Google Associate Cloud Engineer Practice Exam

GOOGLE-CLOUD-ENGINEER-ASSOCIATE

Google Associate Cloud Engineer Practice Exam

Notes: Hi all, Google Associate Cloud Engineer Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics.
We highly recommend you should take Google Associate Cloud Engineer Guarantee Part because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.

1. You are a project owner and need your co-worker to deploy a new version of your application to App Engine. You want to follow Google’s recommended practices. Which IAM roles should you grant your co-worker?

A. Project Editor
B. App Engine Service Admin
C. App Engine Deployer
D. App Engine Code Viewer
Hint Answer: C
https://cloud.google.com/iam/docs/understanding-roles

2. Your company has reserved a monthly budget for your project. You want to be informed automatically of your project spend so that you can take action when you approach the limit. What should you do?

A. Link a credit card with a monthly limit equal to your budget.
B. Create a budget alert for 50%, 90%, and 100% of your total monthly budget.
C. In App Engine Settings, set a daily budget at the rate of 1/30 of your monthly budget.
D. In the GCP Console, configure billing export to BigQuery. Create a saved view that queries your total spend.
Hint Answer: B
https://cloud.google.com/appengine/pricing#spending_limit
https://cloud.google.com/billing/docs/how-to/budgets

3. You have a project using BigQuery. You want to list all BigQuery jobs for that project. You want to set this project as the default for the bq command-line tool. What should you do?

A. Use “gcloud config set project” to set the default project.
B. Use “bq config set project” to set the default project.
C. Use “gcloud generate config-url” to generate a URL to the Google Cloud Platform Console to set the default project.
D. Use “bq generate config-url” to generate a URL to the Google Cloud Platform Console to set the default project.
Hint Answer: A
https://cloud.google.com/bigquery/docs/reference/bq-cli-reference
https://cloud.google.com/sdk/gcloud/reference/config/set

4. Your project has all its Compute Engine resources in the europe-west1 region. You want to set europe-west1 as the default region for gcloud commands. What should you do?

A. Use Cloud Shell instead of the command line interface of your device. Launch Cloud Shell after you navigate to a resource in the europe-west1 region. The europe-west1 region will automatically become the default region.
B. Use “gcloud config set compute/region europe-west1” to set the default region for future gcloud commands.
C. Use “gcloud config set compute/zone europe-west1” to set the default region for future gcloud commands.
D. Create a VPN from on-premises to a subnet in europe-west1, and use that connection when executing gcloud commands.
Hint Answer: B
https://cloud.google.com/compute/docs/regions-zones/changing-default-zone-region

5. You developed a new application for App Engine and are ready to deploy it to production. You need to estimate the costs of running your application on Google Cloud Platform as accurately as possible. What should you do?

A. Create a YAML file with the expected usage. Pass this file to the “gcloud app estimate” command to get an accurate estimation.
B. Multiply the costs of your application when it was in development by the number of expected users to get an accurate estimation.
C. Use the pricing calculator for App Engine to get an accurate estimation of the expected charges.
D. Create a ticket with Google Cloud Billing Support to get an accurate estimation.
Hint Answer: C is correct because this is the proper way to estimate charges

6. Your company processes high volumes of IoT data that are time-stamped. The total data volume can be several petabytes. The data needs to be written and changed at a high speed. You want to use the most performant storage option for your data. Which product should you use?

A. Cloud Datastore
B. Cloud Storage
C. Cloud Bigtable
D. BigQuery
Hint Answer: C is correct because Cloud Bigtable is the most performant storage option to work with IoT and time series data.
https://cloud.google.com/bigtable/docs/schema-design-time-series

7. Your application has a large international audience and runs stateless virtual machines within a managed instance group across multiple locations. One feature of the application lets users upload files and share them with other users. Files must be available for 30 days; after that, they are removed from the system entirely. Which storage solution should you choose?

A. A Cloud Datastore database.
B. A multi-regional Cloud Storage bucket.
C. Persistent SSD on virtual machine instances.
D. A managed instance group of Filestore servers.
Hint Answer: B is correct because buckets can be multi-regional and have lifecycle management.

8. You have a definition for an instance template that contains a web application. You are asked to deploy the application so that it can scale based on the HTTP traffic it receives. What should you do?

