Study Guide, Practice Questions Flashcards
Google Cloud Certified Professional Cloud Architect Study Guide, 2nd Edition by Dan Sullivan
Building for Builders LLC manufactures equipment used in residential and commercial building. Each of its 500,000 pieces of equipment in use around the globe has IoT devices collecting data about the state of equipment. The IoT data is streamed from each device every 10 seconds. On average, 10 KB of data is sent in each message. The data will be used for predictive maintenance and product development. The company would like to use a managed service in Google Cloud. What would you recommend?
A. Apache Cassandra
B. Cloud Bigtable
C. BigQuery
D. Cloud SQL
Option B is correct. Bigtable is the best option for streaming IoT data, since it supports low-latency writes and is designed to scale to support petabytes of data.
Option A is incorrect because Apache Cassandra is not a managed database in GCP.
Option C is incorrect because BigQuery is a data warehouse. While it is a good option for analyzing large volumes of data, Bigtable is a better option for ingesting the data.
Option D is incorrect. Cloud SQL is a managed relational database. The use case does not require a relational database, and Bigtable’s scalability is a better fit with the requirements.
You have developed a web application that is becoming widely used. The front end runs in Google App Engine and scales automatically. The backend runs on Compute Engine in a managed instance group. You have set the maximum number of instances in the backend managed instance group to five. You do not want to increase the maximum size of the managed instance group or change the VM instance type, but there are times the front end sends more data than the backend can keep up with and data is lost. What can you do to prevent the loss of data?
A. Use an unmanaged instance group.
B. Store ingested data in Cloud Storage.
C. Have the front end write data to a Cloud Pub/Sub topic, and have the backend read from that topic.
D. Store ingested data in BigQuery.
The correct answer is C. A Cloud Pub/Sub topic would decouple the front end and backend, provide a managed and scalable message queue, and store ingested data until the backend can process it.
Option A is incorrect. Switching to an unmanaged instance group will mean that the instance group cannot autoscale.
Option B is incorrect. You could store ingested data in Cloud Storage, but it would not be as performant as the Cloud Pub/Sub solution.
Option D is incorrect because BigQuery is a data warehouse and not designed for this use case.
You are setting up a cloud project and want to assign members of your team different roles that have appropriate permissions for their responsibilities. What GCP service would you use to do that?
A. Cloud Identity
B. Identity and Access Management (IAM)
C. Cloud Authorizations
D. LDAP
The correct answer is B. IAM is used to manage roles and permissions.
Option A is incorrect. Cloud Identity is a service for creating and managing identities.
Option C is incorrect. There is no GCP service with that name at this time.
Option D is incorrect. LDAP is not a GCP service.
You would like to run a custom stateless container in a managed Google Cloud service. What are your three options?
A. App Engine Standard, Cloud Run, and Kubernetes Engine
B. App Engine Flexible, Cloud Run, and Kubernetes Engine
C. Compute Engine, Cloud Functions, and Kubernetes Engine
D. Cloud Functions, Cloud Run, and App Engine Flexible
The correct answer is B. You can run custom stateless containers in App Engine Flexible, Cloud Run, and Kubernetes Engine.
Option A is incorrect because App Engine Standard does not support custom containers.
Option C is incorrect because Compute Engine is not a managed service and Cloud Functions does not support custom containers.
Option D is incorrect because Cloud Functions does not support custom containers.
PhotosForYouToday prints photographs and ships them to customers. The front-end application uploads photos to Cloud Storage. Currently, the back end runs a cron job that checks Cloud Storage buckets every 10 minutes for new photos. The product manager would like to process the photos as soon as they are uploaded. What would you use to cause processing to start when a photo file is saved to Cloud Storage?
A. A Cloud Function
B. An App Engine Flexible application
C. A Kubernetes pod
D. A cron job that checks the bucket more frequently
The correct answer is A. A Cloud Function can respond to a create file event in Cloud Storage and start processing when the file is created.
Option B is incorrect because an App Engine Flexible application cannot directly respond to a Cloud Storage write event.
Option C is incorrect. Kubernetes pods are the smallest compute unit in Kubernetes and are not designed to directly respond to Cloud Storage events.
Option D is incorrect because it does not guarantee that photos will be processed as soon as they are created.
The chief financial officer of your company believes that you are spending too much money to run an on-premises data warehouse and wants to migrate to a managed cloud solution. What GCP service would you recommend for implementing a new data warehouse in GCP?
A. Compute Engine
B. BigQuery
C. Cloud Dataproc
D. Cloud Bigtable
The correct answer is B. BigQuery is a managed analytics database designed to support data warehouses and similar use cases.
Option A is incorrect. Compute Engine is not a managed service.
Option C is incorrect. Cloud Dataproc is a managed Hadoop and Spark service.
Option D is incorrect. Bigtable is a NoSQL database well suited for large-volume, low-latency writes and limited ranges of queries. It is not suitable for the kind of ad hoc querying commonly done with data warehouses.
A government regulation requires you to keep certain financial data for seven years. You are not likely to ever retrieve the data, and you are only keeping it to comply with regulations. There are approximately 500 TB of financial data for each year that you are required to save. What is the most cost-effective way to store this data?
A. Cloud Storage multiregional storage
B. Cloud Storage Nearline storage
C. Cloud Storage Archive storage
D. Cloud Storage persistent disk storage
The correct answer is C. Cloud Storage Archive is the lowest-cost option, and it is designed for data that is accessed less than once per year. Options A and B are incorrect because they cost more than Archive storage.
Option D is incorrect because there is no such service.
Global Games Enterprises Inc. is expanding from North America to Europe. Some of the games offered by the company collect personal information. With what additional regulation will the company need to comply when it expands into the European market?
A. HIPAA
B. PCI-DSS
C. GDPR
D. SOX
The correct answer is C. The GDPR is a European Union directive protecting the personal information of EU citizens.
Option A is incorrect. HIPAA is a U.S. healthcare regulation.
Option B is incorrect. PCI-DSS is a payment card data security regulation; if Global Games Enterprises Inc. is accepting payment cards in North America, it is already subject to that regulation.
Option D is a U.S. regulation on some publicly traded companies; the company may be subject to that regulation already, and expanding to Europe will not change its status.
Your team is developing a Tier 1 application for your company. The application will depend on a PostgreSQL database. Team members do not have much experience with PostgreSQL and want to implement the database in a way that minimizes their administrative responsibilities for the database. What managed service would you recommend?
A. Cloud SQL
B. Cloud Dataproc
C. Cloud Bigtable
D. Cloud PostgreSQL
The correct answer is A. Cloud SQL is a managed database service that supports PostgreSQL.
Option B is incorrect. Cloud Dataproc is a managed Hadoop and Spark service.
Option C is incorrect. Cloud Bigtable is a NoSQL database.
Option D is incorrect. There is no service called Cloud PostgreSQL in GCP at this time.
What is a service-level indicator?
A. A metric collected to indicate how well a service-level objective is being met
B. A type of log
C. A type of notification sent to a sysadmin when an alert is triggered
D. A visualization displayed when a VM instance is down
The correct answer is A. A service-level indicator is a metric used to measure how well a service is meeting its objectives. Options B and C are incorrect. It is not a type of log or a type of notification.
Option D is incorrect. A service-level indicator is not a visualization, although the same metrics may be used to drive the display of a visualization.
Developers at MakeYouFashionable have adopted agile development methodologies. Which tool might they use to support CI/CD?
A. Google Docs
B. Jenkins
C. Apache Cassandra
D. Clojure
The correct answer is B. Jenkins is a popular CI/CD tool.
Option A is incorrect. Google Docs is a collaboration tool for creating and sharing documents.
Option C is incorrect. Cassandra is a NoSQL database.
Option D is incorrect. Clojure is a Lisp-like programming language that runs on the Java virtual machine (JVM).
You have a backlog of audio files that need to be processed using a custom application. The files are stored in Cloud Storage. If the files were processed continuously on three n2-standard-4 instances, the job could complete in two days. You have 30 days to deliver the processed files, after which they will be sent to a client and deleted from your systems. You would like to minimize the cost of processing. What might you do to help keep costs down?
A. Store the files in Coldline storage.
B. Store the processed files in multiregional storage.
C. Store the processed files in Cloud CDN.
D. Use preemptible VMs.
The correct answer is D. Use preemptible VMs, which cost significantly less than standard VMs.
Option A is incorrect. Coldline storage is not appropriate for files that are actively used.
Option B is incorrect. Storing files in multiregional storage will cost more than regional storage, and there is no indication from the requirements that they should be stored multiregionally.
Option C is incorrect. There is no indication that the processed files need to be distributed to a global user base.
You have joined a startup selling supplies to visual artists. One element of the company’s strategy is to foster a social network of artists and art buyers. The company will provide e-commerce services for artists and earn revenue by charging a fee for each transaction. You have been asked to collect more detailed business requirements. What might you expect as an additional business requirement?
A. The ability to ingest streaming data
B. A recommendation system to match buyers to artists
C. Compliance with SOX regulations
D. Natural language processing of large volumes of text
The correct answer is B. This is an e-commerce site matching sellers and buyers, so a system that recommends artists to buyers can help increase sales.
Option A is incorrect. There is no indication of any need for streaming data.
Option C is incorrect. This is a startup, and it is not likely subject to SOX regulations.
Option D is incorrect. There is no indication of a need to process large volumes of text.
You work for a manufacturer of specialty die cast parts for the aerospace industry. The company has built a reputation as the leader in high-quality, specialty die cast parts, but recently the number of parts returned for poor quality is increasing. Detailed data about the manufacturing process is collected throughout every stage of manufacturing. To date, the data has been collected and stored but not analyzed. There is a total of 20 TB of data. The company has a team of analysts familiar with spreadsheets and SQL. What service might you recommend for conducting preliminary analysis of the data?
A. Compute Engine
B. Kubernetes Engine
C. BigQuery
D. Cloud Functions
The correct answer is C. BigQuery is an analytics database that supports SQL. Options A and B are incorrect because although they could be used to run analytics applications, such as Apache Hadoop or Apache Spark, it would require more administrative overhead. Also, the team members working on this are analysts, but there is no indication that they have the skills or desire to manage analytics platforms.
