GCP Associate Cloud Engineer Exam Prep

¡Supera tus tareas y exámenes ahora con Quizwiz!

You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?

1. Create a service account. 2. Give the Cloud Run Invoker role to that service account for your Cloud Run application. 3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint. https://cloud.google.com/run/docs/tutorials/pubsub#integrating-pubsub

Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to design the networking infrastructure onGoogle Cloud to match these requirements. What should you do?

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

You are given a project with a single Virtual Private Cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?

1. Create a subnetwork in the same VPC, in europe-west1. 2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

For analysis purposes, you need to send all the logs from all of your Compute Engine instances to a BigQuery dataset called platform-logs. You have already installed the Cloud Logging agent on all the instances. You want to minimize cost. What should you do?

1. In Cloud Logging, create a filter to view only Compute Engine logs. 2. Click Create Export. 3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination. https://cloud.google.com/logging/docs/export/configure_export_v2

You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible. Which range should you use?

10.0.0.0/8

You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost-effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end. What should you do?

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using UDP. You want to make sure it is reachable by clients over that port. What should you do?

Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.

You are operating a Google Kubernetes Engine (GKE) cluster for your company where different teams can run non-production workloads. Your Machine Learning (ML) team needs access to Nvidia Tesla P100 GPUs to train their models. You want to minimize effort and cost. What should you do?

Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelector to their pod specification. https://cloud.google.com/kubernetes-engine/docs/how-to/gpus

You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same Deployment Manager deployment, you also want to create aDaemonSet in the kube-system namespace of the cluster. You want a solution that uses the fewest possible services. What should you do?

Add the cluster's API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet. https://cloud.google.com/deployment-manager/docs/configuration/type-providers/creating-type-provider

Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?

Add the group for the finance team to roles/billing viewer role.

You built an application on Google Cloud that uses Cloud Spanner. Your support team needs to monitor the environment but should not have access to table data. You need a streamlined solution to grant the correct permissions to your support team, and you want to follow Google-recommended practices. What should you do?

Add the support team group to the roles/monitoring.viewer role explanation: Monitoring Viewer Grants read-only access to Monitoring in the Google Cloud console and API.

Your organization has a dedicated person who creates and manages all service accounts for Google Cloud projects. You need to assign this person the minimum role for projects. What should you do

Add the user to roles/iam.serviceAccountAdmin role.

Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

Add your SREs to a group and then add this group to roles/accessapproval.approver role.

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM. https://cloud.google.com/sdk/gcloud/reference/compute/reset-windows-password

You are managing a project for the Business Intelligence (BI) department in your company. A data pipeline ingests data into BigQuery via streaming. You want the users in the BI department to be able to run the custom SQL queries against the latest data in BigQuery. What should you do?

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team

You created a Dockerfile, and you plan to deploy it on Google Kubernetes Engine (GKE). What should you do?

Build a docker image using the Dockerfile and upload it to the Google Container Registry (GCR). Create a Deployment YAML file to point to the image you just uploaded on the Container Registry. Utilize the kubectl command to create the deployment using the YAML file.

Your development team wants to migrate an on-premises web application, which is hosted in multiple VMs, to the Google Cloud Platform. The new cloud infrastructure must be highly available and can scale automatically based on CPU usage. You must also be able to access the new VMs directly. You need to implement this with the least number of steps while maintaining operational efficiency. What should you do?

Build an instance template on Compute Engine. Using the template, configure a managed instance group and enable autoscaling.

You are working for a finance company and are assigned to configure a relational database solution on Google Cloud Platform to support a small set of operational data in a particular geographical location. Your company requires the database to be highly reliable and supports point-in-time recovery while minimizing operating costs. What should you do?

Choose Cloud SQL (MySQL) and verify that the enable binary logging option is selected.

You are building a pipeline to process time-series data. Which Google Cloud Platform services should you put in boxes 1,2,3, and 4?

Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery https://cloud.google.com/solutions/correlating-time-series-dataflow

Your company has an internal application for managing transactional orders. The application is used exclusively by employees in a single physical location. The application requires strong consistency, fast queries, and ACID guarantees for multi-table transactional updates. The first version of the application is implemented in PostgreSQL, and you want to deploy it to the cloud with minimal code changes. Which database is most appropriate for this application?

Cloud SQL

Your company uses Cloud Storage to store application backup files for disaster recovery purposes. You want to follow Google's recommended practices. Which storage option should you use?

Coldline Storage

You have deployed multiple Linux instances on Compute Engine. You plan on adding more instances in the coming weeks. You want to be able to access all of these instances through your SSH client over the internet without having to configure specific access on the existing and new instances. You do not want theCompute Engine instances to have a public IP. What should you do?

Configure Cloud Identity-Aware Proxy for SSH and TCP resources

You are managing your company's cloud resources that are residing in multiple GCP projects. You are tasked to set up centralized monitoring of all the CPU, memory, and disk metrics of your resources. You want to follow Google's recommended best practices. What should you do?

Configure Metrics Scope in Cloud Monitoring. Create a new scoping project and include all GCP Projects for monitoring.

You need to monitor resources that are distributed over different projects in Google Cloud Platform. You want to consolidate reporting under the same StackdriverMonitoring dashboard. What should you do?

Configure a single Stackdriver account, and link all projects to the same account. https://cloud.google.com/monitoring/settings/multiple-projects

You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The files are used in a mission-critical analytics pipeline that is used continually. The users are in Boston, MA (United States). What should you do?