A. Create a VM from the instance template. Create a custom image from the VM’s disk. Export the image to Cloud Storage. Create an HTTP load balancer and add the Cloud Storage bucket as its backend service.
B. Create a VM from the instance template. Create an App Engine application in Automatic Scaling mode that forwards all traffic to the VM.
C. Create a managed instance group based on the instance template. Configure autoscaling based on HTTP traffic and configure the instance group as the backend service of an HTTP load balancer.
D. Create the necessary amount of instances required for peak user traffic based on the instance template. Create an unmanaged instance group and add the instances to that instance group. Configure the instance group as the Backend Service of an HTTP load balancer.
Hint Answer: C is correct because a managed instance group can use an instance template to scale based on HTTP traffic.
https://cloud.google.com/compute/docs/instance-groups/#managed_instance_groups_and_autoscaling
https://cloud.google.com/compute/docs/images/export-image
https://cloud.google.com/compute/docs/load-balancing/http/adding-a-backend-bucket-to-content-based-load-balancing

9. You are creating a Kubernetes Engine cluster to deploy multiple pods inside the cluster. All container logs must be stored in BigQuery for later analysis. You want to follow Google-recommended practices. Which two approaches can you take?

A. Turn on Stackdriver Logging during the Kubernetes Engine cluster creation.
B. Turn on Stackdriver Monitoring during the Kubernetes Engine cluster creation.
C. Develop a custom add-on that uses Cloud Logging API and BigQuery API. Deploy the add-on to your Kubernetes Engine cluster.
D. Use the Stackdriver Logging export feature to create a sink to Cloud Storage. Create a Cloud Dataflow job that imports log files from Cloud Storage to BigQuery.
E. Use the Stackdriver Logging export feature to create a sink to BigQuery. Specify a filter expression to export log records related to your Kubernetes Engine cluster only.
Hint Answer: A Is correct because creating a cluster with Stackdriver Logging option will enable all the container logs to be stored in Stackdriver Logging.
E Is correct because Stackdriver Logging support exporting logs to BigQuery by creating sinks
https://cloud.google.com/kubernetes-engine/docs/how-to/logging
https://cloud.google.com/logging/docs/export/configure_export_v2
https://kubernetes.io/docs/reference/labels-annotations-taints/

10. You need to create a new Kubernetes Cluster on Google Cloud Platform that can autoscale the number of worker nodes. What should you do?

A. Create a cluster on Kubernetes Engine and enable autoscaling on Kubernetes Engine.
B. Create a cluster on Kubernetes Engine and enable autoscaling on the instance group of the cluster.
C. Configure a Compute Engine instance as a worker and add it to an unmanaged instance group. Add a load balancer to the instance group and rely on the load balancer to create additional Compute Engine instances when needed.
D. Create Compute Engine instances for the workers and the master, and install Kubernetes. Rely on Kubernetes to create additional Compute Engine instances when needed.
Hint Answer: A is correct because this is the way to set up an autoscaling Kubernetes cluster.
https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler

11. You have an application server running on Compute Engine in the europe-west1-d zone. You need to ensure high availability and replicate the server to the europe-west2-c zone using the fewest steps possible. What should you do?

A. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west2-c zone. Create a new VM with that disk.
B. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west1-d zone and then move the disk to europe-west2-c. Create a new VM with that disk.
C. Use “gcloud” to copy the disk to the europe-west2-c zone. Create a new VM with that disk.
D. Use “gcloud compute instances move” with parameter “–destination-zone europe-west2-c” to move the instance to the new zone.
Hint Answer: A is correct because this makes sure the VM gets replicated in the new zone.

12. Your company has a mission-critical application that serves users globally. You need to select a transactional, relational data storage system for this application. Which two products should you consider

A. BigQuery
B. Cloud SQL
C. Cloud Spanner
D. Cloud Bigtable
E. Cloud Datastore
Hint Answer: B is correct because Cloud SQL is a relational and transactional database in the list.
C Is correct because Spanner is a relational and transactional database in the list.

13. You have a Kubernetes cluster with 1 node-pool. The cluster receives a lot of traffic and needs to grow. You decide to add a node. What should you do?

A. Use “gcloud container clusters resize” with the desired number of nodes.
B. Use “kubectl container clusters resize” with the desired number of nodes.
C. Edit the managed instance group of the cluster and increase the number of VMs by 1.
D. Edit the managed instance group of the cluster and enable autoscaling.
Hint Answer: A is correct because this resizes the cluster to the desired number of nodes.

14. You created an update for your application on App Engine. You want to deploy the update without impacting your users. You want to be able to roll back as quickly as possible if it fails. What should you do?

A. Delete the current version of your application. Deploy the update using the same version identifier as the deleted version.
B. Notify your users of an upcoming maintenance window. Deploy the update in that maintenance window.
C. Deploy the update as the same version that is currently running.
D. Deploy the update as a new version. Migrate traffic from the current version to the new version.
Hint Answer: D is correct because this makes sure there is no downtime and you can roll back the fastest.
https://cloud.google.com/appengine/docs/admin-api/migrating-splitting-traffic

15. You have created a Kubernetes deployment, called Deployment-A, with 3 replicas on your cluster. Another deployment, called Deployment-B, needs access to Deployment-A. You cannot expose Deployment-A outside of the cluster. What should you do?

A. Create a Service of type NodePort for Deployment A and an Ingress Resource for that Service. Have Deployment B use the Ingress IP address.
B. Create a Service of type LoadBalancer for Deployment A. Have Deployment B use the Service IP address.
C. Create a Service of type LoadBalancer for Deployment A and an Ingress Resource for that Service. Have Deployment B use the Ingress IP address.
D. Create a Service of type ClusterIP for Deployment A. Have Deployment B use the Service IP address.
Hint Answer: D is correct because this exposes the service on a cluster-internal IP address. Choosing this method makes the service reachable only from within the cluster.
https://kubernetes.io/docs/concepts/services-networking/service/

16. You need to estimate the annual cost of running a Bigquery query that is scheduled to run nightly. What should you do?

A. Use “gcloud query –dry_run” to determine the number of bytes read by the query. Use this number in the Pricing Calculator.
B. Use “bq query –dry_run” to determine the number of bytes read by the query. Use this number in the Pricing Calculator.
C. Use “gcloud estimate” to determine the amount billed for a single query. Multiply this amount by 365.
D. Use “bq estimate” to determine the amount billed for a single query. Multiply this amount by 365.
Hint Answer: B is correct because this is the correct way to estimate the yearly BigQuery querying costs.

17. You want to find out who in your organization has Owner access to a project called “my-project”.What should you do?

A. In the Google Cloud Platform Console, go to the IAM page for your organization and apply the filter “Role:Owner”.
B. In the Google Cloud Platform Console, go to the IAM page for your project and apply the filter “Role:Owner”.
C. Use “gcloud iam list-grantable-role –project my-project” from your Terminal.
D. Use “gcloud iam list-grantable-role” from Cloud Shell on the project page.
Hint Answer: B is correct because this shows you the Owners of the project.

18. You want to create a new role for your colleagues that will apply to all current and future projects created in your organization. The role should have the permissions of the BigQuery Job User and Cloud Bigtable User roles. You want to follow Google’s recommended practices. How should you create the new role?

A. Use “gcloud iam combine-roles –global” to combine the 2 roles into a new custom role.
B. For one of your projects, in the Google Cloud Platform Console under Roles, select both roles and combine them into a new custom role. Use “gcloud iam promote-role” to promote the role from a project role to an organization role.
C. For all projects, in the Google Cloud Platform Console under Roles, select both roles and combine them into a new custom role.
D. For your organization, in the Google Cloud Platform Console under Roles, select both roles and combine them into a new custom role.
Hint Answer: D is correct because this creates a new role with the combined permissions on the organization level.

19. You work in a small company where everyone should be able to view all resources of a specific project. You want to grant them access following Google’s recommended practices. What should you do?

