Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

GCP professional cloud architect > Topic 1 > Flashcards

Topic 1 Flashcards

1
Q

Question 30
A lead engineer wrote a custom tool that deploys virtual machines in the legacy data center. He wants to migrate the custom tool to the new cloud environment.
You want to advocate for the adoption of Google Cloud Deployment Manager.
What are two business risks of migrating to Cloud Deployment Manager? (Choose two.)

A. Cloud Deployment Manager uses Python
B. Cloud Deployment Manager APIs could be deprecated in the future
C. Cloud Deployment Manager is unfamiliar to the company's engineers
D. Cloud Deployment Manager requires a Google APIs service account to run
E. Cloud Deployment Manager can be used to permanently delete cloud resources
F. Cloud Deployment Manager only supports automation of Google Cloud resources

https://www.examtopics.com/discussions/google/view/54125-exam-professional-cloud-architect-topic-1-question-30/

A

C. Cloud Deployment Manager is unfamiliar to the company’s engineers
F. Cloud Deployment Manager only supports automation of Google Cloud resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question #: 31

A development manager is building a new application. He asks you to review his requirements and identify what cloud technologies he can use to meet them. The application must:
1. Be based on open-source technology for cloud portability
2. Dynamically scale compute capacity based on demand
3. Support continuous software delivery
4. Run multiple segregated copies of the same application stack
5. Deploy application bundles using dynamic templates
6. Route network traffic to specific services based on URL
Which combination of technologies will meet all of his requirements?

A. Google Kubernetes Engine, Jenkins, and Helm
B. Google Kubernetes Engine and Cloud Load Balancing
C. Google Kubernetes Engine and Cloud Deployment Manager
D. Google Kubernetes Engine, Jenkins, and Cloud Load Balancing

https://www.examtopics.com/discussions/google/view/54389-exam-professional-cloud-architect-topic-1-question-31/

A

A. Google Kubernetes Engine, Jenkins, and Helm

it should be A .. helm is needed for “Deploy application bundles using dynamic templates”

Load Balancing should be part of GKE Already

Kubernetes Engine offers integrated support for two types of Cloud Load Balancing (Ingress and External Network Load Balancing) , hence Option A
Reference : https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question #: 32

You have created several pre-emptible Linux virtual machine instances using Google Compute Engine. You want to properly shut down your application before the virtual machines are preempted.
What should you do?

A. Create a shutdown script named k99.shutdown in the /etc/rc.6.d/ directory
B. Create a shutdown script registered as a xinetd service in Linux and configure a Stackdriver endpoint check to call the service
C. Create a shutdown script and use it as the value for a new metadata entry with the key shutdown-script in the Cloud Platform Console when you create the new virtual machine instance
D. Create a shutdown script, registered as a xinetd service in Linux, and use the gcloud compute instances add-metadata command to specify the service URL as the value for a new metadata entry with the key shutdown-script-url

https://www.examtopics.com/discussions/google/view/7202-exam-professional-cloud-architect-topic-1-question-32/

A

C. Create a shutdown script and use it as the value for a new metadata entry with the key shutdown-script in the Cloud Platform Console when you create the new virtual machine instance

https://cloud.google.com/compute/docs/shutdownscript

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question #: 33

Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform. Each tier (web, API, and database) scales independently of the others. Network traffic should flow through the web to the API tier and then on to the database tier. Traffic should not flow between the web and the database tier.
How should you configure the network?

A. Add each tier to a different subnetwork
B. Set up software based firewalls on individual VMs
C. Add tags to each tier and set up routes to allow the desired traffic flow
D. Add tags to each tier and set up firewall rules to allow the desired traffic flow

https://www.examtopics.com/discussions/google/view/9033-exam-professional-cloud-architect-topic-1-question-33/

A

D. Add tags to each tier and set up firewall rules to allow the desired traffic flow

refer to target filtering. https://cloud.google.com/solutions/best-practices-vpc-design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question #: 34

Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation, 50% of the batch servers failed the nightly batch run. You want to collect details on the failure to pass back to the development team.
Which three actions should you take? (Choose three.)

