GCP - Associate Cloud Engineer

Question 1

Your company has hosted a gaming app on GCP. One of your applications is running on an autoscaling Google Kubernetes Engine (GKE) cluster that exposes a TCP endpoint. The application is managed by deployment with several replicas. Another application service on Compute Engine located on a different VPC (called ppp-network) but in the same region needs to access the application on GKE. How can you enable this access with minimum effort?
A.1. In GKE, create a LoadBalancer Service type that uses the application’s Pods as backend
2. Set the externalTrafficPolicy of the service to Cluster
3. Configure the Compute Engine instance to use the address of the load balancer that has been created
B.1. In GKE, create a NodePort Service type that uses the application’s Pods as backend
2. One is each VPC, create a Compute Engine instance called proxy with 2 network interfaces
3. Use iptables to forward traffic from ppp-network to the GKE nodes
4. Configure the Compute Engine instance to use the address of the proxy in ppp-network as the endpoint
C.1. In GKE, create a LoadBalancer Service type that uses the application’s Pods as backend
2. Add an annotation: cloud.google.com/load-balancer-type: Internal
3. Peer the two VPCs together
4. Configure the Compute Engine instance to use the address of the load balancer that has been created
D.1. In GKE, create a LoadBalancer Service type that uses the application’s Pods as backend
2. Add a Cloud Armor Security Policy to the load balancer
3. Configure the Compute Engine instance to use the address of the load balancer that has been created

Answer 1

C.
1. In GKE, create a LoadBalancer Service type that uses the application’s Pods as backend
2. Add an annotation: cloud.google.com/load-balancer-type: Internal
3. Peer the two VPCs together
4. Configure the Compute Engine instance to use the address of the load balancer that has been created

Question 2

Your team is creating a social-media chat app that directly consumes messages from a Cloud Pub/Sub topic. The app will be deployed on Cloud Run. What Google-recommended practices should you follow?
A.1. Create a Cloud Function that will be triggered by Cloud Pub/Sub trigger on that topic
2. Invoke Cloud Run from the Cloud Function for every message.
B.1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run
2. Create a Cloud Pub/Sub subscription for that topic
3. Make your application pull messages from that subscription.
C.1. Create a service account
2. Give the Cloud Run Invoker role to that service account for your Cloud Run application
3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.
D.1. Deploy your application on Cloud Run on GKE with only internal connectivity
2. For that topic create a Cloud Pub/Sub subscription
3. Within the same GKE cluster as your application, deploy a container that takes the messages and sends them to your application.

Answer 2

C.
1. Create a service account
2. Give the Cloud Run Invoker role to that service account for your Cloud Run application
3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

Question 3

Your multiplayer 3D game is hosted on your own data center. A new player performance analytics feature will make use of Google Cloud Platform (GCP) AutoML. You have created a service account with appropriate access to AutoML. Your on-premise analytics service needs to authenticate with GCP APIs for using AutoML. What should you do?

A. Make use of service account credentials in your on-premises application.
B. Create a key file for the service account with appropriate permissions using gcloud.
C. Work with a vendor to set up a direct interconnect between your data center and Google Cloud Platform to enable authentication for your on-premises applications.
D. In the IAM & admin console, grant a user account similar permissions to the service account permissions and use this user account for authentication from your data center.

Answer 3

B. Create a key file for the service account with appropriate permissions using gcloud.

Question 4

You work at a cryptocurrency broking company. Data protection laws in your country prevent you from deleting any user data. You need to devise a solution to store and archive user data on GCP. The laws require you to support compliance objectives for data from one geographic location. The data is archived after 30 days and is expected to be accessed annually. What should you do?

A. 1. Use Multi-Regional Storage. 2. Add a bucket lifecycle rule to archive data after 30 days to Coldline Storage.
B.1. Use Multi-Regional Storage. 2. Add a bucket lifecycle rule to archive data after 30 days to Nearline Storage.
C.1. Use Regional Storage. 2. Add a bucket lifecycle rule to archive data after 30 days to Nearline Storage.
D.1. Use Regional Storage. 2. Add a bucket lifecycle rule to archive data after 30 days to Coldline Storage.

