PCA-QA - 169-224 Flashcards
Your company places a high value on being responsive and meeting customer needs quickly. Their primary
business objectives are release speed and agility. You want to reduce the chance of security errors being
accidentally introduced.
Which two actions can you take? (Choose two.)
B. Use source code security analyzers as part of the CI/CD pipeline
E. Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD)
pipeline
You want to enable your running Google Kubernetes Engine cluster to scale as demand for your application
changes.
What should you do?
C. Update the existing Kubernetes Engine cluster with the following command: gcloud alpha container clusters
update mycluster - -enable- autoscaling - -min-nodes=1 - -max-nodes=10
Your marketing department wants to send out a promotional email campaign. The development team wants to
minimize direct operation management. They project a wide range of possible customer responses, from 100 to
500,000 click-through per day. The link leads to a simple website that explains the promotion and collects user
information and preferences.
Which infrastructure should you recommend? (Choose two.)
A. Use Google App Engine to serve the website and Google Cloud Datastore to store user data.
C. Use a managed instance group to serve the website and Google Cloud Bigtable to store user data.
Your company just finished a rapid lift and shift to Google Compute Engine for your compute needs. You have
another 9 months to design and deploy a more cloud-native solution. Specifically, you want a system that is no-ops
and auto-scaling.
Which two compute products should you choose? (Choose two.)
B. Google Kubernetes Engine with containers
C. Google App Engine Standard Environment
One of your primary business objectives is being able to trust the data stored in your application. You want to log
all changes to the application data.
How can you design your logging system to verify authenticity of your logs?
C. Digitally sign each timestamp and log entry and store the signature
Your company has a Google Workspace account and Google Cloud Organization. Some developers in the company
have created Google Cloud projects outside of the Google Cloud Organization.
You want to create an Organization structure that allows developers to create projects, but prevents them from
modifying production projects. You want to manage policies for all projects centrally and be able to set more
restrictive policies for production projects.
You want to minimize disruption to users and developers when business needs change in the future. You want to
follow Google-recommended practices. Now should you design the Organization structure?
C. 1. Create folders under the Organization resource named Development and Production. 2. Grant all
developers the Project Creator IAM role on the Development folder. 3. Move the developer projects into the
Development folder. 4. Set the policies for all projects on the Organization. 5. Additionally, set the production
policies on the Production folder.
Your company has an application running on Compute Engine that allows users to play their favorite music. There
are a fixed number of instances. Files are stored in Cloud Storage, and data is streamed directly to users. Users are
reporting that they sometimes need to attempt to play popular songs multiple times before they are successful.
You need to improve the performance of the application. What should you do?
D. 1. Create a managed instance group with Compute Engine instances. 2. Create a global load balancer and
configure it with two backends: ג ›—Managed instance group ג ›—Cloud Storage bucket 3. Enable Cloud CDN
on the bucket backend
The operations team in your company wants to save Cloud VPN log events for one year. You need to configure the
cloud infrastructure to save the logs. What should you do?
A. Set up a filter in Cloud Logging and a Cloud Storage bucket as an export target for the logs you want to
save.
You are working with a data warehousing team that performs data analysis. The team needs to process data from
external partners, but the data contains personally identifiable information (PII). You need to process and store the
data without storing any of the PIIE data. What should you do?
A. Create a Dataflow pipeline to retrieve the data from the external sources. As part of the pipeline, use the
Cloud Data Loss Prevention (Cloud DLP) API to remove any PII data. Store the result in BigQuery.
You want to allow your operations team to store logs from all the production projects in your Organization, without including logs from other projects. All of the production projects are contained in a folder. You want to ensure that all logs for existing and new production projects are captured automatically. What should you do?
A. Create an aggregated export on the Production folder. Set the log sink to be a Cloud Storage bucket in an operations project.
Your company has an application that is running on multiple instances of Compute Engine. It generates 1 TB per day of logs. For compliance reasons, the logs need to be kept for at least two years. The logs need to be available for active query for 30 days. After that, they just need to be retained for audit purposes. You want to implement a storage solution that is compliant, minimizes costs, and follows Google-recommended practices. What should you do?
