Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Questions and Answers

Questions 4

Your company implemented BigQuery as an enterprise data warehouse. Users from multiple business units run queries on this data warehouse. However, you notice that query costs for BigQuery are very high, and you need to control costs. Which two methods should you use? (Choose two.)

Options:

A.

Split the users from business units to multiple projects.

B.

Apply a user- or project-level custom query quota for BigQuery data warehouse.

C.

Create separate copies of your BigQuery data warehouse for each business unit.

D.

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

E.

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

Buy Now
Questions 5

The core business of your company is to rent out construction equipment at a large scale. All the equipment that is being rented out has been equipped with multiple sensors that send event information every few seconds. These signals can vary from engine status, distance traveled, fuel level, and more. Customers are billed based on the consumption monitored by these sensors. You expect high throughput – up to thousands of events per hour per device – and need to retrieve consistent databased on the time of the event. Storing and retrieving individual signals should be atomic. What should you do?

Options:

A.

Create a file in Cloud Storage per device and append new data to that file.

B.

Create a file in Cloud Filestore per device and append new data to that file.

C.

Ingest the data into Datastore. Store data in an entity group based on the device.

D.

Ingest the data into Cloud Bigtable. Create a row key based on the event timestamp.

Buy Now
Questions 6

You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google’s recommended practices. Which method should you use?

Options:

A.

Deployment Manager

B.

Cloud Composer

C.

Managed Instance Group

D.

Unmanaged Instance Group

Buy Now
Questions 7

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

Options:

A.

Coldline Storage

B.

Nearline Storage

C.

Regional Storage

D.

Multi-Regional Storage

Buy Now
Questions 8

You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

Options:

A.

Configure an HTTP(S) load balancer.

B.

Configure an internal TCP load balancer.

C.

Configure an external SSL proxy load balancer.

D.

Configure an external TCP proxy load balancer.

Buy Now
Questions 9

Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

Options:

A.

Add your SREs to roles/iam.roleAdmin role.

B.

Add your SREs to roles/accessapproval approver role.

C.

Add your SREs to a group and then add this group to roles/iam roleAdmin role.

D.

Add your SREs to a group and then add this group to roles/accessapproval approver role.

Buy Now
Questions 10

You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?

Options:

A.

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

B.

Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

C.

Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

D.

Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

Buy Now
Questions 11

Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

Options:

A.

Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.

B.

Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment.

C.

Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.

D.

Create a separate node pool for each application, and deploy each application to its dedicated node pool.

Buy Now
Questions 12

You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

Options:

A.

Create a health check on port 443 and use that when creating the Managed Instance Group.

B.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

C.

In the Instance Template, add the label ‘health-check’.

D.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

Buy Now
Questions 13

Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?

Options:

A.

Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.

B.

Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

C.

Create a custom role by removing delete permissions, and add users to that role only.

D.

Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.

Buy Now
Questions 14

(You are developing an internet of things (IoT) application that captures sensor data from multiple devices that have already been set up. You need to identify the global data storage product your company should use to store this data. You must ensure that the storage solution you choose meets your requirements of sub-millisecond latency. What should you do?)

Options:

A.

Store the IoT data in Spanner. Use caches to speed up the process and avoid latencies.

B.

Store the IoT data in Bigtable.

C.

Capture IoT data in BigQuery datasets.

D.

Store the IoT data in Cloud Storage. Implement caching by using Cloud CDN.

Buy Now
Questions 15

You are deploying an application to Cloud Run. Your application requires the use of an API that runs on Google Kubernetes Engine (GKE). You need to ensure that your Cloud Run service can privately reach the API on GKE, and you want to follow Google-recommended practices. What should you do?

Options:

A.

Deploy an ingress resource on the GKE cluster to expose the API to the internet. Use Cloud Armor to filter for IP addresses that can connect to the API. On the Cloud Run service, configure the application to fetch its public IP address and update the Cloud Armor policy on startup to allow this IP address to call the API on ports 80 and 443.

B.

Create an egress firewall rule on the VPC to allow connections to 0.0.0.0/0 on ports 80 and 443.

C.

Create an ingress firewall rule on the VPC to allow connections from 0.0.0.0/0 on ports 80 and 443.

D.

Deploy an internal Application Load Balancer to expose the API on GKE to the VPC. Configure Cloud DNS with the IP address of the internal Application Load Balancer. Deploy a Serverless VPC Access connector to allow the Cloud Run service to call the API through the FQDN on Cloud DNS.

Buy Now
Questions 16

(Your company uses a multi-cloud strategy that includes Google Cloud. You want to centralize application logs in a third-party software-as-a-service (SaaS) tool from all environments. You need tointegrate logs originating from Cloud Logging, and you want to ensure the export occurs with the least amount of delay possible. What should you do?)

Options:

A.

Use a Cloud Scheduler cron job to trigger a Cloud Function that queries Cloud Logging and sends the logs to the SaaS tool.

B.

Create a Cloud Logging sink and configure Pub/Sub as the destination. Configure the SaaS tool to subscribe to the Pub/Sub topic to retrieve the logs.

C.

Create a Cloud Logging sink and configure Cloud Storage as the destination. Configure the SaaS tool to read the Cloud Storage bucket to retrieve the logs.

D.

Create a Cloud Logging sink and configure BigQuery as the destination. Configure the SaaS tool to query BigQuery to retrieve the logs.

Buy Now
Questions 17

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

Options:

A.

Deploy the monitoring pod in a StatefulSet object.

B.

Deploy the monitoring pod in a DaemonSet object.

C.

Reference the monitoring pod in a Deployment object.

D.

Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

Buy Now
Questions 18

You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?

Options:

A.

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

B.

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

C.

Create a custom Compute Engine image from a snapshot. Create your images from that image.

D.

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

Buy Now
Questions 19

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company ' s security policy also restricts developer permissions to Compute Engine. Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

Options:

A.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.• Copy the role across all projects created within the organization with the gcloud iam roles copy command.• Assign the role to developers in those projects.