Configure regional storage for the region closest to the users. Configure a Standard storage class. Most Voted

Your company has an application hosted on a VM instance in Google Compute Engine. This application is configured to persist its system logs on the disk. You want to stream the application logs to troubleshoot a user-reported issue. What should you do?

Configure the Cloud Logging Agent on the VM instance to collect the logs. Navigate to Cloud Logging in the GCP console to view the logs.

You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool

You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods. What should you do?

Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers' Pods.

Your company decided to use the Google Kubernetes Engine service with local PersistentVolumes to handle its batch processing jobs. These jobs only run overnight to process non-critical workloads and can be restarted at any time. You are tasked to deploy the most cost-effective solution. What should you do?

Create a Google Kubernetes Engine Cluster. Create a node pool and select the Enable preemptible nodes checkbox.

You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer. https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer

Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?

Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role

You have a Dockerfile that you need to deploy on Kubernetes Engine. What should you do?

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file. https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app

You have successfully created a development environment in a project for an application. This application uses Compute Engine and Cloud SQL. Now you need to create a production environment for this application. The security team has forbidden the existence of network routes between these 2 environments and has asked you to follow Google-recommended practices. What should you do?

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?

Create a new service account and assign this service account to the new instance. Grant the service account permissions on Cloud Storage

You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images. The microservice responsible for the image rendering requires a large amount of CPU time compared to the memory it requires. The other microservices are workloads that are optimized for n1-standard machine types. You need to optimize your cluster so that all workloads are using resources as efficiently as possible. What should you do?

Create a node pool with compute-optimized machine type nodes for the image rendering microservice. Use the node pool with general-purpose machine type nodes for the other microservices.

You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to followGoogle-recommended practices. What should you do?

Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket. https://cloud.google.com/storage/docs/access-control/iam-roles

Your team deployed a new application on a VM instance on Google Compute Engine. You are expecting large traffic in the next coming weeks as your application becomes more popular. You want to launch multiple copies of your instance to handle this traffic. You want to follow Google's recommended best practices.

Create a snapshot of your instance boot disk. Create a custom image from the snapshot. Use the custom image to launch new instances.

Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy calledDomain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do

Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.

You need to manage a Cloud Spanner instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. If you exceed this threshold, add nodes to your instance.

Your organization is a financial company that needs to store audit log files for 3 years. Your organization has hundreds of Google Cloud projects. You need to implement a cost-effective approach for log file retention. What should you do?

Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket

The sales team has a project named Sales Data Digest that has the ID acme-data-digest. You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?

Create another project with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there.

You have a large 5-TB AVRO file stored in a Cloud Storage bucket. Your analysts are proficient only in SQL and need access to the data stored in this file. You want to find a cost-effective way to complete their request as soon as possible. What should you do?

Create external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request https://cloud.google.com/bigquery/external-data-sources

You have three different projects for your development, staging, and production environments in your GCP account. You want to use Cloud SDK to develop a script that generates a list of all Google Compute Engine instances in your account. What should you do?

Create three different configurations using the gcloud config command for your development, staging, and production environments. Use the gcloud compute instances list command to list all the compute resources for each configuration.

You have a Google Cloud Platform account with access to both production and development projects. You need to create an automated process to list all compute instances in development and production projects on a daily basis. What should you do?

Create two configurations using gcloud config. Write a script that sets configurations as active, individually. For each configuration, use gcloud compute instances list to get a list of compute resources.

You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do?

Deploy MongoDB Atlas from the Google Cloud Marketplace.

You are developing a new web application that will be deployed on Google Cloud Platform. As part of your release cycle, you want to test updates to your application on a small portion of real user traffic. The majority of the users should still be directed towards a stable version of your application. What should you do?

Deploy the application on App Engine. For each update, create a new version of the same service. Configure traffic splitting to send a small percentage of traffic to the new version.

You need to deploy an application, which is packaged in a container image, in a new project. The application exposes an HTTP endpoint and receives very few requests per day. You want to minimize costs. What should you do?

Deploy the container on Cloud Run.

You have a microservice running on Google Kubernetes Engine (GKE) cluster running on asia-southeast1 region. The GKE cluster has the autoscaler feature enabled. You realized that you need to monitor containers in your cluster. You have to deploy a monitoring pod on each node of your cluster that transmits container metrics to a third-party cloud monitoring system. What should you do?

Deploy the monitoring pod into your cluster in a DaemonSet object.

Your team wants to deploy several VMs on Compute Engine. Part of the plan is to spin up the required VMs using a dedicated YAML file to ensure that all VMs are deployed correctly and consistently. You want to follow Google's best practices. Which method should you choose?

Deployment Manager

You need to host an application on a Compute Engine instance in a project shared with other teams. You want to prevent the other teams from accidentally causing downtime on that application. Which feature should you use?

Enable deletion protection on the instance.

A team of data scientists infrequently needs to use a Google Kubernetes Engine (GKE) cluster that you manage. They require GPUs for some long-running, non- restartable jobs. You want to minimize cost. What should you do?

Enable node auto-provisioning on the GKE cluster

You have just created a new project which will be used to deploy a globally distributed application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You want to perform the first step in preparation of creating the instance. What should you do?

Enable the Cloud Spanner API.

You have created a new project in Google Cloud through the gcloud command line interface (CLI) and linked a billing account. You need to create a new ComputeEngine instance using the CLI. You need to perform the prerequisite steps. What should you do?

