Linux Academy

Question 1

Your company has resources hosted in two different regions. You want to keep data in sync across region 1 and region 2. Which product should you use?

A. Google Dataprep

B. Google Compute Engine

C. Google Cloud SQL

D. Google Cloud Storage

Answer 1

D. Google Cloud Storage

Question 2

What protocol handles the process of automatically discovering new routes and subnets between two Cloud Routers?

A. ASN

B. Network Discovery

C. TCP/IP

D. Border Gateway Protocol

Answer 2

Border Gateway Protocol

Border Gateway Protocol (BGP) handles the process for Cloud Routers to automatically discover new subnets on a peer network over VPN.

Question 3

If external auditors need to be able to access your admin activity logs once a year for compliance, what is the best method of preserving and sharing that log data? (Choose two)

A. If they do not need a GCP account and need to view a single date’s object, export the logs to a Cloud Storage bucket for long-term retention and generate a signed URL for temporary object-level access.

B. Export logs to Cloud Storage bucket and email a list of the logs once per year.

C. If they need access to multiple logs in a single bucket, and they have a GCP account, export logs to a Cloud Storage bucket for long-term retention and grant auditor accounts the Storage Object Viewer role to the bucket.

D. Create GCP accounts for the auditors and grant the Project Viewer role to view logs in Stackdriver Logging.

Answer 3

A. If they do not need a GCP account and need to view a single date’s object, export the logs to a Cloud Storage bucket for long-term retention and generate a signed URL for temporary object-level access.

C. If they need access to multiple logs in a single bucket, and they have a GCP account, export logs to a Cloud Storage bucket for long-term retention and grant auditor accounts the Storage Object Viewer role to the bucket.

Why is this correct?
The choice to use IAM or signed URL’s depends on if the auditors need a GCP account, or need access to a single object or all logs in a bucket.

Question 4

A recent software update to an e-commerce website running on Google Cloud has caused the website to crash for several hours. The CTO decides that all critical changes must now have a back-out/roll-back plan. The website is deployed on hundreds of virtual machines (VMs), and critical changes are frequent. Which two actions should you take to implement the back-out/roll-back plan? (Choose two)

A. Enable object versioning on the website’s static data files stored in Google Cloud Storage.

B. Create a Nearline copy for the website’s static data files stored in Google Cloud Storage.

C. Use managed instance groups with the “update-instances” command when starting a rolling update.

D. Create a snapshot of each VM prior to an update, and recover the VM from the snapshot in case of a new version failure.

Answer 4

A. Enable object versioning on the website’s static data files stored in Google Cloud Storage.

B. Create a Nearline copy for the website’s static data files stored in Google Cloud Storage.

C. Use managed instance groups with the “update-instances” command when starting a rolling update.

Managed instance group updater allows for easy management of the VMs and lets GCE take care of updating each instance.

Question 5

You want to archive the most recent version of an object ‘file1.txt’ in your bucket ‘log-files’ in Cloud Storage with versioning turned on. What is the correct command to do so?

A. gsutil del gs://log-files/file1.txt

B. gsutil rm gs://log-files/file1.txt

C. gsutil rm -r gs://log-files/file1.txt

D. gcloud rm -r gs://log-files/file1.txt

Answer 5

B. gsutil rm gs://log-files/file1.txt

Be careful with the -r option, it will remove all versions of the document. Note that -a has the same functionality as -r in this case.

Question 6

You need to analyze log data from your credit card processing application while staying in compliance with PCI regulations. What is the best method to perform this task?

A. Forward data from Cloud Storage into Cloud Dataproc.

B. Export data from your on-premises application into BigQuery for analysis.

C. Using a Squid Proxy, have data collected by Stackdriver Logging exported to BigQuery via a sink based on needed log filters.

D. Export data from your Squid Proxy via Cloud Pub/Sub into BigQuery.

Answer 6

C. Using a Squid Proxy, have data collected by Stackdriver Logging exported to BigQuery via a sink based on needed log filters.