B.

• Add all developers to a Google group in Google Groups for Workspace.• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

C.

• Add all developers to a Google group in Cloud Identity.• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

D.

• Add all developers to a Google group in Cloud Identity.• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.• Assign the custom role to the Google group.

Buy Now
Questions 20

You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web-applications project. What should you do?

Options:

A.

Give “project owner” for web-applications appropriate roles to crm-databases- proj

B.

Give “project owner” role to crm-databases-proj and the web-applications project.

C.

Give “project owner” role to crm-databases-proj and bigquery.dataViewer role to web-applications.

D.

Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.

Buy Now
Questions 21

Your team manages several petabytes of historical, structured transaction data stored in Apache Avro format on-premises. You are migrating this data to Google Cloud for a machine learning project. You must ensure that the data is accessible for large-scale analysis and model training using BigQuery. You must also minimize storage costs and avoid the overhead of loading data into BigQuery ' s managed storage. What should you do?

Options:

A.

Use the BigQuery Data Transfer Service to ingest all Avro files into a BigQuery native table.

B.

Migrate the data to a Cloud SQL for PostgreSQL instance, and use BigQuery federated queries to access the data.

C.

Store the data in a Cloud Storage bucket, and define a BigQuery external table partitioned by a relevant column.

D.

Store the data in a Cloud Storage bucket, define a schema, and then use the bq load command to upload files individually.

Buy Now
Questions 22

You recently discovered an issue with your rolling update in Google Kubernetes Engine (GKE). You now need to roll back a rolling update. What should you do?

Options:

A.

Manually scale down the new Pods and scale up the old Pods.

B.

Delete the deployment.

C.

Use the kubectl rollout restart command to revert the deployment.

D.

Use the kubectl rollout undo command.

Buy Now
Questions 23

Your company has a large quantity of unstructured data in different file formats. You want to perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it can be processed by a Dataflow job. What should you do?

Options:

A.

Upload the data to BigQuery using the bq command line tool.

B.

Upload the data to Cloud Storage using the gsutil command line tool.

C.

Upload the data into Cloud SQL using the import function in the console.

D.

Upload the data into Cloud Spanner using the import function in the console.

Buy Now
Questions 24

Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure. You need to assign minimum permissions to these team members and you want to follow Google-recommended practices. What should you do?

Options:

A.

Add the users to roles/browser role.

B.

Add the users to roles/iam.roleViewer role.

C.

Add the users to a group, and add this group to roles/browser role.

D.

Add the users to a group, and add this group to roles/iam.roleViewer role.

Buy Now
Questions 25

You are the Google Cloud systems administrator for your organization. User A reports that they received an error when attempting to access the Cloud SQL database in their Google Cloud project, while User B can access the database. You need to troubleshoot the issue for User A, while following Google-recommended practices.

What should you do first?

Options:

A.

Confirm that network firewall rules are not blocking traffic for User A.

B.

Review recent configuration changes that may have caused unintended modifications to permissions.

C.

Verify that User A has the Identity and Access Management (IAM) Project Owner role assigned.

D.

Review the error message that User A received.

Buy Now
Questions 26

You want to deploy a new containerized application into Google Cloud by using a Kubernetes manifest. You want to have full control over the Kubernetes deployment, and at the same time, you want to minimize configuring infrastructure. What should you do?

Options:

A.

Deploy the application on GKE Autopilot.

B.

Deploy the application on GKE Standard.

C.

Deploy the application on Cloud Functions.

D.

Deploy the application on Cloud Run.

Buy Now
Questions 27

You need to deploy a third-party software application onto a single Compute Engine VM instance. The application requires the highest speed read and write disk access for the internal database. You need to ensure the instance will recover on failure. What should you do?

Options:

A.

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateful managed instance group.

B.

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateless managed instance group.

C.

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateful managed instance group.

D.

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateless managed instance group.

Buy Now
Questions 28

You need to create and manage service accounts for your workloads running on Google Cloud. You want to follow Google-recommended practices. What should you do?

Choose 2 answers

Options:

A.

Create as few service accounts as possible.

B.

Delete any unused service accounts immediately.

C.

Create single-purpose service accounts.

D.

Manage service accounts as resources.

E.

Use random names for the service accounts.

Buy Now
Questions 29

Your company is closely monitoring their cloud spend. You need to allow different teams to monitor their Google Cloud costs. You must ensure that team members receive notifications when their cloud spend reaches certain thresholds and give team members the ability to create dashboards for additional insights with detailed billing data. You want to follow Google-recommended practices and minimize engineering costs. What should you do?

Options:

A.

Set up alerts for each team based on required thresholds. Set up billing exports to BigQuery. Grant team members access to BigQuery.

B.

Set up alerts for each team based on required thresholds. Create a shell script to read data from the Cloud Billing API, and push the results to BigQuery. Grant team members access to BigQuery.

C.

Deploy Grafana to Compute Engine. Create a dashboard for each team that uses the data from the Cloud Billing API. Ask each team to create their own alerts in Cloud Monitoring.

D.

Deploy Grafana to Compute Engine. Create a dashboard for each team that uses the data from the Cloud Billing Budget API. Ask each team to create their own alerts in Grafana.

Buy Now
Questions 30

You are building a pipeline to process time-series data. Which Google Cloud Platform services should you put in boxes 1,2,3, and 4?

Options:

A.

Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

B.

Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery

C.

Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable

D.

Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

Buy Now
Questions 31

You have a website hosted on App Engine standard environment. You want 1% of your users to see a new test version of the website. You want to minimize complexity. What should you do?

Options:

A.

Deploy the new version in the same application and use the --migrate option.

B.

Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.

C.

Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.

D.

Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.

Buy Now
Questions 32

You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

Options:

A.

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

B.

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

C.

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

D.

Set up a high-priority (1000) rule to allow the appropriate ports.

