Associate Cloud Engineer Study Guide
What server configuration is required to use Cloud Functions? VM configuration Cluster configuration Pub/Sub configuration None
None
_________________________ deploy containerized microservices based application in a fully-managed environment.
Cloud Run
You have a custom role implemented for administration of the dev/test environment for Cymbal Superstore's transportation management application. You are developing a pilot to use Cloud Run instead of Cloud Functions. You want to ensure your administrators have the correct access to the new resources. What should you do? A. Make the change to the custom role locally and run an update on the custom role. B. Delete the custom role and recreate a new custom role with required permissions. C. Copy the existing role, add the new permissions to the copy, and delete the old role. D. Create a new role with needed permissions and migrate users to it.
*A. Correct! There is a recommended process to update an existing custom role. You get the current policy, update it locally, and write the updated policy back into Google Cloud. The gcloud commands used in this process include the get and update policy subcommands. B. Incorrect. Recreating a custom role is not necessary in this scenario. You can update the existing one. C. Incorrect. Copying an existing role creates a new custom role. Creating a new custom role is not required for this scenario. D. Incorrect. Finding all users with this role and reassigning them could be very time consuming. You should update the existing custom role instead.
What Google Cloud load balancing option runs at Layer 7 of the TCP stack? A. Global http(s) B. Global SSL Proxy C. Global TCP Proxy D. Regional Network
*A. Correct! https(s) is an application protocol, so it lives at layer 7 of the TCP stack. B. Incorrect. SSL is a layer 4 load balancer. C. Incorrect. TCP is a layer 4 load balancer. D. Incorrect. Regional network is a layer 4 load balancer.
The Operations Department at Cymbal Superstore wants to provide managers access to information about VM usage without allowing them to make changes that would affect the state. You assign them the Compute Engine Viewer role. Which two permissions will they receive? A. compute.images.list B. compute.images.get C. compute.images.create D. compute.images.setIAM E. computer.images.update
*A: Correct! Viewer can perform read-only actions that do not affect state. *B: Correct! Get is read-only. Viewer has this permission. C: Incorrect. This permission would change state. D: Incorrect. Only the Owner can set the IAM policy on a service. E: Incorrect. Only Editor and above can change the state of an image.
Cymbal Superstore has a need to populate visual dashboards with historical time-based data. This is an analytical use-case. Which two storage solutions could they use? A. BigQuery B. Cloud Storage C. Cloud Firestore D. Cloud SQL E. Cloud Bigtable
*A. Correct! BigQuery is a data warehouse offering optimized to query historical time-based data. BigQuery can run queries against data in its own column-based store or run federated queries against data from other data services and file stores. B. Incorrect. Cloud Storage is a large object store and is not queryable. It is not transactional or analytical. C. Incorrect. Cloud Firestore is a transactional NoSQL store where you define attribute key-value pairs describing an entity. D. Incorrect. Cloud SQL is a transactional relational database optimized for both reads and writes used in an operational context, but not for analyzing historical data. *E. Correct! Cloud Bigtable is a petabyte scale, NoSQL, column family database with row keys optimized for specific queries. It is used to store historic, time-based data and answers the need for this requirement.
An application running on a highly-customized version of Ubuntu needs to be migrated to Google Cloud. You need to do this in the least amount of time with minimal code changes. How should you proceed? A. Create Compute Engine Virtual Machines and migrate the app to that infrastructure. B. Deploy the existing application to App Engine. C. Deploy your application in a container image to Cloud Run. D. Implement a Kubernetes cluster and create pods to enable your app.
*A. Correct! Compute Engine is a great option for quick migration of traditional apps. You can implement a solution in the cloud without changing your existing code. B. Incorrect. You would need to change your code to run it on App Engine. C. Incorrect. You would need to re-engineer the current app to work in a container environment. D. Incorrect. You would need to build and manage your Kubernetes cluster, and re-engineer the current app to work in a container environment.
Which of the following tasks are part of the process when configuring a managed instance group? (Pick two.) A. Defining Health checks. B. Providing Number of instances. C. Specifying Persistent disks. D. Choosing instance Machine type. E. Configuring the operating system.
*A. Correct! Health checks are part of your managed instance group configuration. *B. Correct! Number of instances is part of your managed instance group configuration. C. Incorrect. This is part of your instance template definition. D. Incorrect. This is part of your instance template definition. E. Incorrect. This is part of your instance template definition.