A. Use Stackdriver Logging to search for the module log entries
B. Read the debug GCE Activity log using the API or Cloud Console
C. Use gcloud or Cloud Console to connect to the serial console and observe the logs
D. Identify whether a live migration event of the failed server occurred, using in the activity log
E. Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics
F. Export a debug VM into an image, and run the image on a local server where kernel log messages will be displayed on the native screen

https://www.examtopics.com/discussions/google/view/54535-exam-professional-cloud-architect-topic-1-question-34/

A

A. Use Stackdriver Logging to search for the module log entries
C. Use gcloud or Cloud Console to connect to the serial console and observe the logs
E. Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics

A. Use Stackdriver Logging to search for the module log entries = Check logs
C. Use gcloud or Cloud Console to connect to the serial console and observe the logs = Check grub messages, remember new kernel module was installed.
E. Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics = Zoom into the time window when problem happened.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question #: 35

Your company wants to try out the cloud with low risk. They want to archive approximately 100 TB of their log data to the cloud and test the analytics features available to them there, while also retaining that data as a long-term disaster recovery backup.
Which two steps should you take? (Choose two.)

A. Load logs into Google BigQuery
B. Load logs into Google Cloud SQL
C. Import logs into Google Stackdriver
D. Insert logs into Google Cloud Bigtable
E. Upload log files into Google Cloud Storage

https://www.examtopics.com/discussions/google/view/54534-exam-professional-cloud-architect-topic-1-question-35/

A

A. Load logs into Google BigQuery
E. Upload log files into Google Cloud Storage

A. Load logs into Google BigQuery: BigQuery is Google Cloud’s serverless, highly scalable, and cost-effective multicloud data warehouse designed for data analytics. It’s ideal for storing and analyzing large volumes of log data (100 TB in this case). You can use BigQuery’s powerful SQL capabilities to run queries, generate reports, and gain insights from your logs.

E. Upload log files into Google Cloud Storage: Cloud Storage provides durable, scalable, and secure object storage. It’s perfect for storing your log data as a long-term disaster recovery backup. Cloud Storage offers different storage classes to optimize costs based on your data access frequency and retention needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question #: 36

You created a pipeline that can deploy your source code changes to your infrastructure in instance groups for self-healing. One of the changes negatively affects your key performance indicator. You are not sure how to fix it, and investigation could take up to a week.
What should you do?

A. Log in to a server, and iterate on the fox locally
B. Revert the source code change, and rerun the deployment pipeline
C. Log into the servers with the bad code change, and swap in the previous code
D. Change the instance group template to the previous one, and delete all instances

https://www.examtopics.com/discussions/google/view/10522-exam-professional-cloud-architect-topic-1-question-36/

A

B. Revert the source code change, and rerun the deployment pipeline

B. keyword is “self-healing” not “auto-healing” - which means MIG not used. So correct answer is B

A. Log in to a server, and iterate on the fix locally
» Long step, hence eliminate

B. Revert the source code change and rerun the deployment pipeline
» This revert will be logged in the source repo. Will go with this way although D also is correct.

C. login to the servers with the bad code change, and swap in the previous code
» C is manually doing what can be automatically done by B and C, hence eliminate.

D. Change the instance group template to the previous one and delete all instances
» This is similar to B but why manually do something which is automated. Hence eliminate. But is also correct. But B is better from code lifecycle perspective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question #: 37

Your organization wants to control IAM policies for different departments independently, but centrally.
Which approach should you take?

A. Multiple Organizations with multiple Folders
B. Multiple Organizations, one for each department
C. A single Organization with Folders for each department
D. A single Organization with multiple projects, each with a central owner

https://www.examtopics.com/discussions/google/view/7208-exam-professional-cloud-architect-topic-1-question-37/

A

C. A single Organization with Folders for each departmen

https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations
https://cloud.google.com/architecture/identity/best-practices-for-planning#use_organizations_to_delineate_administrative_authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question #: 38

You deploy your custom Java application to Google App Engine. It fails to deploy and gives you the following stack trace.
What should you do?
~~~
SHA1 digest error ….
~~~
A. Upload missing JAR files and redeploy your application.
B. Digitally sign all of your JAR files and redeploy your application
C. Recompile the CLoakedServlet class using and MD5 hash instead of SHA1

https://www.examtopics.com/discussions/google/view/7209-exam-professional-cloud-architect-topic-1-question-38/

A

Digitally sign all of your JAR files and redeploy your application

  1. JAR signing and integrity: Digitally signing your JAR files ensures their authenticity and integrity. It adds a digital signature that verifies the origin and confirms that the file hasn’t been tampered with. This is crucial for security and prevents issues like the SHA1 digest error you’re encountering.
  2. App Engine requirement: Google App Engine enforces JAR signing for security reasons. All deployed applications must have properly signed JAR files.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Question #: 39

You are designing a mobile chat application. You want to ensure people cannot spoof chat messages, by providing a message were sent by a specific user.
What should you do?