A. Create a script that uses “gcloud projects add-iam-policy-binding” for all users’ email addresses and the Project Viewer role.
B. A. Create a script that uses “gcloud iam roles create” for all users’ email addresses and the Project Viewer role.
C. Create a new Google Group and add all users to the group. Use “gcloud projects add-iam-policy-binding” with the Project Viewer role and Group email address.
D. Create a new Google Group and add all members to the group. Use “gcloud iam roles create” with the Project Viewer role and Group email address.
Hint Answer: C is correct because Google recommends to use groups where possible.
https://cloud.google.com/sdk/gcloud/reference/iam/

20. You need to verify the assigned permissions in a custom IAM role. What should you do?

A. Use the GCP Console, IAM section to view the information.
B. Use the “gcloud init” command to view the information.
C. Use the GCP Console, Security section to view the information.
D. Use the GCP Console, API section to view the information.
Hint Answer: A is correct because this is the correct console area to view permission assigned to a custom role in a particular project.
https://cloud.google.com/iam/docs/understanding-roles
https://cloud.google.com/iam/docs/creating-custom-roles

21. Which of the following services provides real-time messaging?
A. Cloud Pub/Sub
B. Big Query
C. App Engine
D. Datastore
Answer: A

22. Which of the following tasks would Nearline Storage be well suited for?
A. A mounted Linux file system
B. Image assets for a high traffic website
C. Frequently read files
D. Infrequently read data backups
Answer: D
https://cloud.google.com/storage/docs/storage-classes#comparison_of_storage_classes

23. Which of the following products will allow you to administer your projects through a browser based command-line?
A. Cloud Datastore
B. Cloud Command-line
C. Cloud Terminal
D. Cloud Shell
Answer: D
https://cloud.google.com/shell/

24. Cloud SQL is based on which database engine?
A. Microsoft SQL Server
B. MySQL
C. Oracle
D. Informix
Answer: B
https://cloud.google.com/sql/docs/features#differences

25. Which of the following products will allow you to perform live debugging without stopping your application?
A. App Engine Active Debugger (AEAD)
B. Stackdriver Debugger
C. Code Inspector
D. Pause IT
Answer: B
https://cloud.google.com/debugger/docs/

26. Which of these options is not a valid Cloud Storage class?
A. Glacier Storage
B. Nearline Storage
C. Coldline Storage
D. Regional Storage
Answer: A
https://cloud.google.com/storage/docs/storage-classes

27. Regarding Cloud Storage, which option allows any user to access to a Cloud Storage resource for a limited time, using a specific URL?
A. Open Buckets
B. Temporary Resources
C. Signed URLs
D. Temporary URLs
Answer: C
https://cloud.google.com/storage/docs/access-control/signed-urls

28. Of the options given, which is a NoSQL database?
A. Cloud Datastore
B. Cloud SQL
C. All of the given options
D. Cloud Storage
Answer: A
https://cloud.google.com/appengine/docs/python/datastore/

29. Container Engine allows orchastration of what type of containers?
A. Blue Whale
B. LXC
C. BSD Jails
D. Docker
Answer: D

30. Regarding Cloud IAM, what type of role(s) are available?
A. Basic roles and Compiled roles
B. Primitive roles and Predefined roles
C. Simple roles
D. Basic roles and Curated roles
Answer: B
https://cloud.google.com/iam/docs/overview

31. Which of the follow products will allow you to host a static website?
A. Cloud SDK
B. Cloud Endpoints
C. Cloud Storage
D. Cloud Datastore
Answer: C

32. Container Engine is built on which open source system?
A. Swarm
B. Kubernetes
C. Docker Orchastrate
D. Mesos
Answer: B
https://cloud.google.com/container-engine/

33. Cloud Source Repositories provide a hosted version of which version control system?
A. Git
B. RCS
C. SVN
D. Mercurial
Answer: A
https://cloud.google.com/source-repositories/docs/

34. Which of the following is an analytics data warehouse?
A. Cloud SQL
B. Big Query
C. Datastore
D. Cloud Storage
Answer: B
https://cloud.google.com/bigquery/

35. Which service offers the ability to create and run virtual machines?
A. Google Virtualization Engine
B. Compute Containers
C. VM Engine
D. Compute Engine
Answer: D
https://cloud.google.com/compute/

36. Which of the following is not helpful for mitigating the impact of an unexpected failure or reboot?
A. Use persistent disks
B. Configure tags and labels
C. Use startup scripts to re-configure the system as needed
D. Back up your data
Answer: B
https://cloud.google.com/compute/docs/tutorials/robustsystems