You are deploying an AOU to the public Internet and are concerned that your service will be subject to DDoS attacks. Which GCP service should you consider to protect your AOU? Cloud Armor Cloud CDN Cloud IAM VPCs
Cloud Armor
A client is developing an application that will need to analyze large volumes of text information. The client is not expert in text mining or working with language. What GCP service would you recommend they use? Cloud Vision Cloud ML Cloud Natural Language Processing Cloud Text Miner
Cloud Natural Language Processing
________________________ shards your database across a cluster of database nodes, offering strong consistency and global availability. It is fully managed service, so you don't need to worry about underlying virtual machines.
Cloud Spanner
The development team for the supply chain project is ready to start building their new cloud app using a small Kubernetes cluster for the pilot. The cluster should only be available to team members and does not need to be highly available. The developers also need the ability to change the cluster architecture as they deploy new capabilities. How would you implement this? A. Implement an autopilot cluster in us-central1-a with a default pool and an Ubuntu image. B. Implement a private standard zonal cluster in us-central1-a with a default pool and an Ubuntu image. C. Implement a private standard regional cluster in us-central1 with a default pool and container-optimized image type. D. Implement an autopilot cluster in us-central1 with an Ubuntu image type.
A. Incorrect. Autopilot clusters are regional and us-central1-a specifies a zone. Also, autopilot clusters are managed at the pod level. *B. Correct! Standard clusters can be zonal. The default pool provides nodes used by the cluster. C. Incorrect. The container-optimized image that supports autopilot type does not support custom packages. D. Incorrect. Autopilot doesn't support Ubuntu image types.
You are trying to assign roles to the dev and prod projects of Cymbal Superstore's e-commerce app but are receiving an error when you try to run set-iam policy. The projects are organized into an ecommerce folder in the Cymbal Superstore organizational hierarchy. You want to follow best practices for the permissions you need while respecting the practice of least privilege. What should you do? A. Ask your administrator for resourcemanager.projects.setIamPolicy roles for each project. B. Ask your administrator for the roles/resourcemanager.folderIamAdmin for the ecommerce folder. C. Ask your administrator for the roles/resourcemanager.organizationAdmin for Cymbal Superstore. D. Ask your administrator for the roles/iam.securityAdmin role in IAM.
A. Incorrect. Best practice is to minimize the number of access policies you require. *B. Correct! This choice gives you the required permissions while minimizing the number of individual resources you have to set permissions for. C. Incorrect. This does not meet the requirements for least privilege. D. Incorrect. Security Admin allows you to access most Google Cloud resources. Assigning the security Admin role does not meet least privilege requirements.
Cymbal Superstore's supply chain management system has been deployed and is working well. You are tasked with monitoring the system's resources so you can react quickly to any problems. You want to ensure the CPU usage of each of your Compute Engine instances in us-central1 remains below 60%. You want an incident created if it exceeds this value for 5 minutes. You need to configure the proper alerting policy for this scenario. What should you do? A. Choose resource type of VM instance and metric of CPU load, condition trigger if any time series violates, condition is below, threshold is .60, for 5 minutes. B. Choose resource type of VM instance and metric of CPU utilization, condition trigger all time series violates, condition is above, threshold is .60 for 5 minutes. C. Choose resource type of VM instance, and metric of CPU utilization, condition trigger if any time series violates, condition is below, threshold is .60 for 5 minutes. D. Choose resource type of VM instance and metric of CPU utilization, condition trigger if any time series violates, condition is above, threshold is .60 for 5 minutes.
A. Incorrect. CPU load is not a percentage, it is a number of processes. B. Incorrect. The trigger should be "each of your instances", not "all of your instances." C. Incorrect. The alert policy should record an incident when the CPU utilization exceeds a certain amount. The condition for this statement is below that, so it is wrong. * D. Correct! All the values of this statement match the scenario.
Cymbal Superstore decides to migrate their supply chain application to Google Cloud. You need to configure specific operating system dependencies. What should you do? A. Implement an application using containers on Cloud Run. B. Implement an application using code on App Engine. C. Implement an application using containers on Google Kubernetes Engine. D. Implement an application using virtual machines on Compute Engine.
A. Incorrect. Cloud Run deploys containers in Google Cloud without you specifying the underlying cluster or deployment architecture. B. Incorrect. App Engine is a platform as a service for deployment of your code on infrastructure managed by Google. You don't manage operating system dependencies with App Engine. C. Incorrect. Google Kubernetes Engine is a container management platform as a service and doesn't give you control over operating system dependencies. * D. Correct! Compute Engine gives you full control over operating system choice and configuration.