Buy Now
Questions 33

You are managing your company’s archival records that are stored in a Cloud Storage bucket using the Multi-Regional storage class. These objects are rarely accessed after 90 days but must be retained indefinitely to meet regulatory compliance requirements. You need to implement a cost-effective process that automatically transitions these objects to the lowest-cost storage class suitable for long-term retention immediately after the 90-day period. What should you do?

Options:

A.

Enable Object Versioning on the bucket, and create an Object Lifecycle Management rule that sets the daysSinceNoncurrentTime condition to 90 days, transitioning noncurrent versions to Archive storage.

B.

Create an Object Lifecycle Management rule on the bucket that specifies an age condition of 90 days and uses the SetStorageClass action to transition the objects to Archive storage.

C.

Create a nightly scheduled Cloud Run function that uses the Cloud Storage API to change the storage class of all objects older than 90 days to Archive storage.

D.

Create an Object Lifecycle Management rule on the bucket that specifies the createdBefore condition set to 90 days ago and uses the Delete action to remove the objects.

Buy Now
Questions 34

Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running on four GKE n1–standard–2 nodes. You need to deploy additional pods requiring n2–highmem–16 nodes without any downtime. What should you do?

Options:

A.

Use gcloud container clusters upgrade. Deploy the new services.

B.

Create a new Node Pool and specify machine type n2–highmem–16. Deploy the new pods.

C.

Create a new cluster with n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

D.

Create a new cluster with both n1–standard–2 and n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

Buy Now
Questions 35

You are planning to migrate your on-premises data to Google Cloud. The data includes:

• 200 TB of video files in SAN storage

• Data warehouse data stored on Amazon Redshift

• 20 GB of PNG files stored on an S3 bucket

You need to load the video files into a Cloud Storage bucket, transfer the data warehouse data into BigQuery, and load the PNG files into a second Cloud Storage bucket. You want to follow Google-recommended practices and avoid writing any code for the migration. What should you do?

Options:

A.

Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

B.

Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

C.

Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

D.

Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Buy Now
Questions 36

You want to deploy SAP HANA workloads on Compute Engine. The installation requires high-performance data storage, with input/output operations per second (IOPS) frequently exceeding 200,000. Your solution must also ensure the data persists through instance restarts. What should you do?

Options:

A.

Use Hyperdisk Extreme disks for the application data.

B.

Use in-memory RAM disks for the application data.

C.

Use Local SSD disks for the application data.

D.

Use Hyperdisk Throughput disks for the application data.

Buy Now
Questions 37

You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?

Options:

A.

When creating the VM, use machine type n1-standard-96.

B.

When creating the VM, use Intel Skylake as the CPU platform.

C.

Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have 96 vCPUs.

D.

Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

Buy Now
Questions 38

You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you grant your colleagues?

Options:

A.

Project Editor

B.

Storage Admin

C.

Storage Object Admin

D.

Storage Object Creator

Buy Now
Questions 39

Your organization has created hundreds of service accounts for different applications hosted on-premises and in other clouds that use Google Cloud APIs. You need to audit the service account keys that have been created and identify the keys that are older than 90 days. What should you do?

Options:

A.

Execute the gcloud kms keys list --filter= " createTime < [DATE_90_DAYS_AGO] " command.

B.

Execute the gcloud iam service-accounts list --filter= " createTime < [DATE_90_DAYS_AGO] " command.

C.

Execute the gcloud asset search-all-resources --scope= " organizations/[ORG_ID] " --query= " createTime < [DATE_90_DAYS_AGO] " --asset-types= " iam.googleapis.com/ServiceAccountKey " --order-by= " createTime " command.

D.

Execute the gcloud asset search-all-resources --scope= " organizations/[ORG_ID] " --query= " createTime < [DATE_90_DAYS_AGO] " --asset-types= " apikeys.googleapis.com/Key " --order-by= " createTime " command.

Buy Now
Questions 40

You have experimented with Google Cloud using your own credit card and expensed the costs to your company. Your company wants to streamline the billing process and charge the costs of your projects to their monthly invoice. What should you do?

Options:

A.

Grant the financial team the IAM role of ג €Billing Account User ג € on the billing account linked to your credit card.

B.

Set up BigQuery billing export and grant your financial department IAM access to query the data.

C.

Create a ticket with Google Billing Support to ask them to send the invoice to your company.

D.

Change the billing account of your projects to the billing account of your company.

Buy Now
Questions 41

You are developing a new application and are looking for a Jenkins installation to build and deploy your source code. You want to automate the installation as quickly and easily as possible. What should you do?

Options:

A.

Deploy Jenkins through the Google Cloud Marketplace.

B.

Create a new Compute Engine instance. Run the Jenkins executable.

C.

Create a new Kubernetes Engine cluster. Create a deployment for the Jenkins image.

D.

Create an instance template with the Jenkins executable. Create a managed instance group with this template.

Buy Now
Questions 42

Your company uses Google Kubernetes Engine (GKE) for all application deployments. Your team needs to provision and manage other Google Cloud resources using the same declarative approach and tooling as your application deployments. What should you do?

Options:

A.

Use the Google Cloud console to provision and manage Google Cloud resources.

B.

Write shell scripts using gcloud commands to provision and manage Google Cloud resources.

C.

Create Terraform configurations for your Google Cloud resources, and store the state file in a Cloud Storage bucket.

D.

Install Config Connector in a GKE cluster, and define your Google Cloud resources as custom resources in Kubernetes manifests.

Buy Now
Questions 43

After a recent security incident, your startup company wants better insight into what is happening in the Google Cloud environment. You need to monitor unexpected firewall changes and instance creation. Your company prefers simple solutions. What should you do?

Options:

A.

Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.

B.

Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls andcompute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.

C.

Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.

D.

Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage.Use BigQuery to periodically analyze log events in the storage bucket.

Buy Now
Questions 44

Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet has no more free IP addresses and you require an additional 10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other without additional routes. What should you do?

Options:

A.

