.
D. Require each member of the team to generate a new SSH key pair and to add the public key to their respective Google account. Then grant the compute.osAdminLogin role to the corresponding Google group of the operations team.
79
Your company is having its yearly business audit. Your external editor needs to review the Data Access and Access Transparency audit logs of your Google Cloud Platform account. Your company also wants to keep a copy of these logs as a reference for the
next audit. You want to follow Google-recommended practices on granting Cloud IAM roles.
What should you do?
A. Grant the external auditor a custom role that has logging.logs.list and logging.logServices.list permissions. Create a log sink and export the logs to BigQuery.
B. Grant the external auditor the Project Viewer IAM role. Create a log sink and export the logs to BigQuery.
C. Grant the external auditor the roles/logging.viewer IAM role. Create a log sink and export the logs to Cloud Storage.
D. Grant the external auditor the roles/logging.privateLogViewer IAM role. Create a log sink and export the logs to Cloud Storage.
D. Grant the external auditor the roles/logging.privateLogViewer IAM role. Create a log sink and export the logs to Cloud Storage
80
You are running a group of Compute Engine instances on the Google Cloud Platform. You want to set up the necessary permissions to allow all of your instances to write data into a specific Cloud Storage bucket. You want to follow Google-recommended practices.
What should you do?
A. Using the GCP Console, create a service account with an IAM role of storage.objectCreator. Use it for your GCE instances to get write
permissions on the bucket.
B. Create an authentication request from your application to access Google API with https://www.googleapis.com/auth/compute as an access scope.
C. Create an authentication request from your application to access the Google API with https://www.googleapis.com/auth/devstorage.read_only as an
access scope.
D. Using the GCP Console, create a service account with an IAM role of storage.objectAdmin. Use it for your GCE instances to get write permissions on the bucket.
A. Using the GCP Console, create a service account with an IAM role of storage.objectCreator. Use it for your GCE instances to get write
permissions on the bucket.
81
Your company just started using Google Cloud Platform to host their application. You are tasked to ensure that the finance department can only view the billing reports of all of the company’s GCP projects. You want to follow Google’s recommended best practices.
What should you do?
A. Create a group for the finance department. Grant the roles/billing viewer role to the finance group.
B. Grant the roles/billing user role to finance users individually.
C. Create a group for the finance department. Grant the roles/billing user role to the finance group.
D. Grant the roles/billing viewer role to finance users individually
A. Create a group for the finance department. Grant the roles/billing viewer role to the finance group.
82
Your Data Analytics team is requesting access to datasets found in BigQuery. You need to ensure that the team is only able to perform read operations on the datasets in BigQuery but they should be restricted from deleting them. You want to utilize a Google-recommended solution that follows best practices.
What should you do as an administrator?
A. Create a Google group and build a custom role with delete permissions removed. Add the group to the newly created custom role.
B. Build a custom role and attach it to the accounts of the Data Analytics users.
C. Attach the roles/bigquery.dataEditor role to the user accounts of the Data Analytics team.
D. Attach the roles/bigquery.user role to the user accounts of the Data Analytics team.
D. Attach the roles/bigquery.user role to the user accounts of the Data Analytics team.
83
You developed a decoupled application that is set to be deployed on a Kubernetes cluster on Google Kubernetes Engine (GKE). You need to be able to run on high IOPS for the application’s high-performance computing and you also need to use disk snapshots as part of your disaster recovery strategy. You used the GCP Pricing
Calculator to generate a cost estimate and entered some information regarding your cluster, such as the number of nodes, average days, and average hours.
What should you do next?
A. Request for quotation from the GCP Cloud Support Team.
B. Tick the add GPUs option. Check the option to add the cost estimate for GKE cluster management.
C. Enter the number of Local SSDs you want to use. Check the option to add the cost estimate for GKE cluster management.
D. Enter the number of Local SSDs you want to use. Fill out Persistent Disk storage and snapshot storage fields.
D. Enter the number of Local SSDs you want to use. Fill out Persistent Disk storage and snapshot storage fields.
84
You are working on a web application that uses Cloud Datastore as a backend. You want to test the application and the Cloud Datastore integration locally using an Ubuntu machine that has Google Cloud SDK installed.
What should you do?
A. Install the Datastore emulator using apt-get install
cloud-datastore-emulator command.
B. Use the gcloud datastore export command to export all Datastore entities and save them in the Ubuntu machine.
C. Create a VM instance that uses Ubuntu in Google Compute Engine. Attach a Service Account with the necessary permissions to access Datastore.
D. Install the Google Cloud SDK on the Ubuntu Machine. Install the Datastore emulator using the gcloud components install command.
D. Install the Google Cloud SDK on the Ubuntu Machine. Install the Datastore emulator using the gcloud components install command.
85
Your company regularly executes a batch job process hosted in an on-premises server which takes around 33 hours in total to complete. The batch job consists of smaller tasks that can be performed offline and can be restarted in case of process
interruption. You are assigned to migrate this workload to the Google Cloud Platform and implement a cost-effective solution.
What should you do?
A. Build an instance template configured to launch a Preemptible VM. Provision a managed instance group (MIG) from the template you just created. Adjust the Target CPU Utilization setting.
B. Move your workload to a Compute Engine instance. Start and stop the instance in the event of failure.
C. Use Google Kubernetes Engine (GKE) to build Preemptible nodes.
D. Use Compute Engine Preemptible VMs for your workload.
A. Build an instance template configured to launch a Preemptible VM. Provision a managed instance group (MIG) from the template you just created. Adjust the Target CPU Utilization setting.
86
Your company has several applications that use Compute Engine and Cloud Storage services in GCP. You were assigned to set up a budget alert for the total Cloud Storage service cost incurred in all of your GCP projects. All of these projects are using the same billing account. You want to follow Google-recommended best practices.
What should you do?
A. Ensure that you are the Billing Account Administrator. Select the billing account and create the budget alert for each of the projects.
B. Ensure that you are the Billing Account User. Select the billing account and
create a budget. Select all projects and the Cloud Storage service as the budget scope and finally, create the budget alert.
C. Ensure that you are the Billing Account Administrator. Select the billing account and create a budget. Select all projects and the Cloud Storage service as the budget scope and finally, create the budget alert.
D. Ensure that you are the Billing Account User. Select the billing account and create a budget. Set the budget scope as default then create the budget alert
C. Ensure that you are the Billing Account Administrator. Select the billing account and create a budget. Select all projects and the Cloud Storage service as the budget scope and finally, create the budget alert.
87
You are running VMs that are currently reaching the maximum capacity on your on-premises data center. You decided to extend your data center infrastructure to Google Cloud to accommodate new workloads. You have to ensure that the VMs that you provisioned in GCP can communicate directly with on-premises resources via a private IP range.
What should you do?
A. Set up Cloud VPN between your on-premises network to a VPC network through an IPsec VPN connection.
B. Build a custom-mode VPC. Set up VPC Network Peering between your on-premises network and your newly created VPC to establish a connection through a private IP range.
C. Create a VPC on Google Cloud and configure it as a host for a Shared VPC.
D. Provision virtual machines on your on-premises and Google Cloud VPC networks that will serve as bastion hosts. Configure the VMs as proxy servers using public IP addresses.
A. Set up Cloud VPN between your on-premises network to a VPC network through an IPsec VPN connection.
88
Your company heavily uses BigQuery to host the majority of its relational data. Currently, your company has thousands of datasets across hundreds of GCP projects. You are asked to find the tables that have customer_id columns across all the datasets.
You want to perform this task as quickly as possible.
What should you do?
A. Navigate to the Data Catalog page in the Cloud Console. Enter the customer_id on the search box and click search.
B. Use bq ls command to list all the datasets. Check all the datasets by running a query on INFORMATION_SCHEMA.TABLES.
C. Go to the BigQuery page in the Cloud Console. Use the Query Editor box to run a query on the INFORMATION_SCHEMA.
D. Create a custom script that runs a query on INFORMATION_SCHEMA overnight to
find the tables that have customer_id columns
A. Navigate to the Data Catalog page in the Cloud Console. Enter the customer_id on the search box and click search.
89
Your team is planning to move a mission-critical application to GCP. Your team decided to do a lift-and-shift migration strategy and host it in a Google Compute Engine. The application is monolithic and requires 64 vCPUs to run efficiently.
What should you do?
A. Launch two VM instances in separate zones. Enable the Rightsizing
Recommendations feature that will automatically resize the instances up to 32 vCPU each.
B. Launch the VM instance using default settings. Add 2 vCPUs at a time until the application runs smoothly.
C. Select n1-standard-64 as machine type during instance creation.
D. Add the tag vCPU with value 64 on the instance during instance creation.
C. Select n1-standard-64 as machine type during instance creation.
90
You are a freelance web developer hired to build a web application that serves users worldwide. The application persists relational data from users to a database. Your client is concerned about how the database will scale as her business grows. You then
plan to implement a database solution that scales as the user base of your client grows. You want the scaling to be convenient without a lot of configuration changes involved.
Which database storage solution should you use?
A. Cloud SQL
B. Cloud Spanner
C. Cloud BigQuery
D. Cloud Bigtable
B. Cloud Spanner
91
Your manager asked you to confirm the creation time of a specific Google Cloud service account used by the development team.
What should you do?
A. In the Cloud Console Activity Page, select Data Access as the activity type and Google Project as the resource type.
B. In the Cloud Console Activity Page, select Configuration as the activity type and Service Account as the resource type.
C. In the Cloud Console Activity Page, select Configuration as the activity type and Google Project as the resource type.
D. In the Cloud Console Activity Page, select Data Access as the activity type and Service Account as the resource type.
B. In the Cloud Console Activity Page, select Configuration as the activity type and Service Account as the resource type.
92
Your company uses Cloud Storage to offer storage, archive, and backup services to your customers. A client wants you to archive files that have multiple versions after 30 days. She also requires previous file versions to be accessed once a month for audit purposes. The client also asked you to ensure that the archived data can be modified at the end of the month if needed.
What should you do?
A. Create a bucket lifecycle configuration that transitions newer versions of data after 30 days into a Coldline Storage.
B. Create a bucket lifecycle configuration that transitions newer versions of data after 30 days into a Nearline Storage.
C. Create a bucket lifecycle configuration that transitions data from a regional storage bucket after 30 days into a Coldline Storage.
D. Create a bucket lifecycle configuration that transitions data from a regional storage bucket after 30 days into a Nearline Storage.
B. Create a bucket lifecycle configuration that transitions newer versions of data after 30 days into a Nearline Storage.
93
Your team built a decoupled e-commerce application on a Google Kubernetes Engine (GKE) cluster that runs multiple pods. The nodes on the default node pool run on an n2-standard-2 machine type. You are required to deploy additional pods configured to use n2-highmem-48 machine types. The application serves mission-critical
requests, and you need to implement this change without causing any downtime.
What should you do?
A. Using the Cloud Console, run the gcloud container clusters upgrade command. Deploy the additional pods.
B. Build a new node pool and specify the nodes to use n2-highmem-48 machine type. Deploy the additional pods.
C. Build a new cluster with a node pool that contains n2-highmem-48 nodes. Redeploy all the pods used for the application and delete the old cluster.
D. Build a new cluster with a node pool that contains both n2-standard-2 and n2-highmem-48 nodes. Redeploy all the pods used for the application, including the new pods, and delete the old cluster.
B. Build a new node pool and specify the nodes to use n2-highmem-48 machine type. Deploy the additional pods.
94
You are developing your product on a Kubernetes cluster in the Google Cloud Platform. You dedicate one Pod for each of your customers, and they are allowed to deploy untrusted code in their respective Pod. Knowing this, you want to make sure that you
isolate the Pods from each other to avoid issues.
What should you do?
A. Add a custom node pool and configure the Enable sandbox with gVisor option. Add the runtimeClassName:gvisor parameter to each of your customers’ Pods.
B. Whitelist the container images used by your customers' Pods using Binary Authorization.
C. Identify security vulnerabilities among the containers used by your customers' Pods using the Container Analysis API.
D. Utilize the cos_containerd image when creating GKE nodes. Add a
nodeSelector field to your pod configuration with the value of
cloud.google.com/gke-os-distribution: cos_containerd.
A. Add a custom node pool and configure the Enable sandbox with gVisor option. Add the runtimeClassName:gvisor parameter to each of your customers’ Pods.
95
You hosted a web application on an App Engine standard environment. A new version needs to be rolled out to the users, and your team wants 1% of your current users to test this latest version first. You have to make sure that you can do this quickly and
efficiently.
What should you do?
A. Using the Cloud SDK, deploy the new version in the same application and use the --migrate flag.
B. Using the Cloud Shell, build a new App Engine application in the same project and deploy the new version in the same application. Proxy 1% of the requests to the new version using the App Engine library.
C. Using the Cloud Shell, build a new App Engine application in the same project and deploy the new version in the same application. Set up a load balancer to split 1% of the traffic to the new application.
D. Using the Cloud SDK, deploy the new version in the same application and use the gcloud app services set-traffic command. Use the --splits flag to set the weight of the current version to 99 and the new version to 1.
D. Using the Cloud SDK, deploy the new version in the same application and use the gcloud app services set-traffic command. Use the --splits flag to set the weight of the current version to 99 and the new version to 1.
96
You want to create new VM instances in your existing subnet that has a 255.255.255.240 subnet mask. You noticed that you can’t create an instance anymore because there are no available IP addresses in the subnet. Your instances need to communicate with each other without additional routes.
What should you do?
A. Use gcloud compute networks subnets expand-ip-range command to expand the IP range.
B. Create a new VPC on the same project. Create a VPC Network Peering connection between the new and current VPC.
C. Create a new project and use Shared VPC to allow connection between the new and current VPC.
D. Use gcloud compute networks subnets delete command to delete the current subnet. Create new a bigger subnet using gcloud compute networks subnets create command
A. Use gcloud compute networks subnets expand-ip-range command to expand the IP range.
97
Your organization plans to migrate your on-premises environment to the Google Cloud Platform. You have several development teams, and they use Cassandra databases to store data from their users. You want to set up isolated environments for your development teams that contain Cassandra instances. You need to migrate to GCP as fast as possible, and you want this done with minimal support effort.
What should you do?
●A. Provision a Cassandra Compute Engine instance and take a snapshot of it.
● B.1. Install Cassandra on a Compute Engine instance and take a snapshot.
● 2. Create Compute Engine instances for your development teams using the newly created snapshot.
● C.1. Have your development teams visit the Cloud Marketplace.
● 2. Advise them to launch a Cassandra image from the Cloud Marketplace.
● D. 1. Create a step-by-step guide to install Cassandra on a Compute Engine instance.
● 2. Share the instruction guide to your development teams
● C.1. Have your development teams visit the Cloud Marketplace.
● 2. Advise them to launch a Cassandra image from the Cloud Marketplace.
98
You are assigned to set up a storage policy on a specific Cloud Storage Regional bucket that stores CCTV videos for your company. The files must be moved to Coldline storage after 3 months (90 days) and then automatically be deleted after a year from their creation date.
What policy should you set up?
A. Utilize the gsutil tool on Cloud Shell and execute the gsutil rewrite
command then set the Delete action to 275 days.
B. Utilize the gsutil tool on Cloud Shell and execute the gsutil rewrite
command then set the Delete action to 365 days.
C. Specify Object Lifecycle Management conditions on the Cloud Storage bucket then configure the SetStorageClass action to 90 days and configure the Delete action to 365 days.
D. Specify Object Lifecycle Management conditions on the Cloud Storage bucket then configure the SetStorageClass action to 90 days and configure the Delete action to 275 days.
C. Specify Object Lifecycle Management conditions on the Cloud Storage bucket then configure the SetStorageClass action to 90 days and configure the Delete action to 365 days.
99
You have an existing Deployment Manager template deployed on the Google Cloud Platform. You recently developed some significant changes on the said template and you want to implement the new changes. But first, you need to confirm that all defined
resources’ dependencies are met before deploying the template to the project. You want the quickest way to get feedback on the changes you made.
What should you do?
A. Create a deployment on a separate project with the new template using the same configuration. Monitor the project for failures.
B. Create a deployment in the same project with the new template and use the --preview flag. Carefully observe the state of interdependent resources and if there are errors in the summary table.
C. On the Cloud Logging page of the GCP Console, visit the Logs Explorer and monitor the activity of the Deployment Manager execution by filtering the logs.
D. Maximize the use of the built-in, Python-based granular logging statements within the Deployment Manager Template.
B. Create a deployment in the same project with the new template and use the --preview flag. Carefully observe the state of interdependent resources and if there are errors in the summary table.
100
You have an existing Google Compute Engine (GCE) instance running on 2 vCPUs and 4GB memory machine type. Lately, the instance has been having trouble and is running out of memory. You plan to increase the memory of the instance to 8GB to improve performance.
What should you do?
A. Use the Cloud SDK to stop the GCE instance. Increase the memory to 8 GB. Start the VM once done with the configuration.
B. Wait for GCP to perform live migration on your instance to move your workload to another instance with more memory that can accommodate our issue.
C. Add metadata information to the GCE instance using the gcloud tool. Set the metadata key to upgrade-memory and the value to 8GB.
D. Use the Cloud Console to stop the GCE instance. Edit the machine type to n1-standard-8. Start the instance once done with the configuration.
A. Use the Cloud SDK to stop the GCE instance. Increase the memory to 8 GB. Start the VM once done with the configuration.
101
Your company has 1 TB of unstructured data in various file formats that are securely stored on its on-premises data center. The Data Analytics team needs to perform ETL (Extract, Transform, Load) processes on these data which will eventually be consumed
by a Dataflow SQL job.
What should you do?
A. Run a Dataflow import job using gcloud to upload the data into Cloud Spanner.
B. Use the Google Cloud Console to import the unstructured data by performing a dump into Cloud SQL.
C. Use the bq command-line tool in Cloud Shell and upload your on-premises data to Google BigQuery.
D. Using the gsutil command-line tool in Cloud SDK, move your on-premises data to Cloud Storage.
D. Using the gsutil command-line tool in Cloud SDK, move your on-premises data to Cloud Storage.
102
Your company uses Cloud Storage to store all of its application files where objects are written once and are stored for processing. The objects are frequently accessed for a month (30 days) and are rarely accessed for the entire year. These objects must be archived for three years. The Object Lifecycle Management on the Cloud Storage
bucket must be configured to minimize the storage costs.
What should you do?
A. Create a policy that uses Standard storage for 30 days. Move the objects to Coldline for one year and afterward, transition the objects to Archive storage for two years.
B. Create a policy that uses Nearline storage for 30 days. Move the objects to Coldline for one year, and then transition to Archive storage for two years.
C. Create a policy that uses Standard storage for 30 days. Move the objects to Archive storage for three years.
D. Create a policy that uses Nearline Storage for 30 days. Move the objects to Archive storage for three years.
A. Create a policy that uses Standard storage for 30 days. Move the objects to Coldline for one year and afterward, transition the objects to Archive storage for two years.
103
Your company is deploying an application to a Compute Engine VM instance that will run in Windows 10. You want to remotely access the instance using the Remote Desktop Protocol (RDP) to install and manage custom applications.
What should you do?.
A. Set the credentials by defining Username and Password on the VM instance metadata.
B. Use the gcloud compute get-windows-password command to retrieve credentials of the instance.
C. Use the gcloud compute reset-windows-password command to retrieve credentials of the instance.
D. Set the credentials by adding Username and Password on the VM instance Tag
C. Use the gcloud compute reset-windows-password command to retrieve credentials of the instance.
104
You are managing your company’s cloud resources that are residing in multiple GCP projects. You are tasked to set up centralized monitoring of all the CPU, memory, and disk metrics of your resources. You want to follow Google’s recommended best
practices.
What should you do?
A. Create an export sink on each project. Export the logs on a single BigQuery dataset.
B. Create a new project in Google Workspace. Add all the existing GCP projects to the new workspace.
C. Deploy Cloud Monitoring agent on all projects to collect metrics. Create an application that consumes and presents these metrics.
D. Enable Cloud Monitoring on all projects to monitor all resources. Create a custom application that processes metrics from Cloud Monitoring.
B. Create a new project in Google Workspace. Add all the existing GCP projects to the new workspace.
105
Your organization backs up sensitive medical data records on 5 different Cloud Storage buckets with data access logging enabled. Your audit team recently reported that an unauthorized customer service representative is viewing and downloading files
from the storage. They also noticed that bucket labels are frequently changed which affects the workflow of other users. These reports prompt an investigation, and you need to quickly verify the activities of a specific user on all of the buckets.
What should you do?
What should you do?
A. Set up an alert policy in Cloud Monitoring that sends an email to the auditors so they can monitor the activity in the buckets.
B. Filter the Legacy Logs Explorer based on the findings of the audit team to find relative information about the investigation.
C. Utilize the Activity Log in the GCP Console to filter information regarding the buckets and the specific user.
D. In the GCP Console, visit the Cloud Storage page. Click on the Configuration tab to view relevant information.
B. Filter the Legacy Logs Explorer based on the findings of the audit team to find relative information about the investigation.
106
You are assigned to deploy an application to Compute Engine on a managed instance group (MIG). You need to ensure that the application is up and running at all times, but there should only be one VM instance running on the project at any given time to save
costs.
What should you do?
A. While creating the MIG, configure the autoscaling setting to On. Set the minimum number of instances to 1. Then set the maximum number of instances to 2.
B. Upon creation of the MIG, configure the autoscaling to Don’t Autoscale. Set the minimum number of instances to 1. Then set the maximum number of instances to 1.
C. While creating the MIG, configure the autoscaling setting to On. Set the minimum number of instances to 1. Then set the maximum number of instances to 1.
D. Upon creation of the MIG, configure the autoscaling setting to Don’t Autoscale. Set the minimum number of instances to 1. Then set the maximum number of instances to 2.
C. While creating the MIG, configure the autoscaling setting to On. Set the minimum number of instances to 1. Then set the maximum number of instances to 1.
107
Your company wants to know if someone is in a conference room for a scheduled meeting. There are 1000 meeting rooms spread throughout five offices on three continents. Each room is equipped with a motion sensor that updates the status every second. Only a sensor's identity and numerous data elements for information are
included in the motion sensor data. This data and information about account owners and office locations will be used by analysts. What kind of database do you want to
use?
A. NoSQL
B. Relational
C. Blobstore
D. Flat file
A. NoSQL
108
A user wishes to install the Cloud Shell application. Throughout the sessions, the tool should be available. What is the best location for the user to install this tool?
A. /bin
B. /usr/local/bin
C. /google/scripts
D. ~/bin
D. ~/bin
109
For a new proof-of-concept application, a development team needed a regional MySQL database with point-in-time recovery. What are the options for enabling point-in-time recovery?
A. Copy the data to a Cloud Spanner database.
B. In the same region, make a read replica.
C. Enable binary logging
D. Make backups every hour.
C. Enable binary logging
110
Which of the following command in SDK can be used to view the attributes of an active configuration?
A. gcloud config list
B. gcloud auth login
C. gcloud auth list
D. gcloud debug
A. gcloud config list
111
When a company developer tries to perform a command repeatedly, he feels something is wrong even though there is no error. Now that he wants to monitor the gcloud logs in order to control the stack driver logging, what command should he use to do so?
A. gcloud
B. gcloud logging
C. gcloud info
D. google logs
B. gcloud logging
112
Which component should you use to set up a file-based billing export?
A. Budget and at least one alert.
B. A BigQuery dataset.
C. A Cloud Storage bucket.
D. A Bigtable
C. A Cloud Storage bucket.
113
Since an enterprise does not have the network visibility they are used to, an enterprise security team was hesitant to go to the cloud. What could you say to persuade them that your Google Cloud network is a desirable feature?
A. Firewall rules
B. Flow logs
C. Subnets
D. Routes
B. Flow logs
114
Which of the following is the use case for Flow Logs?
● Serving as a UDP relay.
● Proxying SSL traffic.
● Network forensics
● Interfering with instances' ability to communicate on specific ports.
● Network forensics
115
A new member of the big-data team has been assigned to assist you in your transition. He requires full access to BigQuery. What kind of role would be most effective in accordance with the idea of less privilege?
● Managed Role
● Primitive Role
● Predefined Role
● Custom Role
● Predefined Role
116
Data Flow is intrinsically linked to how many components?
● Three Components.
● Two Components.
● Four Components.
● Five Components.
● Three Components.
117
The Cloud TPU is used in the following _____________.
● Compute Products Section.
● Storage Product Section.
● AI and Machine Learning Section.
● Data and Analytics Section
● AI and Machine Learning Section.
118
Google automatically builds a project for your:
● Administrator Account.
● User Account.
● Administrator and User Account.
● None of the Above
● Administrator Account.
119
You host an Application on a Virtual Machine VM to fetch metadata of that instance.
What command using to fetch the data?
● Curl metadata.goolge.internal/compute-metadata/v1/
● Curl /metadata/v1/
● Curl metadata.google.internal/computeMetadata/v1/
● Curl internal.googleapi.com/computeMetadata/v1/
● Curl metadata.google.internal/computeMetadata/v1/
120
A department wants to create a new custom manual VPC with three subnets having 20 usable IP addresses individually. Which subnet mask is suitable for your requirement?
● 24
● 28
● 18
● 27
● 27
121
You have 100 TeraByte (TB) of non-relational data, and you want to run analytics on it
to find the previous year's net sales. Which tool is best for your requirement?
● BigQuery
● BigTable
● Datastore
● GCS
● BigTable
122
Which of the following export option are available with Google Cloud Billing?
● BigTable and Storage
● BiqQuery
● BigQuery and BigTable
● Cloud SQL and BigTable
● BiqQuery
123
Your company’s engineering team is building an application that routes requests onthe TCP layer. They need a load balancer with support of SSL termination on the load balancer. Which is the correct option is.
● HTTPS Load Balancer
● UDP Load Balancer
● SSL Proxy Load Balancer
● TCP Load Balancer
● SSL Proxy Load Balancer
124
A developer accidentally deletes some of the files from the bucket where the file was not critical and was re-created soon. Because of this, your team lead asks you to enable versioning on the bucket. Which command would you help you enable the same?
A. Gsutil versioning enable gs://ipslabs-bucket
B. Gsutil gs://ipslabs-bucket enable versioning
C. Gsutil enable versioning gs://ipslabs-bucket
D. Gsutil versioning set on gs://ipslabs-bucket
D. Gsutil versioning set on gs://ipslabs-bucket
125
A team has developed an application for a huge hospital that stores around 1GB of files every day on GCS. Most files data access after six months from the day of the first upload, but these files are important and cannot be deleted. Which storage class
would prefer to save money after 6 months?
● Standard
● Nearline
● Cold line
● Regional
● Cold line
126
A developer wants to create a single nginx server for the development environment.
Which service should allow you to launch a virtual machine using predefined images?
● GKE
● GAE
● CloudSQL
● Marketplace
● Marketplace
127
An IPS team is building a media collection and analysis application for one of your clients. They ask you to enable Google API and YouTube API. Also, they want to test the API without integrating it within the application. Which service would help your
development team test API without integration?
● API library
● API Explorer
● API Manager
● Marketplace explorer
● API Explorer
128
An IPS team deployed a GKE cluster having 3 nodes or high availability. The cluster was tested multiple times before moving to production, but it suddenly stopped working after deploying it to a production environment. An IPS team member approached you, saying he will need shell access to the container to resolve the issue.
Which command gives him access to the container?
● Kubectl exec –i –t ipslabs-web-server--/bin /bash
● Kubectl ipslabs-web-server ssh--/bin /bash
● Kubectl ssh ipslabs-web-server--/bin /bash
● Kubectl exec ipslabs-web-server--/bin /bash
● Kubectl exec –i –t ipslabs-web-server--/bin /bash
129
You work in an IPS Company that automates clients. The client developed an application for internal use with Erlang and has approached your company to help him to ease the application deployment process on Google Cloud. The company has does
not have highly trained people so, it wants you to deploy an application in such a way that post-deployment, they will be able to manage it without worrying about the infrastructure. Which one of the following services do you prefer?
● Cloud Function
● App Engine Standard
● App Engine Flexible
● GKE
● App Engine Flexible
130
Your team has deployed a few windows web servers on a custom VPC network, and the same is running properly. After a few hours of the app suddenly crashes, developers are trying to remote access web servers, but are failing to do so. While troubleshooting the issue you realize that the firewall rule is missing. Which command
will help you to solve the problem?
● gcloud compute firewall-rules create “remote-access” –network
“ipslab-network” –allow tcp:22
● gcloud compute firewall-rules create “tcp:3389”
● gcloud compute firewall-rules create “remote-access”—network
“ipslab-network”—allow tcp:3389
● gcloud compute firewall-rules allow “udp:3389”—network”ipslabs-network”
● gcloud compute firewall-rules create “remote-access”—network
“ipslab-network”—allow tcp:3389
131
A bug has been found within your python application which is hosted using App Engine, and you are about to roll out a new version of the application to resolve the bug but do not want to traffic to automatically shift to a new version just to make sure the
new version does not break anything. How would you achieve it?
● Pass a custom version ID so that App Engine does not send new traffic.
● Pass –no- promote flag while deploying a new version.
● Pass –no-active flag while deploying a new version.
● Use –inactive-mode flag while deploying a new version of app.
● Pass –no- promote flag while deploying a new version.
132
A web application is a host in the virtual machine, and its resource is stored in a bucket. You have been asked to let any authenticated user access the very high-level blueprint of IPS company’s product. This blueprint does not contain any confidential data or IP data, so it can be made available to the public as well. What changes are
required to make it?
● Add a new entry in permission will allUsers having public permission
● Create a new entry in permission with allAuthenticatedUsers having read permission
● Create a new entry in permission with allAuthorizedUsers having public permission
● Remove all existing entries from permission and add allAuthenticatedUsers having read permission
● Create a new entry in permission with allAuthenticatedUsers having read permission
133
Your client has asked you to create an STFP server on Google Cloud. Which storage service of Google cloud will be the most reliable and durable option?
● CloudSQL
● Filestore
● Firestore
● Virtual Machine
● Filestore
134
A GKE cluster creates with four nodes initially, and after looking at the few months of monitoring report, you realized that cluster is underutilized. You plan to reduce the number of nodes to 3 to save the cost. Which gcloud command will help you achieve
that?