Option D is incorrect. Cloud Functions is for running short programs in response to events in GCP.
A client of yours wants to run an application in a highly secure environment. They want to use instances that will only run boot components verified by digital signatures. What would you recommend they use in Google Cloud?
A. Preemptible VMs
B. Managed instance groups
C. Cloud Functions
D. Shielded VMs
The correct answer is D. Shielded VMs include secure boot, which only runs digitally verified boot components.
Option A is incorrect. Preemptible VMs are interruptible instances, but they cost less than standard VMs.
Option B is incorrect. Managed instance groups are sets of identical VMs that are managed as a single entity.
Option C is incorrect. Cloud Functions is a managed service for running programs in response to events in GCP.
You have installed the Google Cloud SDK. You would now like to work on transferring files to Cloud Storage. What command-line utility would you use?
A. bq
B. gsutil
C. cbt
D. gcloud
The correct answer is B. gsutilis the command-line utility for working with Cloud Storage.
Option A is incorrect.bqis the command-line utility for working with BigQuery.
Option C is incorrect.cbtis the command-line utility for working with Cloud Bigtable.
Option D is incorrect. gcloudis used to work with most GCP services but not Cloud Storage.
Kubernetes pods sometimes need access to persistent storage. Pods are ephemeral-they may shut down for reasons not in control of the application running in the pod. What mechanism does Kubernetes use to decouple pods from persistent storage?
A. PersistentVolumes
B. Deployments
C. ReplicaSets
D. Ingress
The correct answer is A. PersistentVolumes is Kubernetes’ way of representing storage allocated or provisioned for use by a pod.
Option B is incorrect. Deployments are a type of controller consisting of pods running the same version of an application.
Option C is incorrect. A ReplicaSet is a controller that manages the number of pods running in a deployment.
Option D is incorrect. An Ingress is an object that controls external access to services running in a Kubernetes cluster.
An application that you support has been missing service-level objectives, especially around database query response times. You have reviewed monitoring data and determined that a large number of database read operations is putting unexpected load on the system. The database uses PostgreSQL, and it is running in Compute Engine. You have tuned SQL queries, and the performance is still not meeting objectives. Of the following options, which would you try next?
A. Migrate to a NoSQL database.
B. Move the database to Cloud SQL.
C. Use read replicas.
D. Move some of the data out of the database to Cloud Storage.
The correct answer is C. Use read replicas to reduce the number of reads against the primary persistent storage system that is supporting both reads and writes.
Option A is incorrect. The application is designed to work with a relational database, and there is no indication that a NoSQL database is a better option overall.
Option B is incorrect. Simply moving the database to a managed service will not change the number of read operations, which is the cause of the poor performance.
Option D is incorrect. Moving data to Cloud Storage will not reduce the number of reads, and Cloud Storage does not support SQL.
You are running a complicated stream processing operation using Apache Beam. You want to start using a managed service. What GCP service would you use?
A. Cloud Dataprep
B. Cloud Dataproc
C. Cloud Dataflow
D. Cloud Identity
The correct answer is C. Cloud Dataflow is an implementation of the Apache Beam stream processing framework. Cloud Dataflow is a fully managed service.
Option A is incorrect. Cloud Dataprep is used to prepare data for analysis.
Option B is incorrect. Cloud Dataproc is a managed Hadoop and Spark service.
Option D is incorrect. Cloud Identity is an authentication service.
Your team has had several incidents in which Tier 1 and Tier 2 services were down for more than one hour. After conducting a few retrospective analyses of the incidents, you have determined that you could identify the causes of incidents faster if you had a centralized log repository. What GCP service could you use for this?
A. Cloud Logging
B. Cloud Monitoring
C. Cloud SQL
D. Cloud Trace
The correct answer is A. Cloud Logging is a centralized logging service.
Option B is incorrect. Cloud Monitoring collects and manages performance metrics.
Option C is incorrect. Cloud SQL is used for regional, relational databases.
Option D is incorrect. Cloud Trace is a service for distributed tracing of application performance.
A Global 2000 company has hired you as a consultant to help architect a new logistics system. The system will track the location of parts as they are shipped between company facilities in Europe, Africa, South America, and Australia. Anytime a user queries the database, they must receive accurate and up-to-date information; specifically, the database must support strong consistency. Users from any facility may query the database using SQL. What GCP service would you recommend?
A. Cloud SQL
B. BigQuery
C. Cloud Spanner
D. Cloud Dataflow
The correct answer is C. Cloud Spanner is a globally scalable, strongly consistent relational database that can be queried using SQL.
Option A is incorrect because it will not scale to the global scale as Cloud Spanner will.
Option B is incorrect. The requirements describe an application that will likely have frequent updates and transactions. BigQuery is designed for analytics and data warehousing.
Option D is incorrect. Cloud Dataflow is a stream and batch processing service.
A database architect for a game developer has determined that a NoSQL document database is the best option for storing players’ possessions. What GCP service would you recommend?
A. Cloud Firestore
B. Cloud Storage
C. Cloud Dataproc
D. Cloud Bigtable
The correct answer is A. Cloud Firestore is a managed document NoSQL database in GCP.
Option B is incorrect. Cloud Storage is an object storage system, not a document NoSQL database.
Option C is incorrect. Cloud Dataproc is a managed Hadoop and Spark service.
Option D is incorrect. Cloud Bigtable is a wide-column NoSQL database, not a document database.
A major news agency is seeing increasing readership across the globe. The CTO is concerned that long page-load times will decrease readership. What might the news agency try to reduce the page-load time of readers around the globe?
A. Regional Cloud Storage
B. Cloud CDN
C. Fewer firewall rules
D. Virtual private network
The correct answer is B. Cloud CDN is GCP’s content delivery network, which distributes static content globally.
Option A is incorrect. Reading from regional storage can still have long latencies for readers outside of the region.
Option C is incorrect. Firewall rules do not impact latency in any discernible way.
Option D is incorrect because VPNs are used to link on-premises networks to Google Cloud.
What networking mechanism allows different VPC networks to communicate using private IP address space, as defined in RFC 1918?
A. ReplicaSets
B. Custom subnets
C. VPC network peering
D. Firewall rules
The correct answer is C. VPC peering allows different VPCs to communicate using private networks.
Option A is incorrect. ReplicaSets are used in Kubernetes; they are not related to VPCs.
Option B is incorrect. Custom subnets define network address ranges for regions.
Option D is incorrect. Firewall rules control the flow of network traffic.
You have been tasked with setting up disaster recovery infrastructure in the cloud that will be used if the on-premises data center is not available. What network topology would you use for a disaster recovery environment?
A. Meshed topology
B. Mirrored topology
C. Gated egress topology
D. Gated ingress topology
The correct answer is B. With a mirrored topology, the public cloud and private on-premises environments mirror each other.
Option A is incorrect. In a mesh topology, all systems in the cloud and private networks can communicate with each other.
Option C is incorrect. In a gated egress topology, on-premises service APIs are made available to applications running in the cloud without exposing them to the public internet.
Option D is incorrect. In a gated ingress topology, cloud service APIs are made available to applications running on-premises without exposing them to the public internet.
You have been tasked with interviewing line-of-business owners about their needs for a new cloud application. Which of the following do you expect to find?
A. A comprehensive list of defined business and technical requirements
B. That their business requirements do not have a one-to-one correlation with technical requirements
C. Business and technical requirements in conflict
D. Clear consensus on all requirements
The correct answer is B. Business requirements are high-level, business-oriented requirements that are rarely satisfied by meeting a single technical requirement.
Option A is incorrect because business sponsors rarely have sufficient understanding of technical requirements to provide a comprehensive list.
Option C is incorrect because business requirements constrain technical options but should not be in conflict.
Option D is incorrect because there is rarely a clear consensus on all requirements. Part of an architect’s job is to help stakeholders reach a consensus.
You have been asked by stakeholders to suggest ways to reduce operational expenses as part of a cloud migration project. Which of the following would you recommend?
A. Managed services, preemptible machines, access controls
B. Managed services, preemptible machines, autoscaling
C. NoSQL databases, preemptible machines, autoscaling
D. NoSQL databases, preemptible machines, access controls
The correct answer is B. Managed services relieve DevOps work, preemptible machines cost significantly less than standard VMs, and autoscaling reduces the chances of running unnecessary resources. Options A and D are incorrect because access controls will not help reduce costs, but they should be used anyway. Options C and D are incorrect because there is no indication that a NoSQL database should be used.
Some executives are questioning your recommendation to employ continuous integration/continuous delivery (CI/CD). What reasons would you give to justify your recommendation?
A. CI/CD supports small releases, which are easier to debug and enable faster feedback.
B. CI/CD is used only with preemptible machines and therefore saves money.
C. CI/CD fits well with waterfall methodology but not agile methodologies.
D. CI/CD limits the number of times code is released.
The correct answer is A. CI/CD supports small releases, which are easier to debug and enable faster feedback.
Option B is incorrect, as CI/CD does not use only preemptible machines.
Option C is incorrect because CI/CD works well with agile methodologies.
Option D is incorrect, as there is no limit to the number of times new versions of code can be released.
The finance director has asked your advice about complying with a document retention regulation. What kind of service-level objective (SLO) would you recommend to ensure that the finance director will be able to retrieve sensitive documents for at least the next seven years? When a document is needed, the finance director will have up to seven days to retrieve it. The total storage required will be approximately 100 TB.
A. High availability SLO
B. Durability SLO
C. Reliability SLO
D. Scalability SLO
The correct answer is B. The finance director needs to have access to documents for seven years. This requires durable storage.
Option A is incorrect because the access does not have to be highly available; as long as the finance director can access the document in a reasonable period of time, the requirement can be met.
Option C is incorrect because reliability is a measure of being available to meet workload demands successfully.
Option D is incorrect because the requirement does not specify the need for increasing and decreasing storage to meet the requirement.
You are facilitating a meeting of business and technical managers to solicit requirements for a cloud migration project. The term incident comes up several times. Some of the business managers are unfamiliar with this term in the context of IT. How would you describe an incident?