Use gcloud to expand the IP range of the current subnet.

B.

Delete the subnet, and recreate it using a wider range of IP addresses.

C.

Create a new project. Use Shared VPC to share the current network with the new project.

D.

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

Buy Now
Questions 45

Your company is active in the European Economic Area (EEA), and will adopt Google Cloud for its workloads. Projects are currently structured within different folders. You need to ensure any resources that will be deployed are using Google Cloud locations within the EEA by using the Organization Policy Service resource locations constraint. What should you do?

Options:

A.

Configure the policy at the organization level, and add all allowed locations to the policy.

B.

Configure the policy at the folder level, and add all disallowed locations to the policy.

C.

Configure the policy at the organization level, and add all disallowed locations to the policy.

D.

Configure the policy at the folder level, and add all allowed locations to the policy.

Buy Now
Questions 46

(You manage a VPC network in Google Cloud with a subnet that is rapidly approaching its private IP address capacity. You expect the number of Compute Engine VM instances in the same region to double within a week. You need to implement a Google-recommended solution that minimizes operational costs and does not require downtime. What should you do?)

Options:

A.

Create a second VPC with the same subnet IP range, and connect this VPC to the existing VPC by using VPC Network Peering.

B.

Delete the existing subnet, and create a new subnet with double the IP range available.

C.

Use the Google Cloud CLI tool to expand the primary IP range of your subnet.

D.

Permit additional traffic from the expected range of private IP addresses to reach your VMs by configuring firewall rules.

Buy Now
Questions 47

You are managing a new project for a web application on Google Cloud. The web application is running on a Compute Engine VM, and your team has a strict budget. You have already created a budget in Cloud Billing and set an alert rule to send an email when 90% of the budget is consumed. You must ensure that project spending automatically stops if it exceeds the budgeted amount. What should you do?

Options:

A.

Create a new Cloud Billing account, and associate the project with it to prevent new spending from affecting your project ' s budget.

B.

Create a Pub/Sub topic, and connect it to the budget. Create a Cloud Run function that subscribes to the Pub/Sub topic and executes code to stop the VM.

C.

Use the Cloud Billing dashboard to identify the forecasted spend of your project, and then update the budget and alert to match the forecasted spend.

D.

Rely on the budget ' s configuration to automatically disable billable resources when the spend reaches 100%.

Buy Now
Questions 48

You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?

Options:

A.

Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.

B.

Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.

C.

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.

D.

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.

Buy Now
Questions 49

(You are migrating your company’s on-premises compute resources to Google Cloud. You need to deploy batch processing jobs that run every night. The jobs require significant CPU and memory for several hours but can tolerate interruptions. You must ensure that the deployment is cost-effective. What should you do?)

Options:

A.

Containerize the batch processing jobs and deploy them on Compute Engine.

B.

Use custom machine types on Compute Engine.

C.

Use the M1 machine series on Compute Engine.

D.

Use Spot VMs on Compute Engine.

Buy Now
Questions 50

You are designing an application that uses WebSockets and HTTP sessions that are not distributed across the web servers. You want to ensure the application runs properly on Google Cloud Platform. What should you do?

Options:

A.

Meet with the cloud enablement team to discuss load balancer options.

B.

Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.

C.

Review the encryption requirements for WebSocket connections with the security team.

D.

Convert the WebSocket code to use HTTP streaming.

Buy Now
Questions 51

Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

Options:

A.

Create the instance without a public IP address.

B.

Create the instance with Private Google Access enabled.

C.

Create a deny-all egress firewall rule on the VPC network.

D.

Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

Buy Now
Questions 52

You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application are located all over the world. You want to minimize latency for the clients. Which load balancing option should you use?

Options:

A.

HTTPS Load Balancer

B.

Network Load Balancer

C.

SSL Proxy Load Balancer

D.

Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.

Buy Now
Questions 53

Your application is running on Google Cloud in a managed instance group (MIG). You see errors in Cloud Logging for one VM that one of the processes is not responsive. You want to replace this VM in the MIG quickly. What should you do?

Options:

A.

Select the MIG from the Compute Engine console and, in the menu, select Replace VMs.

B.

Use the gcloud compute instance-groups managed recreate-instances command to recreate theVM.

C.

Use the gcloud compute instances update command with a REFRESH action for the VM.

D.

Update and apply the instance template of the MIG.

Buy Now
Questions 54

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20. and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

Options:

A.

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

B.

Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

C.

Add a secondary IP range 10.1.0.0/20 to the subnet.

D.

Convert the subnet IP range from IPv4 to IPv6

Buy Now
Questions 55

(You are deploying a web application using Compute Engine. You created a managed instance group (MIG) to host the application. You want to follow Google-recommended practices to implement a secure and highly available solution. What should you do?)

Options:

A.

Use a proxy Network Load Balancer for the MIG and an A record in your DNS private zone with the load balancer ' s IP address.

B.

Use a proxy Network Load Balancer for the MIG and a CNAME record in your DNS public zone with the load balancer ' s IP address.

C.

Use an Application Load Balancer for the MIG and a CNAME record in your DNS private zone with the load balancer ' s IP address.

D.

Use an Application Load Balancer for the MIG and an A record in your DNS public zone with the load balancer ' s IP address.

Buy Now
Questions 56

You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?

Options:

A.

Use gcloud to create the new project, and then deploy your application to the new project.

B.

Use gcloud to create the new project and to copy the deployed application to the new project.

C.

Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.

D.

Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.

Buy Now
Questions 57

You have been asked to migrate a docker application from datacenter to cloud. Your solution architect has suggested uploading docker images to GCR in one project and running an application in a GKE cluster in a separate project. You want to store images in the project img-278322 and run the application in the project prod-278986. You want to tag the image as acme_track_n_trace:v1. You want to follow Google-recommended practices. What should you do?

Options:

A.

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace

B.

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace:v1

C.

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace

D.