Answer 4

D.
1. Use Regional Storage.
2. Add a bucket lifecycle rule to archive data after 30 days to Coldline Storage.

Question 5

You have developed an inventory-management microservice on Compute Engine in a single subnetwork in the us-central1-a region. Your VPC currently has only 1 subnetwork. Another team is planning to deploy a payment service in the same project in the europe-west2 region. The payment service needs access to the inventory-management service. You want to follow GCP’s best practices. What should you do?

A. 1. Create a subnetwork in the same VPC, in europe-west2
2. Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint
B.1. Provision a new VPC and a subnetwork in europe-west2
2. Expose the application with an internal load balancer
3. Create the new instance in the new subnetwork and use the load balancer’s address as the endpoint.
C. 1. Create a subnetwork in the same VPC, in europe-west2
2. Use Cloud VPN to connect the two subnetworks
3. Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint.
D.1. Create a VPC and a subnetwork in europe-west2
2. Peer the 2 VPCs
3. Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint.

Answer 5

A. 1. Create a subnetwork in the same VPC, in europe-west2
2. Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint

Question 6

You work as the country’s engineering head for a multi-national app development company. Compliance rules in your country require you to retain audit logs for 3 years. Your team is worried that it will result in significant costs since you have hundreds of GCP projects. You have been asked to implement the most cost-effective approach for retaining the logs. What should you do?

Note: Stackdriver is now called ‘Google Cloud’s Operation Suite’.

A. Export the logs from Cloud Audit to BigQuery using an export sink.
B. Export the logs from Cloud Audit to a Coldline Storage bucket using an export sink.
C. Build a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery.
D. Export the logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL.

Answer 6

B. Export the logs from Cloud Audit to a Coldline Storage bucket using an export sink.

Question 7

Your company is conducting a Cloud Security and Compliance audit through a third-party auditor. To facilitate the audit for your team, you need to give the auditors the list of the enabled Google Cloud Platform APIs for your GCP project. You want to use the command line. How should you do it?

A. Run gcloud services list –project <project> to get all enabled services.
B. Run gcloud init to create a new configuration and set the current project to your GCP project, and then run gcloud services list --available.
C. Find the account value using gcloud info, and then run gcloud services list --account <Account>.
D. Run gcloud projects describe <project> to get the project value, and then run gcloud services list --available.</project></Account></project>

Answer 7

A. Run gcloud services list –project <project> to get all enabled services.</project>

Question 8

Your company has developed an email application that is used for internal communications and is hosted on GCP. Your finance team has raised a concern that last month’s bill for your GCP project was significantly higher than expected. On investigating further, you find that a GKE container in the development namespace emitted a huge number of logs, which resulted in higher costs. You as an engineering manager want to disable the logs quickly to prevent further expenses. How can you do it using the least number of steps?

A.1. Go to the Logs ingestion window in Stackdriver Logging
2. Disable the log source for the GKE container resource
B.1. Go to the Logs ingestion window in Stackdriver Logging
2. Disable the log source for the GKE Cluster Operations resource
C.1. Go to the GKE console, and delete existing clusters
2. Re-create a new cluster
3. Clear the option to enable legacy Stackdriver Logging
D.1. Go to the GKE console, and delete existing clusters
2. Re-create a new cluster
3. Clear the option to enable legacy Stackdriver Monitoring

Answer 8

A.
1. Go to the Logs ingestion window in Stackdriver Logging
2. Disable the log source for the GKE container resource

Question 9

Your E-commerce website deployed on App Engine is going through a UI update. Before you fully roll out the update to all users, you want to test it with 3% of the users. What should you do?

A.1. Migrate the application to Google Kubernetes Engine
2. Use GCP Console to split traffic.
B.1. Migrate the application to Compute Engine
2. Use GCP Console to split traffic.
C.1. Deploy a new version as a separate app in App Engine
2. Then configure App Engine using GCP Console to split traffic between the two apps.
D.1. Deploy a new version of your application in App Engine.
2. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

Answer 9

D.
1. Deploy a new version of your application in App Engine.
2. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

Question 10

Your organization has recently started using GCP. You are the head GCP administrator in your company. You have granted the Project Creator role to the Engineering team at the organizational level. You need to make sure only the finance team can link a project to a billing account, but they should not have any other privileges. What should you do?