37. Which tool allows you to sync data in your Google domain with Active Directory?
A. Google Cloud Directory Sync (GCDS)
B. Google Active Directory (GAD)
C. Google Domain Sync Service
D. Google LDAP Sync
Answer: A
https://support.google.com/a/answer/106368?hl=en

38. Regarding Cloud Storage: which of the following allows for time-limited access to buckets and objects without a Google account?
A. Signed URLs
B. gsutil
C. Single sign-on
D. Temporary Storage Accounts
Answer: A
https://cloud.google.com/storage/docs/access-control/signed-urls

39. Which of the following is a virtual machine instance that can be terminated by Compute Engine without warning?
A. A preemptible VM
B. A shared-core VM
C. A high-cpu VM
D. A standard VM
Answer: A
https://cloud.google.com/compute/docs/instances/preemptible

40. Regarding Compute Engine: What is a managed instance group?
A. A managed instance group combines existing instances of different configurations into one manageable group
B. A managed instance group uses an instance template to create identical instances
C. A managed instance group creates a firewall around instances
D. A managed instance group is a set of servers used exclusively for batch processing
Answer: B
https://cloud.google.com/compute/docs/instance-groups/

41. What type of firewall rule(s) does Google Cloud’s networking support?
A. deny
B. allow, deny & filtered
C. allow
D. allow & deny
Answer: A
https://cloud.google.com/compute/docs/networking

42. How are subnetworks different than the legacy networks?
A. They’re the same, only the branding is different
B. Each subnetwork controls the IP address range used for instances that are allocated to that subnetwork
C. With subnetworks IP address allocation occurs at the global network level
D. Legacy networks are the preferred way to create networks
Answer: B
https://cloud.google.com/compute/docs/subnetworks

43. Which of the following is not a valid metric for triggering autoscaling?
A. Google Cloud Pub/Sub queuing
B. Average CPU utilization
C. Stackdriver Monitoring metrics
D. App Engine Task Queues
Answer: D
https://cloud.google.com/compute/docs/autoscaler/

44. Which of the following features makes applying firewall settings easier?
A. Service accounts
B. Tags
C. Metadata
D. Labels
Answer: B
https://cloud.google.com/compute/docs/label-or-tag-resources

45. What option does Cloud SQL offer to help with high availability?
A. Point-in-time recovery
B. The AlwaysOn setting
C. Snapshots
D. Failover replicas
Answer: D
https://cloud.google.com/sql/docs/configure-ha#test

46. Regarding Compute Engine: when executing a startup script on a Linux server which user does the instance execute the script as?
A. ubuntu
B. The Google provided “gceinstance” user
C. Whatever user you specify in the console
D. root
Answer: D
https://cloud.google.com/compute/docs/startupscript

47. Which of the follow methods will not cause a shutdown script to be executed?
A. When an instance shuts down through a request to the guest operating system
B. A preemptible instance being terminated
C. An instances.reset API call
D. Shutting down via the cloud console
Answer: C
https://cloud.google.com/compute/docs/shutdownscript

48. Which type of account would you use in code when you want to interact with Google Cloud services?
A. Google group
B. Service account
C. Code account
D. Google account
Answer: B
https://cloud.google.com/iam/docs/overview

49. Which of the following is not an IAM best practice?
A. Use primitive roles by default
B. Treat each component of your application as a separate trust boundary
C. Grant roles at the smallest scope needed
D. Restrict who has access to create and manage service accounts in your project
Answer: A
https://cloud.google.com/iam/docs/using-iam-securely

50. Which of the following would not reduce your recovery time in the event of a disaster?
A. Make it as easy as possible to adjust the DNS record to cut over to your warm standby server.
B. Replace your warm standby server with a hot standby server.
C. Use a highly preconfigured machine image for deploying new instances.
D. Replace your active/active hybrid production environment (on-premises and GCP) with a warm standby server.
Answer: D
https://cloud.google.com/solutions/disaster-recovery-cookbook