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace:v1

Buy Now
Questions 58

(You need to migrate multiple PostgreSQL databases from your on-premises data center to Google Cloud. You want to significantly improve the performance of your databases while minimizing changes to your data schema and application code. You expect to exceed 150 TB of data per geographical region. You want to follow Google-recommended practices and minimize your operational costs. What should you do?)

Options:

A.

Migrate your data to AlloyDB.

B.

Migrate your data to Spanner.

C.

Migrate your data to Firebase.

D.

Migrate your data to Bigtable.

Buy Now
Questions 59

Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company ' s on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.

What should you do?

Options:

A.

Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

B.

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

C.

Configure the IP of the database as custom metadata for each instance, and query the metadata server.

D.

Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Buy Now
Questions 60

You need to create a Compute Engine instance in a new project that doesn’t exist yet. What should you do?

Options:

A.

Using the Cloud SDK, create a new project, enable the Compute Engine API in that project, and then create the instance specifying your new project.

B.

Enable the Compute Engine API in the Cloud Console, use the Cloud SDK to create the instance, and then use the ––project flag to specify a new project.

C.

Using the Cloud SDK, create the new instance, and use the ––project flag to specify the new project.Answer yes when prompted by Cloud SDK to enable the Compute Engine API.

D.

Enable the Compute Engine API in the Cloud Console. Go to the Compute Engine section of the Console to create a new instance, and look for the Create In A New Project option in the creation form.

Buy Now
Questions 61

You built an application on Google Cloud Platform that uses Cloud Spanner. Your support team needs to monitor the environment but should not have access to table data. You need a streamlined solution to grant the correct permissions to your support team, and you want to follow Google-recommended practices. What should you do?

Options:

A.

Add the support team group to the roles/monitoring.viewer role

B.

Add the support team group to the roles/spanner.databaseUser role.

C.

Add the support team group to the roles/spanner.databaseReader role.

D.

Add the support team group to the roles/stackdriver.accounts.viewer role.

Buy Now
Questions 62

Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The DevOps team needs access to all of theproduction services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Google-recommended practices. What should you do?

Options:

A.

Grant all members of the DevOps team the role of Project Editor on the organization level.

B.

Grant all members of the DevOps team the role of Project Editor on the production project.

C.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.

D.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

Buy Now
Questions 63

You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Options:

A.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

B.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

C.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

D.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Buy Now
Questions 64

You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps. What should you do?

Options:

A.

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

B.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

C.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

D.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

Buy Now
Questions 65

Your company has many legacy third-party applications that rely on a shared NFS server for file sharing between these workloads. You want to modernize the NFS server by using a Google Cloud managed service. You need to select the solution that requires the least amount of change to the application. What should you do?

Options:

A.

Configure Firestore. Configure all applications to use Firestore instead of the NFS server.

B.

Deploy a Filestore instance. Replace all NFS mounts with a Filestore mount.

C.

Create a Cloud Storage bucket. Configure all applications to use Cloud Storage client libraries instead of the NFS server.

D.

Create a Compute Engine instance and configure an NFS server on the instance. Point all NFS mounts to the Compute Engine instance.

Buy Now
Questions 66

(You are deploying an application to Google Kubernetes Engine (GKE). The application needs to make API calls to a private Cloud Storage bucket. You need to configure your application Pods to authenticate to the Cloud Storage API, but your organization policy prevents the usage of service account keys. You want to follow Google-recommended practices. What should you do?)

Options:

A.

Create the GKE cluster and deploy the application. Request a security exception to create a Google service account key. Set the constraints/iam.serviceAccountKeyExpiryHours organization policy to 8 hours.

B.

Create the GKE cluster and deploy the application. Request a security exception to create a Google service account key. Set the constraints/iam.serviceAccountKeyExpiryHours organization policy to 24 hours.

C.

Create the GKE cluster with Workload Identity Federation. Configure the default node service account to access the bucket. Deploy the application into the cluster so the application can use the node service account permissions. Use Identity and Access Management (IAM) to grant the service account access to the bucket.

D.

Create the GKE cluster with Workload Identity Federation. Create a Google service account and a Kubernetes ServiceAccount, and configure both service accounts to use Workload Identity Federation. Attach the Kubernetes ServiceAccount to the application Pods and configure the Google service account to access the bucket with Identity and Access Management (IAM).

Buy Now
Questions 67

Your company ' s security vulnerability management policy wonts 3 member of the security team to have visibility into vulnerabilities and other OS metadata for a specific Compute Engine instance This Compute Engine instance hosts a critical application in your Goggle Cloud project. You need to implement your company ' s security vulnerability management policy. What should you dc?

Options:

A.

• Ensure that the Ops Agent Is Installed on the Compute Engine instance.• Create a custom metric in the Cloud Monitoring dashboard.• Provide the security team member with access to this dashboard.

B.

• Ensure that the Ops Agent is installed on tie Compute Engine instance.• Provide the security team member roles/configure.inventoryViewer permission.

C.

• Ensure that the OS Config agent Is Installed on the Compute Engine instance.• Provide the security team member roles/configure.vulnerabilityViewer permission.

D.

• Ensure that the OS Config agent is installed on the Compute Engine instance• Create a log sink Co a BigQuery dataset.• Provide the security team member with access to this dataset.

Buy Now
Questions 68

Your company requires that Google Cloud products are created with a specific configuration to comply with your company ' s security policies You need to implement a mechanism that will allow software engineers at your company to deploy and update Google Cloud products in a preconfigured and approved manner. What should you do?

Options:

A.

Create Java packages that utilize the Google Cloud Client Libraries for Java to configure Google Cloud products. Store and share the packages in a source code repository.

B.

Create bash scripts that utilize the Google Cloud CLI to configure Google Cloud products. Store and share the bash scripts in a source code repository.

C.

Create Terraform modules that utilize the Google Cloud Terraform Provider to configure Google Cloud products. Store and share the modules in a source code repository.

D.