You want to deploy a microservices application. You need full control of how you manage containers, reliability, and autoscaling, but don't want or need to manage the control plane. Which compute option should you use? A. Cloud Run B. App Engine C. Google Kubernetes Engine D. Compute Engine
A. Incorrect. Cloud Run does not give you full control over your containers. B. Incorrect. App Engine does not give you full control over your containers. *C. Correct! Google Kubernetes Engine gives you full control of container orchestration and availability. D. Incorrect. Deploying in Compute Engine would require you to load and manage your own container management software.
Cymbal Superstore decides to pilot a cloud application for their point of sale system in their flagship store. You want to focus on code and develop your solution quickly, and you want your code to be portable. How do you proceed? A. SSH into a Compute Engine VM and execute your code. B. Package your code to a container image and post it to Cloud Run. C. Implement a deployment manifest and run kubectl apply on it in Google Kubernetes Engine. D. Code your solution in Cloud Functions.
A. Incorrect. Configuring SSH connectivity to a Compute Engine VM does not meet the focus on code requirement of this scenario. *B. Correct! Cloud Run provides serverless container management. It lets you focus on code and you can deploy your solution quickly. C. Incorrect. Google Kubernetes Engine requires you to build and manage resources of a cluster to host your container in GKE. This does meet the requirement of focusing on code. D. Incorrect. Cloud Functions manages your code as short, executable functions and does not manage your code in containers, which are more portable.
Jane will manage objects in Cloud Storage for the Cymbal Superstore. She needs to have access to the proper permissions for every project across the organization. What should you do? A. Assign Jane the roles/storage.objectCreator on every project. B. Assign Jane the roles/viewer on each project and the roles/storage.objectCreator for each bucket. C. Assign Jane the roles/editor at the organizational level. D. Add Jane to a group that has the roles/storage.objectAdmin role assigned at the organizational level.
A. Incorrect. Inheritance would be a better way to handle this scenario. The roles/storage.objectCreator role does not give the permission to delete objects, an essential part of managing them. B. Incorrect. This role assignment is at too low of a level to allow Jane to manage objects. C. Incorrect. Roles/editor is basic and would give Jane too many permissions at the project level. *D. Correct! This would give Jane the right level of access across all projects in your company.
You have a Cloud Run service with a database backend. You want to limit the number of connections to your database. What should you do? A. Set Min instances. B. Set Max instances. C. Set CPU Utilization. D. Set Concurrency settings.
A. Incorrect. Min instances reduce latency when you start getting requests after a period of no activity. It keeps you from scaling down to zero. *B. Correct! Max instances control costs, keeping you from starting too many instances by limiting your number of connections to a backing service. C. Incorrect. Default CPU utilization is 60%. It doesn't affect the number of connections to your backing service. D. Incorrect. Concurrency is how many users can connect to a particular instance. It does not directly affect connections to backend services.
The backend of Cymbal Superstore's e-commerce system consists of managed instance groups. You need to update the operating system of the instances in an automated way using minimal resources. What should you do? A. Create a new instance template. Click Update VMs. Set the update type to Opportunistic. Click Start. B. Create a new instance template, then click Update VMs. Set the update type to PROACTIVE. Click Start. C. Create a new instance template. Click Update VMs. Set max surge to 5. Click Start. D. Abandon each of the instances in the managed instance group. Delete the instance template, replace it with a new one, and recreate the instances in the managed group.
A. Incorrect. Opportunistic updates are not interactive. *B. Correct! This institutes a rolling update where the surge is set to 1 automatically, which minimizes resources as requested. C. Incorrect. Max surge creates 5 new machines at a time. It does not use minimal resources. D. Incorrect. This is not an automated approach. The abandoned instances are not deleted or replaced. It does not minimize resource use.
What Kubernetes object provides access to logic running in your cluster via endpoints that you define? A. Pod templates B. Pods C. Services D. Deployments
A. Incorrect. Pod templates define how pods will be configured as part of a deployment. B. Incorrect. Pods provide the executable resources your containers run in. *C. Correct! Service endpoints are defined by pods with labels that match those specified in the service configuration file. Services then specify how those pods are exposed. D. Incorrect. Deployments help you with availability and the health of a set of pod replicas. They do not help you configure external access.