Enable the compute googleapis.com API.

You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

You need to verify that a Google Cloud Platform service account was created at a particular time. What should you do?

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account

Your company uses BigQuery for data warehousing. Over time, many different business units in your company have created 1000+ datasets across hundreds of projects. Your CIO wants you to examine all datasets to find tables that contain an employee_ssn column. You want to minimize effort in performing this task.What should you do?

Go to Data Catalog and search for employee_ssn in the search box

You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Your organization uses G Suite for communication and collaboration. All users in your organization have a G Suite account. You want to grant some G Suite users access to your Cloud Platform project. What should you do?

Grant them the required IAM roles using their G Suite email address.

Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup Language (SAML) integration with service providers. Your company has users in Cloud Identity. You would like users to authenticate using your company's SSO provider. What should you do?

In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.

Several employees at your company have been creating projects with Cloud Platform and paying for it with their personal credit cards, which the company reimburses. The company wants to centralize all these projects under a single, new billing account. What should you do?

In the GCP Console, navigate to the Resource Manage section and move all projects to the root Organization https://cloud.google.com/billing/docs/onboarding-checklist#cloud-billing-accounts

You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a GoogleKubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes. https://cloud.google.com/container-registry/docs/access-control

You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps. What should you do?

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

You need to add a group of new users to Cloud Identity. Some of the users already have existing Google accounts. You want to follow one of Google's recommended practices and avoid conflicting accounts. What should you do?

Invite the user to transfer their existing account.

Your company has an existing GCP organization with hundreds of projects and a billing account. Your company recently acquired another company that also has hundreds of projects and its own billing account. You would like to consolidate all GCP costs of both GCP organizations onto a single invoice. You would like to consolidate all costs as of tomorrow. What should you do?

Link the acquired company's projects to your company's billing account.

You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

Run gcloud projects list to get the project ID then run gcloud services list --project <project ID>.

You want to select and configure a cost-effective solution for relational data on Google Cloud Platform. You are working with a small set of operational data in one geographic location. You need to support point-in-time recovery. What should you do?

Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected

You want to select and configure a solution for storing and archiving data on Google Cloud Platform. You need to support compliance objectives for data from one geographic location. This data is archived after 30 days and needs to be accessed annually. What should you do?

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.How should you configure the auditor's permissions?

Select the built-in IAM project Viewer role. Add the user's account to this role.

You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particularGoogle Cloud Platform project that the dev1 users should be able to connect to. What should you do?

Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.

Your company's infrastructure is on-premises, but all machines are running at maximum capacity. You want to burst to Google Cloud. The workloads on GoogleCloud must be able to directly communicate to the workloads on-premises using a private IP range. What should you do?

Set up Cloud VPN between the infrastructure on-premises and Google Cloud

Your company created a Dataproc cluster running on a Virtual Private Cloud (VPC) network within a single subnet with a CIDR range of 10.0.0.0/24. You have to deploy new VMs that can communicate with your existing cluster. However, there are neither private nor alias IP addresses available that you can use in the VPC network. You must deploy the VMs with the least possible steps. What should you do?

Set up a new VPC network and deploy the new VMs to it. Activate VPC Peering between the new VPC network and the Dataproc cluster's VPC network.

A company has an application that uses Cloud Spanner as its backend database. After a few months of monitoring your Cloud Spanner resource, you noticed that the incoming traffic of the application has a predictable pattern. You need to set up automatic scaling that will scale up or scale down your Spanner nodes based on the incoming traffic. You don't want to use an open-source tool as much as possible. What should you do?

Set up an alerting policy on Cloud Monitoring that sends an alert to a webhook when the Cloud Spanner CPU metric is over or under your desired threshold. Create a Cloud Function that listens to this HTTP webhook and resizes Spanner resources appropriately.

You have a virtual machine that is currently configured with 2 vCPUs and 4 GB of memory. It is running out of memory. You want to upgrade the virtual machine to have 8 GB of memory. What should you do?

Stop the VM, increase the memory to 8 GB, and start the VM.

You have created an application that is packaged into a Docker image. You want to deploy the Docker image as a workload on Google Kubernetes Engine. What should you do?

Upload the image to Container Registry and create a Kubernetes Deployment referencing the image

You developed an application packaged in a container image and you are ready to deploy it on the Google Cloud Platform. You want to deploy the application to a cost-effective GCP service that provides a stable out-of-the-box HTTPS endpoint. The application only receives few client requests per day. What should you do?

Use Cloud Run to deploy the container image.

Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization. What should you do?

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity

You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google- recommended practices to set up a high availability Cloud VPN. What should you do?

Use a custom mode VPC network, use Cloud Router border gateway protocol (BGP) routes, and use active/passive routing.

Your team maintains an application that receives SSL/TLS-encrypted traffic on port 443. Your customers from various parts of the globe report latency issues when accessing your application. What should you do?

Use an SSL Proxy Load Balancer in front of your application.

You have been asked to set up the billing configuration for a new Google Cloud customer. Your customer wants to group resources that share common IAM policies. What should you do?

Use folders to group resources that share common IAM policies.

You have a development project with appropriate IAM roles defined. You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps. What should you do?

Use gcloud iam roles copy and specify the production project as the destination project.

You are building an application that will run in your data center. The application will use Google Cloud Platform (GCP) services like AutoML. You created a service account that has appropriate access to AutoML. You need to enable authentication to the APIs from your on-premises environment. What should you do?

Use gcloud to create a key file for the service account that has appropriate permissions.

Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet has no more free IP addresses and you require an additional10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other without additional routes. What should you do?

Use gcloud to expand the IP range of the current subnet. https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/expand-ip-range

You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named 'dev' that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster What should you do?

Use the command gcloud config set container/cluster dev.

You have an existing Google Compute Engine (GCE) instance running on 2 vCPUs and 4GB memory machine type. Lately, the instance has been having trouble and is running out of memory. You plan to increase the memory of the instance to 8GB to improve performance. What should you do?

Use the gcloud compute instances stop to stop the instance . Configure the machine type with gcloud compute instances set-machine-type. Start the VM instance once done with the configuration.

Your company is deploying an application to a Compute Engine VM instance that will run in Windows 10. You want to remotely access the instance using the Remote Desktop Protocol (RDP) to install and manage custom applications. What should you do?

Use the gcloud compute reset-windows-password command to retrieve credentials of the instance.

You are asked to get a list of all the enabled APIs for all of the GCP Projects on your company's GCP account as preparation for the upcoming audit. You have been instructed to use the gcloud command-line tool to complete this task. What should you do?

Use the gcloud projects list command to get the Project ID. Invoke the gcloud services list --project {ProjectID} command to get the list of enabled GCP APIs for each project.

Your organization plans to backup a 32 GB CCTV footage stored in a single file to a Nearline Storage bucket. For this task, a 1 Gbps WAN connection has been dedicated for your exclusive use. You want to maximize your connection speed as much as possible so you can upload the files to Cloud Storage at the quickest time. What do you think should be done to upload the file rapidly?

Using gsutil, activate parallel composite uploads during the file transfer for faster upload.

You built an application and deployed it to the Google Cloud Platform. This application needs to connect to a licensing server that you plan to host on Compute Engine. You configure the application to connect to the licensing server on the 10.146.0.17 IP address. You intend to keep this setting intact to avoid manually reconfiguring the application.

Using the Cloud Console, create a Compute Engine instance. Configure the Primary internal IP as a static internal IP address and set it to 10.146.0.17.

You are training four newly hired junior cloud engineers in your company. Part of their training is to familiarize themselves with Cloud Spanner. You need to provide access to these four users to view and edit table information on a Cloud Spanner instance found in the test project. What should you do?

Using the gcloud tool, execute the gcloud iam roles describe roles/spanner.databaseUser command on Cloud Shell. Attach the users to a newly created Google group and add the group to the role.

Your DevOps team plans to provision a Jenkins server for their project on the Google Cloud Platform. The server needs to be deployed quickly, so the group decided to minimize the number of steps necessary to accomplish this task. What should you do?

Utilize the GCP Marketplace to launch the Jenkins server.

You need to enable traffic between multiple groups of Compute Engine instances that are currently running two different GCP projects. Each group of ComputeEngine instances is running in its own VPC. What should you do?

Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.

Your organization has three existing Google Cloud projects. You need to bill the Marketing department for only their Google Cloud services for a new initiative within their group. What should you do?

Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud Project for the Marketing department. 2. Link the new project to a Marketing Billing Account.

You need to set a budget alert for use of Compute Engineer services on one of the three Google Cloud Platform projects that you manage. All three projects are linked to a single billing account. What should you do?

Verify that you are the project billing administrator. Select the associated billing account and create a budget and alert for the appropriate project.

An employee was terminated, but their access to Google Cloud was not removed until 2 weeks later. You need to find out if this employee accessed any sensitive customer information after their termination. What should you do?

View Data Access audit logs in Cloud Logging. Search for the user's email as the principal.

You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do?

When creating the instances, specify a Service Account for each instance

You are assigned to deploy an application to Compute Engine on a managed instance group (MIG). You need to ensure that the application is up and running at all times, but there should only be one VM instance running on the project at any given time to save costs. What should you do?

While creating the MIG, configure the autoscaling setting to On. Set the minimum number of instances to 1. Then set the maximum number of instances to 1.

You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?

You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?

Add the auditors group to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles. https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors

You deploy a web application running on a Cloud Engine instance in the asia-northeast1-a zone. You want to eliminate the risk of possible downtime due to the failure of a single Compute Engine zone while minimizing costs. What should you do?

Deploy another instance in asia-northeast1-b. Balance the load in asia-northeast1-a, and asia-northeast1-b using an Internal Load Balancer (ILB).

You need to grant access for three users so that they can view and edit table data on a Cloud Spanner instance. What should you do?

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new group. Add the group to the role. https://cloud.google.com/spanner/docs/iam#spanner.databaseUser

You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?

Use gcloud to create the new project, and then deploy your application to the new project.

You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

Use kubectl config use-context and kubectl config view to review the output.

You need to run an important query in BigQuery but expect it to return a lot of records. You want to find out how much it will cost to run the query. You are using on-demand pricing. What should you do?

Use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing Calculator. https://cloud.google.com/bigquery/pricing#on_demand_pricing

You need to update a deployment in Deployment Manager without any resource downtime in the deployment. Which command should you use?

gcloud deployment-manager deployments update --config <deployment-config-path> https://cloud.google.com/sdk/gcloud/reference/deployment-manager/deployments/update

You plan to implement new changes to a previous production deployment using the Google Cloud Deployment Manager. You want to achieve this without any resource downtime during the deployment. What command should you utilize to accomplish this?

gcloud deployment-manager deployments update --config {deployment-config-path}

You have an application that looks for its licensing server on the IP 10.0.3.21. You need to deploy the licensing server on Compute Engine. You do not want to change the configuration of the application and want the application to be able to reach the licensing server. What should you do?

Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server

Your company is reviewing its GCP expenses in order to determine ways to reduce its monthly expenditure. You are tasked to decommission all resources on one particular GCP project that is used in the previous testing activities, and you need to do this with the fewest possible steps. You want to follow Google-recommended practices. What should you do?

1. Confirm that you have the Project Owners IAM role for this project. 2. Select the project in the GCP console, go to Admin > Settings, click Shut down and enter the Project ID to confirm the deletion.

You are hosting a web application in your on-premises data center that needs to fetch files from a Cloud Storage bucket. However, your company strictly implements security policies that prohibit your bare-metal servers from having a public IP address or having any access to the Internet. You want to follow Google-recommended practices to provide your web application the necessary access to Cloud Storage. What should you do?

1. Create a VPN tunnel to GCP using Cloud VPN or Cloud Interconnect. 2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network via VPN tunnel. 3. Configure the DNS server in your on-premises network to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.

You have an application packaged on a container that you plan to deploy on Cloud Run. The application performs some data analysis on messages from a Cloud Pub/Sub topic called order-queue. You want to follow Google-recommended practices. What should you do?

1. Create a service account and use it for your Cloud Run application. 2. On IAM Roles, grant the Pub/Sub Subscriber role to the new service account. 3. Create a Pub/Sub subscription on the order-queue topic using the new service account. 4. Configure the Cloud Run application to pull messages from the subscription.

You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application. You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce-network, that has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE. You want to minimize effort. What should you do?

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend. 2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal 3. Peer the two VPCs together. 4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

You just finished building an application and you deployed it on a Google Kubernetes Engine (GKE) cluster in a custom-mode VPC in the us-west1 region. The application exposes a TCP endpoint backed with several replicas of the application. You are running another Compute Engine instance located in the same region as your cluster, but in a different custom-mode VPC called td-compute-network. The CIDR ranges of the two VPCs do not overlap. You have to establish a connection between your Compute Engine instance and the application on GKE. You want to reduce the amount of work required to accomplish the task. What should you do?

1. Provision a Service of type LoadBalancer that uses the application's Pods as its backend. 2. Set the annotation for the service's metadata to service: cloud.google.com/load-balancer-type: "Internal" 3. Connect the two VPCs using VPC Peering. 4. Configure the Compute Engine instance to use the IP address of the load balancer that you just created. explanation: GKE creates an internal TCP/UDP load balancer when you add the cloud.google.com/load-balancer-type: "Internal" annotation; otherwise, GKE creates an external network load balancer. VPC Network Peering enables you to connect VPC networks so that workloads in different VPC networks can communicate internally. The traffic stays within Google's network and doesn't traverse the public Internet.

Your company's finance team needs to back up data on a Cloud Storage bucket for disaster recovery purposes. You want to comply with Google's recommended practices in implementing the solution for this task. Which storage class do you think would be the best option?

Archive Storage

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.

Your company is in the process of merging with another company that also uses GCP as its cloud infrastructure. Both companies manage hundreds of GCP projects and have their own billing accounts. Your company's finance officer asked you to consolidate the costs for both GCP Organizations into a single invoice and submit it by tomorrow. What should you do?

Attach your Organization's billing account to the projects of the other Organization.

You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

Automatic Scaling with min_idle_instances set to 3.

You are building an application that stores relational data from users. Users across the globe will use this application. Your CTO is concerned about the scaling requirements because the size of the user base is unknown. You need to implement a database solution that can scale with your user growth with minimum configuration changes. Which storage solution should you use?

Cloud Spanner Cloud SQL for small relational data, scaled manually Cloud Spanner for relational data, global, scaled automatically Cloud Firestore for non relational data (noSql) Cloud Datastore for non-relational data

You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

Configure an HTTP(S) load balancer. https://cloud.google.com/load-balancing/docs/https/

You are setting up a new billing account for your team. You want to link this billing account with an existing project called proj-dev. What should you do?

Confirm that you have the Project Billing Manager role for the project. Create a new billing account. Update the proj-dev project to use the billing account that you just created.

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members.You need to allow members of this team to perform queries. You want to follow Google-recommended practices. What should you do?

Create a dedicated Google group in Cloud Identity. 2. Add each data scientist's user account to the group. 3. Assign the BigQuery jobUser role to the group. https://cloud.google.com/bigquery/docs/access-control#bigquery.jobUser

Your company wants to set up a new Virtual Private Cloud (VPC) behind a firewall to secure the data egress. You have to filter the traffic flowing out of the VPC. You need to configure the VPC to have the least possible number of open egress ports. What should you do?

Create a firewall rule that blocks all egress traffic with a low-priority number of 65534. Create another firewall rule that allows egress traffic for specific ports needed with a high-priority number set to 200.

You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

Create a health check on port 443 and use that when creating the Managed Instance Group. If the health check's protocol is TCP or HTTP , it uses --port=80 . If the health check's protocol is SSL , HTTPS , or HTTP2 , it uses --port=443

You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps.You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?

Create a managed instance group. Set the Autohealing health check to healthy (HTTP)

You have been assigned to launch three new Compute Engine instances in your test environment in GCP. These servers should accept incoming TCP traffic on port 8080 and can be managed using RDP. You want to follow Google-recommended best practices in configuring an instance firewall. What should you do?

Create a network tag for the three instances. Create an ingress firewall rule that allows TCP traffic in ports 8080 and 3389 then specify the instance's network tag as target tags.

You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us- central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application. https://cloud.google.com/appengine/docs/flexible/managing-projects-apps-billing#:~:text=Each%20Cloud%20project%20can%20contain%20only%20a%20single%20App%20Engine%20application%2C%20and%20once%20created%20you%20cannot%20change%20the%20location%20of%20your%20App%20Engine%20application.

You have created a GCP project in the development environment to build and test various applications. Cloud SQL, Compute Engine, and Cloud Storage service are being heavily utilized by your applications and other system components. You need to set up a production environment for the company's enterprise applications. You have to ensure that the new production environment cannot connect or share resources with the development environment via any routes. What should you do?

Create a new project for the production environment. Enable APIs necessary for the application. Ask the developer team to deploy the application in the new project.

You are setting up an enterprise application suite that spans multiple GCP projects. Your Google Compute Engine instances in the td-app project needs to view the data stored on a BigQuery dataset in the td-database project. You want to follow Google-recommended practices in creating service accounts for your VM instances.

Create a service account with a bigquery.dataViewer role and attach it to the Cloud Engine instances in the td-app project. Go to the Dataset permissions tab of the BigQuery datasets and add the service account.

You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive data. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?

Create a signed URL with a four-hour expiration and share the URL with the company. **Signed URLs are used to give time-limited resource access to anyone in possession of the URL, regardless of whether they have a Google account. ** https://cloud.google.com/storage/docs/access-control/signed-urls

You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All theVMs must be able to reach each other over Internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range. https://cloud.google.com/vpc/docs/using-vpc#subnet-rules Primary and secondary ranges for subnets cannot overlap with any allocated range, any primary or secondary range of another subnet in the same network, or any IP ranges of subnets in peered networks.

You have a business-critical workload running on Google Compute Engine. You need to regularly create a backup of the data on the boot disk as part of your Disaster Recovery requirement. You should have the ability to be able to quickly restore backups in the event of system outages and the older backups should be automatically deleted to minimize the cost. What should you do?

Create a snapshot schedule for the persistent disk and set a snapshot retention policy.

Create a subnetwork in the same VPC, in europe-west1. 2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint VPC allows you to spawn multiple subnets in different zones. Routing is handled automatically (because Routers are created automatically). "use the first instance's private address as the endpoint" means that this new instance will be accessing the app via first intance's private IP (so there should be some routing rules created). Question says: "This new instance needs access to the application." https://cloud.google.com/compute/docs/instances/create-start-instance

Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #2 service account ג€¢ Source filter: all instances with tier #1 service account ג€¢ Protocols: allow TCP:8080 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #3 service account ג€¢ Source filter: all instances with tier #2 service account ג€¢ Protocols: allow TCP: 8080

You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?

Create an instance template for the instances. Set the 'Automatic Restart' to on. Set the 'On-host maintenance' to Migrate VM instance. Add the instance template to an instance group. https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options

You have a single binary application that you want to run on Google Cloud Platform. You decided to automatically scale the application based on underlying infrastructure CPU usage. Your organizational policies require you to use virtual machines directly. You need to ensure that the application scaling is operationally efficient and completed as quickly as possible. What should you do?

Create an instance template, and use the template in a managed instance group with autoscaling configured. https://cloud.google.com/compute/docs/autoscaler

Your company has a 5 TB file in Parquet format stored in Google Cloud Storage bucket. A team of analysts, who are only proficient in SQL, needs to temporarily access these files to run ad-hoc queries. You need a cost-effective solution to fulfill their request as soon as possible. What should you do?

Create external tables in BigQuery. Use the Cloud Storage URL as a data source.

You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a newCompute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?

Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

Deploy the monitoring pod in a DaemonSet object. https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ Some typical uses of a DaemonSet are: running a cluster storage daemon on every node running a logs collection daemon on every node running a node monitoring daemon on every node

You have a website hosted on App Engine standard environment. You want 1% of your users to see a new test version of the website. You want to minimize complexity. What should you do?

Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version. In app engine we cannot create "new application", we have to create a new Project to do that. An app engine project has only 1 application (which can have multiple versions and services) https://cloud.google.com/appengine/docs/standard/python/splitting-traffic#gcloud

You are asked to deploy a Node.js application in your company's GCP environment. The application must run every time an object is deleted on a specific Cloud Storage bucket. You want to follow Google-recommended best practices. What should you do?

Deploy your code to Google Cloud Functions. Set a Cloud Storage trigger when an object is deleted from your bucket.

You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google's recommended practices. Which method should you use?

Deployment Manager

You are working for a startup that wants to track the operational costs of its cloud resources. The startup has three separate projects on the Google Cloud Platform. You need to analyze your cost estimates on a daily and monthly basis as well as by service type across all projects for the next six months. You also want to use standard query syntax for cost analysis. What should you do?

Enable billing data export on your Cloud Billing Account. Export your billing report to a BigQuery dataset and write SQL queries for analysis.