A. 1. Install a Cloud Logging agent on all instances. 2. Create a sink to export logs into a regional Cloud Storage bucket. 3. Create an Object Lifecycle rule to move files into a Coldline Cloud Storage bucket after one month. 4. Configure a retention policy at the bucket level using bucket lock.
Your company has just recently activated Cloud Identity to manage users. The Google Cloud Organization has been configured as well. The security team needs to secure projects that will be part of the Organization. They want to prohibit IAM users outside the domain from gaining permissions from now on. What should they do?
A. Configure an organization policy to restrict identities by domain.
Your company has an application running on Google Cloud that is collecting data from thousands of physical devices that are globally distributed. Data is published to Pub/Sub and streamed in real time into an SSD Cloud Bigtable cluster via a Dataflow pipeline. The operations team informs you that your Cloud
Bigtable cluster has a hotspot, and queries are taking longer than expected. You need to resolve the problem and prevent it from happening in the future. What should you do?
C. Review your RowKey strategy and ensure that keys are evenly spread across the alphabet.
Your company has a Google Cloud project that uses BigQuery for data warehousing. There are some tables that contain personally identifiable information (PII).
Only the compliance team may access the PII. The other information in the tables must be available to the data science team. You want to minimize cost and the time it takes to assign appropriate access to the tables. What should you do?
C. 1. Create a dataset for the data science team. 2. Create views of tables that you want to share, excluding PII. 3. Assign an appropriate project-level IAM role to the members of the data science team. 4. Assign access controls to the dataset that contains the view. 5. Authorize the view to access the source dataset.
Your operations team currently stores 10 TB of data in an object storage service from a third-party provider. They want to move this data to a Cloud Storage bucket as quickly as possible, following Google-recommended practices. They want to minimize the cost of this data migration. Which approach should they use?
B. Use the Storage Transfer Service to move the data.
You have a Compute Engine managed instance group that adds and removes Compute Engine instances from the
group in response to the load on your application. The instances have a shutdown script that removes REDIS
database entries associated with the instance. You see that many database entries have not been removed, and
you suspect that the shutdown script is the problem. You need to ensure that the commands in the shutdown script
are run reliably every time an instance is shut down. You create a Cloud Function to remove the database entries.
What should you do next?
C. Set up a Cloud Monitoring sink that triggers the Cloud Function after an instance removal log message
arrives in Cloud Logging.
You are managing several projects on Google Cloud and need to interact on a daily basis with BigQuery, Bigtable,
and Kubernetes Engine using the gcloud CL tool. You are travelling a lot and work on different workstations during
the week. You want to avoid having to manage the gcloud CLI manually. What should you do?
A. Use Google Cloud Shell in the Google Cloud Console to interact with Google Cloud.
Your company recently acquired a company that has infrastructure in Google Cloud. Each company has its own Google Cloud organization. Each company is using a Shared Virtual Private Cloud (VPC) to provide network connectivity for its applications. Some of the subnets used by both companies overlap. In order for both businesses to integrate, the applications need to have private network connectivity. These applications are not on overlapping subnets. You want to provide connectivity with minimal re-engineering. What should you do?
C. Set up a Cloud VPN gateway in each Shared VPC and peer Cloud VPNs.
You are managing several internal applications that are deployed on Compute Engine. Business users inform you that an application has become very slow over the past few days. You want to find the underlying cause in order to solve the problem. What should you do first?
A. Inspect the logs and metrics from the instances in Cloud Logging and Cloud Monitoring
Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. When releasing new versions of the application via a rolling deployment, the team has been causing outages. The root
cause of the outages is misconfigurations with parameters that are only used in production. You want to put
preventive measures for this in the platform to prevent outages. What should you do?
A. Configure liveness and readiness probes in the Pod specification
Your company uses Google Kubernetes Engine (GKE) as a platform for all workloads. Your company has a single
large GKE cluster that contains batch, stateful, and stateless workloads. The GKE cluster is configured with a
single node pool with 200 nodes. Your company needs to reduce the cost of this cluster but does not want to
compromise availability. What should you do?
C. Configure a HorizontalPodAutoscaler for all stateless workloads and for all compatible stateful workloads.
Configure the cluster to use node auto scaling.