A. Gcloud container clusters ipslabs-cluster--new--size 3
B. Gcloud container clusters resize ipslabs-cluster--num--nodes=3
C. Gcloud container cluster resize ipslabs--cluster--size 3
D. Gcloud container cluster update ipslabs--cluster--size 3
B. Gcloud container clusters resize ipslabs-cluster--num--nodes=3
135
An engineering company has developed an application that deploys GKE. The application needs a monitoring agent running on each node without fail, and any change in the number of nodes should also update the count of the monitoring agent.
Which API resources would you use to achieve the desired result?
A. Pod
B. StatefulSet
C. DaemonSet
D. ReplicaSet
C. DaemonSet
136
You launch Virtual Machine for IPS Company’s internal application via CLI and you are not able to recollect one of the flags. Using which command will you be able to do this?
● Gcloud compute help instances create
● Man gcloud compute instances launch
● Gcloud help compute instances create
● Man gcloud compute instances create
● Gcloud help compute instances create
137
Start a task with a project name ipspecialist-lab, where you have to assign a list of roles in a project to the user. Which of the following gcloud command applies here?
A. gcloud iam list ipspecialist-lab
B. gcloud projects list ipspecialist-lab
C. gcloud projects get-iam-policy ipspecialist-lab
D. gcloud iam get-iam-policy ipspecialist
C. gcloud projects get-iam-policy ipspecialist-lab
138
An employee starts task dealing with project application administrator “A “responsible for dealing with all resources. He authorizes the responsibility to deal existing service
accounts to other administrator “B” this administrator “B” is also responsible for
dealing with other service accounts, which of the following will establish the best way
to authorize privileges to deal with all service accounts.
A. Allow iam.serviceAccountUser for to administrator at the project level
B. Allow iam.serviceProjectAccountUser for to administrator at the project level
C. Allow iam.serviceAccountUser for to administrator at the service account level
D. Allow iam.serviceProjectAccountUser for to administrator at the service
account level
A. Allow iam.serviceAccountUser for to administrator at the project level
139
In IP Specialist company, you work as Cloud engineer, you deal with an instance group, for which, if the CPU is utilization is 70% autoscaling is enabled, four instances are available in this instance group, when connecting with one instance CPU utilization is
75 %. However, no new instance started in the group, therefore, gives a solution for not starting another instance here:
● It take 60-second start new instance
● Auto scaling not active
● CPU usage of instance group is less than 70 %
● None of these
● CPU usage of instance group is less than 70 %
140
You, as Google Cloud Engineer, are assigned a task to set up four-member of the team for a project. You need to authorize general access to all resources, and you also grant the primitive role to each member for a different level of access. What is not an option
for a primitive role in the GCP console?
● Viewer
● Editor
● None of them
● Publisher
● Publisher
141
The virtual machine has to read the cloud storage bucket. By allowing the role of IAM, the virtual machine account allows VM to read the bucket. But the VM does not access
the reading bucket due to the reading scopes assigned to it. Which of the following option is the solution?
● An application perform read to drop the read operation
● Read is not run as IAM roles and what operations will be performed
● Read is success allow access to primitive roles
● None of them
● Read is not run as IAM roles and what operations will be performed
142
Question 40:
A cloud engineer is assigned a task to run a project, to know which Virtual machine is running in the project, what should he do to get information on which VMs run in the project
● Execute command gcloud compute list
● Execute command gcloud list instances
● Execute command gcloud instances list
● Execute command gcloud compute instances list
● Execute command gcloud compute instances list
143
Google cloud engineer builds a virtual machine with the name ipspecialist-server-1and 4 CPUs. What should be the command to create VM?
A. gcloud compute instances create—machine-type=n1-standard-4
ipspecialistserver-1
B. gcloud compute instances create—cpus=4 ipspecialist-server-1
C. gcloud compute instances create—machine-type=n1-4—cpu
ipspecialist-server-1
D. None of them
A. gcloud compute instances create—machine-type=n1-standard-4
ipspecialistserver-1
144
Which of the following is used to build a cluster named ipspecialist01-cluster-10 with
four nodes?
● gcloud container clusters create ipspecialist01-cluster-10 4
● gcloud container clusters create ipspecialist01-cluster-10—num—nodes=4
● gcloud clusters container create ipspecialist01-cluster-10—num—nodes=4
● gcloud container beta clusters create ipspecialist01-cluster-10—num— nodes=4
● gcloud container clusters create ipspecialist01-cluster-10—num—nodes=4
145
In-App Engine, you develop Django 1.5 python Application, so Django requires python version 3 but App Engine Run in python 2 which following file you check and update to check python 3 is used in application
● app.config
● services.yaml
● app.yaml
● cron.yaml
● app.yaml
146
What command should be used to create a bucket in Cloud Storage?
● gcloud storage buckets create
● gsutil storage buckets create
● gsutil mb
● gcloud mb
● gsutil mb
147
Which IP address should be used to define the CIDR range to all destination
addresses?
● 0.0.0.0/0
● 172.16.0.0/12
● 192.168.0.0/16
● 10.0.0.0/8
● 0.0.0.0/0
148
Let us consider a scenario in which a set firewall rule will permit an inbound connection to VM named ipspecialistserver-2 , you want to apply the rule if there is not another rule that denies that traffic, what will be your choice to set rule.
● 1000
● 1
● 65535
● 0
● 65535
149
Your company has asked you to create a subnet mask named ipspecialist with 16,382 addresses using 192.168.0.0. You can reduce the address to 254. Which of the following command do you use?
● gcloud compute networks subnets expand-ip-range ipspecialist
–prefixlength=28
● gcloud compute networks subnets expand-ip-range ipspecialist–size=248
● gcloud compute networks subnets expand-ip-range ipspecialist
–prefixlength=12
● no command used to reduce address
● no command used to reduce address
150
A company is migrating their infrastructure from AWS to Google Cloud, for which an employee was assigned a task to migrate the webserver of amazon Linux OS from AWS to GCP in a public subnet of custom VPC. To successfully migrate instances but
unable to get SSH access, what steps should be used?
● If he adds the SSH key to instances
● Firewall is attached to instance tcp port 22 open
● Do not run amazon Linux image
● None of these
● If he adds the SSH key to instances
151
You have web server managed group instances; however, you notice the web tier is frequently scaling, sometimes multiple times in an hour, so you need to scale up and down of instance group. Which option is correct to apply in this scenario:
● Increase cool down period
● Health check with instance group
● Reduce number of maximum instances
● None of these
● Increase cool down period
152
Your company has tasked you to build a backend by utilizing Clojure then host it in Google Cloud with the complete authority of selecting OS, application, libraries. What
will you select?
● compute engine
● App Engine
● Cloud function
● Cloud Run
● compute engine
153
Suppose a company IPSpecialist who is planning to containerize their application in such a way that perform the easy move in the future, away from google cloud, which service perfect
● Cloud function
● App engine
● Kubernetes engine
● Cloud run
● Kubernetes engine
154
Select the appropriate command to bind IAM policy to service account at the organization level.
● gcloud organizations add-iam-policy-binding \ips@example.domain.com \ --
member='serviceAccount:ips@example.domain.com' \--role='roles/editor'
● gcloud project add-iam-policy-binding \ips@example.domain.com\--member='serviceAccount:ips@example.domain.com'\--role='roles/editor'
● Both options A and B
● None of these
● gcloud organizations add-iam-policy-binding \ips@example.domain.com \ --
member='serviceAccount:ips@example.domain.com' \--role='roles/editor'
155
As head of cloud and DevOps department in IPS company they have tasked you to create a custom role to fulfill the need to access to deploy the application to App Engine. which permission will you give:
● App engine editor
● App engine admin
● App engine deployer
● App engine viewer
● App engine deployer
156
You are working on a microservice project by using the Kubernetes engine in which the client needs all things on Google and wants you to maintain both frontend and backend code on Google Cloud. Which will be best suitable for this scenario?