You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

Enable parallel composite uploads using gsutil on the file transfer. https://cloud.google.com/storage/docs/parallel-composite-uploads

You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate your application to the API. You want to make sure your application can use Cloud Pub/Sub. What should you do?

Enable the Cloud Pub/Sub API in the API Library on the GCP Console. https://cloud.google.com/service-usage/docs/enable-disable

You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

Enable the Node Auto-Upgrades feature for your GKE cluster. https://cloud.google.com/kubernetes-engine/versioning-and-upgrades

You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?

Execute the Deployment Manager template using the ג€"-preview option in the same project, and observe the state of interdependent resources. https://cloud.google.com/deployment-manager/docs/deployments/updating-deployments

You are currently investigating an issue that requires you to access and analyze the audit logs of several GCP projects. You need to run custom queries against these logs for the past 60 days in the easiest way possible. You want to follow Google-recommended best practices.

Export the audit logs from Cloud Logging and select a BigQuery dataset as the Sink destination. Configure the table expiration to 60 days. https://cloud.google.com/bigquery/docs/managing-tables#updating_a_tables_expiration_time

You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?

Export your bill to a BigQuery dataset, and then write time window-based SQL queries for analysis. https://cloud.google.com/billing/docs/how-to/export-data-bigquery

You deployed an App Engine application using gcloud app deploy, but it did not deploy to the intended project. You want to find out why this happened and where the application deployed. What should you do?

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment. explanation: The config list will give the name of the project C:\GCP\appeng>gcloud config list [core] account = [email protected] disable_usage_reporting = False project = my-first-demo-xxxx https://tinyurl.com/4veat4mb

Your mobile app development company uses Google Workspace to run your regular daily communication and team collaboration. You need to give some of these Google Workspace users access to a newly created GCP project. What should you do?

Go to the IAM page and grant the Google Workspace email addresses with appropriate IAM roles to access the project.

Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?

Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource. https://cloud.google.com/logging/docs/api/v2/resource-list

You are the organization and billing administrator for your company. The engineering team has the Project Creator role on the organization. You do not want the engineering team to be able to link projects to the billing account. Only the finance team should be able to link a project to a billing account, but they should not be able to make any other changes to projects. What should you do?

Grant the Billing Account User role on the billing account as well as the Project Billing Manager role on the organization to all of the users in the finance team. https://cloud.google.com/billing/docs/how-to/billing-access#overview_of_billing_roles_in

Your company is having its yearly business audit. Your external editor needs to review the Data Access and Access Transparency audit logs of your Google Cloud Platform account. Your company also wants to keep a copy of these logs as a reference for the next audit. You want to follow Google-recommended practices on granting Cloud IAM roles. What should you do?

Grant the external auditor the roles/logging.privateLogViewer IAM role. Create a log sink and export the logs to Cloud Storage. Private Logs Viewer ( roles/logging.privateLogViewer ) - includes roles/logging.viewer, plus the ability to read Access Transparency logs and Data Access audit logs.

You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm. What should you do?

Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm. https://cloud.google.com/compute/docs/access/iam#compute.storageAdmin

You are running an application on multiple virtual machines within a managed instance group and have autoscaling enabled. The autoscaling policy is configured so that additional instances are added to the group if the CPU utilization of instances goes above 80%. VMs are added until the instance group reaches its maximum limit of five VMs or until CPU utilization of instances lowers to 80%. The initial delay for HTTP health checks against the instances is set to 30 seconds.The virtual machine instances take around three minutes to become available for users. You observe that when the instance group autoscales, it adds more instances then necessary to support the levels of end-user traffic. You want to properly maintain instance group sizes when autoscaling. What should you do?

Increase the initial delay of the HTTP health check to 200 seconds.

You recently deployed a new version of an application to App Engine and then discovered a bug in the release. You need to immediately revert to the prior version of the application. What should you do?

On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version. explanation: AppEngine already creates a version for you. Also you do not create an application as one project is associated with one AppEngine application.

You have a web application deployed as a managed instance group. You have a new version of the application to gradually deploy. Your web application is currently receiving live web traffic. You want to ensure that the available capacity does not decrease during the deployment. What should you do?

Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0 https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable

You have designed a cloud solution that uses a wide variety of Google Cloud Platform Services. Your company agreed to use these cloud services but asked you to provide an estimated cost of running this cloud solution. You need to submit an estimate to properly forecast future expenses. What should you do?

Provide a list of GCP services of your cloud solution. Use the GCP Pricing Calculator and input the necessary details to get an estimated monthly cost for each GCP product.

You need to select and configure compute resources for a set of batch processing jobs. These jobs take around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type. explanation: "batch processing jobs can run on preemptible instances. if some of those instances stop during processing, the job slows but does not completely stop. preemptible instances complete your batch processing tasks without placing additional workloads on your existing instances and without requiring you to pay full price for additional normal instances" https://cloud.google.com/compute/docs/instances/preemptible

Your company is planning to launch a web application to App Engine. It is crucial that your application can dynamically scale up and down based on the request rate. Moreover, you want to ensure that you have at least 3 unoccupied VMs at all times. How should you configure your App Engine to support these scaling requirements?

Set Automatic Scaling settings with min_idle_instances set to 3.

You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site. Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly, without prompting the user to save the file locally. What should you do?