A. On the billing account assign the finance team only the Billing Account User role
B. On the billing account assign the engineering team only the Billing Account User role
C. Assign the finance team:
1. On billing account -> Billing Account User role
2. In the organization -> Project Billing Manager role
D. Assign the engineering team:
1. On billing account -> Billing Account User role
2. In the organization -> Project Billing Manager role

Answer 10

C. Assign the finance team:
1. On billing account -> Billing Account User role
2. In the organization -> Project Billing Manager role

Question 11

Your new shipment tracking website is planned to be hosted on Google Kubernetes Engine. The application needs to be exposed to the public using HTTPs over a public IP address. What should you do?

A.
1. Create a NodePort service for your application
2. Expose this service through a load balancer by creating an ingress resource.

B.
1. Create a ClusterIP service.
2. Configure the public DNS name of your application using the IP of this Service.

C.
1. Create a NodePort service to expose the application on port 443 of each node of the Kubernetes cluster.
2. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

D.
1. Create an HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule.
2. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Answer 11

A.
1. Create a NodePort service for your application
2. Expose this service through a load balancer by creating an ingress resource.

Question 12

Your fantasy sports app is made up of multiple backend microservices hosted on Compute Engine on different GCP projects. You need to enable communication between two such groups of Compute Engine VMs hosted on different projects in separate VPCs. What should you do?

A.
1. Make sure both projects belong to the same GCP organization.
2. Create a new VPC and add all instances in that VPC.

B.
1. Make sure both projects belong to the same GCP organization.
2. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.

C.
1. Make sure you are the Project Administrator of both projects.
2. Create two new VPCs and add all instances.
D.
1. Make sure you are the Project Administrator of both projects.
2. Create a new VPC and add all instances.

Answer 12

B.
1. Make sure both projects belong to the same GCP organization.
2. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.

Question 13

Your organization has appointed a third-party company to perform an audit on GCP resources. The auditor is provided with a GSuite ID by your organization. The auditor needs to read, but not modify, all project items to perform his duties. How should you configure the auditor’s permissions?

A.
1. Create a custom role with view-only project permissions.
2. Assign the auditor with the custom role.

B.
1. Create a custom role with view-only service permissions.
2. Assign the auditor with the custom role.

C. Assign the auditor with the built-in project viewer role.

D. Assign the auditor with the built-in service viewer role.

Answer 13

C. Assign the auditor with the built-in project viewer role.

Question 14

Your company is collecting user activity data on your E-commerce website and the data of the last 5 years is dumped in a large 5 TB AVRO file on cloud Storage. Your data analysis team needs access to that data to predict the demands of FMCG products. They are proficient in SQL. What is the most cost-effective way to fulfill their request quickly?

A.
1. Load the data into Cloud Datastore
2. Run SQL queries against it.

B.
1. Create a BigQuery table and load data in BigQuery.
2. Run a SQL query on this table and drop this table after you complete your request.

C.
1. Create external tables in BigQuery that point to Cloud Storage buckets
2. Run a SQL query on these external tables to complete your request.

D.
1. Create a Hadoop cluster on GCP.
2. Compress the AVRO file to copy it to NDFS.
3. Load the file in a hive table and provide access to your analysts so that they can run SQL queries.

Answer 14

C.
1. Create external tables in BigQuery that point to Cloud Storage buckets
2. Run a SQL query on these external tables to complete your request.

Question 15

You have noticed some suspicious activity in a GCP service account. You want to find out when this service account was created. What should you do?

A.
1. Go to the Activity log (Audit log) and filter to view the Configuration category.
2. Filter the Resource type to Service Account.

B.
1. Go to the Activity log (Audit log) and filter to view the Configuration category.
2. Filter the Resource type to Google Project.

C.
1. Go to the Activity log (Audit log) and filter to view the Data Access category.
2. Filter the Resource type to Service Account.

D.
1. Go to the Activity log (Audit log) and filter to view the Data Access category.
2. Filter the Resource type to Google Project.

Answer 15

A.
1. Go to the Activity log (Audit log) and filter to view the Configuration category.
2. Filter the Resource type to Service Account.

Question 16

An external auditing agency auditing your cloud practices has requested you to provide them with the information about when users were added to Cloud Spanner Identity Access Management (IAM) roles on a certain GCP project. How can you fetch this information from the GCP console?

Note: Stackdriver is now called ‘Google Cloud’s Operation Suite’.