Use the Google Cloud APIs by using curl to configure Google Cloud products. Store and share the curl commands in a source code repository.

Buy Now
Questions 69

You want to select and configure a solution for storing and archiving data on Google Cloud Platform. You need to support compliance objectives for data from one geographic location. This data is archived after 30 days and needs to be accessed annually. What should you do?

Options:

A.

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

B.

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

C.

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

D.

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

Buy Now
Questions 70

(You are managing the security configuration of your company ' s Google Cloud organization. The Operations team needs specific permissions on both a Google Kubernetes Engine (GKE) cluster and a Cloud SQL instance. Two predefined Identity and Access Management (IAM) roles exist that contain a subset of the permissions needed by the team. You need to configure the necessary IAM permissions for this team while following Google-recommended practices. What should you do?)

Options:

A.

Grant the team the two predefined IAM roles.

B.

Create a custom IAM role that combines the permissions from the two relevant predefined roles.

C.

Create a custom IAM role that includes only the required permissions from the predefined roles.

D.

Grant the team the IAM roles of Kubernetes Engine Admin and Cloud SQL Admin.

Buy Now
Questions 71

You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

Options:

A.

Assign appropriate access for Google services to the service account used by the Compute Engine VM.

B.

Create a service account with appropriate access for Google services, and configure the application to use this account.

C.

Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

D.

Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Buy Now
Questions 72

You have an application that uses Cloud Spanner as a backend database. The application has a very predictable traffic pattern. You want to automatically scale up or down the number of Spanner nodes depending on traffic. What should you do?

Options:

A.

Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.

B.

Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.

C.

Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

D.

Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.

Buy Now
Questions 73

You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

Options:

A.

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

B.

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.

C.

Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

D.

Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Buy Now
Questions 74

Your company developed an application to deploy on Google Kubernetes Engine. Certain parts of the application are not fault-tolerant and are allowed to have downtime Other parts of the application are critical and must always be available. You need to configure a Goorj e Kubernfl:es Engine duster while optimizing for cost. What should you do?

Options:

A.

Create a cluster with a single node-pool by using standard VMs. Label the fault-tolerant Deployments as spot-true.

B.

Create a cluster with a single node-pool by using Spot VMs. Label the critical Deployments as spot-false.

C.

Create a cluster with both a Spot W node pool and a rode pool by using standard VMs Deploy the critical.deployments on the Spot VM node pool and the fault; tolerant deployments on the node pool by using standard VMs.

D.

Create a cluster with both a Spot VM node pool and by using standard VMs. Deploy the critical deployments on the mode pool by using standard VMs and the fault-tolerant deployments on the Spot VM node pool.

Buy Now
Questions 75

You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

Options:

A.

Change the default region property setting in the existing GCP project to asia-northeast1.

B.

Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

C.

Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.

D.

Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.

Buy Now
Questions 76

Your application development team has created Docker images for an application that will be deployed on Google Cloud. Your team does not want to manage the infrastructure associated with this application. You need to ensure that the application can scale automatically as it gains popularity. What should you do?

Options:

A.

Create an Instance template with the container image, and deploy a Managed Instance Group withAutoscaling.

B.

Upload Docker images to Artifact Registry, and deploy the application on Google Kubernetes Engine usingStandard mode.

C.

Upload Docker images to the Cloud Storage, and deploy the application on Google Kubernetes Engine usingStandard mode.

D.

Upload Docker images to Artifact Registry, and deploy the application on Cloud Run.

Buy Now
Questions 77

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

Options:

A.

After the VM has been created, use your Google Account credentials to log in into the VM.

B.

After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.

C.

When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value.

D.

After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.

Buy Now
Questions 78

Your company has an internal application for managing transactional orders. The application is used exclusively by employees in a single physical location. The application requires strong consistency, fast queries, and ACID guarantees for multi-table transactional updates. The first version of the application is implemented inPostgreSQL, and you want to deploy it to the cloud with minimal code changes. Which database is most appropriate for this application?

Options:

A.

BigQuery

B.

Cloud SQL

C.

Cloud Spanner

D.

Cloud Datastore

Buy Now
Questions 79

You have been asked to set up the billing configuration for a new Google Cloud customer. Your customer wants to group resources that share common IAM policies. What should you do?

Options:

A.

Use labels to group resources that share common IAM policies

B.

Use folders to group resources that share common IAM policies

C.

Set up a proper billing account structure to group IAM policies

D.

Set up a proper project naming structure to group IAM policies

Buy Now
Questions 80

Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting to the game with their personal phones over the Internet. The game sends UDP packets to update the servers about the gamers ' actions while they are playing in multiplayer mode. Your game backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a single IP address. What should you do?

Options:

A.

Configure an SSL Proxy load balancer in front of the application servers.

B.

Configure an Internal UDP load balancer in front of the application servers.

C.

Configure an External HTTP(s) load balancer in front of the application servers.

D.

Configure an External Network load balancer in front of the application servers.

Buy Now
Questions 81

You are using your personal workstation to develop an application that will be hosted in Google Cloud. You are authenticated using a Google Account (USER). You need to test whether a specific set of permissions assigned to an existing service account (SERVICE_ACCOUNT) are sufficient for a task without handling sensitive secret information. What should you do?

Options:

A.

Grant USER the IAM role roles/iam.workloadIdentityUser on SERVICE_ACCOUNT.

B.

Grant USER the IAM role roles/iam.serviceAccountKeyAdmin on SERVICE_ACCOUNT.

C.

Grant USER the IAM role roles/iam.serviceAccountTokenCreator on SERVICE_ACCOUNT.

D.

Grant USER the IAM role roles/iam.serviceAccountUser on SERVICE_ACCOUNT.

Buy Now
Questions 82

You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:

What is the most likely cause?

Options:

A.

The pending Pod ' s resource requests are too large to fit on a single node of the cluster.

B.

Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

C.

The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

D.

The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods’ status. It is currently being rescheduled on a new node.

