Topic 2 Flashcards
Question #: 1
Topic #: 2
The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources.
What Google domain and project structure should you recommend?
A. Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application B. Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications C. Create a single G Suite account to manage users with each stage of each application in its own project D. Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment
https://www.examtopics.com/discussions/google/view/10396-exam-professional-cloud-architect-topic-2-question-1/
C. Create a single G Suite account to manage users with each stage of each application in its own project
https://cloud.google.com/resource-manager/docs/creating-managing-folders
Refer to the diagram on top, different envs are created at the project level.
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations
“A general recommendation is to have one project per application per environment. For example, if you have two applications, “app1” and “app2”, each with a development and production environment, you would have four projects: app1-dev, app1-prod, app2-dev, app2-prod. This isolates the environments from each other, so changes to the development project do not accidentally impact production, and gives you better access control, since you can (for example) grant all developers access to development projects but restrict production access to your CI/CD pipeline.”
Question #: 1
Topic #: 2
[All Professional Cloud Architect Questions]
A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops responding to SSH connections. It is still serving database requests to the application servers correctly.
What three steps should you take to diagnose the problem? (Choose three.)
A. Delete the virtual machine (VM) and disks and create a new one B. Delete the instance, attach the disk to a new VM, and investigate C. Take a snapshot of the disk and connect to a new machine to investigate D. Check inbound firewall rules for the network the machine is connected to E. Connect the machine to another network with very simple firewall rules and investigate F. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
https://www.examtopics.com/discussions/google/view/11917-exam-professional-cloud-architect-topic-2-question-2/
C. Take a snapshot of the disk and connect to a new machine to investigate
D. Check inbound firewall rules for the network the machine is connected to
F. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
C - Snapshotting is fine, it will reduce the performance for a short duration, but the database will still be up
D - Obvious place to check for firewall rules (if ssh ports are open or not)
F - Easy to see server messages on console (without downtime)
Question #: 3
Topic #: 2
JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.
What service account key-management strategy should you recommend?
A. Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs) B. Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs C. Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs D. Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs
https://www.examtopics.com/discussions/google/view/12793-exam-professional-cloud-architect-topic-2-question-3/
C. Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
https://cloud.google.com/iam/docs/understanding-service-accounts#migrating_data_to_google_cloud_platform
There are two types of service account keys:
GCP-managed keys. These keys are used by Cloud Platform services such as App Engine and Compute Engine. They cannot be downloaded, and are automatically rotated and used for signing for a maximum of two weeks. The rotation process is probabilistic; usage of the new key will gradually ramp up and down over the key’s lifetime. We recommend caching the public key set for a service account for at most 24 hours to ensure that you always have access to the current key set.
User-managed keys. These keys are created, downloadable, and managed by users. They expire 10 years from creation, and cease authenticating successfully when they are deleted from the service account.
Question #: 4
Topic #: 2
JencoMart has built a version of their application on Google Cloud Platform that serves traffic to Asia. You want to measure success against their business and technical goals.
Which metrics should you track?
A. Error rates for requests from Asia B. Latency difference between US and Asia C. Total visits, error rates, and latency from Asia D. Total visits and average latency for users from Asia E. The number of character sets present in the database
https://www.examtopics.com/discussions/google/view/14318-exam-professional-cloud-architect-topic-2-question-4/
C. Total visits, error rates, and latency from Asia
Answer is C; more complete imo. Those aligning to D should note that average latency is not the only metric available to measure and is too specific.
“Total visits” covers the business requirements:
- Optimize for capacity during peak periods and value during off-peak periods.
- Expand services into Asia.
“Error rates” covers business requirement:
- Guarantee service availability and support. ** if service is unavailable, errors are reported!
“Latency” covers technical requirement:
- Decrease latency in Asia.
Question #: 5
Topic #: 2
Rack => Edge router = > Cloud VPN =>Cloud Storage
Rack => => VM
The migration of JencoMart’s application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is shown in the diagram. You want to maximize throughput.
What are three potential bottlenecks? (Choose three.)
A. A single VPN tunnel, which limits throughput B. A tier of Google Cloud Storage that is not suited for this task C. A copy command that is not suited to operate over long distances D. Fewer virtual machines (VMs) in GCP than on-premises machines E. A separate storage layer outside the VMs, which is not suited for this task F. Complicated internet connectivity between the on-premises infrastructure and GCP
https://www.examtopics.com/discussions/google/view/6708-exam-professional-cloud-architect-topic-2-question-5/
A. A single VPN tunnel, which limits throughput
C. A copy command that is not suited to operate over long distances
F. Complicated internet connectivity between the on-premises infrastructure and GCP
Question #: 6
Topic #: 2
JencoMart wants to move their User Profiles database to Google Cloud Platform.
Which Google Database should they use?
A. Cloud Spanner B. Google BigQuery C. Google Cloud SQL D. Google Cloud Datastore
https://www.examtopics.com/discussions/google/view/8497-exam-professional-cloud-architect-topic-2-question-6/
D. Google Cloud Datastore
Google Cloud Datastorage use:
* User profile
* game state
* product catalogs
Datastore is ideal for applications that rely on highly available structured data at scale. You can use Datastore to store and query all of the following types of data:
Product catalogs that provide real-time inventory and product details for a retailer. User profiles that deliver a customized experience based on the user's past activities and preferences. Transactions based on ACID properties. For example, transferring funds from one bank account to another.
https://cloud.google.com/datastore/docs/concepts/overview