The proper model for exporting credit card processing data is to forward from a squid proxy to Stackdriver Logging, and export from Stackdriver Logging into BigQuery.

Question 7

When creating firewall rules, what forms of segmentation can narrow which resources the rule is applied to? (Choose all that apply)

A. Region

B. Zone

C. Network tags

D. Network range in source filters

Answer 7

C. Network tags

D. Network range in source filters

Question 8

Your customer is moving their storage product to Google Cloud Storage (GCS). The data contains personally identifiable information (PII) and sensitive customer information. Once migrated, what security strategy should you use for GCS to minimize exposure to internal users and the public?

A. Use signed URLs to generate time bound access to objects.

B. Grant IAM read-only access to internal users, and use default ACLs on the bucket.

C. Grant no Google Cloud Identity and Access Management (Cloud IAM) roles to internal users, and use granular ACLs on the bucket.

D. Create randomized bucket and object names. Enable public access, but only provide specific file URLs to people who do not have Google accounts and need access.

Answer 8

C. Grant no Google Cloud Identity and Access Management (Cloud IAM) roles to internal users, and use granular ACLs on the bucket.

Question 9

Using principal of least privilege and allowing for maximum automation, what steps can you take to store audit logs for long-term access and to allow access for external auditors to view? (Choose two)

A. Export audit logs to BigQuery via an export sink.

B. Export audit logs to Cloud Storage via an export sink.

C. Generate a signed URL to the Stackdriver export destination for auditors to access.

D. Create an account for auditors to have view access to Stackdriver Logging.

Answer 9

C. Generate a signed URL to the Stackdriver export destination for auditors to access.

D. Create an account for auditors to have view access to Stackdriver Logging.

Question 10

You are developing a new application that needs to store and analyze over a petabyte of data in NoSQL format. Which product would you choose?

A. Cloud Spanner

B. BigQuery

C. Cloud Bigtable

D. Cloud Datastore

Answer 10

C. Cloud Bigtable

Question 11

Your company is planning on deploying a web application to Google Cloud hosted on a custom Linux distribution. Your website will be accessible globally and needs to scale to meet demand. Choose all of the components that will be necessary to achieve this goal. (Choose all that apply)

A. Managed Instance Group on Compute Engine

B. Network Load Balancer

C. App Engine Standard environment

D. HTTP Load Balancer

Answer 11

A. Managed Instance Group on Compute Engine

D. HTTP Load Balancer

Question 12

Within your Kubernetes Engine (GKE) cluster, you want to automatically and simultaneously deploy new code to a GKE cluster in two different regions. Which method should you use?

A. Change the clusters to activate federated mode.

B. Use Google Cloud Container Builder to publish the new images.

C. Use Parallel SSH with Google Cloud Shell and kubectl.

D. Use an automation tool, such as Jenkins.

Answer 12

D. Use an automation tool, such as Jenkins.

Question 13

You have a mission-critical database running on an Linux instance on Google Compute Engine. You need to automate a database backup once per day to another disk. The database must remain fully operational and functional and can have no downtime. How can you best perform an automated backup of the database with no downtime and minimal costs?

A. Use the automated snapshot service on Compute Engine to schedule a snapshot.

B. Write the database to two different disk locations simultaneously, then schedule a snapshot of the secondary disk, which will allow the primary disk to continue running.

C. Use a cron job to schedule a disk snapshot once per day.

D. Use a cron job to schedule your application to backup the database to another persistent disk.

Answer 13

D. Use a cron job to schedule your application to backup the database to another persistent disk.

To both minimize costs (don’t want extra disks) and minimize downtime (cannot freeze database). Backing up just the database to another disk using a cron job is the preferred answer.

It is also possible to backup the database to a Cloud Storage bucket instead of a disk, which would be cheaper for the same amount of storage. Be sure to note what specific parameters the exam questions give.

Question 14

What is the best practice for separating responsibilities and access for production and development environments?