Buy Now
Questions 83

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud

Project. What should you do?

Options:

A.

Enable Audit Logs for all APIs that are related to data storage.

B.

Review the IAM permissions for any role that allows for data access.

C.

Review the Identity-Aware Proxy settings for each resource.

D.

Create a Data Loss Prevention job.

Buy Now
Questions 84

You need to manage a Cloud Spanner Instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

Options:

A.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.

B.

Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage

C.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

D.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Buy Now
Questions 85

You are developing a monitoring application that runs on a Google Kubernetes Engine (GKE) cluster. The application requires credentials from a service account to collect performance data. However, your organization has a policy that prohibits the creation of new service account keys. You need to grant the application access while following Google-recommended security practices. What should you do?

Options:

A.

Use your personal user credentials to authenticate the application, ensuring your account has the necessary permissions.

B.

Create a new project, generate a service account key in the new project, and grant the service account the required IAM roles in the application project.

C.

Override the organization policy in the project, and create a long-lived service account key in the GKE cluster.

D.

Configure Workload Identity Federation to allow the application to impersonate a service account.

Buy Now
Questions 86

Your team maintains the infrastructure for your organization. The current infrastructure requires changes. You need to share your proposed changes with the rest of the team. You want to follow Google’s recommended best practices. What should you do?

Options:

A.

Use Deployment Manager templates to describe the proposed changes and store them in a Cloud Storage bucket.

B.

Use Deployment Manager templates to describe the proposed changes and store them in Cloud Source Repositories.

C.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in a shared Storage bucket.

D.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in Cloud Source Repositories.

Buy Now
Questions 87

Your web application is hosted on Cloud Run and needs to query a Cloud SOL database. Every morning during a traffic spike, you notice API quota errors in Cloud SOL logs. The project has already reached the maximum API quota. You want to make a configuration change to mitigate the issue. What should you do?

Options:

A.

Modify the minimum number of Cloud Run instances.

B.

Set a minimum concurrent requests environment variable for the application.

C.

Modify the maximum number of Cloud Run instances.

D.

Use traffic splitting.

Buy Now
Questions 88

You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?

Options:

A.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

B.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

C.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

D.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Buy Now
Questions 89

Your customer wants you to create a secure, publicly accessible website with autoscaling based on the compute instance CPU load. You want to enhance performance by storing static content in Cloud Storage. Which resources are needed to distribute the user traffic?

Options:

A.

A cross-region internal Application Load Balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

B.

A global external Application Load Balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

C.

A global external Network Load Balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

D.

A global external Application Load Balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

Buy Now
Questions 90

Your company runs one batch process in an on-premises server that takes around 30 hours to complete. The task runs monthly, can be performed offline, and must be restarted if interrupted. You want to migrate this workload to the cloud while minimizing cost. What should you do?

Options:

A.

Migrate the workload to a Compute Engine Preemptible VM.

B.

Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.

C.

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

D.

Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload.

Buy Now
Questions 91

Your customer wants you to create a secure website with autoscaling based on the compute instance CPU load. You want to enhance performance by storing static content in Cloud Storage. Which resources are needed to distribute the user traffic?

Options:

A.

An internal HTTP(S) load balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

B.

An external HTTP(S) load balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

C.

An external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

D.

An external network load balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

Buy Now
Questions 92

You have downloaded and installed the gcloud command line interface (CLI) and have authenticated with your Google Account. Most of your Compute Engine instances in your project run in the europe-west1-d zone. You want to avoid having to specify this zone with each CLI command when managing these instances. What should you do?

Options:

A.

Set the europe-west1-d zone as the default zone using the gcloud config subcommand.

B.

In the Settings page for Compute Engine under Default location, set the zone to europe–west1-d.

C.

In the CLI installation directory, create a file called default.conf containing zone=europe–west1–d.

D.

Create a Metadata entry on the Compute Engine page with key compute/zone and value europe–west1–d.

Buy Now
Questions 93

You are defining a standard procedure for managing team access to hundreds of Google Cloud resources. Your organization uses Cloud Identity as its primary identity provider, and you want to base access on team membership. You need a solution that simplifies the process of granting and revoking access as individuals join and leave teams. Your solution must minimize administrative effort and follow Google-recommended security practices. What should you do?

Options:

A.

For each team, create a Google Group in Cloud Identity with the cloudidentity.googleapis.com/groups.discussion_forum group property label. Add team members to the group, and use the group in IAM policies.

B.

For each team, create a service account. Grant each team member the IAM permission to impersonate that service account.

C.

For each team, create a service account. Grant each team member the IAM permission to generate and download keys for that service account.

D.

For each team, create a Google Group in Cloud Identity with the cloudidentity.googleapis.com/groups.discussion_forum and cloudidentity.googleapis.com/groups.security group property labels. Add team members to the group, and use the group in IAM policies.

Buy Now
Questions 94

You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do?

Options:

A.

Provision preemptible Compute Engine instances.

B.

Provision Compute Engine instances with GPUs attached.

C.

Provision Compute Engine instances with local SSDs attached.

D.

Provision Compute Engine instances with M1 machine type.

Buy Now
Questions 95

You need to migrate invoice documents stored on-premises to Cloud Storage. The documents have the following storage requirements:

• Documents must be kept for five years.

• Up to five revisions of the same invoice document must be stored, to allow for corrections.

• Documents older than 365 days should be moved to lower cost storage tiers.

You want to follow Google-recommended practices to minimize your operational and development costs. What should you do?

Options:

A.

Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.

B.

Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

C.

Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.

D.

Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.

Buy Now
Questions 96

You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do?

Options:

A.

When creating the instances, specify a Service Account for each instance

B.

When creating the instances, assign the name of each Service Account as instance metadata

C.

After starting the instances, use gcloud compute instances update to specify a Service Account for each instance

D.

After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata

Buy Now
Questions 97

You need to set a budget alert for use of Compute Engineer services on one of the three Google Cloud Platform projects that you manage. All three projects are linked to a single billing account. What should you do?