Cymbal Superstore's GKE cluster requires an internal http(s) load balancer. You are creating the configuration files required for this resource. What is the proper setting for this scenario? A. Annotate your ingress object with an ingress.class of "gce." B. Configure your service object with a type: LoadBalancer. C. Annotate your service object with a "neg" reference. D. Implement custom static routes in your VPC.
A. Incorrect. To implement an internal load balancer, the ingress class needs to be "gce-internal." B. Incorrect. Using Load Balancer at the service level implements a Layer 4 network load balancer, not an http(s) load balancer. *C. Correct! This is correct because an internal http(s) load balancer can only use NEGs. D. Incorrect. This describes a routes-based cluster. In order to support internal load balancing, your cluster needs to use VPC-native mode, where your cluster provides IP addresses to your pods from an alias IP range.
You require a Cloud Storage bucket serving users in New York City. There is a need for geo-redundancy. You do not plan on using ACLs. What CLI command do you use? A. Run a gcloud mb command specifying the name of the bucket and accepting defaults for the other mb settings. B. Run a gsutil mb command specifying a multi-regional location and an option to turn ACL evaluation off. C. Run a gsutil mb command specifying a dual-region bucket and an option to turn ACL evaluation off. D. Run a gsutil mb command specifying a dual-region bucket and accepting defaults for the other mb settings.
A. Incorrect. gcloud is not used to create buckets. B. Incorrect. Most users are in NY. Multi-regional location availability of "US" is not required. *C. Correct! NAM4 implements a dual-region bucket with us-east1 and us-central1 as the configured regions. D. Incorrect. This command is missing the -b option that disables ACLs as required in the example.
You need to add new groups of employees in Cymbal Superstore's production environment. You need to consider Google's recommendation of using least privilege. What should you do? A. Grant the most restrictive basic role to most services, grant predefined or custom roles as necessary. B. Grant predefined and custom roles that provide necessary permissions and grant basic roles only where needed. C. Grant the least restrictive basic roles to most services and grant predefined and custom roles only when necessary. D. Grant custom roles to individual users and implement basic roles at the resource level.
A: Incorrect. Basic roles are too broad and don't provide least privilege. *B: Correct! Basic roles are broad and don't use the concept of least privilege. You should grant only the roles that someone needs through predefined and custom roles. C: Incorrect. Basic roles apply to the project level and do not provide least privilege. D: Incorrect. You should see if a predefined role meets your needs before implementing a custom role.
How are billing accounts applied to projects in Google Cloud? (Pick two.) A. Set up Cloud Billing to pay for usage costs in Google Cloud projects and Google Workspace accounts. B. A project and its resources can be tied to more than one billing account. C. A billing account can be linked to one or more projects. D. A project and its resources can only be tied to one billing account. E. If your project only uses free resources you don't need a link to an active billing account.
A: Incorrect. Cloud Billing does not pay for charges associated with a Google Workspace account. B: Incorrect. A project can only be linked to one billing account at a time. *C: Correct! A billing account can handle billing for more than one project. *D: Correct! A project can only be linked to one billing account at a time. E: Incorrect. Even projects using free resources need to be tied to a valid Cloud Billing account.
What Google Cloud project attributes can be changed? A. The Project ID. B. The Project Name. C. The Project Number. D. The Project Category.
A: Incorrect. Project ID is set by the user at creation time but cannot be changed. It must be unique. *B: Correct! Project name is set by the user at creation. It does not have to be unique. It can be changed after creation time. C: Incorrect. Project number is an automatically generated unique identifier for a project. It cannot be changed. D: Incorrect. Project category isn't a valid attribute when setting up a Google Cloud project.
Pick two choices that provide a command line interface to Google Cloud. A. Google Cloud console B. Cloud Shell C. Cloud Mobile App D. Cloud SDK E. REST-based API
A: Incorrect. The console is a graphical interface. *B: Correct! Cloud Shell provides a cloud-based CLI environment. C: Incorrect. The Cloud Mobile App allows you to interact graphically with your Google Cloud resources through an app on your mobile device. *D: Correct! The Cloud SDK provides a local CLI environment. E: Incorrect. This interface allows API access through CURL or client-based programming SDKs.
You want to use the Cloud Shell to copy files to your Cloud Storage bucket. Which Cloud SDK command should you use? A. gcloud B. gsutil C. bq D. Cloud Storage Browser
A: Incorrect. gcloud provides tools for interacting with resources and services in the Cloud SDK. *B: Correct! Use gsutil to interact with Cloud Storage via the Cloud SDK. C: Incorrect. bq is a way to submit queries to BigQuery. D: Incorrect. Cloud Storage Browser is part of the Google Cloud console, not CLI-based.