A. Separate project for each environment, both teams have access to both projects.

B. Separate project for each environment, each team only has access to their project.

C. Both environments use the same project, just note which resources are in use by which group.

D. Both environments use the same project, but different VPC’s.

Answer 14

B. Separate project for each environment, each team only has access to their project.

Question 15

What information is required to connect to an on-premises network router over VPN using Cloud Router for dynamic routing? (Choose all that apply)

A. Remote router DNS name

B. Shared secret

C. Remote router (peer) IP address

D. Border Gateway Protocol address

Answer 15

B. Shared secret

C. Remote router (peer) IP address

Using Cloud Router for dynamic routing requires a BGP address along with the peer address and shared secret for secure access.

D. Border Gateway Protocol address

Question 16

You want to automate collecting billing data for analysis. What is the best way to do this?

A. Export billing reports to Cloud Storage.

B. Forward daily reports to your data analysis team.

C. Download a CSV file of billing info.

D. Export billing reports to BigQuery.

Answer 16

D. Export billing reports to BigQuery.

Question 17

You have approximately 10 separate media files over 500GB each that you need to migrate to Google Cloud Storage. The files are in your on-premises data center. What migration method can you use to help speed up the transfer process?

A. Start a recursive upload.

B. Use multi-threaded uploads using the -m option.

C. Use parallel uploads to break the file into smaller chunks then transfer it simultaneously.

D. Use the Cloud Transfer Service to transfer.

Answer 17

C. Use parallel uploads to break the file into smaller chunks then transfer it simultaneously.

Parallel uploads are for breaking up larger files into pieces for faster uploads.

D not correct because Storage Transfer Service is limited to AWS S3, Google Cloud Storage, and HTTP/HTTPS locations.

Question 18

You need to give an external user access to a sensitive storage bucket object for a limited period of time. What is the best method for doing so?

A. Email the user the needed file.

B. Create a signed URL for the object with a set time limit.

C. Make the object public via ACL’s, and give only the user the link.

D. Create a GCP account for the user to access the object, then remove the account when they are finished.

Answer 18

B. Create a signed URL for the object with a set time limit.

Question 19

One of the microservices in your application has an intermittent performance problem. You have not observed the problem when it occurs, but when it does, it triggers a particular burst of log lines. You want to debug a machine while the problem is occurring. What should you do?

A. In the Stackdriver Error Reporting dashboard, look for a pattern in the times the problem occurs.

B. Log into one of the machines running the microservice and wait for the log storm.

C. Configure your microservice to send traces to Stackdriver Trace so you can find what is taking so long.

D. Set up a log metric in Stackdriver Logging, then set up an alert to notify you when the number of log lines increases past a threshold.

Answer 19

D. Set up a log metric in Stackdriver Logging, then set up an alert to notify you when the number of log lines increases past a threshold.

Question 20

You need to reduce the impact of unplanned rollbacks of erroneous production deployments in your company’s web hosting platform. Improvement to the QA processes accomplished an 80% reduction. Which additional two approaches can you take to further reduce the impact of rollbacks? (Choose two)

A. Introduce a green-blue deployment model.

done Correct
B. Remove the platform’s dependency on relational database systems.

C. Replace the platform’s relational database systems with a NoSQL database.

D. Fragment the monolithic platform into microservices.

Answer 20

A. Introduce a green-blue deployment model.

D. Fragment the monolithic platform into microservices.

Question 21

Your company collects and stores security camera footage in Google Cloud Storage. Within the first 30 days, the footage is regularly processed for threat detection, object detection, trend analysis, and suspicious behavior detection. You want to minimize the cost of storing all the data. How should you store the videos?

A. Use Google Cloud Regional Storage for the first 30 days, then move to Coldline Storage.

B. Use Google Cloud Regional Storage for the first 30 days, then move to Nearline Storage.

C. Use Google Cloud Nearline Storage for the first 30 days, then move to Coldline Storage.

D. Use Google Cloud Regional Storage for the first 30 days, then move to Google Persistent Disk.

Answer 21

A. Use Google Cloud Regional Storage for the first 30 days, then move to Coldline Storage.

Question 22

You’re writing a Python application and want your application to run in a sandboxed managed environment with the ability to scale up in seconds to account for huge spikes in demand. Which service should you host your application on?