A. Open the Cloud Spanner console and review the configurations.

B. Review IAM policies for Cloud Spanner roles in the IAM and Admin console.

C. Review information for Cloud Spanner in the Stackdriver Monitoring console.

D. Review admin activity logs by filtering them for Cloud Spanner IAM roles in the Stackdriver Logging console.

Answer 16

D. Review admin activity logs by filtering them for Cloud Spanner IAM roles in the Stackdriver Logging console.

Question 17

You are the Owner of a fast-growing financial services startup. You have recently hired a person to manage all service accounts for Google Cloud Projects. What is the minimum permission you should grant this person to allow him to perform his duties?

A. Provide the user with roles/iam.roleAdmin role.

B. Provide the user with roles/iam.securityAdmin role.

C. Provide the user with roles/iam.serviceAccountUser role.

D. Provide the user with roles/iam.serviceAccountAdmin role.

Answer 17

D. Provide the user with roles/iam.serviceAccountAdmin role.

Question 18

Your company runs multiple websites on different GCP projects for selling groceries, medicines, liquor, etc. Your security team is developing an anomaly detection tool that will be used to analyze all logs from all projects over the last 60 days. To facilitate the development of the tool, you need to enable the security team to quickly explore and analyze the log contents. What is the Google recommended practice to obtain combined logs of all projects?

Note: Stackdriver is now called ‘Google Cloud’s Operation Suite’.

A. Select resource.labels.project_id=”*” in Stackdriver logging.

B.
1. Export the logs using a Stackdriver Logging Export with a Sink destination to a BigQuery dataset.
2. Configure the table partitioning in BigQuery based on the log timestamp and set up a lifecycle policy to delete partitions older than 60 days.

C.
1. Export the logs using a Stackdriver Logging Export with a Sink destination to Cloud Storage.
2. Create a lifecycle rule to delete objects after 60 days.

D.
1. Read from Stackdriver and store the logs in BigQuery using a Cloud Scheduler job.
2. Configure the table expiration to 60 days.

Answer 18

B.
1. Export the logs using a Stackdriver Logging Export with a Sink destination to a BigQuery dataset.
2. Configure the table partitioning in BigQuery based on the log timestamp and set up a lifecycle policy to delete partitions older than 60 days.

Question 19

You are responsible for maintaining all Service Accounts for your Logistics application that is distributed over multiple projects. Some activity data is stored in a bigquery dataset in the em-databases-app project and it needs to be accessed by VMs in a web-applications project. How can you enable this access to service accounts using Google’s recommended practices?

A. Grant project owner for web-applications appropriate roles to em-databases-app.

B. Grant project owner role to em-databases-app and the web-applications project.

C. Grant project owner role to em-databases-app and bigquery.dataViewer role to web applications.

D. Grant bigquery.dataViewer role to em-databases-app and appropriate roles to web-applications.

Answer 19

D. Grant bigquery.dataViewer role to em-databases-app and appropriate roles to web-applications.

Question 20

Your startup recently got acquired by a large E-commerce company and it has significantly increased the traffic to your website. Your website is hosted on a custom Compute Engine instance. You need to create a copy of your VM to facilitate the increase in demand (NOTE: A custom image already exists). What should you do?

A.
1. Create a Compute Engine snapshot from the base VM.
2. Use the snapshot to create the images.

B.
1. Create a Compute Engine snapshot from the base VM.
2. Use the snapshot to create the instances.

C.
1. Create a Compute Engine snapshot from the base VM.
2. Create a custom Compute Engine image from this snapshot.
3. Use the image to create new images.

D.
1. Create a Compute Engine snapshot from the base VM.
2. Create a custom Compute Engine image from this snapshot.
3. Use the image to launch new instances

Answer 20

D.
1. Create a Compute Engine snapshot from the base VM.
2. Create a custom Compute Engine image from this snapshot.
3. Use the image to launch new instances.

Question 21

Different teams at your company create projects on GCP and use separate billing accounts and payment cycles. To make payment management easier and more efficient the company wants to centralize all these projects under a single new billing account for all these projects. What should you do?

A. Send an email to cloud-billing@google.com with your bank account details and request a corporate billing account for your company.