A. Tag messages client side with the originating user identifier and the destination user.
B. Encrypt the message client side using block-based encryption with a shared key.
C. Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key.
D. Use a trusted certificate authority to enable SSL connectivity between the client application and the server.

https://www.examtopics.com/discussions/google/view/6844-exam-professional-cloud-architect-topic-1-question-39/

A

C. Use public key infrastructure (PKI) to encrypt the message client side using the originating user’s private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Question #: 40

As part of implementing their disaster recovery plan, your company is trying to replicate their production MySQL database from their private data center to their
GCP project using a Google Cloud VPN connection. They are experiencing latency issues and a small amount of packet loss that is disrupting the replication.
What should they do?

A. Configure their replication to use UDP.
B. Configure a Google Cloud Dedicated Interconnect.
C. Restore their database daily using Google Cloud SQL.
D. Add additional VPN connections and load balance them.
E. Send the replicated transaction to Google Cloud Pub/Sub.

https://www.examtopics.com/discussions/google/view/7211-exam-professional-cloud-architect-topic-1-question-40/

A

B. Configure a Google Cloud Dedicated Interconnect

Adding VPN connections may improve bandwidth but does not resolve latency or packet loss issues caused by public internet routing… though not mentioned, we must ‘think’ beyond the scope of the question and ask ‘what is causing the latency’…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Question #: 41

Your customer support tool logs all email and chat conversations to Cloud Bigtable for retention and analysis. What is the recommended approach for sanitizing this data of personally identifiable information or payment card information before initial storage?

A. Hash all data using SHA256
B. Encrypt all data using elliptic curve cryptography
C. De-identify the data with the Cloud Data Loss Prevention API
D. Use regular expressions to find and redact phone numbers, email addresses, and credit card numbers

https://www.examtopics.com/discussions/google/view/11803-exam-professional-cloud-architect-topic-1-question-41/

A

C. De-identify the data with the Cloud Data Loss Prevention API

https://cloud.google.com/dlp
The recommended approach for sanitizing data of personally identifiable information or payment card information before storing it in Cloud Bigtable is option C: De-identify the data with the Cloud Data Loss Prevention API.

The Cloud Data Loss Prevention (DLP) API is a powerful tool that allows you to automatically discover, classify, and redact sensitive data in your organization. It uses advanced machine learning techniques to accurately identify and protect a wide range of sensitive data types, including personal information such as names, addresses, phone numbers, and payment card information.

Using the DLP API to de-identify your data before storing it in Cloud Bigtable is the most effective way to ensure that sensitive information is protected and not accessible to unauthorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Question #: 42

You are using Cloud Shell and need to install a custom utility for use in a few weeks. Where can you store the file so it is in the default execution path and persists across sessions?

A. ~/bin
B. Cloud Storage
C. /google/scripts
D. /usr/local/bin

https://www.examtopics.com/discussions/google/view/7212-exam-professional-cloud-architect-topic-1-question-42/

A

A. ~/bin

Cloud Shell provisions 5 GB of free persistent disk storage mounted as your $HOME directory on the virtual machine instance. This storage is on a per-user basis and is available across projects. Unlike the instance itself, this storage does not time out on inactivity. All files you store in your home directory, including installed software, scripts and user configuration files like .bashrc and .vimrc, persist between sessions. Your $HOME directory is private to you and cannot be accessed by other users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Question #: 43

You want to create a private connection between your instances on Compute Engine and your on-premises data center. You require a connection of at least 20
Gbps. You want to follow Google-recommended practices. How should you set up the connection?

A. Create a VPC and connect it to your on-premises data center using Dedicated Interconnect.
B. Create a VPC and connect it to your on-premises data center using a single Cloud VPN.
C. Create a Cloud Content Delivery Network (Cloud CDN) and connect it to your on-premises data center using Dedicated Interconnect.
D. Create a Cloud Content Delivery Network (Cloud CDN) and connect it to your on-premises datacenter using a single Cloud VPN.

https://www.examtopics.com/discussions/google/view/11804-exam-professional-cloud-architect-topic-1-question-43/

A

A. Create a VPC and connect it to your on-premises data center using Dedicated Interconnect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Question #: 44

You are analyzing and defining business processes to support your startup’s trial usage of GCP, and you don’t yet know what consumer demand for your product will be. Your manager requires you to minimize GCP service costs and adhere to Google best practices. What should you do?