A. Compute Engine

B. App Engine Standard Environment

C. Kubernetes Engine

D. App Engine Flexible Environment

Answer 22

B. App Engine Standard Environment

Question 23

Your developer currently maintains a J2EE application. What two considerations should he consider for moving his application to the cloud to meet demand and minimize overhead? (Choose two)

A. Host resources in Cloud Bigtable.

B. Re-tool to run on managed instance group with appropriate storage backend.

C. Re-tooling the application to run on App Engine.

D. Configure application for Cloud Dataproc.

Answer 23

B. Re-tool to run on managed instance group with appropriate storage backend.

J2EE is Java, which can run on App Engine. He can also configure his application to run on a managed instance group for scaling, as long as he configures a data storage backend for the group as well.

A is not correct because Bigtable is a NoSQL database, and is not relevant to this example.

Question 24

Your company wants to reduce cost on infrequently accessed data by moving it to the cloud. The data is still accessed approximately once a month to refresh historical charts. In addition, data older than 5 years is no longer needed. Where should you store it and how should you manage the data?

A. In Google Cloud Storage and stored in a Multi-Regional bucket. Set an Object Lifecycle Management policy to delete data older than 5 years.

B. In Google Cloud Storage and stored in a Nearline bucket. Set an Object Lifecycle Management policy to delete data older than 5 years.

C. In Google Cloud Storage and stored in a Multi-Regional bucket. Set an Object Lifecycle Management policy to change the storage class to Coldline for data older than 5 years.

D. In Google Cloud Storage and stored in a Nearline bucket. Set an Object Lifecycle Management policy to change the storage class to Coldline for data older than 5 years.

Answer 24

B. In Google Cloud Storage and stored in a Nearline bucket. Set an Object Lifecycle Management policy to delete data older than 5 years.

Question 25

You are migrating your existing data center environment to Google Cloud Platform. You have a 1 petabyte Storage Area Network (SAN) that needs to be migrated. What GCP service will this data map to?

A. Cloud Bigtable

B. BigQuery

C. Cloud Storage

D. Persistent Disk

Answer 25

D. Persistent Disk

SAN data uses block storage, which would map directly to a persistent disk on GCP for equivalent storage. If we were working with a NAS instead of a SAN, could map to either persistent disk or also Cloud Storage.

Question 26

When would you want to use a Local SSD over a persistent disk?

A. You need to move the disk to a different instance.

B. You need reliability and redundancy over performance.

C. You need performance over reliability.

D. You want to preserve your disk after the instance is terminated.

Answer 26

C. You need performance over reliability.

Question 27

Your App Engine application needs to store stateful data in a proper storage service. Your data is non-relational database data. You do not expect the database size to grow beyond 10 GB and you need to have the ability to scale down to zero to avoid unnecessary costs. Which storage service should you use?

A. Cloud Dataproc

B. Cloud SQL

C. Cloud Bigtable

D. Cloud Datastore

Answer 27

D. Cloud Datastore

Question 28

You need to take streaming data from thousands of Internet of Things (IoT) devices, ingest it, run it through a processing pipeline, and store it for analysis. You want to run SQL queries against your data for analysis. What services in which order should you use for this task?

A. App Engine, Cloud Dataflow, BigQuery

B. Cloud Pub/Sub, Cloud Dataflow, Cloud Dataproc

C. Cloud Dataflow, Cloud Pub/Sub, BigQuery

D. Cloud Pub/Sub, Cloud Dataflow, BigQuery

Answer 28

D. Cloud Pub/Sub, Cloud Dataflow, BigQuery

Question 29

Your company is planning the infrastructure for a new large-scale application that will need to store over 100 TB of data in NoSQL format for high-speed analytics. Which storage option should you use?

A. Cloud SQL

B. Cloud Datastore

C. Cloud Spanner

D. Cloud Bigtable

Answer 29

D. Cloud Bigtable

Question 30

You need to regularly create disk level backups of the root disk of a critical instance. These backups need to be able to be converted into new instances that can be used in different projects. How should you do this?