B. Engage with Google Support and share your credit card details over the phone.

C. In the GCP Console, go to Resource Manage and move all projects to the root Organization.

D. In the GCP Console, create a new billing account and set up a payment method.

Answer 21

D. In the GCP Console, create a new billing account and set up a payment method.

Question 22

Your team is working on revamping a legacy application on GCP. You are tasked with updating the infrastructure which is managed through complex deployment manager templates. You found that you need to significantly change one of the Deployment Manager templates to accommodate the change and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You need rapid feedback so that you can deploy quickly. What should you do?

Note: Stackdriver is now called ‘Google Cloud’s Operation Suite’.

A. Write the deployment manager template using Python and use granular logging statements.

B. Run Deployment Manager and monitor activity on the Stackdriver Logging page of the GCP Console.

C. Run the Deployment Manager template against a separate project with the same configuration, and monitor for failures.

D. Run the Deployment Manager template using the –preview option in the same project, and observe the state of interdependent resources

Answer 22

D. Run the Deployment Manager template using the –preview option in the same project, and observe the state of interdependent resources.

Question 23

You are managing multiple GCP projects and you have created separate configurations for gcloud in your CLI for each project. You have an inactive configuration with a configured Kubernetes Engine cluster and you want to review this Kubernetes configuration using the fewest possible steps. What should you do?

A. Run gcloud config configurations describe and review the output.

B. Run gcloud config configurations activate and gcloud config list to review the output.

C. Run kubectl config get-contexts to review the output.

D. Run kubectl config use-context and kubectl config view to review the output.

Answer 23

D. Run kubectl config use-context and kubectl config view to review the output.

Question 24

You are a lead cloud engineer in a tech startup. Your team is building an app on App Engine. You have created a GCP project and deployed the app on App Engine Standard Environment and your team is using it as their development environment. The required testing has succeeded and now it is time to release the app to production. The production environment needs to be in a new GCP project. What approach should you take?

A. Create a new project using gcloud and deploy the app in it.

B. Use the same GCP project to create a new App Engine Service.

C. Use the same GCP project to create a new App Engine Version.

D. Use gcloud to deploy the project. Specify the project parameter with the new project name to create the new project.

Answer 24

A. Create a new project using gcloud and deploy the app in it.

Question 25

Your app is deployed on Compute Engine and it uses application default credentials to communicate with Google APIs. The app needs permission to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?

A. Create a service account with an access scope and use ‘https://www.googleapis.com/auth/devstorage.write_only’ as the access scope.

B. Create a service account with an access scope and use ‘https://www.googleapis.com/auth/cloud-platform’ as the access scope.

C. Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket.

D. Create a service account and add it to the IAM role ‘storage.objectAdmin’ for that bucket.

Answer 25

C. Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket.

Question 26

Your PDF merging application is running on Managed Instance group. You want to have a single public IP over HTTPs that load balances your application. The load balancer must terminate the client SSL session once merging is completed. What is the Google Recommended approach for such a requirement?

A. Configure an HTTP(S) load balancer.

B. Configure an internal TCP load balancer.

C. Configure an external SSL proxy load balancer.

D. Configure an external TCP proxy load balancer.

Answer 26

A. Configure an HTTP(S) load balancer.

Question 27

our apparel-selling app is just launched. Your app uses a Managed Instance group. Since very little traffic is expected, for a while, only a single instance of the VM should be active in every GCP project. How should you configure the instance group?

A.
1. Set autoscaling to On
2. Set the minimum number of instances to 1
3. Set the maximum number of instances to 1

B.
1. Set autoscaling to Off
2. Set the minimum number of instances to 1
3. Set the maximum number of instances to 1

C.
1. Set autoscaling to On
2. Set the minimum number of instances to 1
3. Set the maximum number of instances to 2

D.
1. Set autoscaling to Off
2. set the minimum number of instances to 1
3. set the maximum number of instances to 2

Answer 27

A.
1. Set autoscaling to On
2. Set the minimum number of instances to 1
3. Set the maximum number of instances to 1

Question 28

Your company is testing its application from different regions as per customer usage behavior. Your App Engine application runs in the us-central region. Now your director has asked you to change the location to the asia-northwest1 region. How can you accommodate this change?

A. Change the project’s default region to asia-northwest1.

B. Change the App Engine application’s default region asia-northwest1.

C. Create a second App Engine application in the existing GCP project in the asia-northwest1 region.

D. Create a new GCP project and create an App Engine application inside this new project. Specify asia-northwest1 as the region to serve your application.