A. A disruption in the ability of a DevOps team to complete work on time
B. A disruption in the ability of the business managers to approve a project plan on schedule
C. A disruption that causes a service to be degraded or unavailable
D. A personnel problem on the DevOps team
The correct answer is C. An incident in the context of IT operations and service reliability is a disruption that degrades or stops a service from functioning. Options A and B are incorrect-incidents are not related to scheduling.
Option D is incorrect; in this context, incidents are about IT services, not personnel.
You have been asked to consult on a cloud migration project that includes moving private medical information to a storage system in the cloud. The project is for a company in the United States. What regulation would you suggest that the team review during the requirements-gathering stages?
A. General Data Protection Regulations (GDPR)
B. Sarbanes–Oxley (SOX)
C. Payment Card Industry Data Security Standard (PCI DSS)
D. Health Insurance Portability and Accountability Act (HIPAA)
The correct answer is D. HIPAA governs, among other things, privacy and data protections for private medical information.
Option A is incorrect, as GDPR is a European Union regulation.
Option B is incorrect, as SOX is a U.S. financial reporting regulation.
Option C is incorrect, as PCI DSS is a payment card industry regulation.
You are in the early stages of gathering business and technical requirements. You have noticed several references about needing up-to-date and consistent information regarding product inventory and support for SQL reporting tools. Inventory is managed on a global scale, and the warehouses storing inventory are located in North America, Africa, Europe, and Asia. Which managed database solution in Google Cloud would you include in your set of options for an inventory database?
A. Cloud Storage
B. BigQuery
C. Cloud Spanner
D. Microsoft SQL Server
The correct answer is C. Cloud Spanner is a globally consistent, horizontally scalable relational database.
Option A is incorrect. Cloud Storage does not support SQL.
Option B is incorrect because BigQuery is an analytical database used for data warehousing and related operations.
Option D is incorrect; Microsoft SQL Server is a Cloud SQL database option, and Cloud SQL is a managed database, but Cloud SQL scales regionally, not globally.
A developer at Mountkirk Games is interested in how architects decide which database to use. The developer describes a use case that requires a document store. The developer would rather not manage database servers or have to run backups. What managed service would you suggest the developer consider?
A. Cloud Firestore
B. Cloud Spanner
C. Cloud Storage
D. BigQuery
The correct answer is A. Cloud Firestore is a managed document database and a good fit for storing documents.
Option B is incorrect because Cloud Spanner is a relational database and globally scalable. There is no indication that the developer needs a globally scalable solution, which implies higher cost.
Option C is incorrect, as Cloud Storage is an object storage system, not a managed database.
Option D is incorrect because BigQuery is an analytical database designed for data warehousing and similar applications.
Members of your company’s legal team are concerned about using a public cloud service because other companies, organizations, and individuals will be running their systems in the same cloud. You assure them that your company’s resources will be isolated and not network-accessible to others because of what networking resource in Google Cloud?
A. CIDR blocks
B. Direct connections
C. Virtual private clouds
D. Cloud Pub/Sub
The correct answer is C. VPCs isolate cloud resources from resources in other VPCs, unless VPCs are intentionally linked.
Option A is incorrect because a CIDR block has to do with subnet IP addresses.
Option B is incorrect, as direct connections are for transmitting data between a data center and Google Cloud-it does not protect resources in the cloud.
Option D is incorrect because Cloud Pub/Sub is a messaging service, not a networking service.
A startup has recently migrated to Google Cloud using a lift-and-shift migration. They are now considering replacing a self-managed MySQL database running in Compute Engine with a managed service. Which Google Cloud service would you recommend that they consider?
A. Cloud Dataproc
B. Cloud Dataflow
C. Cloud SQL
D. PostgreSQL
The correct answer is C. Cloud SQL offers a managed MySQL service. Options A and B are incorrect, as neither is a database. Cloud Dataproc is a managed Hadoop and Spark service. Cloud Dataflow is a stream and batch processing service.
Option D is incorrect, because PostgreSQL is another relational database, but it is not a managed service. PostgreSQL is an option in Cloud SQL, however.
Which of the following requirements from a customer make you think the application should run in Compute Engine and not App Engine?
A. Dynamically scale up or down based on workload
B. Connect to a database
C. Run a hardened Linux distro on a virtual machine
D. Don’t lose data
The correct answer is C. In Compute Engine, you create virtual machines and choose which operating system to run. All other requirements can be realized in App Engine.
Mountkirk Games wants to store player game data in a time-series database. Which Google Cloud managed database would you recommend?
A. Bigtable
B. BigQuery
C. Cloud Storage
D. Cloud Dataproc
The correct answer is A. Cloud Bigtable is a scalable, wide-column database designed for low-latency writes, making it a good choice for time-series data.
Option B is incorrect because BigQuery is an analytic database not designed for the high volume of low-latency writes that will need to be supported. Options C and D are not managed databases.
The original video captured during helicopter races by the Helicopter Racing League are transcoded and stored for frequent access. The original captured videos are not used for viewing but are stored in case they are needed for unanticipated reasons. The files require high durability but are not likely to be accessed more than once in a five-year period. What type of storage would you use for the original video files?
A. BigQuery Long Term Storage
B. BigQuery Active Storage
C. Cloud Storage Nearline class
D. Cloud Storage Archive class
The correct answer is D. Cloud Storage Archive class is the most cost-effective option and meets durability requirements.
Option C is incorrect; Cloud Storage Nearline class would meet durability requirements, but since the videos are likely accessed less than once per year, Cloud Storage Archive class would meet durability requirements and cost less. Options A and B are incorrect because videos are large binary objects best stored in object storage, not an analytical database such as BigQuery.
The game analytics platform for Mountkirk Games requires analysts to be able to query up to 10 TB of data. What is the best managed database solution for this requirement?
A. Cloud Spanner
B. BigQuery
C. Cloud Storage
D. Cloud Dataprep
The correct answer is B. This is a typical use case for BigQuery, and it fits well with its capabilities as an analytic database.
Option A is incorrect, as Cloud Spanner is best used for transaction processing on a global scale. Options C and D are not managed databases. Cloud Storage is an object storage service; Cloud Dataprep is a tool for preparing data for analysis.
EHR Healthcare business requirements frequently discuss the need to improve observability in their systems. Which of the following Google Cloud Platform services could be used to help improve observability?
A. Cloud Build and Artifact Registry
B. Cloud Pub/Sub and Cloud Dataflow
C. Cloud Monitoring and Cloud Logging
D. Cloud Storage and Cloud Pub/Sub
The correct answer is C. Cloud Monitoring collects metrics, and Cloud Logging collects event data from infrastructure, services, and other applications that provide insight into the state of those systems. Cloud Build and Artifact Registry are important CI/CD services. Cloud Pub/Sub is a messaging service, Cloud Dataflow is a batch and stream processing service, and Cloud Storage is an object storage system; none of these directly supports improved observability.
In the TerramEarth case study, the volume of data and compute load will be most affected by what characteristics of the TerramEarth systems?
A. The number of dealers and customers
B. The number of vehicles, the number of sensors on vehicles, network connectivity, and the types of data collected
C. The type of storage used
D. Compliance with regulations
Option B is correct. The amount of data generated per vehicle, which is determined by the amount and frequency of data collected by each sensor on the vehicle, is the most likely to impact data size and processing. Network connectivity will also affect compute load if connectivity is unreliable, which leads to periods when data is not transmitted and will have to be sent in larger batches at a later time. The total amount of computing workload will not change but will be delayed when that workload is processed.
Option A is incorrect because the volume of data related to dealers and customers is not going to be as large as the data generated by vehicles. Also, the number of dealers is in the hundreds while the number of vehicles is in the millions.
Option C is the type of storage used and does not influence the amount of data the application needs to manage, or the amount of computing resources needed.
Option D, compliance and regulations, may have some effect on security controls and monitoring, but it will not influence compute and storage resources in a significant way.
You are advising a customer on how to improve the availability of a data storage solution. Which of the following general strategies would you recommend?
A. Keeping redundant copies of the data
B. Lowering the network latency for disk writes
C. Using a NoSQL database
D. Using Cloud Spanner
The correct answer is A. Redundancy is a general strategy for improving availability.
Option B is incorrect because lowering network latency will not improve availability of the data storage system. Options C and D are incorrect because there is no indication that either a NoSQL or a relational database will meet the overall storage requirements of the system being discussed.
A team of data scientists is analyzing archived data sets. Their statistical model building procedures run in batches. If the model building system is down for up to 30 minutes per day, it does not adversely impact the data scientists’ work. What is the minimal percentage availability among the following options that would meet this requirement?
A. 99.99 percent
B. 99.90 percent
C. 99.00 percent
D. 99.999 percent
The minimum percentage availability that meets the requirements is option C, which allows for up to 14.4 minutes of downtime per day. All other options would allow for less downtime, but that is not called for by the requirements.
Your development team has recently triggered three incidents that resulted in service disruptions. In one case, an engineer mistyped a number in a configuration file and in the other cases specified an incorrect disk configuration. What practices would you recommend to reduce the risk of these types of errors?
A. Continuous integration/continuous deployment
B. Code reviews of configuration files
C. Vulnerability scanning
D. Improved access controls
The correct answer is B. A code review is a software engineering practice that requires an engineer to review code with another engineer before deploying it.
Option A would not solve the problem, as continuous integration reduces the amount of effort required to deploy new versions of software. Options C and D are both security controls, which would not help identify misconfigurations.
Your company is running multiple VM instances that have not had any downtime in the past several weeks. Recently, several of the physical servers suffered disk failures. The applications running on the servers did not have any apparent service disruptions. What feature of Compute Engine enabled that?
A. Preemptible VMs
B. Live migration
C. Canary deployments
D. Redundant array of inexpensive disks
The correct answer is B, Live migration, which moves running VMs to different physical servers without interrupting the state of the VM.
Option A is incorrect because preemptible VMs are low-cost VMs that may be taken back by Google at any time.
Option C is incorrect, as canary deployments are a type of deployment-not a feature of Compute Engine.
Option D is incorrect, as arrays of disks are not directly involved in preserving the state of a VM and moving the VM to a functioning physical server.