A. Create snapshots and share them with other projects.

B. Use the VM migration tools in Compute Engine to copy a VM to a different project.

C. Create snapshots, turn the snapshot into a custom image, and share the image across projects.

D. Stream your VM’s data into Cloud Storage and share the exported data in the storage bucket with another project.

Answer 30

C. Create snapshots, turn the snapshot into a custom image, and share the image across projects.

Question 31

Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all projects in the organization. You provision the Google Cloud Resource Manager and set up yourself as the org admin. Which Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team?

A. Org admin, project browser

B. Org viewer, project owner

C. Org viewer, project viewer

D. Project owner, network admin

Answer 31

C. Org viewer, project viewer

Question 32

Your company currently hosts an AWS S3 bucket. You need to keep the contents of this bucket in sync with a new Google Cloud Storage bucket to support a backup storage destination. What is the best method to achieve this?

A. Use gsutil -m cp to keep both locations in sync.

B. Use gsutil rsync commands to keep both locations in sync.

C. Once per week, use a gsutil cp command to copy over newly modified files.

D. Use Storage Transfer Service to keep both the source and destination in sync.

Answer 32

Use Storage Transfer Service to keep both the source and destination in sync.

You can use gsutil rsync to keep two locations in sync. However, the preferred option when working with an AWS S3 bucket is to use the Storage Transfer Service.

Question 33

Your developer group works on a set of VM’s frequently throughout the day. To save costs, you terminate the VM when it is not in use. However, you need to preserve the contents of the disk when the VM is terminated so users can resume where they left off when a new one is created. What should you do? (Choose two)

A. Take a snapshot of the disk before terminating the VM.

B. Set the disk to no-auto-delete to preserve contents.

C. Back up the disk contents to Cloud Storage before deleting.

D. Only stop the instance vs. deleting it.

Answer 33

B. Set the disk to no-auto-delete to preserve contents.

D. Only stop the instance vs. deleting it.

Question 34

Your company plans to migrate a multi-petabyte data set to the cloud. The dataset must be available 24hrs a day. Your business analysts have experience only with using a SQL interface. How should you store the data to optimize it for ease of analysis?

A. Stream data into Google Cloud Datastore.

B. Put flat files into Google Cloud Storage.

C. Load data into Google BigQuery.

D. Insert data into Google Cloud SQL.

Answer 34

C. Load data into Google BigQuery.

Question 35

You have created a Kubernetes engine cluster named ‘project-1’. You’ve realized that you need to change the machine type for the cluster from n1-standard-1 to n1-standard-4. What is the command to make this change?

A. This action is not possible.

B. You must create a new node pool in the same cluster, and migrate the workload to the new pool.

C. gcloud container clusters resize project-1 –machine-type n1-standard-4

D. gcloud container clusters update project-1 –machine-type n1-standard-4

Answer 35

B. You must create a new node pool in the same cluster, and migrate the workload to the new pool.

You cannot change the machine type for an individual node pool after creation. You need to create a new pool and migrate your workload over.

Question 36

You want to make a copy of a production Linux virtual machine in the US-Central region. You want to manage and replace the copy easily if there are changes to the production virtual machine. You will deploy the copy as a new instance in a different project in the US-East region. What steps must you take?

A. Use the Linux dd and netcat commands to copy and stream the root disk contents to a new virtual machine instance in the US-East region.

B. Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file for the root disk.

C. Create a snapshot of the root disk and select the snapshot as the root disk when you create a new virtual machine instance in the US-East region.

D. Create an image file from the root disk with Linux dd command, create a new disk from the image file, and use it to create a new virtual machine instance in the US-East region.

Answer 36

B. Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file for the root disk.

Question 37

You have a managed instance group comprised of preemptible VM’s. All of the VM’s keep deleting and recreating themselves every minute. What is a possible cause of this behavior?