Answer 28

D. Create a new GCP project and create an App Engine application inside this new project. Specify asia-northwest1 as the region to serve your application.

Question 29

You work at a food-delivery startup that has generated a large amount of data in the last month. You are backing up application data of one of your servers to a Nearline Cloud Storage Bucket. The total backup file is 35 GB. You have provisioned a dedicated 1 Gbps WAN connection for this purpose. You want to use the bandwidth of 1 Gbps as efficiently as possible to transfer the file rapidly. How should you upload the file?

A. Upload the file using the GCP console instead of gsutil.

B. Enable parallel composite uploads using gsutil on the file transfer.

C. Use a smaller TCP window size on the machine doing the upload.

D. Change the storage class of the bucket from Nearline to Multi-Regional.

Answer 29

B. Enable parallel composite uploads using gsutil on the file transfer.

Question 30

Your Security team manages all service accounts in a project called sec-sa. You need to take snapshots of VMs running in another project called proj-vm. Your security team has asked you to use a specific service account from their project for this purpose. What should you do?
A. Download the JSON private key from the service account, and add it to each VMs custom metadata.

B. Download the JSON private key from the service account, and add the private key to each VM’s SSH keys.

C. In the project called proj-vm, grant the service account the IAM Role of Compute Storage Admin.

D. Set the service account’s API scope for Compute Engine to read/write while creating the VMs.

Answer 30

C. In the project called proj-vm, grant the service account the IAM Role of Compute Storage Admin.

Question 31

You work at a graphics design studio that serves multiple clients. You have created a static website on Cloud Storage to showcase your freelance services. Your website also includes your work portfolio in PDF files that users can download by clicking on its links. Instead of prompting the user to download the PDFs, you want the clicked PDF files to be displayed within the browser window directly. How can you achieve this?

A. Use Cloud CDN to cache content.

B. Enable ‘Share publicly’ on the PDF file objects.

C. Set Content-Type metadata to application/pdf on the PDF file objects.

D. Add a label to the storage bucket with a key of Content-Type and value of application/pd

Answer 31

C. Set Content-Type metadata to application/pdf on the PDF file objects.

Question 32

You are developing a mission-critical application for the stock market on Compute Engine. You have a set of 10 Compute Engine instances and you need to configure them for availability. These instances should attempt to automatically restart if they crash. And you cannot afford to lose the instances during system maintenance activity. What should you do?

A.
1. Create an instance template for the instances
2. Set the ‘Automatic Restart’ to on
3. Set the ‘On-host maintenance’ to Migrate VM instance
4. Add the instance template to an instance group

B.
1. Create an instance template for the instances
2. Set ‘Automatic Restart’ to off
3. Set ‘On-host maintenance’ to Terminate VM instances
4. Add the instance template to an instance group

C.
1. Create an instance group for the instances
2. Set the ‘Autohealing’ health check to healthy (HTTP)

D.
1. Create an instance group for the instance
2. Verify that the ‘Advanced creation options’ setting for ‘do not retry machine creation’ is set to off

Answer 32

A.
1. Create an instance template for the instances
2. Set the ‘Automatic Restart’ to on
3. Set the ‘On-host maintenance’ to Migrate VM instance
4. Add the instance template to an instance group

Question 33

You have received some complaints from your users that they are experiencing high latency at random intervals in your app, hosted on Compute Engine. In order to check what is going on, your team needs to be monitoring the app at the time when the latency is high. What solution can you use on Google Cloud to notify your team if the latency is increased for 5 minutes?

A. Transmit Cloud Monitoring metrics into BigQuery and utilize a Looker Studio dashboard to track the latency of your web application.
B. Develop an alert policy to trigger notifications when the HTTP response latency surpasses the predetermined threshold.
C. Set up an App Engine service that interacts with the Cloud Monitoring API and sends notifications in instances of anomalies.
D. Leverage the Cloud Monitoring dashboard to monitor latency and initiate appropriate measures upon detection of response latency surpassing the designated threshold.

Answer 33

B. Develop an alert policy to trigger notifications when the HTTP response latency surpasses the predetermined threshold.

Question 34

Your company’s Data Science team is building a Dataflow job on Google Cloud to process large quantities of unstructured data in multiple file formats using the ETL process. What should you do to make the data accessible to the Dataflow job?