Set Content-Type metadata to application/pdf on the PDF file objects. https://cloud.google.com/storage/docs/metadata#content-type

You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1. https://cloud.google.com/compute/docs/autoscaler#specifications

A company hires you to set up its test and production VMs on Google Compute Engine. You have to ensure that all the production virtual machines are located on a separate subnet from the test workloads. Moreover, you need to configure the VMs in such a way that they can communicate using Internal IP addresses in a VPC without the need to create additional custom routes. How should you set up your VPC to comply with these requirements?

Set up a custom mode VPC configured with 2 subnets on different regions. Configure the subnets to have different CIDR ranges.

You are using Cloud SDK to interact with Google Cloud services. You have two GCP accounts and you need to create new Compute Engine instances on each account using the command-line interface. The first account runs on the us-west1 region and zone while the other runs on us-central1. What should you do?

Set up two configurations with the appropriate properties by running the gcloud config configurations command. Issue the gcloud config configurations activate [CONFIG_NAME] command to switch accounts when running the necessary commands to create the Compute Engine instances. https://cloud.google.com/sdk/gcloud/reference/config/configurations/create

You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google- recommended practices. Which IAM roles should you grant your colleagues?

Storage Admin **Storage Admin (roles/storage.admin) Grants full control of buckets and objects. When applied to an individual bucket, control applies only to the specified bucket and objects within the bucket.** https://cloud.google.com/storage/docs/access-control/iam-roles

You have a Google Cloud Platform (GCP) project in your organization that is used for managing confidential files and documents. There is a need to delegate the management of buckets and files in Cloud Storage to your co-workers. You want to follow Google-recommended practices. Which of the following IAM roles should you grant to your co-workers?

Storage Admin https://cloud.google.com/storage/docs/access-control/iam-roles

You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below: You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret. https://cloud.google.com/kubernetes-engine/docs/concepts/secret

Your team recently created a new deployment that creates two replicas in a Google Kubernetes Engine (GKE) cluster configured with a single preemptible node pool. After waiting for a few minutes, you noticed that the Pod's status is still Pending after running kubectl get pods command.

The pending Pod is stuck and can't be scheduled to a node. There are too many Pods running in the cluster, and you don't have enough node resources left. explanation: If a Pod is stuck in Pending status, it means that it can't be scheduled onto a node. Generally, this is because there are insufficient resources of one type or another that prevent scheduling. You can issue the kubectl describe command to investigate the issue.

It's the end of the quarter and you are required to generate a report for data found in your BigQuery dataset. You want to execute a query in BigQuery, but you suspect it will return a large chunk of records. You need to find out how much your query would cost before running it, especially since you are using on-demand pricing. What should you do?

Use Cloud Shell to execute a dry run query to determine the number of bytes read for the query. Utilize the Pricing Calculator to convert that bytes estimate to dollars. https://cloud.google.com/bigquery/docs/dry-run-queries

You need to set up a policy so that videos stored in a specific Cloud Storage Regional bucket are moved to Coldline after 90 days, and then deleted after one year from their creation. How should you set up the policy?

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days. https://cloud.google.com/storage/docs/lifecycle#age

Your development team needs a new Jenkins server for their project. You need to deploy the server using the fewest steps possible. What should you do?

Use GCP Marketplace to launch the Jenkins solution. https://cloud.google.com/architecture/using-jenkins-for-distributed-builds-on-compute-engine

Your company wants to review the IAM users and roles assigned on a specific Google Cloud project named finance-project. What should you do to fulfill this requirement?

Using the Cloud Console, navigate to the finance-project, and go to the IAM section. Under the 'Permissions' tab, review the Members and Roles section.

You created a test project on GCP and defined the appropriate IAM roles that will be used by the users. You now need to replicate the exact same IAM roles on the production project. Your manager wants you to accomplish this task with the fewest possible steps. What should you do?

Using the Cloud Shell, run the gcloud iam roles copy command and specify the production project as the destination project.

You have sensitive data stored in three Cloud Storage buckets and have enabled data access logging. You want to verify activities for a particular user for these buckets, using the fewest possible steps. You need to verify the addition of metadata labels and which files have been viewed from those buckets. What should you do?

Using the GCP Console, filter the Activity log to view the information.

Your company has hundreds of user identities in Microsoft Active Directory. Your company needs to retain the use of your Active Directory as your source of truth for user identities and authorization. Your company requires to have full control over the employees' Google accounts for all Google services as well as your Google Cloud Platform (GCP) organization. What should you do?

Utilize Google Cloud Directory Sync (GCDS) to synchronize users into Google Cloud Identity.

You need to create a new billing account and then link it with an existing Google Cloud Platform project. What should you do?

Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project. https://cloud.google.com/billing/docs/how-to/billing-access

You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you

When creating the VM via the web console, specify the service account under the 'Identity and API Access' section. https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances

GCP Associate Cloud Engineer Exam Prep

Conjuntos de estudio relacionados

Exam 1 332

Ch. 21 Completing the Research Process

Exam 1 - Book and Case Study Questions

Questions on test Sorry, no manipulations with clipboard allowed

Nutrition Uit 4

MODULE 3 PRACTICE QUESTIONS

Psy 307 Final

Auditing Chapter 7

6.1 Switch Access

MKT 300 Chapter 2

Existentialism is a Humanism by Jean-Paul Sartre

skeletal system

patho ch 24

ECON 212 CH.8

DBMS FINAL

Chemistry Chapter 2A

Accident & Health Insurance: Field Writing Procedures

Access

JAPN 390 (Kakihara) CSUF

BEHAVIORAL STATS FINAL REVIEW