You have deployed an application on a managed instance group. Occasionally the application experiences an intermittent malfunction and then resumes normal operation. Which of these is a reasonable explanation for what is happening?
A. The application shuts down when the instance group time-to-live (TTL) threshold is reached.
B. The application shuts down when the health check fails.
C. The VM shuts down when the instance group TTL threshold is reached and a new VM is started.
D. The VM shuts down when the health check fails and a new VM is started.
Option D is correct. When a health check fails, the failing VM is replaced by a new VM that is created using the instance group template to configure the new VM. Options A and C are incorrect, as TTL is not used to detect problems with application functioning.
Option B is incorrect because the application is not shut down when a health check fails.
An online gaming company is growing its user base in North America, Europe, and Asia. Executives are concerned that players in Europe and Asia will have a degraded experience if the game backend runs only in North America. What would you suggest to improve latency and game experience for users in Europe and Asia?
A. Use Cloud Spanner to have a globally consistent, horizontally scalable relational database.
B. Create instance groups running the game backend in multiple regions across North America, Europe, and Asia. Use global load balancing to distribute the workload.
C. Use Standard Tier networking to ensure that data sent between regions is routed over the public internet.
D. Use a Cloud Memorystore cache in front of the database to reduce database read latency.
The correct answer is B. Creating instance groups in multiple regions and routing workload to the closest region using global load balancing will provide the most consistent experience for users in different geographic regions.
Option A is incorrect because Cloud Spanner is a relational database and does not affect how game backend services are run except for database operations.
Option C is incorrect, as routing traffic over the public internet means traffic will experience the variance of public internet routes between regions.
Option D is incorrect. A cache will reduce the time needed to read data, but it will not affect network latency when that data is transmitted from a game backend to the player’s device.
What configuration changes are required to ensure high availability when using Cloud Storage or Cloud Filestore?
A. A sufficiently long TTL must be set.
B. A health check must be specified.
C. Both a TTL and health check must be specified.
D. Nothing. Both are managed services. GCP manages high availability.
The correct answer is D. Users do not need to make any configuration changes when using Cloud Storage or Cloud Filestore. Both are fully managed services. Options A and C are incorrect because TTLs do not need to be set to ensure high availability. Options B and C are incorrect because users do not need to specify a health check for managed storage services.
The finance director at your company is frustrated with the poor availability of an on-premises finance data warehouse. The data warehouse uses a commercial relational database that only scales by buying larger and larger servers. The director asks for your advice about moving the data warehouse to the cloud and if the company can continue to use SQL to query the data warehouse. What GCP service would you recommend to replace the on-premises data warehouse?
A. Bigtable
B. BigQuery
C. Cloud Datastore
D. Cloud Storage
The best answer is B. BigQuery is a serverless, fully managed analytic database that uses SQL for querying. Options A and C are incorrect because both Bigtable and Cloud Datastore are NoSQL databases.
Option D, Cloud Storage, is not a database, and it does not meet most of the requirements listed.
TerramEarth has determined that it wants to use Cloud Bigtable to store equipment telemetry received from vehicles in the field. It has also concluded that it wants two clusters in different regions. Both clusters should be able to respond to read and write requests. What kind of replication should be used?
A. Primary–hot primary
B. Primary–warm primary
C. Primary–primary
D. Primary read–primary write
The correct answer is C. Primary-primary replication keeps both clusters synchronized with write operations so that both clusters can respond to queries. Options A, B, and D are not actual replication options.
Your company is implementing a hybrid cloud computing model. Line-of-business owners are concerned that data stored in the cloud may not be available to on-premises applications. The current network connection is using a maximum of 40 percent of bandwidth. What would you suggest to mitigate the risk of that kind of service failure?
A. Configure firewall rules to improve availability.
B. Use redundant network connections between the on-premises data center and Google Cloud.
C. Increase the number of VMs allowed in Compute Engine instance groups.
D. Increase the bandwidth of the network connection between the data center and Google Cloud.
Option B is correct. A redundant network connection would mitigate the risk of losing connectivity if a single network connection went down.
Option A is incorrect, as firewall rules are a security control and would not mitigate the risk of network connectivity failures.
Option C may help with compute availability, but it does not improve network availability.
Option D does not improve availability, and additional bandwidth is not needed.
A team of architects in your company is defining standards to improve availability. In addition to recommending redundancy and code reviews for configuration changes, what would you recommend including in the standards?
A. Use of access controls
B. Use of managed services for all compute requirements
C. Use of Cloud Monitoring to alert on changes in application performance
D. Use of Bigtable to collect performance monitoring data
The correct answer is C. Cloud Monitoring should be used to monitor applications and infrastructure to detect early warning signs of potential problems with applications or infrastructure.
Option A is incorrect because access controls are a security control and not related to directly improving availability.
Option B is incorrect because managed services may not meet all requirements and so should not be required in a company’s standards.
Option D is incorrect because collecting and storing performance monitoring data does not improve availability.
Why would you want to run long-running, compute-intensive backend computation in a different managed instance group than on web servers supporting a minimal user interface?
A. Managed instance groups can run only a single application.
B. Managed instance groups are optimized for either compute or HTTP connectivity.
C. Compute-intensive applications have different scaling characteristics from those of lightweight user interface applications.
D. There is no reason to run the applications in different managed instance groups.
The correct answer is C. The two applications have different scaling requirements. The compute-intensive backend may benefit from VMs with a large number of CPUs that would not be needed for web serving. Also, the front end may be able to reduce the number of instances when users are not actively using the user interface, but long compute jobs may still be running in the background. Options A and B are false statements.
Option D is incorrect for the reasons explained in reference t.
Option C.
An instance group is adding more VMs than necessary and then shutting them down. This pattern is happening repeatedly. What would you do to try to stabilize the addition and removal of VMs?
A. Increase the maximum number of VMs in the instance group.
B. Decrease the minimum number of VMs in the instance group.
C. Increase the time autoscalers consider when making decisions.
D. Decrease the cooldown period.
The correct answer is C. The autoscaler may be adding VMs because it has not waited long enough for recently added VMs to start and begin to take on load. Options A and B are incorrect because changing the minimum and maximum number of VMs in the group does not affect the rate at which VMs are added or removed.
Option D is incorrect because it reduces the time available for new instances to initialize, so it may actually make the problem worse.
A clothing retailer has just developed a new feature for its customer-facing web application. Customers can upload images of their clothes, create montages from those images, and share them on social networking sites. Images are temporarily saved to locally attached drives as the customer works on the montage. When the montage is complete, the final version is copied to a Cloud Storage bucket. The services implementing this feature run in a managed instance group. Several users have noted that their final montages are not available even though they saved them in the application. No other problems have been reported with the service. What might be causing this problem?
A. The Cloud Storage bucket is out of storage.
B. The locally attached drive does not have a filesystem.
C. The users experiencing the problem were using a VM that was shut down by an autoscaler, and a cleanup script did not run to copy the latest version of the montage to Cloud Storage.
D. The network connectivity between the VMs and Cloud Storage has failed.
The correct answer is C. If the server is shut down without a cleanup script, then data that would otherwise be copied to Cloud Storage could be lost when the VM shuts down.
Option A is incorrect because buckets do not have a fixed amount of storage.
Option B is incorrect because, if it were true, the service would not function for all users-not just several of them.
Option D is incorrect because if there was a connectivity failure between the VM and Cloud Storage, there would be more symptoms of such a failure.
Your development team has implemented a new application using a microservices architecture. You would like to minimize DevOps overhead by deploying the services in a way that will autoscale. You would also like to run each microservice in containers. What is a good option for implementing these requirements in Google Cloud Platform?
A. Run the containers in Cloud Functions.
B. Run the containers in Kubernetes Engine.
C. Run the containers in Cloud Dataproc.
D. Run the containers in Cloud Dataflow.
The correct answer is B. The requirements are satisfied by the Kubernetes container orchestration capabilities.
Option A is incorrect, as Cloud Functions do not run containers.
Option C is incorrect because Cloud Dataproc is a managed service for Hadoop and Spark.
Option D is incorrect, as Cloud Dataflow is a managed service for stream and batch processing using the Apache Beam model.
TerramEarth is considering building an analytics database and making it available to equipment designers. The designers require the ability to query the data with SQL. The analytics database manager wants to minimize the cost of the service. What would you recommend?
A. Use BigQuery as the analytics database, and partition the data to minimize the amount of data scanned to answer queries.
B. Use Bigtable as the analytics database, and partition the data to minimize the amount of data scanned to answer queries.
C. Use BigQuery as the analytics database, and use data federation to minimize the amount of data scanned to answer queries.
D. Use Bigtable as the analytics database, and use data federation to minimize the amount of data scanned to answer queries.
The correct answer is A. BigQuery should be used for an analytics database. Partitioning allows the query processor to limit scans to partitions that might have the data selected in a query. Options B and D are incorrect because Bigtable does not support SQL. Options C and D are incorrect because federation is a way of making data from other sources available within a database-it does not limit the data scanned in the way that partitioning does.
Line-of-business owners have decided to move several applications to the cloud. They believe the cloud will be more reliable, but they want to collect data to test their hypothesis. What is a common measure of reliability that they can use?
A. Mean time to recovery
B. Mean time between failures
C. Mean time between deployments
D. Mean time between errors
The correct answer is B. Mean time between failures is a measure of reliability.
Option A is a measure of how long it takes to recover from a disruption. Options C and D are incorrect because the time between deployments or errors is not directly related to reliability.
A group of business executives and software engineers are discussing the level of risk that is acceptable for a new application. Business executives want to minimize the risk that the service is not available. Software engineers note that the more developer time dedicated to reducing risk of disruption, the less time they have to implement new features. How can you formalize the group’s tolerance for risk of disruption?
A. Request success rate
B. Uptime of service
C. Latency
D. Throughput
The correct answer is A. Request success rate is a measure of how many requests were successfully satisfied.
Option B is incorrect because at least some instances of an application may be up at any time, so it does not reflect the capacity available. Options C and D are not relevant measures of risk.
Your DevOps team recently determined that it needed to increase the size of persistent disks used by VMs running a business-critical application. When scaling up the size of available persistent storage for a VM, what other step may be required?