A. Transfer the data to BigQuery utilizing the bq command line utility.
B. Store the data in Cloud Storage through the employment of the gcloud storage command.
C. Load the data into Cloud SQL utilizing the import feature available in the Google Cloud console.
D. Ingest the data into Cloud Spanner via the import capability accessible in the Google Cloud console.

Answer 34

B. Store the data in Cloud Storage through the employment of the gcloud storage command.

Question 35

You are building a translation software that needs to extract text from audio files stored in Cloud Storage by using the Speech-to-Text API. In order to reduce development effort you are looking for a fully managed, serverless compute solution that requires authentication and follows Google-recommended practices. Your API should get called automatically whenever a new file is uploaded in the bucket. Which option is most suitable?

A.1. Deploy code in App Engine standard environment.
2. Use Cloud Storage bucket events to trigger the API and submit the file URI to the Google Speech-to-TextAPI.
B. Scan the bucket regularly for incoming files using a Kubernetes job and call the Speech-to-Text API for each unprocessed file.
C.1. Use a Linux cron job in Compute Engine to scan the bucket regularly for incoming files.
2. For each unprocessed file, call the Speech-to-Text API.
D. Deploy a Cloud Function triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

Answer 35

D. Deploy a Cloud Function triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

Question 36

Your E-commerce website is made up of 30 microservices. Each microservice has its own dedicated database backend. How should you store the credentials securely?
A. Store the credentials in the source code
B. Store the credentials in an environment variable
C. Store the credentials in a secret management system
D. Store the credentials in a config file that has restricted access through ACLs

Answer 36

C. Store the credentials in a secret management system

Question 37

*You are running an e-commerce platform in your on-premises data center, that is based on multiple microservices built in Python, with each microservice running in its own Docker container. The app uses environment variables to manage configurations. How can you deploy such an application on a serverless solution on Google Cloud such that you need to make very few changes in code?

A. - Employ your current CI/CD workflow.
- Utilize the created Docker images and initiate deployment on Cloud Run.
- Revise the settings and necessary access points accordingly.
B. - Leverage your established continuous integration and delivery (CI/CD) process.
- Deploy the generated Docker images onto Cloud Function.
- Ensure alignment with the existing on-premises configuration.
C. - Utilize your current codebase and distribute each service as distinct Cloud Functions.
- Modify the settings and essential interfaces as needed.
D. - Harness your existing codebase to deploy each service individually on Cloud Run.
- Maintain consistency by replicating the on-premises configurations.

Answer 37

A. - Employ your current CI/CD workflow.
- Utilize the created Docker images and initiate deployment on Cloud Run.
- Revise the settings and necessary access points accordingly.

Question 38

Your team is modernizing a legacy application by leveraging Docker. What should you choose to deploy this application on Google Cloud such that the team does not need to manage infrastructure and the app can scale well if it gains popularity?
A. Create an instance template using the container image, then set up a Managed Instance Group that employs Autoscaling.
B. Transfer Docker images to Artifact Registry, and proceed to deploy the application on Google Kubernetes Engine using the Standard mode.
C. Store Docker images in Cloud Storage, and proceed to deploy the application on Google Kubernetes Engine using the Standard mode.
D. Move Docker images to Artifact Registry, and carry out the deployment of the application on Cloud Run.

Answer 38

D. Move Docker images to Artifact Registry, and carry out the deployment of the application on Cloud Run.

Question 39

Your team is trying to migrate a business-critical application to Google Kubernetes Engine. What steps would you recommend to optimize the cluster for reliability?
A. Set up a GKE Autopilot cluster and opt to include the cluster in the rapid-release channel.
B. Establish a GKE Autopilot cluster and choose to enroll the cluster in the stable release channel.
C. Generate a zonal GKE standard cluster and select the stable release channel for cluster enrollment.
D. Create a regional GKE standard cluster and decide to include the cluster in the rapid release channel.

Answer 39

B. Establish a GKE Autopilot cluster and choose to enroll the cluster in the stable release channel.

Question 40

You have built a complex microservices-based app on Kubernetes Engine. One of the microservices, which is responsible for rendering images, requires a large amount of CPU time and an average amount of memory. The cluster is made up of n2-type nodes which are suitable for the other microservices. How can you optimize your cluster to ensure efficient usage of resources?