51. Which of the following is not a best practice for mitigating Denial of Service attacks on your Google Cloud infrastructure?
A. Block SYN floods using Cloud Router
B. Isolate your internal traffic from the external world
C. Scale to absorb the attack
D. Reduce the attack surface for your GCE deployment
Answer: A
https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf

52. Which is the fastest instance storage option that will still be available when an instance is stopped?
A. Local SSD
B. Standard Persistent Disk
C. SSD Persistent Disk
D. RAM disk
Answer: C
https://cloud.google.com/compute/docs/disks/

53. Which of these statements about Microsoft licenses is true?
A. You can migrate your existing Microsoft application licenses to Compute Engine instances, but not your Microsoft Windows licenses.
B. You can migrate your existing Microsoft Windows and Microsoft application licenses to Compute Engine instances.
C. You cannot migrate your existing Microsoft Windows or Microsoft application licenses to Compute Engine instances.
D. You can migrate your existing Microsoft Windows licenses to Compute Engine instances, but not your Microsoft application licenses.
Answer: B
https://cloud.google.com/compute/docs/instances/windows/bring-your-own-license/

54. Which database services support standard SQL queries?
A. Cloud Bigtable and Cloud SQL
B. Cloud Spanner and Cloud SQL
C. Cloud SQL and Cloud Datastore
D. Cloud SQL
Answer: B
https://cloud.google.com/products/storage/

55. Which statement about IP addresses is false?
A. You are charged for a static external IP address for every hour it is in use.
B. You are not charged for ephemeral IP addresses.
C. Google Cloud Engine supports only IPv4 addresses, not IPv6.
D. You are charged for a static external IP address when it is assigned but unused.
Answer: A
https://cloud.google.com/compute/all-pricing

56. Which Google Cloud Platform service requires the least management because it takes care of the underlying infrastructure for you?
A. Container Engine
B. Cloud Engine
C. App Engine
D. Docker containers running on Cloud Engine
Answer: C

57. To ensure that your application will handle the load even if an entire zone fails, what should you do?
A. Don’t select the “Multizone” option when creating your managed instance group.
B. Spread your managed instance group over two zones and overprovision by 100%.
C. Create a regional unmanaged instance group and spread your instances across multiple zones.
D. Overprovision your regional managed instance group by at least 50%.
Answer: D
https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups

58. If you do not grant a user named Bob permission to access a Cloud Storage bucket, but then use an ACL to grant access to an object inside that bucket to Bob, what will happen?
A. Bob will be able to access all of the objects inside the bucket because he was granted access to at least one object in the bucket.
B. Bob will be able to access the object because bucket and object ACLs are independent of each other.
C. Bob will not be able to access the object because he does not have access to the bucket.
D. It is not possible to grant access to an object when it is inside a bucket for which a user does not have access.
Answer: B
https://cloud.google.com/storage/docs/best-practices#security

59. To set up a virtual private network between your office network and Google Cloud Platform and have the routes automatically updated when the network topology changes, what is the minimal number of each type of component you need to implement?
A. 2 Cloud VPN Gateways and 1 Peer Gateway
B. 1 Cloud VPN Gateway, 1 Peer Gateway, and 1 Cloud Router
C. 2 Peer Gateways and 1 Cloud Router
D. 2 Cloud VPN Gateways and 1 Cloud Router
Answer: B
https://cloud.google.com/compute/docs/cloudrouter#cloud_router_for_vpns_with_vpc_networks

60. Which of the following statements about encryption on GCP is not true?
A. Google Cloud Platform encrypts customer data stored at rest by default.
B. Each encryption key is itself encrypted with a set of master keys.
C. If you want to manage your own encryption keys for data on Google Cloud Storage, the only option is Customer-Managed Encryption Keys (CMEK) using Cloud KMS.
D. Data in Google Cloud Platform is broken into subfile chunks for storage, and each chunk is encrypted at the storage level with an individual encryption key.
Answer: C
https://cloud.google.com/security/encryption-at-rest/

61. Which database service requires that you configure a failover replica to make it highly available?
A. Cloud Spanner
B. Cloud SQL
C. BigQuery
D. Cloud Datastore
Answer: B
https://cloud.google.com/sql/docs/mysql/configure-ha