A. Adjusting the filesystem size in the operating system
B. Backing up the persistent disk before changing its size
C. Changing the access controls on files on the disk
D. Updating disk metadata, including labels
The correct answer is A. The persistent storage may be increased in size, but the operating system may need to be configured to use that additional storage.
Option B is incorrect because while backing up a disk before operating on it is a good practice, it is not required.
Option C is incorrect because changing storage size does not change access control rules.
Option D is incorrect because any disk metadata that needs to change when the size changes is updated by the resize process.
You are consulting for a client that is considering moving some on-premises workloads to the Google Cloud Platform. The workloads are currently running on VMs that use a specially hardened operating system. Application administrators will need root access to the operating system as well. The client wants to minimize changes to the existing configuration. Which GCP compute service would you recommend?
A. Compute Engine
B. Kubernetes Engine
C. App Engine Standard
D. App Engine Flexible
The correct answer is A. Compute Engine instances meet all of the requirements: they can run VMs with minimal changes and application administrators can have root access.
Option B would require the VMs to be deployed as containers.
Option C is incorrect because App Engine Standard is limited to applications that can execute in a language-specific runtime.
Option D is incorrect, as App Engine Flexible runs containers, not VMs.
You have just joined a startup company that analyzes healthcare data and makes recommendations to healthcare providers to improve the quality of care while controlling costs. The company must comply with privacy regulations. A compliance consultant recommends that your company control its encryption keys used to encrypt data stored on cloud servers. You agree with the consultant but also want to minimize the overhead of key management. What GCP service should the company use?
A. Use default encryption enabled on Compute Engine instances.
B. Use Google Cloud Key Management Service to store keys that you create and use them to encrypt storage used with Compute Engine instances.
C. Implement a trusted key store on premises, create the keys yourself, and use them to encrypt storage used with Compute Engine instances.
D. Use an encryption algorithm that does not use keys.
The best option is B. It meets the requirement of creating and managing the keys without requiring your company to deploy and manage a secure key store.
Option A is incorrect because it does not meet the requirements.
Option C requires more setup and maintenance tha.
Option B.
Option D does not exist, at least for strong encryption.
A colleague complains that the availability and reliability of GCP VMs is poor because their instances keep shutting down without them issuing shutdown commands. No instance has run for more than 24 hours without shutting down for some reason. What would you suggest your colleague check to understand why the instances may be shutting down?
A. Make sure that the Cloud Operations agent is installed and collecting metrics.
B. Verify that sufficient persistent storage is attached to the instance.
C. Make sure that the instance availability is not set to preemptible.
D. Ensure that an external IP address has been assigned to the instance.
Option C is correct. The description of symptoms matches the behavior of preemptible instances.
Option A is wrong because collecting performance metrics will not cause or prevent shutdowns.
Option B is incorrect because shutdowns are not triggered by insufficient storage.
Option D is incorrect, as the presence or absence of an external IP address would not affect shutdown behavior.
Your company is working on a government contract that requires all instances of VMs to have a virtual Trusted Platform Module. What Compute Engine configuration option would you enable or disable on your instance?
A. Trusted Module Setting
B. Shielded VMs
C. Preemptible VMs
D. Disable live migration
Option B is correct. Shielded VMs include the vTPM along with Secure Boot and Integrity Monitoring.
Option A is incorrect-there is no such option. Options C and D are not related to vTPM functionality.
You are leading a lift-and-shift migration to the cloud. Your company has several load-balanced clusters that use VMs that are not identically configured. You want to make as few changes as possible when moving workloads to the cloud. What feature of GCP would you use to implement those clusters in the cloud?
A. Managed instance groups
B. Unmanaged instance groups
C. Flexible instance groups
D. Kubernetes clusters
The correct answer is B. Unmanaged instance groups can have nonidentical instances.
Option A is incorrect, as all instances are configured the same in managed instance groups.
Option C is incorrect because there is no such thing as a flexible instance group.
Option D is incorrect because Kubernetes clusters run containers, not VMs, and would require changes that are not required if the cluster is migrated to an unmanaged instance group.
Your startup has a stateless web application written in Python 3.7. You are not sure what kind of load to expect on the application. You do not want to manage servers or containers if you can avoid it. What GCP service would you use?
A. Compute Engine
B. App Engine
C. Kubernetes Engine in Standard Mode
D. Cloud Dataproc
The correct answer is B. The requirements call for a PaaS. Second-generation App Engine Standard supports Python 3.7, and it does not require users to manage VMs or containers.
Option A is incorrect because you would have to manage VMs if you used Compute Engine.
Option C is incorrect, as you would have to create containers to run in Kubernetes Engine in Standard Mode.
Option D is incorrect because Cloud Dataproc is a managed Hadoop and Spark service, and it is not designed to run Python web applications.
Your department provides audio transcription services for other departments in your company. Users upload audio files to a Cloud Storage bucket. Your application transcribes the audio and writes the transcript file back to the same bucket. Your process runs every day at midnight and transcribes all files in the bucket. Users are complaining that they are not notified if there is a problem with the audio file format until the next day. Your application has a program that can verify the quality of an audio file in less than two seconds. What changes would you make to the workflow to improve user satisfaction?
A. Include more documentation about what is required to transcribe an audio file successfully.
B. Use Cloud Functions to run the program to verify the quality of the audio file when the file is uploaded. If there is a problem, notify the user immediately.
C. Create a Compute Engine instance and set up a cron job that runs every hour to check the quality of files that have been uploaded into the bucket in the last hour. Send notices to all users who have uploaded files that do not pass the quality control check.
D. Use the App Engine Cron service to set up a cron job that runs every hour to check the quality of files that have been uploaded into the bucket in the last hour. Send notices to all users who have uploaded files that do not pass the quality control check.
The correct answer is B. This solution notifies users immediately of any problem and does not require any servers.
Option A does not solve the problem of reducing time to notify users when there is a problem. Options C and D solve the problem but do not notify users immediately.
Option C also requires you to manage a server.
You have inherited a monolithic C++ application that you need to keep running. There will be minimal changes, if any, to the code. The previous developer who worked with this application created a Dockerfile and image container with the application and needed libraries. You’d like to deploy this in a way that minimizes your effort to maintain it. How would you deploy this application?
A. Create an instance in Compute Engine, install Docker, install the Cloud Monitoring agent, and then run the Docker image.
B. Create an instance in Compute Engine, but do not use the Docker image. Install the application, Ruby, and needed libraries. Install the Cloud Monitoring agent. Run the application directly in the VM, not a container.
C. Use App Engine Flexible to run the container image. App Engine will monitor as needed.
D. Use App Engine Standard to run the container image. App Engine will monitor as needed.
The correct answer is C. App Engine Flexible requires the least effort. App Engine Flexible will run the container and perform health checks and collect performance metrics. Options A and B are incorrect because provisioning and managing Compute Engine instances is more effort than using App Engine Flexible.
Option D is incorrect because you cannot run a custom container in App Engine Standard.
You have been asked to give a presentation on Kubernetes. How would you explain the difference between the cluster master and nodes?
A. Cluster masters manage the cluster and run core services such as the controller manager, API server, scheduler, and etcd. Nodes run workload jobs.
B. The cluster manager is an endpoint for API calls. All services needed to maintain a cluster are run on nodes.
C. The cluster manager is an endpoint for API calls. All services needed to maintain a cluster are run on nodes, and workloads are run on a third kind of server, a runner.
D. Cluster masters manage the cluster and run core services such as the controller manager, API server, scheduler, and etcd. Nodes monitor the cluster master and restart it if it fails.
The correct answer is A. Cluster masters run core services for the cluster, and nodes run workload. Options B and C are incorrect, as the cluster manager is not just an endpoint for APIs. Also, there is no runner node type.
Option D is incorrect because nodes do not monitor cluster masters.
External services are not able to access services running in a Kubernetes cluster. You suspect a controller may be down. Which type of controller would you check?
A. Pod
B. Deployment
C. Ingress Controller
D. Service Controller
Option C is correct. Ingress Controllers are needed by Ingress objects, which are objects that control external access to services running in a Kubernetes cluster.
Option A is incorrect, as pods are the lowest level of computational unit, and they run one or more containers.
Option B is incorrect, as deployments are collections of pods that run an application in a cluster.
Option D is incorrect, as services do not control access from external services.
You are planning to run stateful applications in Kubernetes Engine. What should you use to support stateful applications?
A. Pods
B. StatefulPods
C. StatefulSets
D. PersistentStorageSet
The correct answer is C. StatefulSets deploy pods with unique IDs, which allows Kubernetes to support stateful applications by ensuring that clients can always use the same pod.
Option A is incorrect, as pods are always used for both stateful and stateless applications. Options B and D are incorrect because they are not actually components in Kubernetes.
Every time a database administrator logs into a Firebase database, you would like a message sent to your mobile device. Which compute service could you use that would minimize your work in deploying and running the code that sends the message?
A. Compute Engine
B. Kubernetes Engine
C. Cloud Functions
D. Cloud Dataflow
Option C is correct because Cloud Functions can detect authentications to Firebase and run code in response. Sending a message would require a small amount of code, and this can run in Cloud Functions. Options A and B would require more work to set up a service to watch for a login and then send a message.
Option D is incorrect, as Cloud Dataflow is a stream and batch processing platform not suitable for responding to events in Firebase.
Your team has been tasked with deploying infrastructure for development, test, staging, and production environments in region us-west1. You will likely need to deploy the same set of environments in two additional regions. What service would allow you to use an infrastructure-as-code (IaC) approach?
A. Cloud Dataflow
B. Deployment Manager
C. Identity and Access Manager
D. App Engine Flexible
The correct answer is B. Deployment Manager is Google Cloud’s IaaS manager.
Option A is incorrect because Cloud Dataflow is a stream and batch processing service.
Option C, Identity and Access Management, is an authentication and authorization service.
Option D, App Engine Flexible, is a PaaS offering that allows users to customize their own runtimes using containers.
An IoT startup collects streaming data from industrial sensors and evaluates the data for anomalies using a machine learning model. The model scales horizontally. The data collected is buffered in a server for 10 minutes. Which of the following is a true statement about the system?