A. You have hit your instance quota for the region.

B. Your managed instance group’s health check is repeatedly failing, either to a misconfigured health check or misconfigured firewall rules not allowing the health check to access the instances.

C. Your zonal capacity is limited, causing all preemptible VM’s to be shutdown to recover capacity. Try deploying your group to another zone.

D. Your managed instance group’s VM’s are toggled to only last 1 minute in preemptible settings.

Answer 37

B. Your managed instance group’s health check is repeatedly failing, either to a misconfigured health check or misconfigured firewall rules not allowing the health check to access the instances.

Question 38

You are transferring a very large number of small files to Google Cloud Storage from an on-premises location. You need to speed up the transfer of your files. Assuming a fast network connection, what two actions can you do to help speed up the process? (Choose two)

A. Use the -r option for large transfers.

B. Copy the files in bigger pieces at a time.

C. Use the -m option for multi-threading on transfers.

D. Compress and combine files before transferring.

Answer 38

C. Use the -m option for multi-threading on transfers.

D. Compress and combine files before transferring.

Question 39

How do you delete a specific version of an archived object with object versioning turned on?

A. gsutil rm gs://[BUCKET_NAME]/[FILE_NAME]#[GENERATION]

B. gsutil del gs://[BUCKET_NAME]/[FILE_NAME]#[GENERATION]

C. gsutil rm gs://[BUCKET_NAME]/[FILE_NAME]#[VERSION]

D. gsutil cp -r gs://[BUCKET_NAME]/[FILE_NAME]#[GENERATION]

Answer 39

A. gsutil rm gs://[BUCKET_NAME]/[FILE_NAME]#[GENERATION]

You must specify the generation number of an archived object when removing with the ‘gsutil rm’ command.

Question 40

You are creating a single preemptible VM instance named ‘temp’ to be used as scratch space for a single workload. If your VM is preempted, you need to ensure that disk contents can be re-used. Which gcloud command would you use to create this instance?

A. gcloud compute instances create “temp” –no-auto-delete

B. gcloud compute instances create “temp” –preemptible

C. gcloud compute instances create “temp” –preemptible –boot-disk-auto-delete = no

D. gcloud compute instances create “temp” –preemptible –no-boot-disk-auto-delete

Answer 40

D. gcloud compute instances create “temp” –preemptible –no-boot-disk-auto-delete

Specifying ‘–no-boot-disk-auto-delete’ preserves the disk. Simply not including the options tags causes the disk to be auto-deleted.

Question 41

You need to allow traffic from specific virtual machines in ‘subnet-a’ network access to machines in ‘subnet-b’ without giving the entirety of subnet-a access. How can you accomplish this?

A. You can only grant firewall access to an entire subnet and not individual VM’s inside.

B. Create a rule to deny all traffic to the entire subnet, then create a second rule with higher priority giving access to tagged VM’s in subnet-a.

C. Create a firewall rule to allow traffic from resources with specific network tags, then assign the machines in subnet-a the same tags.

D. Relocate the subnet-a machines to a different subnet, and give the new subnet the needed access.

Answer 41

C. Create a firewall rule to allow traffic from resources with specific network tags, then assign the machines in subnet-a the same tags.

Question 42

What is the command for creating a storage bucket that has once per month access and is named ‘archive_bucket’?

A. gsutil mb gs://archive_bucket

B. gsutil rm -coldline gs://archive_bucket

C. gsutil mb -c coldline gs://archive_bucket

D. gsutil mb -c nearline gs://archive_bucket

Answer 42

D. gsutil mb -c nearline gs://archive_bucket

Question 43

Your business is connected to a VPN connection to GCP. On GCP, you are hosting an internal website using an HTTP load balancer which serves traffic to a managed instance group. Your users are unable to access the internal website, though all systems are up. What is a possible cause for this problem?

A. Your load balancer is not set for the correct region.

B. Firewall rules are not correctly configured.

C. You need to enabled Stackdriver debugger to collect more information.

D. You’ve enabled static IP address for the managed instance group servers.

Answer 43

B. Firewall rules are not correctly configured.