62. Which of these is not a principle you should apply when setting roles and permissions?
A. Whenever possible, assign roles to groups instead of to individuals.
B. Grant users the appropriate permissions to facilitate least privilege
C. Whenever possible, assign primitive roles rather than predefined roles.
D. Audit all policy changes by checking the Cloud Audit Logs.
Answer: C
https://cloud.google.com/iam/docs/using-iam-securely

63. Which of these is not a recommended method of authenticating an application with a Google Cloud service?
A. Use the gcloud and/or gsutil commands.
B. Request an OAuth2 access token and use it directly.
C. Embed the service account’s credentials in the application’s source code.
D. Use one of the Google Cloud Client Libraries.
Answer: C
https://cloud.google.com/docs/authentication#token_lifecycle_management

64. What are two different features that fully isolate groups of VM instances?
A. Firewall rules and subnetworks
B. Networks and subnetworks
C. Subnetworks and projects
D. Projects and networks
Answer: D
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#use_projects_to_fully_isolate_resources

65. Suppose you have a web server that is working properly, but you can’t connect to its instance VM over SSH. Which of these troubleshooting methods can you use without disrupting production traffic? (Select 3 answers.)
A. Create a snapshot of the disk and use it to create a new disk; then attach the new disk to a new instance
B. Use netcat to try to connect to port 22
C. Access the serial console output
D. Create a startup script to collect information.
Answer: ABC

66. To configure Stackdriver to monitor a web server and let you know if it goes down, what steps do you need to take? (Select 2 answers.)
A. Install the Stackdriver Logging Agent on the web server
B. Create an alerting policy
C. Install the Stackdriver Monitoring Agent on the web server
D. Create an uptime check
Answer: BD

67. Which of these tools can you use to copy data from AWS S3 to Cloud Storage? (Select 2 answers.)
A. Cloud Storage Transfer Service
B. S3 Storage Transfer Service
C. Cloud Storage Console
D. gsutil
Answer: AD
https://cloud.google.com/storage/transfer/

68. What are two of the actions you can take to troubleshoot a virtual machine instance that won’t start up at all? (Select 2 answers.)
A. Increase the CPU and memory on the instance by changing the machine type.
B. Validate that your disk has a valid file system.
C. Examine your virtual machine instance’s serial port output.
D. Connect to your virtual machine instance using SSH.
Answer: BC
https://cloud.google.com/compute/docs/troubleshooting#pdboot

69. Which statements about application load testing are true? (Select 2 answers.)
A. You should test at the maximum load that you expect to encounter.
B. You should test at 50% more than the maximum load that you expect to encounter.
C. It is not necessary to test sudden increases in traffic since GCP scales seamlessly.
D. Your load tests should include testing sudden increases in traffic.
Answer: AD
https://cloud.google.com/appengine/articles/scalability#loadtesting

70. Which of these statements about resilience testing are true? (Select 2 answers.)
A. In a resilience test, your application should keep running with little or no downtime.
B. To test the resilience of an autoscaling instance group, you can terminate a random instance within that group.
C. In order for an application to survive instance failures, it should not be stateless.
D. Resilience testing is the same as disaster recovery testing.
Answer: AB
https://cloudacademy.com/google/managing-your-google-cloud-infrastructure-course/testing.html

71. Which combination of Stackdriver services will alert you about errors generated by your applications and help you locate the root cause in the code?
A. Monitoring, Trace, and Debugger
B. Monitoring and Error Reporting
C. Debugger and Error Reporting
D. Alerts and Debugger
Answer: C
https://cloud.google.com/products/

72. If you have configured Stackdriver Logging to export logs to BigQuery, but logs entries are not getting exported to BigQuery, what is the most likely cause?
A. The Cloud Data Transfer Service has not been enabled.
B. There isn’t a firewall rule allowing traffic between Stackdriver and BigQuery.
C. Stackdriver Logging does not have permission to write to the BigQuery dataset.
D. The size of the Stackdriver log entries being exported exceeds the maximum capacity of the BigQuery dataset.
Answer: C
https://cloud.google.com/logging/docs/export/configure_export_v2#errors_exporting_to_bigquery