A. It is stateful.
B. It is stateless.
C. It may be stateful or stateless; there is not enough information to determine.
D. It is neither stateful nor stateless.
The correct answer is A. This application is stateful. It collects and maintains data about sensors in servers and evaluates that data.
Option B is incorrect because the application stores data about a stream, so it is stateful.
Option C is incorrect because thereisenough information.
Option D is incorrect because the application stores data about the stream, so it is stateful.
Your team is designing a stream processing application that collects temperature and pressure measurements from industrial sensors. Someone on the team suggests using a Cloud Memorystore cache. What could that cache be used for?
A. A SQL database
B. As a memory cache to store state data outside of instances
C. An extraction, transformation, and load service
D. A persistent object storage system
The correct answer is B. Of the four options, a cache is most likely used to store state data. If instances are lost, state information is not lost as well.
Option A is incorrect; Memorystore is not a SQL database.
Option C is incorrect because Memorystore does not provide extraction, transformation, and load services.
Option D is incorrect because Memorystore is not a persistent object store.
A distributed application is not performing as well as expected during peak load periods. The application uses three microservices. The first of the microservices has the ability to send more data to the second service than the second service can process and keep up with. This causes the first microservice to wait while the second service processes data. What can be done to decouple the first service from the second service?
A. Run the microservices on separate instances.
B. Run the microservices in a Kubernetes cluster.
C. Write data from the first service to a Cloud Pub/Sub topic and have the second service read the data from the topic.
D. Scale both services together using MIGs.
Option C is the correct answer. Using a queue between the services allows the first service to write data as fast as needed, while the second service reads data as fast as it can. The second service can catch up after peak load subsides. Options A, B, and D do not decouple the services.
A colleague has suggested that you use the Apache Beam framework for implementing a highly scalable workflow. Which Google Cloud service would you use?
A. Cloud Dataproc
B. Cloud Dataflow
C. Cloud Dataprep
D. Cloud Memorystore
Option B is the correct answer. Cloud Dataflow is Google Cloud’s implementation on Apache Beam.
Option A, Cloud Dataproc, is a managed Hadoop and Spark service.
Option C, Cloud Dataprep, is a data preparation tool for analysis and machine learning.
Option D, Cloud Memorystore, is a managed cache service.
Your manager wants more data on the performance of applications running in Compute Engine, specifically, data on CPU and memory utilization. What Google Cloud service would you use to collect that data?
A. Cloud Dataprep
B. Cloud Monitoring
C. Cloud Dataproc
D. Cloud Memorystore
Option B is the correct answer.Cloud Monitoring is Google Cloud’s monitoring service.
Option A, Cloud Dataprep, is a data preparation tool for analysis and machine learning.
Option C, Cloud Dataproc, is a managed Hadoop and Spark service.
Option D, Cloud Memorystore, is a managed cache service.
You are receiving alerts that CPU utilization is high on several Compute Engine instances. The instances are all running a custom C++ application. When you receive these alerts, you deploy an additional instance running the application. A load balancer automatically distributes the workload across all of the instances. What is the best option to avoid having to add servers manually when CPU utilization is high?
A. Always run more servers than needed to avoid high CPU utilization.
B. Deploy the instances in a MIG, and use autoscaling to add and remove instances as needed.
C. Run the application in App Engine Standard.
D. Whenever you receive an alert, add two instances instead of one.
The correct answer is B. Managed instances groups can autoscale, so this option would automatically add or remove instances as needed. Options A and D are not as cost-efficient a.
Option B.
Option C is incorrect because App Engine Standard does not provide a C++ runtime.
A retailer has sales data streaming into a Cloud Pub/Sub topic from stores across the country. Each time a sale is made, data is sent from the point of sale to Google Cloud. The data needs to be transformed and aggregated before it is written to BigQuery. Which of the following services would you use to perform that processing and write data to BigQuery?
A. Firebase
B. Cloud Dataflow
C. Cloud Memorystore
D. Cloud Datastore
Option B is correct. Cloud Dataflow is designed to support stream and batch processing, and it can write data to BigQuery.
Option A is incorrect, as Firebase is GCP’s mobile development platform.
Option D is incorrect; Datastore is a NoSQL database.
Option C is incorrect because Cloud Memorystore is a managed cache service.This is an ETL operation so Cloud Data Fusion is also a viable solution but that was not included in the options.
Auditors have determined that several of the microservices deployed on Kubernetes clusters in your GCP and on-premises clusters do not perform authentication in ways that comply with security requirements. You want developers to be able to deploy microservices without having to spend a lot of time developing and testing authentication mechanisms. What managed service in GCP would you use to reduce the need for developers to implement authentication mechanisms with each new service?
A. Kubernetes Services
B. Anthos Service Mesh
C. Kubernetes Ingress
D. Anthos Config Management
The correct answer is B. The Anthos Service Mesh provides a common framework for performing common operations, such as monitoring, networking, and authentication, on behalf of services so individual services do not have to implement those operations.
Option A is incorrect; a Kubernetes Service is an abstraction for accessing applications to a Kubernetes cluster.
Option C is incorrect; Kubernetes Ingress is used for enabling access to Kubernetes services from external clients.
Option D is incorrect; the Anthos Config Management service controls cluster configuration by applying configuration specifications to select components of a cluster based on such as namespaces, labels, and annotations. Anthos Config Management includes the Policy Controller, which is designed to enforce business logic rules on API requests to Kubernetes.
You need to store a set of files for an extended period. Anytime the data in the files needs to be accessed, it will be copied to a server first, and then the data will be accessed. Files will not be accessed more than once a year. The set of files will all have the same access controls. What storage solution would you use to store these files?
A. Cloud Storage Archive
B. Cloud Storage Nearline
C. Cloud Filestore
D. Bigtable
The correct answer is A. The Cloud Storage Archive service is designed for long-term storage of infrequently accessed objects.
Option B is not the best answer because Nearline should be used with objects that are accessed less often than once in 30 days. Archive class storage is more cost-effective and still meets the requirements.
Option C is incorrect. Cloud Filestore is a network filesystem, and it is used to store data that is actively used by applications running on Compute Engine VM and Kubernetes Engine clusters.
Option D is incorrect; Bigtable is a NoSQL database that is not designed for file storage.
You are uploading files in parallel to Cloud Storage and want to optimize load performance. What could you do to avoid creating hotspots when writing files to Cloud Storage?
A. Use sequential names or time stamps for files.
B. Do not use sequential names or time stamps for files.
C. Configure retention policies to ensure that files are not deleted prematurely.
D. Configure lifecycle policies to ensure that files are always using the most appropriate storage class.
The correct answer is B. Do not use sequential names or time stamps if uploading files in parallel. Files with sequentially close names will likely be assigned to the same server. This can create a hotspot when writing files to Cloud Storage.
Option A is incorrect, as this could cause hotspots. Options C and D affect the lifecycle of files once they are written and do not impact upload efficiency.
As a consultant on a cloud migration project, you have been asked to recommend a strategy for storing files that must be highly available even in the event of a regional failure. What would you recommend?
A. BigQuery
B. Cloud Datastore
C. Multiregional Cloud Storage
D. Regional Cloud Storage
The correct answer is C. Multiregional Cloud Storage replicates data to multiple regions. In the event of a failure in one region, the data would be retrieved from another region. Options A and B are incorrect because those are databases, not file storage systems.
Option D is incorrect because it does not meet the requirement of providing availability in the event of a single region failure.
As part of a migration to Google Cloud Platform, your department will run a collaboration and document management application on Compute Engine virtual machines. The application requires a filesystem that can be mounted using operating system commands. All documents should be accessible from any instance. What storage solution would you recommend?
A. Cloud Storage
B. Cloud Filestore
C. A document database
D. A relational database
The correct answer is B. Cloud Filestore is a network-attached storage service that provides a filesystem that is accessible from Compute Engine. Filesystems in Cloud Filestore can be mounted using standard operating system commands.
Option A, Cloud Storage, is incorrect because it does not provide a filesystem. Options C and D are incorrect because databases do not provide filesystems.
Your team currently supports seven MySQL databases for transaction processing applications. Management wants to reduce the amount of staff time spent on database administration. What GCP service would you recommend to help reduce the database administration load on your teams?
A. Bigtable
B. BigQuery
C. Cloud SQL
D. Cloud Filestore
The correct answer is C. Cloud SQL is a managed database service that supports MySQL, SQLServer, and PostgreSQL.
Option A is incorrect because Bigtable is a wide-column NoSQL database, and it is not a suitable substitute for MySQL.
Option B is incorrect because BigQuery is optimized for data warehouse and analytic databases, not transactional databases.
Option D is incorrect, as Cloud Filestore is not a database.
Your company is developing a new service that will have a global customer base. The service will generate large volumes of structured data and require the support of a transaction processing database. All users, regardless of where they are on the globe, must have a consistent view of data. What storage system will meet these requirements?
A. Cloud Spanner
B. Cloud SQL
C. Cloud Storage
D. BigQuery
The correct answer is A. Cloud Spanner is a managed database service that supports horizontal scalability across regions.
Option B is incorrect because Cloud SQL cannot scale globally.
Option C is incorrect, as Cloud Storage does not meet the database requirements.
Option D is incorrect because BigQuery is not designed for transaction processing systems.
Your company is required to comply with several government and industry regulations, which include encrypting data at rest. What GCP storage services can be used for applications subject to these regulations?
A. Bigtable and BigQuery only
B. Bigtable and Cloud Storage only
C. Any of the managed databases, but no other storage services
D. Any GCP storage service
The correct answer is D. All data in GCP is encrypted when at rest. The other options are incorrect because they do not include all GCP storage services.
As part of your role as a data warehouse administrator, you occasionally need to export data from the data warehouse, which is implemented in BigQuery. What command-line tool would you use for that task?
A. A. gsutil
B. B. gcloud
C. C.bq
D. D.cbt
The correct answer is C. Thebqcommand-line tool is used to work with BigQuery.
Option A,gsutil, is the command-line tool for working with Cloud Storage, an.
Option D,cbt, is the command-line tool for working with Bigtable.
Option B,gcloud, is the command-line tool for most other GCP services.