● Cloud storage
● Cloud source repository
● Google container registry
● GitHub
● Cloud source repository
157
As System Administrator, your duty is to ensure all images are patched up to date and developers are not authorized to use old images which are not up to date as per PCI compliance, so what should you do?
● Drop a mail to developers which image you use whenever your patch image.
● Make the image deprecated to prevent users from old images
● Mark image as obsolete to prevent users from the old image.
● None of above
● Mark image as obsolete to prevent users from the old image.
158
You build architecture for a client with the requirement of streaming millions of requests of high availability and durability with HIPAA compliance, which managed service should you use.
● Cloud function
● Cloud DataProc
● Cloud Pub/Sub
● RabbitMQ
● Cloud Pub/Sub
159
You have to build a microservice application with docker containers and then host it on Google Cloud as stateless and serverless. Which service do you want to use?
● Cloud Function
● App Engine Standard
● App Engine Flexible
● Cloud Run
● Cloud Run
160
You have to deploy a Kubernetes cluster by a Google Kubernetes Engine. While spinning up a cluster, you do not have the option of creating a master. What may be the reason?
● GKE does not need a user master to control child nodes
● Setup as master node
● Master node is automatically by GKE
● None of the above
● Master node is automatically by GKE
161
In order to automate infrastructure deployment using the Google deployment manager service, which all formats do the deployment manager template can support? (Select 2)
● JSON
● YAML
● PowerShell
● Python
● YAML
● Python
162
Working on a project as an application administrator, “A” is responsible for dealing with all resources. He delegates the responsibility of managing the existing service account
to another administrator “B”, the administrator “B” is also responsible for dealing with the other service account which will be created. Which is the best way to delegate the
privileges to manage all service accounts?
● Granting iam.serviceAccountuser to the administrator at a project level
● Granting iam.serviceProjectAccountuser to the administrator at the project level
● Granting iam.serviceAccountuser to the administrator at the service account level
● None of these
● Granting iam.serviceAccountuser to the administrator at a project level
163
You work on a freelance project where you deploy WordPress website on Virtual Machine; you decide to use a startup script to install WordPress and other libraries instead of manual install. While launching, you forgot to use the startup script. How to
do it now?
A. Edit the instance by selecting it, add your startup script into the user data field, and restart your instance
B. Stop the instance, add metadata with startup-script as key, and script content as value, and start the instance
C. Stop the instance, add a script into the startup script field, and start the instance
D. Edit the instance by selecting it, add metadata with a script as key, add script content as value, and restart the instance
B Stop the instance, add metadata with startup-script as key, and script content as value, and start the instance
164
The IPS company has decided to build an in-house application for payroll processing, and you have been assigned a task to create Virtual Machine, Cloud SQL DB, and bucket. While testing the application, developers check that they cannot upload files to
a bucket; how to fix it?
A. Enable Linux instance and allow port 443
B. A default service account is attached to Virtual Machine. If not, edit the instance and attach it
C. Check if egress firewall rules are applied to instance allowing connection between VM and bucket
D. None of the above
D. None of the above
165
In VPC, which firewall rule is created by default while creating automatic default VPC?
● Deny all ingress, allow all egress
● Deny all egress and ingress
● Allow SSH, RDP, HTTP, and HTTPS
● Allow SSH, RDP, ICMP, and internal traffic
● Allow SSH, RDP, ICMP, and internal traffic
166
As per manager instruction, you create VPC custom with a subnet mask of 24, which provides 256 IP addresses able to use 252 addresses out of it. Your manager is trying to figure out what is going wrong and approaches you for the answer. What will your
answer be to the manager?
● Inform manager to recreate a VPC
● GCP reverse four IP addresses in each primary subnet range, because of which usable IP count 252
● Both of the above options.
● None of them
● GCP reverse four IP addresses in each primary subnet range, because of which usable IP count 252
167
The IPS company has been working on an application for the last three months and is now ready to roll out the UAT environment for beta testing. Your manager has asked you to create a replica of the dev project. Which is the best way to clone /replicate the
existing project?
● Go to manager resource under IAM and admin section
● Go to dashboard, click on three vertical dots within project info and click clone
project
● Both of above
● None of these
● None of these
168
As Google Cloud Engineer, you are assigned a setup project for a team of four members. You need the permission of all resources you decide to give the primitive role to each person for a different level of access based on responsibility in the project. What is not a primitive role?
● Viewer
● Editor
● Owner
● Publisher
● Publisher
169
Your application serves a global audience and uses stateless virtual machines distributed across several regions inside a managed group of instances. Users can upload and exchange files with other users via an application function. Files should be available for 30 days before being totally removed from the system. What factors
should you consider while choosing a storage solution?
● A Filestore instance group that is managed.
● A database in the Cloud Datastore
● A bucket of Cloud Storage that spans multiple regions
● On virtual machine instances, persistent SSD
● A bucket of Cloud Storage that spans multiple regions
170
Your company intends to move several petabytes of data to the cloud. The data set requires constant access 24 hours a day. Your business analysts have solely worked with SQL interfaces. Choose the best choice for storing data to make it easier to
analzse?
● Upload any flat files to Google Cloud Storage.
● Data should be loaded into Google BigQuery.
● Data will be streamed into Google Cloud Datastore.
● Data should be entered into Google Cloud SQL.
● Data should be loaded into Google BigQuery.
171
What is the command to create a storage bucket that is called ' archive bucket ' with the access once a month?
● gsutil mb gs://archive_bucket
● gsutil rm -coldline gs://archive_bucket
● gsutil mb -c coldline gs://archive_bucket
● gsutil mb -c nearline gs://archive_bucket
● gsutil mb -c nearline gs://archive_bucket
172
An IoT solution is being developed by a team. Several devices must deliver data in a periodic time series for processing. How can you use the GCP services to ingest and
store data?
● Pub/ Sub, Datastore
● Pub/ Sub, Dataproc
● Dataproc, Bigtable
● Pub/ Sub, Bigtable
● Pub/ Sub, Bigtable
173
Your task supervisor wishes to assign his team members the task of uploading goods to Cloud storage buckets. Which function do you assign to team members based on the concept of least privilege?
● roles/storage.objectAdmin
● roles/storage.objectViewer
● roles/storage.objectCreator
● roles/storage.admin
● roles/storage.objectCreator
174
Your billing department has asked you to assist them in keeping track of expenditure on a specific billing account. They have stated that they prefer to prepare their reports using Excel and that they do not wish to learn new programmes. Which export choice would be the most suitable for them?
● BigQuery Export
● File Export with JSON
● SQL Export
● File Export with CSV
● File Export with CSV
175
A corporation sets up a production and test environment since they wish to use various subjects. The most important condition is that the VMs may communicate with each other using internal IP addresses and that no additional routes are set up. Have
you been advised on the best course of action?
A. Configure a single VPC with two subnets in the same region that have the same CIDR range.
B. Configure a single VPC with two subnets in distinct regions, each with a different CIDR range.
C. Configure two VPCs in the same region, each with one subnet and the same CIDR range.
D. Configure two VPCs, each with one subnet and a distinct CIDR range, each hosted in a different region.
B. Configure a single VPC with two subnets in distinct regions, each with a different CIDR range.
176
Despite the fact that an application is operating on a machine type with two virtual CPUs and 4GB RAM, there have been several memory issues. How can you increase the application's RAM with the least amount of downtime?
● In GCP console, upgrade the memory of the Compute Engine instance
● Use gcloud compute instances increase-memory to increase the memory
● Use Live migration to move to machine type with higher memory
● Use Live migration to move to machine type with higher CPU
● Use Live migration to move to machine type with higher memory
177
The network traffic will be audited by the Security Team. What is the simplest
approach to make sure they have access to the information they need?
● Disable Flow Logs.
● Enable Flow Logs.
● Enable VPC Network Logs.
● Add a firewall capture filter
● Enable Flow Logs.
178
Your business has a number of compute engine instances that might be used to host production-ready apps. Throughout the year, these applications may be running 24 hours a day, seven days a week. Even if a zone fails, you want to design a cost-effective, scalable, and high-availability solution.
A. Use Managed instance groups with pre-emptible instances across multiple zones
B. Use Managed instance groups across multiple zones
C. Use managed instance groups with instances in a single zone
D. Use Unmanaged instance groups across multiple zones
B. Use Managed instance groups across multiple zones
179
The front-end is an App Engine application that will publish messages to Pub/Sub.
However, the Pub/Sub API has not yet been enabled. How do you enable the API?
● To automatically enable the API, use a service account with the Pub/Sub Admin role.
● In the Console, enable the API.
● External APIs are not required for App Engine applications.
● When the code tries to contact Pub/Sub for the first time, the API will be
enabled.
● In the Console, enable the API.
180
A company's vital data is stored in Cloud SQL. They aim to enable high availability in this instance if an entire zone goes down. What are your options for configuring this?
● Create a Read replica in a different zone in the same region.
● Create a read replica in a separate zone and region.
● Create a Failover replica in a different zone in the same region.
● Make a Failover duplicate in a separate zone and region.
● Create a Failover replica in a different zone in the same region.
181
You have created a new network and subnet and created an instance within it. With the following firewall rules, you define firewall rules that target all instances in your network. NAME:open-ssh | NETWORK:devnet | DIRECTION:INGRESS | PRIORITY:1000 |
ALLOW:tcp:22 NAME:deny-all | NETWORK:devnet | DIRECTION:INGRESS |
PRIORITY:5000 | DENY:tcp:0-65535,udp:0-6553 What would happen if you tried to SSH into the instance?
● SSH would be refused, and the allow rule would need to be refreshed with the gcloud firewall command.
● Because the allow rule overrides the deny rule, and SSH would be allowed.
● SSH would be denied because the deny rule takes precedence over the allow rule.
● SSH would be denied, and the rule would need to be restarted for it to take effect.
● Because the allow rule overrides the deny rule, and SSH would be allowed.
182
A corporation needs to store private papers in the cloud. As per the compliance requirement, the data must be highly available and resilient in the event of a regional outage. Which of the storage classes listed below meets the requirement? (Select two
options)
● Standard
● Regional
● Coldline
● Dual-Regional
● Multi-Regional
● Coldline
● Multi-Regional
183
You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google's recommended practices. Which method should you use?
A. Deployment Manager
B. Cloud Composer
C. Managed Instance Group
D. Unmanaged Instance Group
A. Deployment Manager
184
A corporation wishes to set up a VPC network and create a single subnet with the maximum range within the VPC. Which CIDR block is the most popular?
● 0.0.0.0/0
● 10.0.0.0/8
● 172.16.0.0/12
● 192.168.0.0/16
● 10.0.0.0/8
185
You have been asked to put up an external TCP load balancer with SSL offload by the development team. Can you recommend a load balancer that can be used?
● SSL Proxy
● HTTP Load Balancer
● TCP Proxy
● HTTPS Load Balancer
● SSL Proxy
186
For security reasons, a corporation requests that a new Kubernetes cluster be created on GCP and that the nodes be upgraded to the newest stable version of Kubernetes without any administrative intervention. How did you manage to set up the Kubernetes
cluster?
● When creating the cluster, always use the most recent version.
● Activate node auto-repairing
● Auto-upgrades for nodes should be enabled
● Apply security patches to nodes as they become available
● Auto-upgrades for nodes should be enabled
187
A business has a mission-critical application that serves users all over the world. For the application, you must choose between relational and transactional data storage systems. Which medication should you recommend? (Select two options)
● BigQuery
● Cloud SQL
● Cloud Spanner
● Cloud Bigtable
● Cloud Datastore
● Cloud SQL
● Cloud Spanner
188
new version of an application must be deployed on App Engine by the project owner and coworkers. You must adhere to Google's recommendations. Which IAM role should your coworkers be assigned?
● Project Editor
● App Engine Service Admin
● App Engine Deployer
● App Engine Code Viewer
● App Engine Deployer
189
In your development project, you have created and tested various bespoke roles. How can you make the same roles for new projects as quickly as possible?
● In the new project, re-create them.
● Set the destination project with the gcloud iam copy roles command.
● Select the roles in the GCP console and click the Export button.
● Set the destination project with the gcloud iam roles copy command
● Set the destination project with the gcloud iam roles copy command
190
You are creating a Python application that needs to run in a sandboxed managed environment with the capacity to scale up in seconds to handle massive surges in demand. Which service do you use to host your app?
● Compute Engine
● App Engine Flexible Environment
● Kubernetes Engine
● App Engine Standard Environment
● App Engine Standard Environment
191
A company manages massive amounts of time-stamped IoT data. The entire data volume can be many petabytes. The data must be written and changed quickly. To be used as the most efficient storage solution for your data. What kind of product should
you use?
● BigQuery
● Cloud Bigtable
● Cloud Storage
● Cloud Data
● Cloud Bigtable
192
A company that needs to store more than 100 TB or a petabyte of data in NoSQL format for read/write low latency and high-performance analytics is planning the infrastructure for the new application. What is the best way to use the storage option?
● Cloud Spanner
● Cloud Datastore
● Cloud Bigtable
● Cloud SQL
● Cloud Bigtable
193
For App Engine, you have utilized the gcloud app deployment method. However, you are unable to locate the implementation for the desired project, and the application appears to have been installed in the incorrect project. What is the best way to figure
out which project was used to create the application?
● For the project, look at index.yaml.
● For the project, look at the web.xml file.
● For the project, look at app.yaml.
● To check for the project, run gcloud config list.
● To check for the project, run gcloud config list.
194
The business applications of a company are moved to Google Cloud. Their security team wants to look at every project in the company in depth. The CEO is set up as the org admin using Google Cloud Resource Manager, which is provided by the cloud
engineer. What Google Cloud Identity and Access Management responsibilities should you assign to the security team?
● Project owner, network admin
● Org admin, project browser
● Org viewer, project viewer
● Org viewer, the project owner
● Org viewer, project viewer
195
An organization has opened a new account and has to transfer projects to it in order to receive payments. What is the role of the billing account that needs to be changed?
(select any 2 options)
● Project Editor
● Billing Account Manager
● Billing Account Billing administrator
● Project Billing manager
● Project Owner
● Billing Account Billing administrator
● Project Owner
196
The company wants to create a Cloud Storage bucket app that stores photographs, creates thumbnails, and resizes them. They want to employ a managed solution that helps you scale from zero to scale and back to zero automatically. Which GCP service
best fulfills the requirements?
● Cloud Functions
● Google App Engine
● Google Kubernetes Engine
● Google Compute Engine
● Cloud Functions
197
The new Jenkins instance must be set up as soon as possible. How are you going to do it?
● Create and deploy a Deployment Manager template.
● Cloud Launcher is required for installation.
● Install the jar file on a Compute Engine server.
● Use Google's Jenkins Managed Service.
● Cloud Launcher is required for installation.
198
For disaster recovery scenarios, a business must back up and store data. They must undertake disaster recovery exercises on a monthly basis. What is the best storage standard class?
● Coldline
● Multi-regional
● Nearline
● Regional
● Nearline
199
A company's App Engine application requires stateful data to be stored in a secure storage service. The data is stored in a non-relational database. The database is unlikely to become larger than 10 GB, and they must be able to scale down to zero to
prevent incurring high costs. Which service should they utilize for storage?
