Preparing for Your Associate Cloud Engineer Journey Flashcards
Jane will manage objects in Cloud Storage for the Cymbal Superstore. She needs to have access to the proper permissions for every project across the organization. What should you do?
A. Add Jane to a group that has the roles/storage.objectAdmin role assigned at the organizational level.
B. Assign Jane the roles/viewer on each project and the roles/storage.objectCreator for each bucket.
C. Assign Jane the roles/editor at the organizational level.
D. Assign Jane the roles/storage.objectCreator on every project.
A. Add Jane to a group that has the roles/storage.objectAdmin role assigned at the organizational level.
This would give Jane the right level of access across all projects in your company.
What Google Cloud project attributes can be changed?
A. The Project Category
B. The Project Name
C. The Project Number
D. The Project ID
B. The Project Name
Project name is set by the user at creation. It does not have to be unique. It can be changed after creation time.
Stella is a new member of a team in your company who has been put in charge of monitoring VM instances in the organization. Stella will need the required permissions to perform this role. How should you grant her those permissions?
A. Assign the “viewer” policy to Stella.
B. Assign Stella compute.instances.get permissions on all of the projects she needs to monitor.
C. Add Stella to a Google Group in your organization. Bind that group to roles/compute.viewer.
D. Assign Stella a roles/compute.viewer role.
C. Add Stella to a Google Group in your organization. Bind that group to roles/compute.viewer.
Best practice is to manage role assignment by groups, not by individual users.
The Operations Department at Cymbal Superstore wants to provide managers access to information about VM usage without allowing them to make changes that would affect the state. You assign them the Compute Engine Viewer role. Which two permissions will they receive?
A. computer.images.update
B. compute.images.setIAM
C. compute.images.get
D. compute.images.create
E. compute.images.list
C. compute.images.get
- Correct! Get is read-only. Viewer has this permission.
E. compute.images.list
- Correct! Viewers can perform read-only actions that do not affect state.
You need to add new groups of employees in Cymbal Superstore’s production environment. You need to consider Google’s recommendation of using least privilege. What should you do?
A. Grant custom roles to individual users and implement basic roles at the resource level
B. Grant predefined and custom roles that provide necessary permissions and grant basic roles only where needed.
C. Grant the least restrictive basic roles to most services and grant predefined and custom roles only when necessary.
D. Grant the most restrictive basic role to most services, grant predefined or custom roles as necessary.
B. Grant predefined and custom roles that provide necessary permissions and grant basic roles only where needed.
Basic roles are broad and don’t use the concept of least privilege. You should grant only the roles that someone needs through predefined and custom roles.
How are billing accounts applied to projects in Google Cloud? (Pick two).
A. A project and its resources can only be tied to one billing account.
B. A project and its resources can be tied to more than one billing account.
C. A billing account can be linked to one or more projects.
D. Set up Cloud Billing to pay for usage costs in Google Cloud projects and Google Workspace accounts.
A. A project and its resources can only be tied to one billing account.
A project can only be linked to one billing account at a time.
C. A billing account can be linked to one or more projects.
A billing account can handle billing for more than one project.
How are resource hierarchies organized in Google Cloud?
A. Resource, Folder, Organization, Project
B. Organization, Folder, Project, Resource
C. Project, Organization, Folder, Resource
D. Organization, Project, Resource, Folder
B. Organization, Folder, Project, Resource
Organization sits at the top of the Google Cloud resource hierarchy. This can be divided into folders, which are optional. Next, there are projects you define. Finally, resources are created under projects.
Fiona is the billing administrator for the project associated with Cymbal Superstore’s eCommerce application. Jeffrey, the marketing department lead, wants to receive emails related to budget alerts. Jeffrey should have access to no additional billing information. What should you do?
A. Send alerts to a Pub/Sub topic that Jeffrey is subscribed to.
B. Use Cloud Monitoring notification channels to send Jeffrey an email alert.
C. Add Jeffrey and Fiona to the budget scope custom email delivery dialog.
D. Change the budget alert default threshold rules to include Jeffrey as a recipient.
B. Use Cloud Monitoring notification channels to send Jeffrey an email alert.
You can set up to 5 Cloud Monitoring channels to define email recipients that will receive budget alerts.
- You want to use the Cloud Shell to copy files to your Cloud Storage bucket. Which Cloud SDK command should you use?
A. Cloud Storage Browser
B. gsutil
C. gcloud
D. bq
B. gsutil
Use gsutil to interact with Cloud Storage via the Cloud SDK.
Pick two choices, from the options below, that provide a command line interface to Google Cloud.
A. REST-based API
B. Cloud SDK
C. Cloud Shell
D. Cloud Mobile App
E. Google Cloud console
B. Cloud SDK
The Cloud SDK provides a local CLI environment.
C. Cloud Shell
Cloud Shell provides a cloud-based CLI environment.
What is the lowest level basic role that gives you permissions to change resource state?
A. Owner.
B. Viewer.
C. Editor.
D. Administrator.
C. Editor.
Which Google Cloud interface allows for scripting actions in a set of command line executables?
A. Google Cloud console
B. Cloud Mobile App
C. Rest API
D. Cloud Shell
D. Cloud Shell.
What is the difference between Internal and External Load balancer?
The external load balancer is used to route external HTTP traffic into the cluster. The internal load balancer is used for internal service discovery and load balancing within the cluster.
What is a Proxied SSL Load Balancer?
SSL Proxy Load Balancing is a reverse proxy load balancer that distributes SSL traffic coming from the internet to virtual machine (VM) instances in your Google Cloud VPC network.
What is SSL?
Secure Sockets Layer and, in short, it’s the standard technology
- Keeping an internet connection secure
- Safeguarding any sensitive data that is being sent between two systems
- Preventing criminals from reading and modifying any information transferred, including potential personal details.