A. Provide the pods within the image rendering microservice with a heightened pod priority compared to the remaining microservices.
B. Establish a separate node pool composed of compute-optimized machine-type nodes for the image rendering microservice while employing a distinct node pool with general-purpose machine-type nodes for the other microservices.
C. Allocate the node pool equipped with general-purpose machine-type nodes to the image rendering microservice, and set up a dedicated node pool consisting of compute-optimized machine-type nodes for the other microservices.
D. Set the essential CPU and memory specifications within the resource requests segment of the image rendering microservice deployment, while maintaining the default resource requests for the other microservices.

Answer 40

B. Establish a separate node pool composed of compute-optimized machine-type nodes for the image rendering microservice while employing a distinct node pool with general-purpose machine-type nodes for the other microservices.

Question 41

You are running a customer-facing application on Cloud Run in production. How can you make sure that only a limited number of customers get affected by an outage whenever there is a new release while making sure that development or operational costs to your customers are as low as possible?
A. Mitigate any potential problems by using exponential backoff to retry access to your service after the new revision is deployed.
Your answer is correct
B. Split customer traffic between the revisions and gradually roll out the release to allow rollback in case a problem occurs.
C. Route all customer traffic to the new revision and witness any problems in production, immediately roll it back to the previous version.
D. Create a second Cloud Run service to deploy your application, and ask your customers to use the other Cloud Run service.

Answer 41

B. Split customer traffic between the revisions and gradually roll out the release to allow rollback in case a problem occurs.

Question 42

You are building a news website that is going to be accessed from all over the world. You need to build the architecture on Google Cloud such that the app is able to withstand a zonal failure. What can help you achieve this kind of high availability?
A. - Place the application data onto a persistent disk within a specific zone.
- Establish a schedule for taking snapshots of the disk.
- In the event of an outage, generate a fresh disk from the latest snapshot and connect it to a new virtual machine located in a different zone.
B. - Store the application data on a dedicated persistent disk associated with a particular zone.
- Should an outage transpire, set up a new instance in an alternate zone and attach this disk to it.
C.- Secure the application data on a persistent disk within a regional context.
- Set up a routine for capturing snapshots of this disk.
- In case of an outage, generate a new disk using the most recent snapshot and link it to a fresh virtual machine situated in another zone.
D.- Place the application data onto a persistent disk with a regional scope.
- In the event of an outage, establish a new instance in a different zone and connect this disk to ensure continuity.

Answer 42

D.- Place the application data onto a persistent disk with a regional scope.
- In the event of an outage, establish a new instance in a different zone and connect this disk to ensure continuity.

Question 43

You recently had a security audit through a third party for your Cloud practices. The report flagged that your developers use multiple service account keys during their development process. You need a quick solution to limit the lifetime of service account credentials in your company with the following requirements:
Only a project called pj-sa will host all service accounts that require a key.
Service account keys should expire automatically after one day.
What is a cost-effective solution for the above requirements?
A.
- Set up a recurring Cloud Run task to automatically rotate service account keys at specified intervals for pj-sa.
- Establish an organizational policy to prohibit general service account key creation while making an exception for pj-sa.
B.
- Create a Kubernetes CronJob to periodically rotate service account keys.
- Prevent the association of service accounts with resources across all projects, with the exclusion of pj-sa.
C.
- Enact an organizational policy that enforces a 24-hour limit on the lifespan of service account keys.
- Additionally, apply a policy to prevent the creation of service account keys, except for pj-sa.
D.
- Implement an organizational policy constraint that restricts the duration of service account keys to 24 hours.
- Simultaneously, block the linkage of service accounts to resources across all projects, except for pj-sa.

Answer 43

C.
- Enact an organizational policy that enforces a 24-hour limit on the lifespan of service account keys.
- Additionally, apply a policy to prevent the creation of service account keys, except for pj-sa.

Question 44

Different teams at your company create projects on GCP and use separate billing accounts and payment cycles. To make payment management easier and more efficient the company wants to centralize all these projects under a single new billing account for all these projects. What should you do?
A. Send an email to cloud-billing@google.com with your bank account details and request a corporate billing account for your company.
B. Engage with Google Support and share your credit card details over the phone.
C. In the GCP Console, go to Resource Manage and move all projects to the root Organization.
D. In the GCP Console, create a new billing account and set up a payment method.

Answer 44

D. In the GCP Console, create a new billing account and set up a payment method.