Options:

A.

Verify that you are the project billing administrator. Select the associated billing account and create a budget and alert for the appropriate project.

B.

Verify that you are the project billing administrator. Select the associated billing account and create a budget and a custom alert.

C.

Verify that you are the project administrator. Select the associated billing account and create a budget for the appropriate project.

D.

Verify that you are project administrator. Select the associated billing account and create a budget and a custom alert.

Buy Now
Questions 98

You are planning to migrate your containerized workloads to Google Kubernetes Engine (GKE). You need to determine which GKE option to use. Your solution must have high availability, minimal downtime, and the ability to promptly apply security updates to your nodes. You also want to pay only for the compute resources that your workloads use without managing nodes. You want to follow Google-recommended practices and minimize operational costs. What should you do?

Options:

A.

Configure a Standard multi-zonal GKE cluster.

B.

Configure an Autopilot GKE cluster.

C.

Configure a Standard zonal GKE cluster.

D.

Configure a Standard regional GKE cluster.

Buy Now
Questions 99

You are building a data lake on Google Cloud for your Internet of Things (loT) application. The loT application has millions of sensors that are constantly streaming structured and unstructured data to your backend in the cloud. You want to build a highly available and resilient architecture based on Google-recommended practices. What should you do?

Options:

A.

Stream data to Pub/Sub, and use Dataflow to send data to Cloud Storage

B.

Stream data to Pub/Sub. and use Storage Transfer Service to send data to BigQuery.

C.

Stream data to Dataflow, and use Storage Transfer Service to send data to BigQuery.

D.

Stream data to Dataflow, and use Dataprep by Trifacta to send data to Bigtable.

Buy Now
Questions 100

Your continuous integration and delivery (CI/CD) server can ' t execute Google Cloud actions in a specific project because of permission issues. You need to validate whether the used service account has the appropriate roles in the specific project. What should you do?

Options:

A.

Open the Google Cloud console, and run a query to determine which resources this service account can access.

B.

Open the Google Cloud console, and run a query of the audit logs to find permission denied errors for this service account.

C.

Open the Google Cloud console, and check the organization policies.

D.

Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.

Buy Now
Questions 101

You are deploying a production application on Compute Engine. You want to prevent anyone from accidentally destroying the instance by clicking the wrong button. What should you do?

Options:

A.

Disable the flag “Delete boot disk when instance is deleted.”

B.

Enable delete protection on the instance.

C.

Disable Automatic restart on the instance.

D.

Enable Preemptibility on the instance.

Buy Now
Questions 102

Your auditor wants to view your organization ' s use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need. What should you do?

Options:

A.

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

B.

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

C.

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

D.

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

Buy Now
Questions 103

Your managed instance group raised an alert stating that new instance creation has failed to create new instances. You need to maintain the number of running instances specified by the template to be able to process expected application traffic. What should you do?

Options:

A.

Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names.

B.

Create an instance template that contains valid syntax that will be used by the instance group. Verify that the instance name and persistent disk name values are not the same in the template.

C.

Verify that the instance template being used by the instance group contains valid syntax. Delete any persistent disks with the same name as instance names. Set the disks.autoDelete property to true in the instance template.

D.

Delete the current instance template and replace it with a new instance template. Verify that the instance name and persistent disk name values are not the same in the template. Set the disks.autoDelete property to true in the instance template.

Buy Now
Questions 104

You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

Options:

A.

Enable API and then share charts from project A, B, and C.

B.

Enable API and then give the metrics.reader role to projects A, B, and C.

C.

Enable API and then use default dashboards to view all projects in sequence.

D.

Enable API, create a workspace under project A, and then add project B and C.

Buy Now
Questions 105

You are developing a new web application that will be deployed on Google Cloud Platform. As part of your release cycle, you want to test updates to your application on a small portion of real user traffic. The majority of the users should still be directed towards a stable version of your application. What should you do?

Options:

A.

Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version

B.

Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service.

C.

Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version

D.

Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment.

Buy Now
Questions 106

You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

Options:

A.

Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.

B.

Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.

C.

Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.

D.

Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

Buy Now
Questions 107

You are building an application that processes data files uploaded from thousands of suppliers. Your primary goals for the application are data security and the expiration of aged data. You need to design the application to:

•Restrict access so that suppliers can access only their own data.

•Give suppliers write access to data only for 30 minutes.

•Delete data that is over 45 days old.

You have a very short development cycle, and you need to make sure that the application requires minimal maintenance. Which two strategies should you use? (Choose two.)

Options:

A.

Build a lifecycle policy to delete Cloud Storage objects after 45 days.

B.

Use signed URLs to allow suppliers limited time access to store their objects.

C.

Set up an SFTP server for your application, and create a separate user for each supplier.

D.

Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.

E.

Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

Buy Now
Questions 108

You host your website on Compute Engine. The number of global users visiting your website is rapidly expanding. You need to minimize latency and support user growth in multiple geographical regions. You also want to follow Google-recommended practices and minimize operational costs. Which two actions should you take?

Choose 2 answers

Options:

A.

Use a Network Load Balancer

B.

Deploy your VMs in multiple Google Cloud regions closest to your users ' geographical locations.

C.

Use an external Application Load Balancer in Global mode.

D.

Use an external Application Load Balancer in Regional mode.

E.

Deploy all of your VMs in a single Google Cloud region with the largest available CIDR range.

Buy Now
Exam Name: Google Cloud Certified - Associate Cloud Engineer
Last Update: Jul 4, 2026
Questions: 332
Associate-Cloud-Engineer pdf

Associate-Cloud-Engineer PDF

$25.5  $84.99
Associate-Cloud-Engineer Engine

Associate-Cloud-Engineer Testing Engine

$30  $99.99
Associate-Cloud-Engineer PDF + Engine

Associate-Cloud-Engineer PDF + Testing Engine

$40.5  $134.99