Another task that you perform as data warehouse administrator is granting authorizations to perform tasks with the BigQuery data warehouse. A user has requested permission to view table data but not change it. What role would you grant to this user to provide the needed permissions but nothing more?
A. dataViewer
B. admin
C. metadataViewer
D. dataOwner
The correct answer is A. dataViewer allows a user to list projects and tables and get table data and metadata. Options B and D would enable the user to view data but would grant more permissions than needed, including the ability to change the data.
Option C does not grant permission to view data in tables.
A developer is creating a set of reports and is trying to minimize the amount of data each query returns while still meeting all requirements. What bq command-line option will help you understand the amount of data returned by a query without actually executing the query?
A. A.–no-data
B. B.–estimate-size
C. C.–dry-run
D. D.–size
The correct answer is C.–dry-runreturns an estimate of the number of bytes that would be returned if the query were executed. The other choices are not actuallybqcommand-line options.
A team of developers is choosing between using NoSQL or a relational database. What is a feature of NoSQL databases that is not available in relational databases?
A. Fixed schemas
B. ACID transactions
C. Indexes
D. Flexible schemas
The correct answer is D. NoSQL data has flexible schemas.The other options specify features that are found in relational databases. ACID transactions and indexes are found in some NoSQL databases as well.
A group of venture capital investors has hired you to review the technical design of a service that will be developed by a startup company seeking funding. The startup plans to collect data from sensors attached to vehicles. The data will be used to predict when a vehicle needs maintenance and before the vehicle breaks down. Thirty sensors will be on each vehicle. Each sensor will send up to 5 KB of data every second. The startup expects to start with hundreds of vehicles, but it plans to reach 1 million vehicles globally within 18 months. The data will be used to develop machine learning models to predict the need for maintenance. The startup is considering using a self-managed relational database to store the time-series data but wants your opinion. What would you recommend for a time-series database?
A. Continue to plan to use a self-managed relational database.
B. Use Cloud SQL.
C. Use Cloud Spanner.
D. Use Bigtable.
The correct answer is D. Bigtable is the best option for storing streaming data because it provides low-latency writes and can store petabytes of data. The database would need to store petabytes of data if the number of users scales as planned.
Option A is a poor choice because a self-managed relational database will be difficult to scale, is not the best type of database for the scale of time-series data the company anticipates, would not meet requirements, and would require less administrative support.
Option B will not scale to the volume of data expected.
Option C, Cloud Spanner, could scale to store the volumes of data, but it is not optimized for low-latency writes of streaming data.
A Bigtable instance increasingly needs to support simultaneous read and write operations. You’d like to separate the workload so that some nodes respond to read requests and others respond to write requests. How would you implement this to minimize the workload on developers and database administrators?
A. Create two instances, and separate the workload at the application level.
B. Create multiple clusters in the Bigtable instance, and use Bigtable replication to keep the clusters synchronized.
C. Create multiple clusters in the Bigtable instance, and use your own replication program to keep the clusters synchronized.
D. It is not possible to accomplish the partitioning of the workload as described.
The correct answer is B, create multiple clusters in the instance and use Bigtable replication. Options A and C are not correct, as they require developing custom applications to partition data or keep replicas synchronized.
Option D is incorrect because the requirements can be met.
As a database architect, you’ve been asked to recommend a database service to support an application that will make extensive use of JSON documents. What would you recommend to minimize database administration overhead while minimizing the work required for developers to store JSON data in the database?
A. Cloud Storage
B. Cloud Firestore
C. Cloud Spanner
D. Cloud SQL
The correct answer is B. Cloud Firestore is a managed document database, which is a kind of NoSQL database that uses a flexible JSON-like data structure.
Option A is incorrect. It is not a database. Options C and D are not good fits because the JSON data would have to be mapped to relational structures to take advantage of the full range of relational features. There is no indication that additional relational features are required.
Your Cloud SQL database is experiencing high query latency. You could vertically scale the database to use a larger instance, but you do not need additional write capacity. What else could you try to reduce the number of reads performed by the database?
A. Switch to Cloud Spanner.
B. Use Cloud Bigtable instead.
C. Use Cloud Memorystore to create a database cache that stores the results of database queries. Before a query is sent to the database, the cache is checked for the answer to the query.
D. Add read replicas to the Cloud SQL database.
The correct answer is D. Configuring a read-only replica for the database will likely require only a configuration change to the applications that use the database. The turnaround on configuration changes is usually a lot faster than for code changes, which would be required to use a cache, such as Cloud Memorystore.
Option C is incorrect because it would require code changes to the application to read from the cache, which requires programmer time. It is a viable solution, but it is not the best solution available.
Option A is not a good choice because it would require a database migration, and there is no indication that the scale of Cloud Spanner is needed.
Option B is not a good choice because Bigtable is a NoSQL database and may not meet the database needs of the application.
You would like to move objects stored in Cloud Storage automatically from regional storage to Nearline storage when the object is six months old. What feature of Cloud Storage would you use?
A. Retention policies
B. Lifecycle policies
C. Bucket locks
D. Multiregion replication
Option B is correct. Lifecycle policies allow you to specify an action, like changing storage class, after an object reaches a specified age.
Option A is incorrect, as retention policies prevent premature deleting of an object.
Option C is incorrect. This is a feature used to implement retention policies.
Option D is incorrect; multiregion replication does control changes to storage classes.
A customer has asked for help with a web application. Static data served from a data center in Chicago in the United States loads slowly for users located in Australia, South Africa, and Southeast Asia. What would you recommend to reduce latency?
A. Distribute data using Cloud CDN.
B. Use Premium Network from the server in Chicago to client devices.
C. Scale up the size of the web server.
D. Move the server to a location closer to those users.
The correct answer is A. Cloud CDN distributes copies of static data to points of presence around the globe so that it can be closer to users.
Option B is incorrect. Premium Network routes data over the internal Google network, but it does not extend to client devices.
Option C will not help with latency.
Option D is incorrect because moving the location of the server might reduce the latency for some users, but it would likely increase latency for other users, as they could be located anywhere around the globe.
A data pipeline ingests performance monitoring data about a fleet of vehicles using Cloud Pub/Sub. The data is written to Cloud Bigtable to enable queries about specific vehicles. The data will also be written to BigQuery and BigQuery ML will be used to build predictive models about failures in vehicle components. You would like to provide high throughput ingestion and exactly-once delivery semantics when writing data to BigQuery. How would you load that data into BigQuery?
A. BigQuery Transfer Service
B. Cloud Storage Transfer Service
C. BigQuery Storage Write API
D. BigQuery Load Jobs
The correct answer is C. The BigQuery Storage Write API provides high-throughput ingestion and exactly-once delivery semantics.The BigQuery Transfer Service and BigQuery Load Jobs are used for batch loading, not streaming loading. Cloud Storage Transfer Service is used to load data into Cloud Storage, not BigQuery.
Your team has deployed a VPC with default subnets in all regions. The lead network architect at your company is concerned about possible overlap in the use of private addresses. How would you explain how you are dealing with the potential problem?
A. You inform the network architect that you are not using private addresses at all.
B. When default subnets are created for a VPC, each region is assigned a different IP address range.
C. You have increased the size of the subnet mask in the CIDR block specification of the set of IP addresses.
D. You agree to assign new IP address ranges on all subnets.
The correct answer is B. Default subnets are each assigned a distinct, nonoverlapping IP address range.
Option A is incorrect, as default subnets use private addresses.
Option C is incorrect because increasing the size of the subnet mask does not necessarily prevent overlaps.
Option D is an option that would also ensure nonoverlapping addresses, but it is not necessary given the stated requirements.
A data warehouse service running in GCP has all of its resources in a single project. The e-commerce application has resources in another project, including a database with transaction data that will be loaded into the data warehouse. The data warehousing team would like to read data directly from the database using extraction, transformation, and load processes that run on Compute Engine instances in the data warehouse project. Which of the following network constructs could help with this?
A. Shared VPC
B. Regional load balancing
C. Direct peering
D. Cloud VPN
The correct answer is A. A Shared VPC allows resources in one project to access the resources in another project.
Option B is incorrect, as load balancing does not help with network access. Options C and D are incorrect because those are mechanisms for hybrid cloud computing. In this case, all resources are in GCP, so hybrid networking is not needed.
An intern working with your team has changed some firewall rules. Prior to the change, all Compute Engine instances on the network could connect to all other instances on the network. After the change, some nodes cannot reach other nodes. What might have been the change that causes this behavior?
A. One or more implied rules were deleted.
B. Thedefault-allow-internalrule was deleted.
C. Thedefault-all-icmprule was deleted.
D. The priority of a rule was set higher than 65535.
The correct answer is B. Thedefault-allow-internalrule allows ingress connections for all protocols and ports among instances in the network.
Option A is incorrect because implied rules cannot be deleted, and the implied rules alone would not be enough to enable all instances to connect to all other instances.
Option C is incorrect because that rule governs the ICMP protocol for management services, like ping.
Option D is incorrect because 65535 is the largest number/lowest priority allowed for firewall rules.
The network administrator at your company has asked that you configure a firewall rule that will always take precedence over any other firewall rule. What priority would you assign?
A. 0
B. 1
C. 65534
D. 65535
The correct answer is A. 0 is the highest priority for firewall rules. All the other options are incorrect because they have priorities that are not guaranteed to enable the rule to take precedence.
During a review of a GCP network configuration, a developer asks you to explain CIDR notation. Specifically, what does the 8 mean in the CIDR block 172.16.10.2/8?
A. 8 is the number of bits used to specify a host address.
B. 8 is the number of bits used to specify the subnet mask.
C. 8 is the number of octets used to specify a host address.
D. 8 is the number of octets used to specify the subnet mask.
The correct answer is B. 8 is the number of bits used to specify the subnet mask.
Option A is wrong because 24 is the number of bits available to specify a host address. Options C and D are wrong, as the integer does not indicate an octet.
Several new firewall rules have been added to a VPC. Several users are reporting unusual problems with applications that did not occur before the firewall rule changes. You’d like to debug the firewall rules while causing the least impact on the network and doing so as quickly as possible. Which of the following options is best?
A. Set all new firewall priorities to 0 so that they all take precedence over other rules.
B. Set all new firewall priorities to 65535 so that all other rules take precedence over these rules.
C. Disable one rule at a time to see whether that eliminates the problems. If needed, disable combinations of rules until the problems are eliminated.
D. Remove all firewall rules and add them back one at a time until the problems occur and then remove the latest rule added back.
The correct answer is C. Disabling a firewall rule allows you to turn off the effect of a rule quickly without deleting it.
Option A is incorrect because it does not help isolate the rule or rules causing the problem, and it may introduce new problems because the new rules may take precedence in cases they did not before.
Option B is not helpful because alone it would not help isolate the problematic rule or rules.
Option D is incorrect because it will leave the VPC with only implied rules. Adding back all rules could be time-consuming, and having no rules could cause additional problems.
An executive wants to understand what changes in the current cloud architecture are required to run compute-intensive machine learning workloads in the cloud and have the models run in production using on-premises servers. The models are updated daily. There is no network connectivity between the cloud and on-premises networks. What would you tell the executive?
A. Implement additional firewall rules.
B. Use global load balancing.
C. Use hybrid-cloud networking.
D. Use regional load balancing.
The correct answer is C. Hybrid networking is needed to enable the transfer of data to the cloud to build models and then transfer models back to the on-premises servers.
Option A is incorrect because firewall rules restrict or allow traffic on a network-they do not link networks. Options B and D are incorrect because load balancing does not link networks.
To comply with regulations, you need to deploy a disaster recovery site that has the same design and configuration as your production environment. You want to implement the disaster recovery site in the cloud. Which topology would you use?
A. Gated ingress topology
B. Gated egress topology
C. Handover topology
D. Mirrored topology
The correct answer is D. With mirrored topology, public cloud and private on-premises environments mirror each other. Options A and B are not correct because gated topologies are used to allow access to APIs in other networks without exposing them to the public internet.
Option C is incorrect because that topology is used to exchange data and have different processing done in different environments.
Network engineers have determined that the best option for linking the on-premises network to GCP resources is by using an IPSec VPN. Which GCP service would you use in the cloud?
A. Cloud IPSec
B. Cloud VPN
C. Cloud Interconnect IPSec
D. Cloud VPN IKE
The correct answer is B. Cloud VPN implements IPSec VPNs. All other options are incorrect because they are not names of actual services available in GCP.
Network engineers have determined that a link between the on-premises network and GCP will require an 8 Gbps connection. Which option would you recommend?
A. Cloud VPN
B. Partner Interconnect
C. Direct Interconnect
D. Hybrid Interconnect
The correct answer is B. Partner Interconnect provides between 50 Mbps and 10 Gbps connections.
Option A, Cloud VPN, provides up to 3 Gbps connections.
Option C, Direct Interconnect, provides 10 or 100 Gbps connections.
Option D is not an actual GCP service name.
Network engineers have determined that a link between the on-premises network and GCP will require a connection between 60 Gbps and 80 Gbps. Which hybrid-cloud networking services would best meet this requirement?
A. Cloud VPN
B. Cloud VPN and Direct Interconnect
C. Direct Interconnect and Partner Interconnect
D. Cloud VPN, Direct Interconnect, and Partner Interconnect
The correct answer is C. Both Direct Interconnect and Partner Interconnect can be configured to support between 60 Gbps and 80 Gbps. All other options are wrong because Cloud VPN supports a maximum of 3 Gbps.
The director of network engineering has determined that any links to networks outside of the company data center will be implemented at the level of BGP routing exchanges. What hybrid-cloud networking option should you use?
A. Direct peering
B. Indirect peering
C. Global load balancing
D. Cloud IKE
The correct answer is A. Direct peering allows customers to connect their networks to a Google network point of access and exchange Border Gateway Protocol (BGP) routes, which define paths for transmitting data between networks. Options B and D are not the names of GCP services.
Option C is not correct because global load balancing does not link networks.
A startup is designing a social site dedicated to discussing global political, social, and environmental issues. The site will include news and opinion pieces in text and video. The startup expects that some stories will be exceedingly popular, and others won’t be, but they want to ensure that all users have a similar experience with regard to latency, so they plan to replicate content across regions. What load balancer should they use?
A. HTTP(S)
B. SSL Proxy
C. Internal TCP/UDP
D. TCP Proxy
The correct answer is A. HTTP(S) load balancers are global and will route HTTP traffic to the region closest to the user making a request.
Option B is incorrect, as SSL Proxy is used for non-HTTPS SSL traffic.
Option C is incorrect because it does not support external traffic from the public internet.
Option D is incorrect, as TCP Proxy is used for non-HTTP(S) traffic.
As a developer, you foresee the need to have a load balancer that can distribute load using only private RFC 1918 addresses. Which load balancer would you use?
A. Internal TCP/UDP
B. HTTP(S)
C. SSL Proxy
D. TCP Proxy
The correct answer is A. Only Internal TCP/UDP supports load balancing using private IP addressing. The other options are all incorrect because they cannot load balance using private IP addresses.
After a thorough review of the options, a team of developers and network engineers have determined that the SSL Proxy load balancer is the best option for their needs. What other GCP service must they have to use the SSL Proxy load balancer?
A. Cloud Storage
B. Cloud VPN
C. Premium Tier networking
D. TCP Proxy Load Balancing
The correct answer is C. All global load balancers require the Premium Tier network, which routes all data over the Google global network and not the public internet.
Option A is incorrect, as object storage is not needed.
Option C is incorrect because a VPN is not required.
Option D is incorrect, as that is another kind of global load balancer that would require Premium Tier networking.
You want to connect to access Cloud Storage APIs from a Compute Engine VM that has only an internal IP address. What GCP service would you use to enable that access?
A. Private Service Connect for Google APIs
B. Dedicated Interconnect
C. Partner Interconnect
D. HA VPN
The correct answer is A. Private Service Connect for Google APIs allows for access to Google Cloud APIs without requiring an external IP address. The other options are all for hybrid cloud computing connecting on-premises devices to a VPC.
A company is migrating an enterprise application to Google Cloud. When running on-premises, application administrators created user accounts that were used to run background jobs. There was no actual user associated with the account, but the administrators needed an identity with which to associate permissions. What kind of identity would you recommend using when running that application in GCP?
A. Google-associated account
B. Cloud Identity account
C. Service account
D. Batch account
Option C, a service account, is the best choice for an account that will be associated with an application or resource, such as a VM.Both options A and B should be used with actual users.
Option D is not a valid type of identity in GCP.
You are tasked with managing the roles and privileges granted to groups of developers, quality assurance testers, and site reliability engineers. Individuals frequently move between groups. Each group requires a different set of permissions. What is the best way to grant access to resources that each group needs?
A. Create a group in Google Groups for each of the three groups: developers, quality assurance testers, and site reliability engineers. Add the identities of each user to their respective group. Assign predefined roles to each group.
B. Create a group in Google Groups for each of the three groups: developers, quality assurance testers, and site reliability engineers. Assign permissions to each user and then add the identities to their respective group.
C. Assign each user a Cloud Identity, and grant permissions directly to those identities.
D. Create a G Suite group for each of the three groups: developers, quality assurance testers, and site reliability engineers. Assign permissions to each user and then add the identities to their respective group.
The correct answer is A. The identities should be assigned to groups and predefined roles assigned to those groups. Assigning roles to groups eases administrative overhead because users receive permissions when they are added to a group. Removing a user from a group removes permissions from the user, unless the user receives that permission in another way. Options B, C, and D are incorrect because you cannot assign permissions directly to a user.
You are making a presentation on Google Cloud security to a team of managers in your company. Someone mentions that to comply with regulations, the organization will have to follow several security best practices, including least privilege. They would like to know how GCP supports using least privilege. What would you say?
A. GCP provides a set of three broad roles: owner, editor, and viewer. Most users will be assigned viewer unless they need to change configurations, in which case they will receive the editor role, or if they need to perform administrative functions, in which case they will be assigned owner.
B. GCP provides a set of fine-grained permissions and predefined roles that are assigned those permissions. The roles are based on commonly grouped responsibilities. Users will be assigned only the predefined roles needed for them to perform their duties.
C. GCP provides several types of identities. Users will be assigned a type of identity most suitable for their role in the organization.
D. GCP provides a set of fine-grained permissions and custom roles that are created and managed by cloud users. Users will be assigned a custom role designed specifically for that user’s responsibilities.
The correct answer is option B. Fine-grained permissions and predefined roles help implement least privilege because each predefined role has only the permissions needed to carry out a specific set of responsibilities.
Option A is incorrect. Basic roles are coarse-grained and grant more permissions than often needed.
Option C is incorrect. Simply creating a particular type of identity does not by itself associate permissions with users.
Option D is not the best option because it requires more administrative overhead than option B, and it is a best practice to use predefined roles as much as possible and only create custom roles when a suitable predefined role does not exist.
In the interest of separating duties, one member of your team will have permission to perform all actions on logs. You will also rotate the duty every 90 days. How would you grant the necessary permissions?
A. Create a Google Group, assignroles/logging.adminto the group, add the identity of the person who is administering the logs at the start of the 90-day period, and remove the identity of the person who administered logs during the previous 90 days.
B. Assignroles/logging.adminto the identity of the person who is administering the logs at the start of the 90-day period, and revoke the role from the identity of the person who administered logs during the previous 90 days.
C. Create a Google Group, assignroles/logging.privateLogViewerto the group, add the identity of the person who is administering the logs at the start of the 90-day period, and remove the identity of the person who administered logs during the previous 90 days.
D. Assignroles/logging.privateLogViewerto the identity of the person who is administering the logs at the start of the 90-day period, and revoke the role from the identity of the person who administered logs during the previous 90 days.
The correct answer is A. A group should be created for administrators and granted the necessary roles, which in this case isroles/logging.admin. The identity of the person responsible for a period should be added at the start of the period, and the person who was previously responsible should be removed from the group.
Option B is not the best option because it assigns roles to an identity, which is allowed but not recommended. If the team changes strategy and wants to have three administrators at a time, roles would have to be granted and revoked to multiple identities rather than a single group. Options C and D are incorrect becauseroles/logging.privateLogViewerdoes not grant administrative access.