A. Utilize free tier and sustained use discounts. Provision a staff position for service cost management.
B. Utilize free tier and sustained use discounts. Provide training to the team about service cost management.
C. Utilize free tier and committed use discounts. Provision a staff position for service cost management.
D. Utilize free tier and committed use discounts. Provide training to the team about service cost management.

https://www.examtopics.com/discussions/google/view/7190-exam-professional-cloud-architect-topic-1-question-44/

A

B. Utilize free tier and sustained use discounts. Provide training to the team about service cost management.

Sustained are automatic discounts for running specific GCE a significant portion of the billing month: https://cloud.google.com/compute/docs/sustained-use-discounts

Committed is for workloads with predictable resource needs between 1 year or 3 year, discount is up to 57% for most resources: https://cloud.google.com/compute/docs/instances/signing-up-committed-use-discounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Question #: 45

You are building a continuous deployment pipeline for a project stored in a Git source repository and want to ensure that code changes can be verified before deploying to production. What should you do?

A. Use Spinnaker to deploy builds to production using the red/black deployment strategy so that changes can easily be rolled back.
B. Use Spinnaker to deploy builds to production and run tests on production deployments.
C. Use Jenkins to build the staging branches and the master branch. Build and deploy changes to production for 10% of users before doing a complete rollout.
D. Use Jenkins to monitor tags in the repository. Deploy staging tags to a staging environment for testing. After testing, tag the repository for production and deploy that to the production environment.

https://www.examtopics.com/discussions/google/view/8197-exam-professional-cloud-architect-topic-1-question-45/

A

D. Use Jenkins to monitor tags in the repository. Deploy staging tags to a staging environment for testing. After testing, tag the repository for production and deploy that to the production environment.

17
Q

Question #: 46

You have an outage in your Compute Engine managed instance group: all instances keep restarting after 5 seconds. You have a health check configured, but autoscaling is disabled. Your colleague, who is a Linux expert, offered to look into the issue. You need to make sure that he can access the VMs. What should you do?

A. Grant your colleague the IAM role of project Viewer
B. Perform a rolling restart on the instance group
C. Disable the health check for the instance group. Add his SSH key to the project-wide SSH Keys
D. Disable autoscaling for the instance group. Add his SSH key to the project-wide SSH Keys

https://www.examtopics.com/discussions/google/view/6953-exam-professional-cloud-architect-topic-1-question-46/

A

C. Disable the health check for the instance group. Add his SSH key to the project-wide SSH Keys

The key element in C is “Disable the Health check.”, so that server wont restart automatically.
But before that the actual troubleshooting step is to check Cloud console -> Instance template -> Metadata-> and see if any startup script is there, if yes review it and possibly remove it. [Consider the case, a script is causing restarting the VM, (possibly in Metadata). ]

18
Q

Question #: 47

Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Google Kubernetes Engine (GKE) for workload orchestration. Parts of your architecture must also be PCI DSS-compliant. Which of the following is most accurate?

A. App Engine is the only compute platform on GCP that is certified for PCI DSS hosting.
B. GKE cannot be used under PCI DSS because it is considered shared hosting.
C. GKE and GCP provide the tools you need to build a PCI DSS-compliant environment.
D. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.

https://www.examtopics.com/discussions/google/view/54735-exam-professional-cloud-architect-topic-1-question-47/

A

C. GKE and GCP provide the tools you need to build a PCI DSS-compliant environment.

D. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.

https://cloud.google.com/security/compliance/pci-dss

19
Q

Question #: 49
Topic #: 1

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?

A. The effective policy is determined only by the policy set at the node
B. The effective policy is the policy set at the node and restricted by the policies of its ancestors
C. The effective policy is the union of the policy set at the node and policies inherited from its ancestors
D. The effective policy is the intersection of the policy set at the node and policies inherited from its ancestors

https://www.examtopics.com/discussions/google/view/6846-exam-professional-cloud-architect-topic-1-question-49/

A

C. The effective policy is the union of the policy set at the node and policies inherited from its ancestors

https://cloud.google.com/iam/docs/resource-hierarchy-access-control

GCP professional cloud architect (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions