GCloud Architect
Your company has announced that they will be outsourcing operations functions. You want to allow developers to easily stage new versions of a cloud-based application in the production environment and allow the outsourced operations team to autonomously promote staged versions to production. You want to minimize the operational overhead of the solution. Which Google Cloud product should you migrate to? A. App Engine B. GKE On-Prem C. Compute Engine D. Google Kubernetes Engine
A. App Engine A is right as the requirement is to deploy new changes and manage the application with no operational overhead.
You have deployed an application on Anthos clusters (formerly Anthos GKE). According to the SRE practices at your company, you need to be alerted if request latency is above a certain threshold for a specified amount of time. What should you do? A. Install Anthos Service Mesh on your cluster. Use the Google Cloud Console to define a Service Level Objective (SLO), and create an alerting policy based on this SLO
A. Install Anthos Service Mesh on your cluster. Use the Google Cloud Console to define a Service Level Objective (SLO), and create an alerting policy based on this SLO
During a high traffic portion of the day, one of your relational databases crashes, but the replica is never promoted to a master. You want to avoid this in the future.What should you do? A. Use a different database B. Choose larger instances for your database Most Voted C. Create snapshots of your database more regularly D. Implement routinely scheduled failovers of your databases
Option D, implementing routinely scheduled failovers of your databases, is the best option in this scenario. This ensures that if the primary database crashes, the replica will automatically be promoted to the master and take over database operations, preventing any downtime or data loss. This can be achieved by setting up automatic failover mechanisms or by manually promoting the replica to the master as soon as the primary database goes down.
You are configuring the cloud network architecture for a newly created project in Google Cloud that will host applications in Compute Engine. Compute Engine virtual machine instances will be created in two different subnets (sub-a and sub-b) within a single region:• Instances in sub-a will have public IP addresses.• Instances in sub-b will have only private IP addresses.To download updated packages, instances must connect to a public repository outside the boundaries of Google Cloud. You need to allow sub-b to access the external repository. What should you do? A. Enable Private Google Access on sub-b. B. Configure Cloud NAT and select sub-b in the NAT mapping section. C. Configure a bastion host instance in sub-a to connect to instances in sub-b. D. Enable Identity-Aware Proxy for TCP forwarding for instances in sub-b
B. Configure Cloud NAT and select sub-b in the NAT mapping section. Cloud NAT allows the resources in a private subnet to access the internet—for updates, patching, config management, and more—in a controlled and efficient manner.
As part of implementing their disaster recovery plan, your company is trying to replicate their production MySQL database from their private data center to theirGCP project using a Google Cloud VPN connection. They are experiencing latency issues and a small amount of packet loss that is disrupting the replication.What should they do? A. Configure their replication to use UDP. B. Configure a Google Cloud Dedicated Interconnect. C. Restore their database daily using Google Cloud SQL. D. Add additional VPN connections and load balance them. E. Send the replicated transaction to Google Cloud Pub/Sub.
B. Configure a Google Cloud Dedicated Interconnect. It's latency issues. That won't be solved by adding another VPN tunnel. If it was just a throughput issue then VPN would do, however to improve latency you need to go layer 2. Answer is B
A development manager is building a new application. He asks you to review his requirements and identify what cloud technologies he can use to meet them. The application must:1. Be based on open-source technology for cloud portability2. Dynamically scale compute capacity based on demand3. Support continuous software delivery4. Run multiple segregated copies of the same application stack5. Deploy application bundles using dynamic templates6. Route network traffic to specific services based on URLWhich combination of technologies will meet all of his requirements? A. Google Kubernetes Engine, Jenkins, and Helm B. Google Kubernetes Engine and Cloud Load Balancing C. Google Kubernetes Engine and Cloud Deployment Manager D. Google Kubernetes Engine, Jenkins, and Cloud Load Balancing
A. Google Kubernetes Engine, Jenkins, and Helm helm is needed for "Deploy application bundles using dynamic templates" Load Balancing should be part of GKE Already
Your company has an application deployed on Anthos clusters (formerly Anthos GKE) that is running multiple microservices. The cluster has both Anthos ServiceMesh and Anthos Config Management configured. End users inform you that the application is responding very slowly. You want to identify the microservice that is causing the delay. What should you do? A. Use the Service Mesh visualization in the Cloud Console to inspect the telemetry between the microservices. B. Use Anthos Config Management to create a ClusterSelector selecting the relevant cluster. On the Google Cloud Console page for Google Kubernetes Engine, view the Workloads and filter on the cluster. Inspect the configurations of the filtered workloads. C. Use Anthos Config Management to create a namespaceSelector selecting the relevant cluster namespace. On the Google Cloud Console page for Google Kubernetes Engine, visit the workloads and filter on the namespace. Inspect the configurations of the filtered workloads. D. Reinstall istio using the default istio profile in order to collect request latency. Evaluate the telemetry between the microservices in the Cloud Console
A. Use the Service Mesh visualization in the Cloud Console to inspect the telemetry between the microservices. The Anthos Service Mesh pages in the Google Cloud Console provide both summary and in-depth metrics, charts, and graphs that enable you to observe service behavior. You can monitor the overall health of your services, or drill down on a specific service to set a service level objective (SLO) or troubleshoot an issue.
Your company uses the Firewall Insights feature in the Google Network Intelligence Center. You have several firewall rules applied to Compute Engine instances.You need to evaluate the efficiency of the applied firewall ruleset. When you bring up the Firewall Insights page in the Google Cloud Console, you notice that there are no log rows to display. What should you do to troubleshoot the issue? A. Enable Virtual Private Cloud (VPC) flow logging. B. Enable Firewall Rules Logging for the firewall rules you want to monitor C. Verify that your user account is assigned the compute.networkAdmin Identity and Access Management (IAM) role. D. Install the Google Cloud SDK, and verify that there are no Firewall logs in the command line output.
B. Enable Firewall Rules Logging for the firewall rules you want to monitor
You want to optimize this Dockerfile for faster deployment times without adversely affecting the app's functionality.Which two actions should you take? (Choose two.) A. Remove Python after running pip B. Remove dependencies from requirements.txt C. Use a slimmed-down base image like Alpine Linux D. Use larger machine types for your Google Container Engine node pools E. Copy the source after he package dependencies (Python and pip) are installed
C. Use a slimmed-down base image like Alpine Linux E. Copy the source after he package dependencies (Python and pip) are installed
benefits of microservices
decoupling, new features, CI/CD, A/B testing, scaling is the advantage
Your company has sensitive data in Cloud Storage buckets. Data analysts have Identity Access Management (IAM) permissions to read the buckets. You want to prevent data analysts from retrieving the data in the buckets from outside the office network. What should you do? A. 1. Create a VPC Service Controls perimeter that includes the projects with the buckets. 2. Create an access level with the CIDR of the office network B. 1. Create a firewall rule for all instances in the Virtual Private Cloud (VPC) network for source range. 2. Use the Classless Inter-domain Routing (CIDR) of the office network. C. 1. Create a Cloud Function to remove IAM permissions from the buckets, and another Cloud Function to add IAM permissions to the buckets. 2. Schedule the Cloud Functions with Cloud Scheduler to add permissions at the start of business and remove permissions at the end of business. D. 1. Create a Cloud VPN to the office network. 2. Configure Private Google Access for on-premises hosts
A. 1. Create a VPC Service Controls perimeter that includes the projects with the buckets. 2. Create an access level with the CIDR of the office network For all Google Cloud services secured with VPC Service Controls, you can ensure that: Resources within a perimeter are accessed only from clients within authorized VPC networks using Private Google Access with either Google Cloud or on-premises
Your company has an application running on App Engine that allows users to upload music files and share them with other people. You want to allow users to upload files directly into Cloud Storage from their browser session. The payload should not be passed through the backend. What should you do? A. 1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App Engine application is an allowed origin.2. Use the Cloud Storage Signed URL feature to generate a POST URL. B. 1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App Engine application is an allowed origin.2. Assign the Cloud Storage WRITER role to users who upload files. C. 1. Use the Cloud Storage Signed URL feature to generate a POST URL.2. Use App Engine default credentials to sign requests against Cloud Storage. D. 1. Assign the Cloud Storage WRITER role to users who upload files.2. Use App Engine default credentials to sign requests against Cloud Storage
A. 1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App Engine application is an allowed origin.2. Use the Cloud Storage Signed URL feature to generate a POST URL. Signed URL is for TIme-Based access. This needs access all the time.
You have an application that runs in Google Kubernetes Engine (GKE). Over the last 2 weeks, customers have reported that a specific part of the application returns errors very frequently. You currently have no logging or monitoring solution enabled on your GKE cluster. You want to diagnose the problem, but you have not been able to replicate the issue. You want to cause minimal disruption to the application. What should you do? A. 1. Update your GKE cluster to use Cloud Operations for GKE. 2. Use the GKE Monitoring dashboard to investigate logs from affected Pods. B. 1. Create a new GKE cluster with Cloud Operations for GKE enabled. 2. Migrate the affected Pods to the new cluster, and redirect traffic for those Pods to the new cluster. 3. Use the GKE Monitoring dashboard to investigate logs from affected Pods. C. 1. Update your GKE cluster to use Cloud Operations for GKE, and deploy Prometheus. 2. Set an alert to trigger whenever the application returns an error. D. 1. Create a new GKE cluster with Cloud Operations for GKE enabled, and deploy Prometheus. 2. Migrate the affected Pods to the new cluster, and redirect traffic for those Pods to the new cluster. 3. Set an alert to trigger whe
A. 1. Update your GKE cluster to use Cloud Operations for GKE. 2. Use the GKE Monitoring dashboard to investigate logs from affected Pods. Google suggests using logging in Kubernetes
You are deploying an application to Google Cloud. The application is part of a system. The application in Google Cloud must communicate over a private network with applications in a non-Google Cloud environment. The expected average throughput is 200 kbps. The business requires:✑ as close to 100% system availability as possible✑ cost optimizationYou need to design the connectivity between the locations to meet the business requirements. What should you provision? A. An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway B. Two Classic Cloud VPN gateways connected to two on-premises VPN gateways Configure each Classic Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways C. Two HA Cloud VPN gateways connected to two on-premises VPN gateways Configure each HA Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways D. A single Cloud VPN gateway connected to an on-premises VPN gateway
A. An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway A: looks an exact match for the requirements, 99.99% availability
Your company has just recently activated Cloud Identity to manage users. The Google Cloud Organization has been configured as well. The security team needs to secure projects that will be part of the Organization. They want to prohibit IAM users outside the domain from gaining permissions from now on. What should they do? A. Configure an organization policy to restrict identities by domain. B. Configure an organization policy to block creation of service accounts. C. Configure Cloud Scheduler to trigger a Cloud Function every hour that removes all users that don't belong to the Cloud Identity domain from all projects. D. Create a technical user (e.g., [email protected]), and give it the project owner role at root organization level. Write a bash script that: ג€¢ Lists all the IAM rules of all projects within the organization. ג€¢ Deletes all users that do not belong to the company domain. Create a Compute Engine instance in a project within the Organization and configure gcloud to be executed with technical user credentials. Configure a cron job that executes the bash script every hour
A. Configure an organization policy to restrict identities by domain.
Your company has just acquired another company, and you have been asked to integrate their existing Google Cloud environment into your company's data center. Upon investigation, you discover that some of the RFC 1918 IP ranges being used in the new company's Virtual Private Cloud (VPC) overlap with your data center IP space. What should you do to enable connectivity and make sure that there are no routing conflicts when connectivity is established? A. Create a Cloud VPN connection from the new VPC to the data center, create a Cloud Router, and apply new IP addresses so there is no overlapping IP space. B. Create a Cloud VPN connection from the new VPC to the data center, and create a Cloud NAT instance to perform NAT on the overlapping IP space. C. Create a Cloud VPN connection from the new VPC to the data center, create a Cloud Router, and apply a custom route advertisement to block the overlapping IP space. D. Create a Cloud VPN connection from the new VPC to the data center, and apply a firewall rule that blocks the overlapping IP space
A. Create a Cloud VPN connection from the new VPC to the data center, create a Cloud Router, and apply new IP addresses so there is no overlapping IP space
You are working with a data warehousing team that performs data analysis. The team needs to process data from external partners, but the data contains personally identifiable information (PII). You need to process and store the data without storing any of the PIIE data. What should you do? A. Create a Dataflow pipeline to retrieve the data from the external sources. As part of the pipeline, use the Cloud Data Loss Prevention (Cloud DLP) API to remove any PII data. Store the result in BigQuery. B. Create a Dataflow pipeline to retrieve the data from the external sources. As part of the pipeline, store all non-PII data in BigQuery and store all PII data in a Cloud Storage bucket that has a retention policy set. C. Ask the external partners to upload all data on Cloud Storage. Configure Bucket Lock for the bucket. Create a Dataflow pipeline to read the data from the bucket. As part of the pipeline, use the Cloud Data Loss Prevention (Cloud DLP) API to remove any PII data. Store the result in BigQuery. D. Ask the external partners to import all data in your BigQuery dataset. Create a dataflow pipeline to copy the data into a new table. As part of the Dataflow bucket, skip all data in column
A. Create a Dataflow pipeline to retrieve the data from the external sources. As part of the pipeline, use the Cloud Data Loss Prevention (Cloud DLP) API to remove any PII data. Store the result in BigQuery.
You want to allow your operations team to store logs from all the production projects in your Organization, without including logs from other projects. All of the production projects are contained in a folder. You want to ensure that all logs for existing and new production projects are captured automatically. What should you do? A. Create an aggregated export on the Production folder. Set the log sink to be a Cloud Storage bucket in an operations project. B. Create an aggregated export on the Organization resource. Set the log sink to be a Cloud Storage bucket in an operations project. C. Create log exports in the production projects. Set the log sinks to be a Cloud Storage bucket in an operations project. D. Create log exports in the production projects. Set the log sinks to be BigQuery datasets in the production projects, and grant IAM access to the operations team to run queries on the dataset
A. Create an aggregated export on the Production folder. Set the log sink to be a Cloud Storage bucket in an operations project.
Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over aVirtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do? A. Create the instance without a public IP address. B. Create the instance with Private Google Access enabled. C. Create a deny-all egress firewall rule on the VPC network. D. Create a route on the VPC to route all traffic to the instance over the VPN tunnel
A. Create the instance without a public IP address.
You are managing an application deployed on Cloud Run for Anthos, and you need to define a strategy for deploying new versions of the application. You want to evaluate the new code with a subset of production traffic to decide whether to proceed with the rollout. What should you do? A. Deploy a new revision to Cloud Run with the new version. Configure traffic percentage between revisions. B. Deploy a new service to Cloud Run with the new version. Add a Cloud Load Balancing instance in front of both services. C. In the Google Cloud Console page for Cloud Run, set up continuous deployment using Cloud Build for the development branch. As part of the Cloud Build trigger, configure the substitution variable TRAFFIC_PERCENTAGE with the percentage of traffic you want directed to a new version. D. In the Google Cloud Console, configure Traffic Director with a new Service that points to the new version of the application on Cloud Run. Configure Traffic Director to send a small percentage of traffic to the new version of the application.
A. Deploy a new revision to Cloud Run with the new version. Configure traffic percentage between revisions.
You are developing an application using different microservices that should remain internal to the cluster. You want to be able to configure each microservice with a specific number of replicas. You also want to be able to address a specific microservice from any other microservice in a uniform way, regardless of the number of replicas the microservice scales to. You need to implement this solution on Google Kubernetes Engine. What should you do? A. Deploy each microservice as a Deployment. Expose the Deployment in the cluster using a Service, and use the Service DNS name to address it from other microservices within the cluster. B. Deploy each microservice as a Deployment. Expose the Deployment in the cluster using an Ingress, and use the Ingress IP address to address the Deployment from other microservices within the cluster. C. Deploy each microservice as a Pod. Expose the Pod in the cluster using a Service, and use the Service DNS name to address the microservice from other microservices within the cluster. D. Deploy each microservice as a Pod. Expose the Pod in the cluster using an Ingress, and use the Ingress IP address name to address the Pod from other microservices within the cl
A. Deploy each microservice as a Deployment. Expose the Deployment in the cluster using a Service, and use the Service DNS name to address it from other microservices within the cluster.
You have just created a new project which will be used to deploy a globally distributed application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You want to perform the first step in preparation of creating the instance. What should you do? A. Enable the Cloud Spanner API. B. Configure your Cloud Spanner instance to be multi-regional. C. Create a new VPC network with subnetworks in all desired regions. D. Grant yourself the IAM role of Cloud Spanner Admin
A. Enable the Cloud Spanner API.
You are helping the QA team to roll out a new load-testing tool to test the scalability of your primary cloud services that run on Google Compute Engine with CloudBigtable.Which three requirements should they include? (Choose three.) A. Ensure that the load tests validate the performance of Cloud Bigtable B. Create a separate Google Cloud project to use for the load-testing environment C. Schedule the load-testing tool to regularly run against the production environment D. Ensure all third-party systems your services use is capable of handling high load E. Instrument the production services to record every transaction for replay by the load-testing tool F. Instrument the load-testing tool and the target services with detailed logging and metrics collection
A. Ensure that the load tests validate the performance of Cloud Bigtable B. Create a separate Google Cloud project to use for the load-testing environment F. Instrument the load-testing tool and the target services with detailed logging and metrics collection
Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4TB, and large updates are frequent. Replication requires private address space communication.Which networking approach should you use? A. Google Cloud Dedicated Interconnect B. Google Cloud VPN connected to the data center network C. A NAT and TLS translation gateway installed on-premises D. A Google Compute Engine instance with a VPN server installed connected to the data center network
A. Google Cloud Dedicated Interconnect >> Secured, fast connection, hence the choice. This will allow private connection from GCP to the data centre with a fast connection. Cost is not mentioned in the requirement to eliminate this option.
You are managing several internal applications that are deployed on Compute Engine. Business users inform you that an application has become very slow over the past few days. You want to find the underlying cause in order to solve the problem. What should you do first? A. Inspect the logs and metrics from the instances in Cloud Logging and Cloud Monitoring. B. Change the Compute Engine Instances behind the application to a machine type with more CPU and memory. C. Restore a backup of the application database from a time before the application became slow. D. Deploy the applications on a managed instance group with autoscaling enabled. Add a load balancer in front of the managed instance group, and have the users connect to the IP of the load balancer.
A. Inspect the logs and metrics from the instances in Cloud Logging and Cloud Monitoring.
You need to reduce the number of unplanned rollbacks of erroneous production deployments in your company's web hosting platform. Improvement to the QA/Test processes accomplished an 80% reduction.Which additional two approaches can you take to further reduce the rollbacks? (Choose two.) A. Introduce a green-blue deployment model B. Replace the QA environment with canary releases C. Fragment the monolithic platform into microservices D. Reduce the platform's dependency on relational database systems E. Replace the platform's relational database systems with a NoSQL database
A. Introduce a green-blue deployment model C. Fragment the monolithic platform into microservices
Your company plans to migrate a multi-petabyte data set to the cloud. The data set must be available 24hrs a day. Your business analysts have experience only with using a SQL interface.How should you store the data to optimize it for ease of analysis? A. Load data into Google BigQuery Most Voted B. Insert data into Google Cloud SQL C. Put flat files into Google Cloud Storage D. Stream data into Google Cloud Datastore
A. Load data into Google BigQuery Most Voted
The operations team in your company wants to save Cloud VPN log events for one year. You need to configure the cloud infrastructure to save the logs. What should you do? A. Set up a filter in Cloud Logging and a Cloud Storage bucket as an export target for the logs you want to save. B. Enable the Compute Engine API, and then enable logging on the firewall rules that match the traffic you want to save. C. Set up a Cloud Logging Dashboard titled Cloud VPN Logs, and then add a chart that queries for the VPN metrics over a one-year time period. D. Set up a filter in Cloud Logging and a topic in Pub/Sub to publish the logs
A. Set up a filter in Cloud Logging and a Cloud Storage bucket as an export target for the logs you want to save.
Your marketing department wants to send out a promotional email campaign. The development team wants to minimize direct operation management. They project a wide range of possible customer responses, from 100 to 500,000 click-through per day. The link leads to a simple website that explains the promotion and collects user information and preferences.Which infrastructure should you recommend? (Choose two.) A. Use Google App Engine to serve the website and Google Cloud Datastore to store user data. B. Use a Google Container Engine cluster to serve the website and store data to persistent disk. C. Use a managed instance group to serve the website and Google Cloud Bigtable to store user data. D. Use a single Compute Engine virtual machine (VM) to host a web server, backend by Google Cloud SQL
A. Use Google App Engine to serve the website and Google Cloud Datastore to store user data. C. Use a managed instance group to serve the website and Google Cloud Bigtable to store user data.
You are managing several projects on Google Cloud and need to interact on a daily basis with BigQuery, Bigtable, and Kubernetes Engine using the gcloud CL tool. You are travelling a lot and work on different workstations during the week. You want to avoid having to manage the gcloud CLI manually. What should you do? A. Use Google Cloud Shell in the Google Cloud Console to interact with Google Cloud. B. Create a Compute Engine instance and install gcloud on the instance. Connect to this instance via SSH to always use the same gcloud installation when interacting with Google Cloud. C. Install gcloud on all of your workstations. Run the command gcloud components auto-update on each workstation D. Use a package manager to install gcloud on your workstations instead of installing it manually
A. Use Google Cloud Shell in the Google Cloud Console to interact with Google Cloud. - Avoid manual
Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation, 50% of the batch servers failed the nightly batch run. You want to collect details on the failure to pass back to the development team.Which three actions should you take? (Choose three.) A. Use Stackdriver Logging to search for the module log entries B. Read the debug GCE Activity log using the API or Cloud Console C. Use gcloud or Cloud Console to connect to the serial console and observe the logs D. Identify whether a live migration event of the failed server occurred, using in the activity log E. Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics F. Export a debug VM into an image, and run the image on a local server where kernel log messages will be displayed on the native screen
A. Use Stackdriver Logging to search for the module log entries C. Use gcloud or Cloud Console to connect to the serial console and observe the logs E. Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics
Your team is developing a web application that will be deployed on Google Kubernetes Engine (GKE). Your CTO expects a successful launch and you need to ensure your application can handle the expected load of tens of thousands of users. You want to test the current deployment to ensure the latency of your application stays below a certain threshold. What should you do? A. Use a load testing tool to simulate the expected number of concurrent users and total requests to your application, and inspect the results. B. Enable autoscaling on the GKE cluster and enable horizontal pod autoscaling on your application deployments. Send curl requests to your application, and validate if the auto scaling works. C. Replicate the application over multiple GKE clusters in every Google Cloud region. Configure a global HTTP(S) load balancer to expose the different clusters over a single global IP address. D. Use Cloud Debugger in the development environment to understand the latency between the different microservices
A. Use a load testing tool to simulate the expected number of concurrent users and total requests to your application, and inspect the results.
To reduce costs, the Director of Engineering has required all developers to move their development infrastructure resources from on-premises virtual machines(VMs) to Google Cloud Platform. These resources go through multiple start/stop events during the day and require state to persist. You have been asked to design the process of running a development environment in Google Cloud while providing cost visibility to the finance department.Which two steps should you take? (Choose two.) A. Use the - -no-auto-delete flag on all persistent disks and stop the VM B. Use the - -auto-delete flag on all persistent disks and terminate the VM C. Apply VM CPU utilization label and include it in the BigQuery billing export D. Use Google BigQuery billing export and labels to associate cost to groups E. Store all state into local SSD, snapshot the persistent disks, and terminate the VM F. Store all state in Google Cloud Storage, snapshot the persistent disks, and terminate the VM
A. Use the - -no-auto-delete flag on all persistent disks and stop the VM D. Use Google BigQuery billing export and labels to associate cost to groups
Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. When releasing new versions of the application via a rolling deployment, the team has been causing outages. The root cause of the outages is misconfigurations with parameters that are only used in production. You want to put preventive measures for this in the platform to prevent outages. What should you do? A. Configure liveness and readiness probes in the Pod specification. B. Configure health checks on the managed instance group. C. Create a Scheduled Task to check whether the application is available. D. Configure an uptime alert in Cloud Monitoring.
A: Configuring the right liveness and readiness probes prevents outages when rolling out a new ReplicaSet of a Deployment, because Pods are only getting traffic when they are considered ready. B: With GKE, you do not deal with MIGs
You are developing a globally scaled frontend for a legacy streaming backend data API. This API expects events in strict chronological order with no repeat data for proper processing.Which products should you deploy to ensure guaranteed-once FIFO (first-in, first-out) delivery of data? A. Cloud Pub/Sub alone B. Cloud Pub/Sub to Cloud Dataflow C. Cloud Pub/Sub to Stackdriver D. Cloud Pub/Sub to Cloud SQL
B. Cloud Pub/Sub to Cloud Dataflow
You are implementing the infrastructure for a web service on Google Cloud. The web service needs to receive and store the data from 500,000 requests per second. The data will be queried later in real time, based on exact matches of a known set of attributes. There will be periods where the web service will not receive any requests. The business wants to keep costs low. Which web service platform and database should you use for the application? A. Cloud Run and BigQuery B. Cloud Run and Cloud Bigtable C. A Compute Engine autoscaling managed instance group and BigQuery D. A Compute Engine autoscaling managed instance group and Cloud Bigtable
B. Cloud Run and Cloud Bigtable Heavy writes = BigTable Low cost (scales to zero) = Cloud Run
Your company is designing its application landscape on Compute Engine. Whenever a zonal outage occurs, the application should be restored in another zone as quickly as possible with the latest application data. You need to design the solution to meet this requirement. What should you do? A. Create a snapshot schedule for the disk containing the application data. Whenever a zonal outage occurs, use the latest snapshot to restore the disk in the same zone. B. Configure the Compute Engine instances with an instance template for the application, and use a regional persistent disk for the application data. Whenever a zonal outage occurs, use the instance template to spin up the application in another zone in the same region. Use the regional persistent disk for the application data. C. Create a snapshot schedule for the disk containing the application data. Whenever a zonal outage occurs, use the latest snapshot to restore the disk in another zone within the same region. D. Configure the Compute Engine instances with an instance template for the application, and use a regional persistent disk for the application data. Whenever a zonal outage occurs, use the instance template to spin up the ap
B. Configure the Compute Engine instances with an instance template for the application, and use a regional persistent disk for the application data. Whenever a zonal outage occurs, use the instance template to spin up the application in another zone in the same region. Use the regional persistent disk for the application data.
You need to migrate Hadoop jobs for your company's Data Science team without modifying the underlying infrastructure. You want to minimize costs and infrastructure management effort. What should you do? A. Create a Dataproc cluster using standard worker instances B. Create a Dataproc cluster using preemptible worker instances C. Manually deploy a Hadoop cluster on Compute Engine using standard instances. D. Manually deploy a Hadoop cluster on Compute Engine using preemptible instances
B. Create a Dataproc cluster using preemptible worker instances
You need to deploy an application on Google Cloud that must run on a Debian Linux environment. The application requires extensive configuration in order to operate correctly. You want to ensure that you can install Debian distribution updates with minimal manual intervention whenever they become available. What should you do? A. Create a Compute Engine instance template using the most recent Debian image. Create an instance from this template, and install and configure the application as part of the startup script. Repeat this process whenever a new Google-managed Debian image becomes available. B. Create a Debian-based Compute Engine instance, install and configure the application, and use OS patch management to install available updates C. Create an instance with the latest available Debian image. Connect to the instance via SSH, and install and configure the application on the instance. Repeat this process whenever a new Google-managed Debian image becomes available. D. Create a Docker container with Debian as the base image. Install and configure the application as part of the Docker image creation process. Host the container on Google Kubernetes Engine and restart the container when
B. Create a Debian-based Compute Engine instance, install and configure the application, and use OS patch management to install available updates
You are responsible for the Google Cloud environment in your company. Multiple departments need access to their own projects, and the members within each department will have the same project responsibilities. You want to structure your Google Cloud environment for minimal maintenance and maximum overview ofIAM permissions as each department's projects start and end. You want to follow Google-recommended practices. What should you do? A. Grant all department members the required IAM permissions for their respective projects. B. Create a Google Group per department and add all department members to their respective groups. Create a folder per department and grant the respective group the required IAM permissions at the folder level. Add the projects under the respective folders. C. Create a folder per department and grant the respective members of the department the required IAM permissions at the folder level. Structure all projects for each department under the respective folders. D. Create a Google Group per department and add all department members to their respective groups. Grant each group the required IAM permissions for their respective projects
B. Create a Google Group per department and add all department members to their respective groups. Create a folder per department and grant the respective group the required IAM permissions at the folder level. Add the projects under the respective folders.
Your company's user-feedback portal comprises a standard LAMP stack replicated across two zones. It is deployed in the us-central1 region and uses autoscaled managed instance groups on all layers, except the database. Currently, only a small group of select customers have access to the portal. The portal meets a99,99% availability SLA under these conditions. However next quarter, your company will be making the portal available to all users, including unauthenticated users. You need to develop a resiliency testing strategy to ensure the system maintains the SLA once they introduce additional user load.What should you do? A. Capture existing users input, and replay captured user load until autoscale is triggered on all layers. At the same time, terminate all resources in one of the zones B. Create synthetic random user input, replay synthetic load until autoscale logic is triggered on at least one layer, and introduce ג€chaosג€ to the system by terminating random resources on both zones C. Expose the new system to a larger group of users, and increase group size each day until autoscale logic is triggered on all layers. At the same time, terminate random resources on both zones
B. Create synthetic random user input, replay synthetic load until autoscale logic is triggered on at least one layer, and introduce ג€chaosג€ to the system by terminating random resources on both zones resilience test is not about load, is about terminate resources and service not affected. Think it's B. The best for resilience in to introduce chaos in the infraestructure
You deploy your custom Java application to Google App Engine. It fails to deploy and gives you the following stack trace.What should you do? A. Upload missing JAR files and redeploy your application. B. Digitally sign all of your JAR files and redeploy your application C. Recompile the CLoakedServlet class using and MD5 hash instead of SHA1
B. Digitally sign all of your JAR files and redeploy your application Signing the JAR files grants it permissions
Your company's test suite is a custom C++ application that runs tests throughout each day on Linux virtual machines. The full test suite takes several hours to complete, running on a limited number of on-premises servers reserved for testing. Your company wants to move the testing infrastructure to the cloud, to reduce the amount of time it takes to fully test a change to the system, while changing the tests as little as possible.Which cloud infrastructure should you recommend? A. Google Compute Engine unmanaged instance groups and Network Load Balancer B. Google Compute Engine managed instance groups with auto-scaling C. Google Cloud Dataproc to run Apache Hadoop jobs to process each test D. Google App Engine with Google StackDriver for logging
B. Google Compute Engine managed instance groups with auto-scaling Google Compute Engine enables users to launch virtual machines (VMs) on demand. VMs can be launched from the standard images or custom images created by users.Managed instance groups offer autoscaling capabilities that allow you to automatically add or remove instances from a managed instance group based on increases or decreases in load. Autoscaling helps your applications gracefully handle increases in traffic and reduces cost when the need for resources is lower
Your company just finished a rapid lift and shift to Google Compute Engine for your compute needs. You have another 9 months to design and deploy a more cloud-native solution. Specifically, you want a system that is no-ops and auto-scaling.Which two compute products should you choose? (Choose two.) A. Compute Engine with containers B. Google Kubernetes Engine with containers C. Google App Engine Standard Environment D. Compute Engine with custom instance types E. Compute Engine with managed instance groups
B. Google Kubernetes Engine with containers C. Google App Engine Standard Environment
Your company is building a new architecture to support its data-centric business focus. You are responsible for setting up the network. Your company's mobile and web-facing applications will be deployed on-premises, and all data analysis will be conducted in GCP. The plan is to process and load 7 years of archived .csv files totaling 900 TB of data and then continue loading 10 TB of data daily. You currently have an existing 100-MB internet connection.What actions will meet your company's needs? A. Compress and upload both archived files and files uploaded daily using the gsutil ג€"m option. B. Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish a connection with Google using a Dedicated Interconnect or Direct Peering connection and use it to upload files daily C. Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish one Cloud VPN Tunnel to VPC networks over the public internet, and compress and upload files daily using the gsutil ג€"m option. D. Lease a Transfer Appliance, upload archived files to it, and send it to Google to tra
B. Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish a connection with Google using a Dedicated Interconnect or Direct Peering connection and use it to upload files daily
Your company runs several databases on a single MySQL instance. They need to take backups of a specific database at regular intervals. The backup activity needs to complete as quickly as possible and cannot be allowed to impact disk performance.How should you configure the storage? A. Configure a cron job to use the gcloud tool to take regular backups using persistent disk snapshots. B. Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage. C. Use gcsfise to mount a Google Cloud Storage bucket as a volume directly on the instance and write backups to the mounted location using mysqldump. D. Mount additional persistent disk volumes onto each virtual machine (VM) instance in a RAID10 array and use LVM to create snapshots to send to Cloud Storage
B. Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage.
Your company wants to track whether someone is present in a meeting room reserved for a scheduled meeting. There are 1000 meeting rooms across 5 offices on 3 continents. Each room is equipped with a motion sensor that reports its status every second. The data from the motion detector includes only a sensor ID and several different discrete items of information. Analysts will use this data, together with information about account owners and office locations. Which database type should you use? A. Flat file B. NoSQL C. Relational D. Blobstore
B. NoSQL
Your company is running its application workloads on Compute Engine. The applications have been deployed in production, acceptance, and development environments. The production environment is business-critical and is used 24/7, while the acceptance and development environments are only critical during office hours. Your CFO has asked you to optimize these environments to achieve cost savings during idle times. What should you do? A. Create a shell script that uses the gcloud command to change the machine type of the development and acceptance instances to a smaller machine type outside of office hours. Schedule the shell script on one of the production instances to automate the task. B. Use Cloud Scheduler to trigger a Cloud Function that will stop the development and acceptance environments after office hours and start them just before office hours. C. Deploy the development and acceptance applications on a managed instance group and enable autoscaling. D. Use regular Compute Engine instances for the production environment, and use preemptible VMs for the acceptance and development environments
B. Use Cloud Scheduler to trigger a Cloud Function that will stop the development and acceptance environments after office hours and start them just before office hours.
ou are developing your microservices application on Google Kubernetes Engine. During testing, you want to validate the behavior of your application in case a specific microservice should suddenly crash. What should you do? A. Add a taint to one of the nodes of the Kubernetes cluster. For the specific microservice, configure a pod anti-affinity label that has the name of the tainted node as a value. B. Use Istio's fault injection on the particular microservice whose faulty behavior you want to simulate C. Destroy one of the nodes of the Kubernetes cluster to observe the behavior. D. Configure Istio's traffic management features to steer the traffic away from a crashing microservice
B. Use Istio's fault injection on the particular microservice whose faulty behavior you want to simulate In a Kubernetes environment, you can approach chaos testing at different layers - for instance, by deleting pods at random, or shutting off entire nodes. But failures also happen at the application layer. Infinite loops, broken client libraries - application code can fail in an infinite number of ways! This is where Istio fault injection comes in. You can use Istio VirtualServices to do chaos testing at the application layer, by injecting timeouts or HTTP errors into your services, without actually updating your app code
Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced.Which two actions can you take? (Choose two.) A. Ensure every code check-in is peer reviewed by a security SME B. Use source code security analyzers as part of the CI/CD pipeline C. Ensure you have stubs to unit test all interfaces between components D. Enable code signing and a trusted binary repository integrated with your CI/CD pipeline Most Voted E. Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline
B. Use source code security analyzers as part of the CI/CD pipeline E. Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline
Your company has an enterprise application running on Compute Engine that requires high availability and high performance. The application has been deployed on two instances in two zones in the same region in active-passive mode. The application writes data to a persistent disk. In the case of a single zone outage, that data should be immediately made available to the other instance in the other zone. You want to maximize performance while minimizing downtime and data loss.What should you do? A. 1. Attach a persistent SSD disk to the first instance. 2. Create a snapshot every hour. 3. In case of a zone outage, recreate a persistent SSD disk in the second instance where data is coming from the created snapshot. B. 1. Create a Cloud Storage bucket. 2. Mount the bucket into the first instance with gcs-fuse. 3. In case of a zone outage, mount the Cloud Storage bucket to the second instance with gcs-fuse. C. 1. Attach a regional SSD persistent disk to the first instance. 2. In case of a zone outage, force-attach the disk to the other instance. D. 1. Attach a local SSD to the first instance disk. 2. Execute an rsync command every hour where the target is a persistent SSD disk attached to the s
C. 1. Attach a regional SSD persistent disk to the first instance. 2. In case of a zone outage, force-attach the disk to the other instance. Regional persistent disk is a storage option that provides synchronous replication of data between two zones in a region. Regional persistent disks can be a good building block to use when you implement HA services in Compute Engine.
Your company has a Google Cloud project that uses BigQuery for data warehousing. There are some tables that contain personally identifiable information (PII).Only the compliance team may access the PII. The other information in the tables must be available to the data science team. You want to minimize cost and the time it takes to assign appropriate access to the tables. What should you do? A. 1. From the dataset where you have the source data, create views of tables that you want to share, excluding PII. 2. Assign an appropriate project-level IAM role to the members of the data science team. 3. Assign access controls to the dataset that contains the view. B. 1. From the dataset where you have the source data, create materialized views of tables that you want to share, excluding PII. 2. Assign an appropriate project-level IAM role to the members of the data science team. 3. Assign access controls to the dataset that contains the view. C. 1. Create a dataset for the data science team. 2. Create views of tables that you want to share, excluding PII. 3. Assign an appropriate project-level IAM role to the members of the data science team. 4. Assign access controls to the dataset that contai
C. 1. Create a dataset for the data science team. 2. Create views of tables that you want to share, excluding PII. 3. Assign an appropriate project-level IAM role to the members of the data science team. 4. Assign access controls to the dataset that contains the view. 5. Authorize the view to access the source dataset.
Your company has a networking team and a development team. The development team runs applications on Compute Engine instances that contain sensitive data. The development team requires administrative permissions for Compute Engine. Your company requires all network resources to be managed by the networking team. The development team does not want the networking team to have access to the sensitive data on the instances. What should you do? A. 1. Create a project with a standalone VPC and assign the Network Admin role to the networking team. 2. Create a second project with a standalone VPC and assign the Compute Admin role to the development team. 3. Use Cloud VPN to join the two VPCs. B. 1. Create a project with a standalone Virtual Private Cloud (VPC), assign the Network Admin role to the networking team, and assign the Compute Admin role to the development team. C. 1. Create a project with a Shared VPC and assign the Network Admin role to the networking team. 2. Create a second project without a VPC, configure it as a Shared VPC service project, and assign the Compute Admin role to the development team. D. 1. Create a project with a standalone VPC and assign the Network Admi
C. 1. Create a project with a Shared VPC and assign the Network Admin role to the networking team. 2. Create a second project without a VPC, configure it as a Shared VPC service project, and assign the Compute Admin role to the development team. It talks about managing all network resources in a company. Google always recommends having a shared VPC to maintain network resources in an organization. The separation of roles adds to the favour of having a shared vpc.
Your company has a Google Workspace account and Google Cloud Organization. Some developers in the company have created Google Cloud projects outside of the Google Cloud Organization.You want to create an Organization structure that allows developers to create projects, but prevents them from modifying production projects. You want to manage policies for all projects centrally and be able to set more restrictive policies for production projects.You want to minimize disruption to users and developers when business needs change in the future. You want to follow Google-recommended practices. Now should you design the Organization structure? A. 1. Create a second Google Workspace account and Organization. 2. Grant all developers the Project Creator IAM role on the new Organization. 3. Move the developer projects into the new Organization. 4. Set the policies for all projects on both Organizations. 5. Additionally, set the production policies on the original Organization. B. 1. Create a folder under the Organization resource named ג€Production.ג€ 2. Grant all developers the Project Creator IAM role on the new Organization. 3. Move the developer projects into the new Organization. 4. Set the po
C. 1. Create folders under the Organization resource named ג€Developmentג€ and ג€Production.ג€ 2. Grant all developers the Project Creator IAM role on the ג€Developmentג€ folder. 3. Move the developer projects into the ג€Developmentג€ folder. 4. Set the policies for all projects on the Organization. 5. Additionally, set the production policies on the ג€Productionג€ folder.
Your company is planning to perform a lift and shift migration of their Linux RHEL 6.5+ virtual machines. The virtual machines are running in an on-premisesVMware environment. You want to migrate them to Compute Engine following Google-recommended practices. What should you do? A. 1. Define a migration plan based on the list of the applications and their dependencies. 2. Migrate all virtual machines into Compute Engine individually with Migrate for Compute Engine. B. 1. Perform an assessment of virtual machines running in the current VMware environment. 2. Create images of all disks. Import disks on Compute Engine. 3. Create standard virtual machines where the boot disks are the ones you have imported. C. 1. Perform an assessment of virtual machines running in the current VMware environment. 2. Define a migration plan, prepare a Migrate for Compute Engine migration RunBook, and execute the migration. D. 1. Perform an assessment of virtual machines running in the current VMware environment. 2. Install a third-party agent on all selected virtual machines. 3. Migrate all virtual machines into Compute Engine.
C. 1. Perform an assessment of virtual machines running in the current VMware environment. 2. Define a migration plan, prepare a Migrate for Compute Engine migration RunBook, and execute the migration.
You are moving an application that uses MySQL from on-premises to Google Cloud. The application will run on Compute Engine and will use Cloud SQL. You want to cut over to the Compute Engine deployment of the application with minimal downtime and no data loss to your customers. You want to migrate the application with minimal modification. You also need to determine the cutover strategy. What should you do? A. 1. Set up Cloud VPN to provide private network connectivity between the Compute Engine application and the on-premises MySQL server. 2. Stop the on-premises application. 3. Create a mysqldump of the on-premises MySQL server. 4. Upload the dump to a Cloud Storage bucket. 5. Import the dump into Cloud SQL. 6. Modify the source code of the application to write queries to both databases and read from its local database. 7. Start the Compute Engine application. 8. Stop the on-premises application. B. 1. Set up Cloud SQL proxy and MySQL proxy. 2. Create a mysqldump of the on-premises MySQL server. 3. Upload the dump to a Cloud Storage bucket. 4. Import the dump into Cloud SQL. 5. Stop the on-premises application. 6. Start the Compute Engine application. C. 1. Set up Cloud VPN to provide p
C. 1. Set up Cloud VPN to provide private network connectivity between the Compute Engine application and the on-premises MySQL server. 2. Stop the on-premises application. 3. Start the Compute Engine application, configured to read and write to the on-premises MySQL server. 4. Create the replication configuration in Cloud SQL. 5. Configure the source database server to accept connections from the Cloud SQL replica. 6. Finalize the Cloud SQL replica configuration. 7. When replication has been completed, stop the Compute Engine application. 8. Promote the Cloud SQL replica to a standalone instance. 9. Restart the Compute Engine application, configured to read and write to the Cloud SQL standalone instance.
Your company is using Google Cloud. You have two folders under the Organization: Finance and Shopping. The members of the development team are in aGoogle Group. The development team group has been assigned the Project Owner role on the Organization. You want to prevent the development team from creating resources in projects in the Finance folder. What should you do? A. Assign the development team group the Project Viewer role on the Finance folder, and assign the development team group the Project Owner role on the Shopping folder. B. Assign the development team group only the Project Viewer role on the Finance folder. C. Assign the development team group the Project Owner role on the Shopping folder, and remove the development team group Project Owner role from the Organization. D. Assign the development team group only the Project Owner role on the Shopping folder
C. Assign the development team group the Project Owner role on the Shopping folder, and remove the development team group Project Owner role from the Organization.
You are implementing a single Cloud SQL MySQL second-generation database that contains business-critical transaction data. You want to ensure that the minimum amount of data is lost in case of catastrophic failure. Which two features should you implement? A. Sharding B. Read replicas C. Binary logging D. Automated backups E. Semisynchronous replication
C. Binary logging D. Automated backups Backups help you restore lost data to your Cloud SQL instance. Additionally, if an instance is having a problem, you can restore it to a previous state by using the backup to overwrite it. Enable automated backups for any instance that contains necessary data. Backups protect your data from loss or damage.Enabling automated backups, along with binary logging, is also required for some operations, such as clone and replica creation
You have a Compute Engine application that you want to autoscale when total memory usage exceeds 80%. You have installed the Cloud Monitoring agent and configured the autoscaling policy as follows:✑ Metric identifier: agent.googleapis.com/memory/percent_used✑ Filter: metric.label.state = 'used'✑ Target utilization level: 80✑ Target type: GAUGEYou observe that the application does not scale under high load. You want to resolve this. What should you do? A. Change the Target type to DELTA_PER_MINUTE. Most Voted B. Change the Metric identifier to agent.googleapis.com/memory/bytes_used. C. Change the filter to metric.label.state = 'used' AND metric.label.state = 'buffered' AND metric.label.state = 'cached' AND metric.label.state = 'slab'. D. Change the filter to metric.label.state = 'free' and the Target utilization to 20
C. Change the filter to metric.label.state = 'used' AND metric.label.state = 'buffered' AND metric.label.state = 'cached' AND metric.label.state = 'slab'.
A lead engineer wrote a custom tool that deploys virtual machines in the legacy data center. He wants to migrate the custom tool to the new cloud environment.You want to advocate for the adoption of Google Cloud Deployment Manager.What are two business risks of migrating to Cloud Deployment Manager? (Choose two.) A. Cloud Deployment Manager uses Python B. Cloud Deployment Manager APIs could be deprecated in the future C. Cloud Deployment Manager is unfamiliar to the company's engineers D. Cloud Deployment Manager requires a Google APIs service account to run E. Cloud Deployment Manager can be used to permanently delete cloud resources Most Voted F. Cloud Deployment Manager only supports automation of Google Cloud resources
C. Cloud Deployment Manager is unfamiliar to the company's engineers F. Cloud Deployment Manager only supports automation of Google Cloud resources
You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via SSH into a specific machine without violating the security requirements. What should you do? A. Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance. B. Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP. C. Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance. D. Create a bastion host in the network to SSH into the bastion host from your office location. From the bastion host, SSH into the desired instance
C. Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance. "I use IAP all the time which allows me to reduce exposure to VM from public internet"
Your company has a Google Cloud project that uses BigQuery for data warehousing. They have a VPN tunnel between the on-premises environment and GoogleCloud that is configured with Cloud VPN. The security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing.What should they do? A. Configure Private Google Access for on-premises only. B. Perform the following tasks: 1. Create a service account. 2. Give the BigQuery JobUser role and Storage Reader role to the service account. 3. Remove all other IAM access from the project. C. Configure VPC Service Controls and configure Private Google Access. D. Configure Private Google Access
C. Configure VPC Service Controls and configure Private Google Access. To secure data from exfiltration by malicious insiders, compromised code or accidental oversharing, we use VPC Service controls For private access options, connect to services in VPC networks we use private service endpoints or VPC network peering. VPC Service Controls improves your ability to mitigate the risk of data exfiltration from Google Cloud services such as Cloud Storage and BigQuery.
Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. You have separate clusters for development, staging, and production. You have discovered that the team is able to deploy a Docker image to the production cluster without first testing the deployment in development and then staging. You want to allow the team to have autonomy but want to prevent this from happening. You want a Google Cloud solution that can be implemented quickly with minimal effort. What should you do? A. Configure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment. B. Implement a corporate policy to prevent teams from deploying Docker images to an environment unless the Docker image was tested in an earlier environment. C. Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline. D. Create a Kubernetes admissions controller to prevent the container from starting if it is not approved for usage in the given environment
C. Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline.
Your team will start developing a new application using microservices architecture on Kubernetes Engine. As part of the development lifecycle, any code change that has been pushed to the remote develop branch on your GitHub repository should be built and tested automatically. When the build and test are successful, the relevant microservice will be deployed automatically in the development environment. You want to ensure that all code deployed in the development environment follows this process. What should you do? A. Have each developer install a pre-commit hook on their workstation that tests the code and builds the container when committing on the development branch. After a successful commit, have the developer deploy the newly built container image on the development cluster. B. Install a post-commit hook on the remote git repository that tests the code and builds the container when code is pushed to the development branch. After a successful commit, have the developer deploy the newly built container image on the development cluster. C. Create a Cloud Build trigger based on the development branch that tests the code, builds the container, and stores it in Container Registry. Create
C. Create a Cloud Build trigger based on the development branch that tests the code, builds the container, and stores it in Container Registry. Create a deployment pipeline that watches for new images and deploys the new image on the development cluster. Ensure only the deployment tool has access to deploy new versions. Questions say "relevant microservice will be deployed automatically in the development environment." Therefore A and B are out. D says "Rely on Vulnerability Scanning to ensure the code tests succeed." Vulnerability Scanning is not test so D is out. The correct Answer is therefore C.
You need to deploy a stateful workload on Google Cloud. The workload can scale horizontally, but each instance needs to read and write to the same POSIX filesystem. At high load, the stateful workload needs to support up to 100 MB/s of writes. What should you do? A. Use a persistent disk for each instance. B. Use a regional persistent disk for each instance. C. Create a Cloud Filestore instance and mount it in each instance. D. Create a Cloud Storage bucket and mount it in each instance using gcsfuse
C. Create a Cloud Filestore instance and mount it in each instance. Google recommends Filestore for POSIX files
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect toBigQuery.What should you do to fix the script? A. Install the latest BigQuery API client library for Python B. Run your script on a new virtual machine with the BigQuery access scope enabled C. Create a new service account with BigQuery access and execute your script with that user D. Install the bq component for gcloud with the command gcloud components install bq.
C. Create a new service account with BigQuery access and execute your script with that user Most Voted
Your company has a stateless web API that performs scientific calculations. The web API runs on a single Google Kubernetes Engine (GKE) cluster. The cluster is currently deployed in us-central1. Your company has expanded to offer your API to customers in Asia. You want to reduce the latency for users in Asia.What should you do? A. Create a second GKE cluster in asia-southeast1, and expose both APIs using a Service of type LoadBalancer. Add the public IPs to the Cloud DNS zone. B. Use a global HTTP(s) load balancer with Cloud CDN enabled. C. Create a second GKE cluster in asia-southeast1, and use kubemci to create a global HTTP(s) load balancer. D. Increase the memory and CPU allocated to the application in the cluster
C. Create a second GKE cluster in asia-southeast1, and use kubemci to create a global HTTP(s) load balancer. The problem with B is the question very much infers we are dealing with dynamic content & not static.
One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data.How can you design your logging system to verify authenticity of your logs? A. Write the log concurrently in the cloud and on premises B. Use a SQL database and limit who can modify the log table C. Digitally sign each timestamp and log entry and store the signature D. Create a JSON dump of each log entry and store it in Google Cloud Storage
C. Digitally sign each timestamp and log entry and store the signature
You set up an autoscaling instance group to serve web traffic for an upcoming launch. After configuring the instance group as a backend service to an HTTP(S) load balancer, you notice that virtual machine (VM) instances are being terminated and re-launched every minute. The instances do not have a public IP address.You have verified the appropriate web response is coming from each instance using the curl command. You want to ensure the backend is configured correctly.What should you do? A. Ensure that a firewall rules exists to allow source traffic on HTTP/HTTPS to reach the load balancer. B. Assign a public IP to each instance and configure a firewall rule to allow the load balancer to reach the instance public IP. C. Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group. D. Create a tag on each instance with the name of the load balancer. Configure a firewall rule with the name of the load balancer as the source and the instance tag as the destination.
C. Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group.
Your company sends all Google Cloud logs to Cloud Logging. Your security team wants to monitor the logs. You want to ensure that the security team can react quickly if an anomaly such as an unwanted firewall change or server breach is detected. You want to follow Google-recommended practices. What should you do? A. Schedule a cron job with Cloud Scheduler. The scheduled job queries the logs every minute for the relevant events. B. Export logs to BigQuery, and trigger a query in BigQuery to process the log data for the relevant events. C. Export logs to a Pub/Sub topic, and trigger Cloud Function with the relevant log events. D. Export logs to a Cloud Storage bucket, and trigger Cloud Run with the relevant log events
C. Export logs to a Pub/Sub topic, and trigger Cloud Function with the relevant log events.
A recent audit revealed that a new network was created in your GCP project. In this network, a GCE instance has an SSH port open to the world. You want to discover this network's origin.What should you do? A. Search for Create VM entry in the Stackdriver alerting console B. Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry C. In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry D. Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list
C. In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry When you search for Create Insert, it displays a JSON code string that contains the creators e-mail
Your solution is producing performance bugs in production that you did not see in staging and test environments. You want to adjust your test and deployment procedures to avoid this problem in the future.What should you do? A. Deploy fewer changes to production B. Deploy smaller changes to production C. Increase the load on your test and staging environments D. Deploy changes to a small subset of users before rolling out to production
C. Increase the load on your test and staging environments
Your company is developing a web-based application. You need to make sure that production deployments are linked to source code commits and are fully auditable. What should you do? A. Make sure a developer is tagging the code commit with the date and time of commit. B. Make sure a developer is adding a comment to the commit that links to the deployment. C. Make the container tag match the source code commit hash. D. Make sure the developer is tagging the commits with latest
C. Make the container tag match the source code commit hash.
Your company has an application running on Google Cloud that is collecting data from thousands of physical devices that are globally distributed. Data is published to Pub/Sub and streamed in real time into an SSD Cloud Bigtable cluster via a Dataflow pipeline. The operations team informs you that your CloudBigtable cluster has a hotspot, and queries are taking longer than expected. You need to resolve the problem and prevent it from happening in the future. What should you do? A. Advise your clients to use HBase APIs instead of NodeJS APIs. B. Delete records older than 30 days. C. Review your RowKey strategy and ensure that keys are evenly spread across the alphabet. D. Double the number of nodes you currently have
C. Review your RowKey strategy and ensure that keys are evenly spread across the alphabet. The RowKey is used to sort data within a Cloud Bigtable cluster. If the keys are not evenly spread across the alphabet, it can result in a hotspot and slow down queries. To prevent this from happening in the future, you should review your RowKey strategy and ensure that keys are evenly spread across the alphabet. This will help to distribute the data evenly across the cluster and improve query performance. Other potential solutions to consider include adding more nodes to the cluster or optimizing your query patterns. However, deleting records older than 30 days or advising clients to use HBase APIs instead of NodeJS APIs would not address the issue of a hotspot in the cluster.
You have a Compute Engine managed instance group that adds and removes Compute Engine instances from the group in response to the load on your application. The instances have a shutdown script that removes REDIS database entries associated with the instance. You see that many database entries have not been removed, and you suspect that the shutdown script is the problem. You need to ensure that the commands in the shutdown script are run reliably every time an instance is shut down. You create a Cloud Function to remove the database entries. What should you do next? A. Modify the shutdown script to wait for 30 seconds before triggering the Cloud Function. B. Do not use the Cloud Function. Modify the shutdown script to restart if it has not completed in 30 seconds. C. Set up a Cloud Monitoring sink that triggers the Cloud Function after an instance removal log message arrives in Cloud Logging. D. Modify the shutdown script to wait for 30 seconds and then publish a message to a Pub/Sub queue
C. Set up a Cloud Monitoring sink that triggers the Cloud Function after an instance removal log message arrives in Cloud Logging.
Your company recently acquired a company that has infrastructure in Google Cloud. Each company has its own Google Cloud organization. Each company is using a Shared Virtual Private Cloud (VPC) to provide network connectivity for its applications. Some of the subnets used by both companies overlap. In order for both businesses to integrate, the applications need to have private network connectivity. These applications are not on overlapping subnets. You want to provide connectivity with minimal re-engineering. What should you do? A. Set up VPC peering and peer each Shared VPC together. B. Migrate the projects from the acquired company into your company's Google Cloud organization. Re-launch the instances in your companies Shared VPC. C. Set up a Cloud VPN gateway in each Shared VPC and peer Cloud VPNs. D. Configure SSH port forwarding on each application to provide connectivity between applications in the different Shared VPCs
C. Set up a Cloud VPN gateway in each Shared VPC and peer Cloud VPNs. VPC peering cannot be established between VPCs if there is IP range overlap. C is ok since you can establish VPN across these VPCs and only include the applications required IP ranges as its mentioned that they do not overlap
Your company has developed a monolithic, 3-tier application to allow external users to upload and share files. The solution cannot be easily enhanced and lacks reliability. The development team would like to re-architect the application to adopt microservices and a fully managed service approach, but they need to convince their leadership that the effort is worthwhile. Which advantage(s) should they highlight to leadership? A. The new approach will be significantly less costly, make it easier to manage the underlying infrastructure, and automatically manage the CI/CD pipelines. B. The monolithic solution can be converted to a container with Docker. The generated container can then be deployed into a Kubernetes cluster. C. The new approach will make it easier to decouple infrastructure from application, develop and release new features, manage the underlying infrastructure, manage CI/CD pipelines and perform A/B testing, and scale the solution if necessary. D. The process can be automated with Migrate for Compute Engine
C. The new approach will make it easier to decouple infrastructure from application, develop and release new features, manage the underlying infrastructure, manage CI/CD pipelines and perform A/B testing, and scale the solution if necessary.
You want to enable your running Google Kubernetes Engine cluster to scale as demand for your application changes.What should you do? A. Add additional nodes to your Kubernetes Engine cluster using the following command: gcloud container clusters resize CLUSTER_Name ג€" -size 10 B. Add a tag to the instances in the cluster with the following command: gcloud compute instances add-tags INSTANCE - -tags enable- autoscaling max-nodes-10 C. Update the existing Kubernetes Engine cluster with the following command: gcloud alpha container clusters update mycluster - -enable- autoscaling - -min-nodes=1 - -max-nodes=10 D. Create a new Kubernetes Engine cluster with the following command: gcloud alpha container clusters create mycluster - -enable- autoscaling - -min-nodes=1 - -max-nodes=10 and redeploy your application
C. Update the existing Kubernetes Engine cluster with the following command: gcloud alpha container clusters update mycluster - -enable- autoscaling - -min-nodes=1 - -max-nodes=10
Your company provides a recommendation engine for retail customers. You are providing retail customers with an API where they can submit a user ID and theAPI returns a list of recommendations for that user. You are responsible for the API lifecycle and want to ensure stability for your customers in case the API makes backward-incompatible changes. You want to follow Google-recommended practices. What should you do? A. Create a distribution list of all customers to inform them of an upcoming backward-incompatible change at least one month before replacing the old API with the new API. B. Create an automated process to generate API documentation, and update the public API documentation as part of the CI/CD process when deploying an update to the API. C. Use a versioning strategy for the APIs that increases the version number on every backward-incompatible change. D. Use a versioning strategy for the APIs that adds the suffix ג€DEPRECATEDג€ to the current API version number on every backward-incompatible change. Use the current version number for the new API
C. Use a versioning strategy for the APIs that increases the version number on every backward-incompatible change.
You are designing a mobile chat application. You want to ensure people cannot spoof chat messages, by providing a message were sent by a specific user.What should you do? A. Tag messages client side with the originating user identifier and the destination user. B. Encrypt the message client side using block-based encryption with a shared key. C. Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key. D. Use a trusted certificate authority to enable SSL connectivity between the client application and the server
C. Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key. As question is about ensuring a specific user sent a message, answer could not be D, which would ensure secure message transmission, but not message origin (which can only be done by using asymmetric key)
Your company has an application running on Compute Engine that allows users to play their favorite music. There are a fixed number of instances. Files are stored in Cloud Storage, and data is streamed directly to users. Users are reporting that they sometimes need to attempt to play popular songs multiple times before they are successful. You need to improve the performance of the application. What should you do? A. 1. Mount the Cloud Storage bucket using gcsfuse on all backend Compute Engine instances. 2. Serve music files directly from the backend Compute Engine instance. B. 1. Create a Cloud Filestore NFS volume and attach it to the backend Compute Engine instances. 2. Download popular songs in Cloud Filestore. 3. Serve music files directly from the backend Compute Engine instance. C. 1. Copy popular songs into CloudSQL as a blob. 2. Update application code to retrieve data from CloudSQL when Cloud Storage is overloaded. D. 1. Create a managed instance group with Compute Engine instances. 2. Create a global load balancer and configure it with two backends: ג—‹ Managed instance group ג—‹ Cloud Storage bucket 3. Enable Cloud CDN on the bucket backend
D. 1. Create a managed instance group with Compute Engine instances. 2. Create a global load balancer and configure it with two backends: ג—‹ Managed instance group ג—‹ Cloud Storage bucket 3. Enable Cloud CDN on the bucket backend
Your company has an application running on Compute Engine that allows users to play their favorite music. There are a fixed number of instances. Files are stored in Cloud Storage, and data is streamed directly to users. Users are reporting that they sometimes need to attempt to play popular songs multiple times before they are successful. You need to improve the performance of the application. What should you do? A. 1. Mount the Cloud Storage bucket using gcsfuse on all backend Compute Engine instances. 2. Serve music files directly from the backend Compute Engine instance. B. 1. Create a Cloud Filestore NFS volume and attach it to the backend Compute Engine instances. 2. Download popular songs in Cloud Filestore. 3. Serve music files directly from the backend Compute Engine instance. C. 1. Copy popular songs into CloudSQL as a blob. 2. Update application code to retrieve data from CloudSQL when Cloud Storage is overloaded. D. 1. Create a managed instance group with Compute Engine instances. 2. Create a global load balancer and configure it with two backends: ג—‹ Managed instance group ג—‹ Cloud Storage bucket 3. Enable Cloud CDN on the bucket backend.
D. 1. Create a managed instance group with Compute Engine instances. 2. Create a global load balancer and configure it with two backends: ג—‹ Managed instance group ג—‹ Cloud Storage bucket 3. Enable Cloud CDN on the bucket backend. Using Cloud CDN to deliver files to users from a location that is closer to them.
Your company is planning to migrate their Windows Server 2022 from their on-premises data center to Google Cloud. You need to bring the licenses that are currently in use in on-premises virtual machines into the target cloud environment. What should you do? A. 1. Create an image of the on-premises virtual machines and upload into Cloud Storage.2. Import the image as a virtual disk on Compute Engine. B. 1. Create standard instances on Compute Engine.2. Select as the OS the same Microsoft Windows version that is currently in use in the on-premises environment. C. 1. Create an image of the on-premises virtual machine.2. Import the image as a virtual disk on Compute Engine.3. Create a standard instance on Compute Engine, selecting as the OS the same Microsoft Windows version that is currently in use in the on-premises environment.4. Attach a data disk that includes data that matches the created image. D. 1. Create an image of the on-premises virtual machines.2. Import the image as a virtual disk on Compute Engine using --os=windows-2022-dc-v.3. Create a sole-tenancy instance on Compute Engine that uses the imported disk as a boot disk
D. 1. Create an image of the on-premises virtual machines.2. Import the image as a virtual disk on Compute Engine using --os=windows-2022-dc-v.3. Create a sole-tenancy instance on Compute Engine that uses the imported disk as a boot disk Sole-tenant nodes can help you meet dedicated hardware requirements for bring your own license (BYOL) scenarios that require per-core or per-processor licenses. When you use sole-tenant nodes, you have some visibility into the underlying hardware, which lets you track core and processor usage.
Your company is planning to upload several important files to Cloud Storage. After the upload is completed, they want to verify that the uploaded content is identical to what they have on-premises. You want to minimize the cost and effort of performing this check. What should you do? A. 1. Use Linux shasum to compute a digest of files you want to upload. 2. Use gsutil -m to upload all the files to Cloud Storage. 3. Use gsutil cp to download the uploaded files. 4. Use Linux shasum to compute a digest of the downloaded files. 5. Compare the hashes. B. 1. Use gsutil -m to upload the files to Cloud Storage. 2. Develop a custom Java application that computes CRC32C hashes. 3. Use gsutil ls -L gs://[YOUR_BUCKET_NAME] to collect CRC32C hashes of the uploaded files. 4. Compare the hashes. C. 1. Use gsutil -m to upload all the files to Cloud Storage. 2. Use gsutil cp to download the uploaded files. 3. Use Linux diff to compare the content of the files. D. 1. Use gsutil -m to upload the files to Cloud Storage. 2. Use gsutil hash -c FILE_NAME to generate CRC32C hashes of all on-premises files. 3. Use gsutil ls -L gs://[YOUR_BUCKET_NAME] to collect CRC32C hashes of the uploaded files. 4. Compare the
D. 1. Use gsutil -m to upload the files to Cloud Storage. 2. Use gsutil hash -c FILE_NAME to generate CRC32C hashes of all on-premises files. 3. Use gsutil ls -L gs://[YOUR_BUCKET_NAME] to collect CRC32C hashes of the uploaded files. 4. Compare the hashes
Which of the following is not a valid metric for triggering autoscaling? A. Google Cloud Pub/Sub queuing B. Average CPU utilization C. Stackdriver Monitoring metrics D. App Engine Task Queues
D. App Engine Task Queues To create an autoscaler, you must specify the autoscaling policy and a target utilization level that the autoscaler uses to determine when to scale the group. You can choose to scale using the following policies:. Average CPU utilization. Stackdriver Monitoring metrics. HTTP load balancing serving capacity, which can be based on either utilization or requests per second.. Google Cloud Pub/Sub queuing workload (Alpha)
Your company has an application running on multiple Compute Engine instances. You need to ensure that the application can communicate with an on-premises service that requires high throughput via internal IPs, while minimizing latency. What should you do? A. Use OpenVPN to configure a VPN tunnel between the on-premises environment and Google Cloud. B. Configure a direct peering connection between the on-premises environment and Google Cloud. C. Use Cloud VPN to configure a VPN tunnel between the on-premises environment and Google Cloud. D. Configure a Cloud Dedicated Interconnect connection between the on-premises environment and Google Cloud
D. Configure a Cloud Dedicated Interconnect connection between the on-premises environment and Google Cloud Ans ) D , Reason : high throughput via internal IPs
Your company has a Kubernetes application that pulls messages from Pub/Sub and stores them in Filestore. Because the application is simple, it was deployed as a single pod. The infrastructure team has analyzed Pub/Sub metrics and discovered that the application cannot process the messages in real time. Most of them wait for minutes before being processed. You need to scale the elaboration process that is I/O-intensive. What should you do? A. Use kubectl autoscale deployment APP_NAME --max 6 --min 2 --cpu-percent 50 to configure Kubernetes autoscaling deployment. B. Configure a Kubernetes autoscaling deployment based on the subscription/push_request_latencies metric. C. Use the --enable-autoscaling flag when you create the Kubernetes cluster. D. Configure a Kubernetes autoscaling deployment based on the subscription/num_undelivered_messages metric
D. Configure a Kubernetes autoscaling deployment based on the subscription/num_undelivered_messages metric
Your company has a support ticketing solution that uses App Engine Standard. The project that contains the App Engine application already has a Virtual PrivateCloud (VPC) network fully connected to the company's on-premises environment through a Cloud VPN tunnel. You want to enable the App Engine application to communicate with a database that is running in the company's on-premises environment. What should you do? A. Configure private Google access for on-premises hosts only. B. Configure private Google access. C. Configure private services access. D. Configure serverless VPC access
D. Configure serverless VPC access
You are migrating third-party applications from optimized on-premises virtual machines to Google Cloud. You are unsure about the optimum CPU and memory options. The applications have a consistent usage pattern across multiple weeks. You want to optimize resource usage for the lowest cost. What should you do? A. Create an instance template with the smallest available machine type, and use an image of the third-party application taken from a current on-premises virtual machine. Create a managed instance group that uses average CPU utilization to autoscale the number of instances in the group. Modify the average CPU utilization threshold to optimize the number of instances running. B. Create an App Engine flexible environment, and deploy the third-party application using a Dockerfile and a custom runtime. Set CPU and memory options similar to your application's current on-premises virtual machine in the app.yaml file. C. Create multiple Compute Engine instances with varying CPU and memory options. Install the Cloud Monitoring agent, and deploy the third-party application on each of them. Run a load test with high traffic levels on the application, and use the results to determine the optima
D. Create a Compute Engine instance with CPU and memory options similar to your application's current on-premises virtual machine. Install the Cloud Monitoring agent, and deploy the third-party application. Run a load test with normal traffic levels on the application, and follow the Rightsizing Recommendations in the Cloud Console.
You want to make a copy of a production Linux virtual machine in the US-Central region. You want to manage and replace the copy easily if there are changes on the production virtual machine. You will deploy the copy as a new instance in a different project in the US-East region.What steps must you take? A. Use the Linux dd and netcat commands to copy and stream the root disk contents to a new virtual machine instance in the US-East region. B. Create a snapshot of the root disk and select the snapshot as the root disk when you create a new virtual machine instance in the US-East region. C. Create an image file from the root disk with Linux dd command, create a new virtual machine instance in the US-East region D. Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file the root disk
D. Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file the root disk Different zones and different project hence, you must use a bucket.
Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process.What should you do? A. Create custom Google Stackdriver alerts and send them to the auditor B. Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor C. Use cloud functions to transfer log entries to Google Cloud SQL and use ACLs and views to limit an auditor's view D. Enable Google Cloud Storage (GCS) log export to audit logs into a GCS bucket and delegate access to the bucket
D. Enable Google Cloud Storage (GCS) log export to audit logs into a GCS bucket and delegate access to the bucket
Your operations team has asked you to help diagnose a performance issue in a production application that runs on Compute Engine. The application is dropping requests that reach it when under heavy load. The process list for affected instances shows a single application process that is consuming all available CPU, and autoscaling has reached the upper limit of instances. There is no abnormal load on any other related systems, including the database. You want to allow production traffic to be served again as quickly as possible. Which action should you recommend? A. Change the autoscaling metric to agent.googleapis.com/memory/percent_used. B. Restart the affected instances on a staggered schedule. C. SSH to each instance and restart the application process. D. Increase the maximum number of instances in the autoscaling group
D. Increase the maximum number of instances in the autoscaling group
Your organization has decided to restrict the use of external IP addresses on instances to only approved instances. You want to enforce this requirement across all of your Virtual Private Clouds (VPCs). What should you do? A. Remove the default route on all VPCs. Move all approved instances into a new subnet that has a default route to an internet gateway. B. Create a new VPC in custom mode. Create a new subnet for the approved instances, and set a default route to the internet gateway on this new subnet. C. Implement a Cloud NAT solution to remove the need for external IP addresses entirely. D. Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list
D. Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list
You have developed a non-critical update to your application that is running in a managed instance group, and have created a new instance template with the update that you want to release. To prevent any possible impact to the application, you don't want to update any running instances. You want any new instances that are created by the managed instance group to contain the new update. What should you do? A. Start a new rolling restart operation. B. Start a new rolling replace operation. C. Start a new rolling update. Select the Proactive update mode. D. Start a new rolling update. Select the Opportunistic update mod
D. Start a new rolling update. Select the Opportunistic update mod As we want to replace new instance, the update mode should be opportunistic. The default proactive mode would replace instance
Your company wants you to build a highly reliable web application with a few public APIs as the backend. You don't expect a lot of user traffic, but traffic could spike occasionally. You want to leverage Cloud Load Balancing, and the solution must be cost-effective for users. What should you do? A. Store static content such as HTML and images in Cloud CDN. Host the APIs on App Engine and store the user data in Cloud SQL. B. Store static content such as HTML and images in a Cloud Storage bucket. Host the APIs on a zonal Google Kubernetes Engine cluster with worker nodes in multiple zones, and save the user data in Cloud Spanner. C. Store static content such as HTML and images in Cloud CDN. Use Cloud Run to host the APIs and save the user data in Cloud SQL. D. Store static content such as HTML and images in a Cloud Storage bucket. Use Cloud Functions to host the APIs and save the user data in Firestore
D. Store static content such as HTML and images in a Cloud Storage bucket. Use Cloud Functions to host the APIs and save the user data in Firestore
Your company is designing its data lake on Google Cloud and wants to develop different ingestion pipelines to collect unstructured data from different sources.After the data is stored in Google Cloud, it will be processed in several data pipelines to build a recommendation engine for end users on the website. The structure of the data retrieved from the source systems can change at any time. The data must be stored exactly as it was retrieved for reprocessing purposes in case the data structure is incompatible with the current processing pipelines. You need to design an architecture to support the use case after you retrieve the data. What should you do? A. Send the data through the processing pipeline, and then store the processed data in a BigQuery table for reprocessing. B. Store the data in a BigQuery table. Design the processing pipelines to retrieve the data from the table. C. Send the data through the processing pipeline, and then store the processed data in a Cloud Storage bucket for reprocessing. D. Store the data in a Cloud Storage bucket. Design the processing pipelines to retrieve the data from the bucket.
D. Store the data in a Cloud Storage bucket. Design the processing pipelines to retrieve the data from the bucket.
You need to deploy an application to Google Cloud. The application receives traffic via TCP and reads and writes data to the filesystem. The application does not support horizontal scaling. The application process requires full control over the data on the file system because concurrent access causes corruption. The business is willing to accept a downtime when an incident occurs, but the application must be available 24/7 to support their business operations. You need to design the architecture of this application on Google Cloud. What should you do? A. Use a managed instance group with instances in multiple zones, use Cloud Filestore, and use an HTTP load balancer in front of the instances. B. Use a managed instance group with instances in multiple zones, use Cloud Filestore, and use a network load balancer in front of the instances. C. Use an unmanaged instance group with an active and standby instance in different zones, use a regional persistent disk, and use an HTTP load balancer in front of the instances. D. Use an unmanaged instance group with an active and standby instance in different zones, use a regional persistent disk, and use a network load balancer in front of the instanc
D. Use an unmanaged instance group with an active and standby instance in different zones, use a regional persistent disk, and use a network load balancer in front of the instances Since the application does not support horizontal scaling, a managed instance group is not required. Instead, an unmanaged instance group can be used to ensure that the application runs on multiple instances in different zones for high availability. The network load balancer is designed to handle TCP and UDP traffic The HTTP(S) load balancer is designed specifically for HTTP and HTTPS traffic.
You are working at an institution that processes medical data. You are migrating several workloads onto Google Cloud. Company policies require all workloads to run on physically separated hardware, and workloads from different clients must also be separated. You created a sole-tenant node group and added a node for each client. You need to deploy the workloads on these dedicated hosts. What should you do? A. Add the node group name as a network tag when creating Compute Engine instances in order to host each workload on the correct node group. B. Add the node name as a network tag when creating Compute Engine instances in order to host each workload on the correct node. C. Use node affinity labels based on the node group name when creating Compute Engine instances in order to host each workload on the correct node group. D. Use node affinity labels based on the node name when creating Compute Engine instances in order to host each workload on the correct node
D. Use node affinity labels based on the node name when creating Compute Engine instances in order to host each workload on the correct node The above reference clearly articulates the default affinity label for node group and node name. Unless we're thinking about growing each client to their own dedicated node groups (not in the current requirement), then the answer is not C, rather D. Compute Engine assigns two default affinity labels to each node: A label for the node group name: Key: compute.googleapis.com/node-group-name Value: Name of the node group. A label for the node name: Key: compute.googleapis.com/node-name Value: Name of the individual node Afinity should be set at node level, not node-group as every client has its own node in the group
Your company has decided to make a major revision of their API in order to create better experiences for their developers. They need to keep the old version of the API available and deployable, while allowing new customers and testers to try out the new API. They want to keep the same SSL and DNS records in place to serve both APIs.What should they do? A. Configure a new load balancer for the new version of the API B. Reconfigure old clients to use a new endpoint for the new API C. Have the old API forward traffic to the new API based on the path D. Use separate backend pools for each API path behind the load balancer
D. Use separate backend pools for each API path behind the load balancer
The application reliability team at your company this added a debug feature to their backend service to send all server events to Google Cloud Storage for eventual analysis. The event records are at least 50 KB and at most 15 MB and are expected to peak at 3,000 events per second. You want to minimize data loss.Which process should you implement? A. ג€¢ Append metadata to file body ג€¢ Compress individual files ג€¢ Name files with serverName ג€" Timestamp ג€¢ Create a new bucket if bucket is older than 1 hour and save individual files to the new bucket. Otherwise, save files to existing bucket. B. ג€¢ Batch every 10,000 events with a single manifest file for metadata ג€¢ Compress event files and manifest file into a single archive file ג€¢ Name files using serverName ג€" EventSequence ג€¢ Create a new bucket if bucket is older than 1 day and save the single archive file to the new bucket. Otherwise, save the single archive file to existing bucket. C. ג€¢ Compress individual files ג€¢ Name files with serverName ג€" EventSequence ג€¢ Save files to one bucket ג€¢ Set custom metadata headers for each object after saving D. ג€¢ Append metadata to file body ג€¢ Compress individual files ג€¢ Na
D. ג€¢ Append metadata to file body ג€¢ Compress individual files ג€¢ Name files with a random prefix pattern ג€¢ Save files to one bucket