73. You can use Stackdriver to monitor virtual machines on which cloud platforms?
A. Google Cloud Platform, Microsoft Azure
B. Google Cloud Platform
C. Google Cloud Platform, Microsoft Azure, Amazon Web Services
D. Google Cloud Platform, Amazon Web Services
Answer: D
https://cloud.google.com/stackdriver/

74. To minimize the risk of someone changing your log files to hide their activities, which of the following principles would help? (Select 3 answers.)
A. Restrict usage of the owner role for projects and log buckets.
B. Require two people to inspect the logs.
C. Implement object versioning on the log-buckets.
D. Encrypt the logs using Cloud KMS.
Answer: ABC
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#prevent_unwanted_changes_to_logs

75. If network traffic between one Google Compute Engine instance and another instance is being dropped, what is the most likely cause?
A. The instances are on a network with low bandwidth.
B. The TCP keep-alive setting is too short.
C. The instances are on a default network with no additional firewall rules.
D. A firewall rule was deleted.
Answer: D
https://cloud.google.com/compute/docs/troubleshooting#networktraffic

76. Which of the following practices can help you develop more secure software? (Select 3 answers.)
A. Penetration tests
B. Integrating static code analysis tools into your CI/CD pipeline
C. Encrypting your source code
D. Peer review of code
Answer: ABD

77. Which two places hold information you can use to monitor the effects of a Cloud Storage lifecycle policy on specific objects? (Select 2 answers.)
A. Cloud Storage Lifecycle Monitoring
B. Expiration time metadata
C. Access logs
D. Lifecycle config file
Answer: BC
https://cloud.google.com/storage/docs/lifecycle#expirationtime

78. If you have object versioning enabled on a multi-regional bucket, what will the following lifecycle config file do?

A. Archive objects older than 30 days (the second rule doesn’t do anything)
B. Delete objects older than 30 days (the second rule doesn’t do anything)
C. Archive objects older than 30 days and move objects to Coldline Storage after 365 days
D. Delete objects older than 30 days and move objects to Coldline Storage after 365 days
Answer: D
https://cloud.google.com/storage/docs/managing-lifecycles#enable

79. Which of the following statements about Stackdriver Trace are true? (Select 2 answers.)
A. Stackdriver Trace tracks the performance of the virtual machines running the application.
B. Stackdriver Trace tracks the latency of incoming requests.
C. Applications in App Engine automatically submit traces to Stackdriver Trace. Applications outside of App Engine need to use the Trace SDK or Trace API.
D. To make an application work with Stackdriver Trace, you need to add instrumentation code using the Trace SDK or Trace API, even if the application is in App
Answer: D
https://cloud.google.com/trace/docs/reference

80. You have been asked to select the storage system for the click-data of your company’s large portfolio of websites. This data is streamed in from a custom website analytics package at a typical rate of 6,000 clicks per minute. With bursts of up to 8,500 clicks per second. It must have been stored for future analysis by your data science and user experience teams.
Which storage infrastructure should you choose?
A. Google Cloud SQL
B. Google Cloud Bigtable
C. Google Cloud Storage
D. Google Cloud Datastore
Answer: B
https://cloud.google.com/storage-options/

81. You want to optimize the performance of an accurate, real-time, weather-charting application. The data comes from 50,000 sensors sending 10 readings a second, in the format of a timestamp and sensor reading.
Where should you store the data?
A. Google BigQuery
B. Google Cloud SQL
C. Google Cloud Bigtable
D. Google Cloud Storage
Answer: C
https://cloud.google.com/storage-options/

82. You have been asked to select the storage system for the click-data of your company’s large portfolio of websites. This data is streamed in from a custom website analytics package at a typical rate of 6,000 clicks per minute. With bursts of up to 8,500 clicks per second. It must have been stored for future analysis by your data science and user experience teams.
Which storage infrastructure should you choose?
A. Google Cloud SQL
B. Google Cloud Bigtable
C. Google Cloud Storage
D. Google Cloud Datastore
Answer: B

83. You want to optimize the performance of an accurate, real-time, weather-charting application. The data comes from 50,000 sensors sending 10 readings a second, in the format of a timestamp and sensor reading.
Where should you store the data?
A. Google BigQuery
B. Google Cloud SQL
C. Google Cloud Bigtable
D. Google Cloud Storage
Answer: C

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *