GCP Associate Cloud Engineer Dump 2
Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?
Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the compute.osAdminLoginג role to the Google group corresponding to this team. We recommend collecting users with the same responsibilities into groups and assigning IAM roles to the groups rather than to individual users. For example, you can create a "data scientist" group and assign appropriate roles to enable interaction with BigQuery and Cloud Storage. When a new data scientist joins your team, you can simply add them to the group and they will inherit the defined permissions. You can create and manage groups through the Admin Console. (https://cloud.google.com/compute/docs/instances/managing-instance-access)
You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?
Use kubectl config use-context and kubectl config view to review the output. https://medium.com/google-cloud/kubernetes-engine-kubectl-config-b6270d2b656c
You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible. Which range should you use?
10.0.0.0/8 CIDR range Pay attention to the question, is talking about custom VPC subnet and is not mentioning you will use automatic subnet mode creation. If you set subnet to custom, the minimum size is /8.
Your company uses Cloud Storage to store application backup files for disaster recovery purposes. You want to follow Google's recommended practices. Which storage option should you use?
Best Answer is " Archive Storage " https://cloud.google.com/storage/docs/storage-classes But as per the given option next best solution is "Coldline Storage"
You want to configure auto-healing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps. You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?
Create a managed instance group. Set the Autohealing health check to healthy (HTTP) Pro Tip: Use separate health checks for load balancing and auto-healing. Health checks for load balancing detect unresponsive instances and direct traffic away from them. Health checks for auto-healing detect and recreate failed instances, so they should be less aggressive than load-balancing health checks. Using the same health check for these services would remove the distinction between unresponsive instances and failed instances, causing unnecessary latency and unavailability for your users.
You want to select and configure a cost-effective solution for relational data on Google Cloud Platform. You are working with a small set of operational data in one geographic location. You need to support point-in-time recovery. What should you do?
Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected. You must enable binary logging to use point-in-time recovery. Enabling binary logging causes a slight reduction in write performance. https://cloud.google.com/sql/docs/mysql/backup-recovery/backups