● Cloud DataStore
● Cloud Storage
● Cloud Bigtable
● Cloud SQL
● Cloud DataStore
200
For disaster recovery scenarios, a corporation must back up data and store all backup data. These records would not otherwise be available and would only be needed in the event of a tragedy. What is the best storage standard class?
● Coldline
● Multi-regional
● Nearline
● Regional
● Coldline
201
To read unusually shifting data, a Cloud SQL application is expected to grow rapidly.
How can you increase the number of read-only customers?
● Use backups to ensure that you can restore your data if there is an interruption.
● Configure the master node for high availability.
● Set up read replicas.
● Create an external replica at the datacenter of the customer
● Set up read replicas.
202
Your development team has requested that you build up an SSL termination load balancer. The website would use the HTTPS protocol. What should you do to keep the
load balanced?
● HTTPS Load Balancer
● SSL Proxy
● HTTP Load Balancer
● TCP Proxy
● HTTPS Load Balancer
203
You are attempting to set up a new instance with the Centos 7 operating system. You cannot recall the specific name of the family. Which command can you use to find out
the family's names?
● gcloud compute images list
● gcloud compute instances list
● gcloud compute images show-families
● gcloud compute instances show-families
● gcloud compute images list
204
You must assist a developer in installing App Engine Go extensions. However, you have forgotten the specific name of the component. Which command can you use to see all of the possible options?
● gcloud components list
● gcloud config list
● gcloud component list
● gcloud config components list
● gcloud components list
205
There are three projects in your organization, for development, testing and production. Your manager wants to monitor resource utilization (RAM, disk, network, CPU) for all applications in these three projects. What should you do?
● You should use the default Cloud Monitoring dashboards in all the projects.
● You cannot combine metrics from different projects.
● In Cloud Monitoring, share charts from development, testing and production projects.
● You should create a Cloud Monitoring workspace in the production project and add development and testing projects to it.
● You should create a Cloud Monitoring workspace in the production project and add development and testing projects to it.
206
Select true statements about the difference between a pod and a container.
● There is no difference between pods and containers.
● A pod cannot contain any container.
● A container contains one or more pods.
● A pod contains one or more containers.
● A pod contains one or more containers.
207
Your company stores Personally Identifiable Information (PII) of customers in a multi-regional Cloud Storage bucket. Your compliance department has asked you to record all operations/requests on this bucket. What should you do?
● You should use the Identity-Aware Proxy API to record this information.
● You should use the Data Loss Prevention API to record this information.
● You should turn on data access audit logging in Cloud Storage to record this information.
● You should enable the default Cloud Storage service account exclusive access
to read all operations and record them.
● You should turn on data access audit logging in Cloud Storage to record this information.
208
In BigQuery, you want to run an important query that can return a lot of records. You want to find out how much it will cost to run this query. You are using on-demand pricing. What should you do?
● You should arrange to switch to flat-rate pricing for this query, then move back to on-demand.
● You cannot make an estimate with the information provided.
● You should run a SELECT COUNT(*) to get an idea of how many records your query will look through. Then convert that number of rows to dollars using the Pricing Calculator.
● You should use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing
Calculator.
● You should use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing
Calculator.
209
You are deploying an application to App Engine and want to scale the number of instances based on request rate. You need at least 3 unoccupied instances all all time.
What type of scaling should you use?
● Basic Scaling with min_instances set to 3.
● Basic Scaling with max_instances set to 3.
● Automatic Scaling with min_idle_instances set to 3.
● Manual Scaling with 3 instances
● Automatic Scaling with min_idle_instances set to 3.
210
The first grouping mechanism of the Google Cloud resource hierarchy is represented by...
● folders.
● projects.
● organizations.
● resources.
● projects.
211
Select all true statements about persistent disks in GCP. (select 2)
A. You can't add more persistent disks to an instance to meet your performance and storage space requirements.
B. Persistent disks are automatically encrypted to protect your data, in transit or at rest.
C. You can't resize your existing persistent disks to meet your performance and storage space requirements.
D. Persistent disk is independent of the virtual machine instances, so you can detach or move your disks to keep your data even after you delete your instances.
B. Persistent disks are automatically encrypted to protect your data, in transit or at rest.
D. Persistent disk is independent of the virtual machine instances, so you can detach or move your disks to keep your data even after you delete your instances.
212
An application has a large international user group and runs stateless virtual machines in a Managed Instance Group in multiple Google Cloud locations. One of the features
of the application allows users to upload files and share them with other users. Files must be available for only 30 days. After 30 days they are completely removed from the system. Which storage solution should you choose?
● Cloud Storage (multi-regional bucket).
● Persistent SSD on virtual machine instances.
● Cloud Datastore
● BigQuery
● Cloud Storage (multi-regional bucket).
213
An internal company application is deployed with Compute Engine VMs. This application is used only during regular business hours. You need to backup the VMs outside the business hours and remove images older than 30 days to reduce expenses. What should you do?
● You should enable a snapshot schedule for automated creation of daily snapshots and set snapshot retention policy to 30 days.
● You should use Cloud Scheduler to trigger a Cloud Function that creates snapshots of the disk on a daily basis. Also you should use Cloud Scheduler to trigger another Cloud Function that iterates over the snapshots and removes older than 30 days.
● You should use AppEngine Cron service to trigger a custom script that creates snapshots of the disk on a daily basis. Also you should use AppEngine Cron service to trigger another custom script that iterates over the snapshots and removes snapshots older than 30 days.
● You should add three metadata tags on the Compute Engine instance (enabling snapshot creation, specifying the snapshot schedule, specifying the retention period = 30 days).
● You should enable a snapshot schedule for automated creation of daily snapshots and set snapshot retention policy to 30 days.
214
A regular batch job transfers customer data from a CRM system to BigQuery dataset and uses several virtual machines. You can tolerate some virtual machines going down. What should you do to reduce the costs of this job?
● You should only use e2-standard-32 instances.
● You should use a fleet of e2-micro instances behind a Managed Instances
Group with autoscaling enabled.
● You should use preemptible compute engine instances.
● You should only use e2-micro instances
● You should use preemptible compute engine instances.
215
As a Cloud Engineer, you need to design an IoT application that requires data storage up to 30 petabytes. Your application must support fast reads and writes. Your data schema is rather simple and you want to use the most economical solution for this.
What should you do?
● You should store the data in Cloud Storage.
● You should use BigQuery, and implement the business logic in SQL.
● You should store the data in Cloud Spanner, and add an in-memory cache for speed.
● You should store the data in Cloud Bigtable
● You should store the data in Cloud Bigtable
216
You need to create a Kubernetes Engine cluster to deploy multiple pods and use BigQuery to store all container logs for later analysis. What solution should you apply to follow Google's best practices?
● Enable Cloud Logging when creating a Kubernetes Engine cluster.
● You should use the Cloud Logging export feature to create a sink to Cloud Storage, than create a Cloud Dataflow job that imports log files from Cloud Storage to BigQuery.
● The only solution is to develop a custom add-on that uses the Cloud Logging API and BigQuery API.
● Enable Cloud Monitoring when creating a Kubernetes Engine cluster.
● Enable Cloud Logging when creating a Kubernetes Engine cluster.
217
With Google's best practices in mind, what type of roles should be used as the first
choice tool for granting permissions in a GCP project?
● Predefined roles.
● Custom roles.
● Basic roles.
● Predefined roles.
218
Which storage service should you use for semi-structured application key-value data?
● Cloud Bigtable
● Cloud Storage
● BigQuery
● Cloud Spanner
● Cloud SQL
● Cloud Datastore
● Cloud Datastore