Your company has deployed 100,0000 IoT sensors to collect data on the state of equipment in several factories. Each sensor will collect and send data to a data store every 5 seconds. Sensors will run continuously. Daily reports will produce data on the maximum, minimum, and average value for each metric collected on each sensor. There is no need to support transactions in this application. Which database product would you recommend? Cloud Spanner Cloud Bigtable Cloud SQL MySQL Cloud SQL PostgreSQL
Cloud Bigtable
You are the lead developer on a medical application that uses patients' smartphones to capture biometric data. The app is required to collect data and store it on the smartphone when data cannot be reliably transmitted to the backend application. You want to minimize the amount of development you have to do to keep data synchronized between smartphones and backend data stores. Which data store option should you recommend? Cloud Firestore Cloud Spanner Cloud Datastore Cloud SQL
Cloud Firestore
Your department is deploying an application that has a database backend. You are concerned about the read load on the database server and want to have data available in the memory to reduce the time to respond to queries and to reduce the load on the database server. Which GCP service would you use to keep data in memory? Cloud SQL Cloud Memorystore Cloud Spanner Cloud Datastore
Cloud Memorystore
_____________________ is a managed database service that gives you access to common database types you might implement in your own infrastructure, like MySql or PostGre. It is implemented on virtual machines in the cloud with different options for size and availability.
Cloud SQL
_______________________ is a Google Cloud service that manages a database instance for you. You are responsible for how you structure your data within it. _______________________ can handle common database tasks for you, such as automating backups, implementing high availability, handling data encryption, updating infrastructure and software, and providing logging and monitoring services. You can use _______________________ to deploy MySQL, PostgreSQL, or SQL Server databases to Google Cloud. It uses persistent disks attached to underlying Compute Engine instances to house your database, and implements a static IP address for you to connect to it.
Cloud SQL
Database designers at your company are debating the best way to move a database to GCP. The database supports an application with a global user base. Users expect support for transactions and the ability to query data using commonly used query tools. The database designers decide that any database service they choose will need to support ANSI 2011 and global transactions. Which database service would you recommend? Cloud SQL Cloud Spanner Cloud Datastore Cloud Bigtable
Cloud Spanner
__________________ helps you store binary objects in Google Cloud. It can house data in any format as an immutable object. In __________________, objects are stored in containers called buckets. Buckets can be used to upload and download objects, and permissions can be assigned to specify who has access to them. You can manage and interact with __________________ via the console, via the command line and the gsutil command set, via client libraries, or through APIs.
Cloud Storage
___________________ allows you to pick the amount of memory and CPU from predefined machine types. Machine types are divided into standard, high memory, high cpu, memory-optimized, compute-optimized or shared-core categories. If none of these meet your needs, you can also create a VM with the specific resources you need.
Compute Engine
Investing in servers for extended periods of time, such as committing to use servers for three to five years, works well when? A company is just starting up. A company can accurately predict server need for an extended period of time. A company has a fixed IT budget. A company has a variable IT budget.
A company can accurately predict server need for an extended period of time.
The Cloud SDK can be used to configure and manage resources in which of the following services? Compute Engine Cloud Storage Network firewalls All of the above
All of the above
All block storage systems use what block size? 4KB 8KB 16KB Block size can vary
Block size can vary
You are deploying a new relational database to support a web application. Which typ of storage system would you use to store data files of the database? Object storage Data storage Block storage Cache
Block storage
Your client's transactions must access a drive attached to a VM that allows for random access to parts of files. What kind of storage does the attached drive provide? Object storage Block storage NoSQL storage Only SSD storage
Block storage
________________ is a platform-as-a-service offering for running containerized applications in the cloud. Google manages the control plane for you, under your administrative control. Containers abstract application dependencies from the host operating system. This makes container architectures highly portable.
Google Kubernetes Engine (GKE)
A software engineer comes to you for a recommendation. She has implemented a machine learning algorithm to identify cancerous cells in medical images. The algorithm is computationally intensive, makes many mathematical calculations, requires immediate access to large amounts of data, and cannot be easily distributed over multiple servers. What kind of Compute Engine configuration would you recommend? High memory, high CPU High memory, high CPU, GPU Mid-level memory, high CPU High CPU, GPU
High memory, high CPU, GPU
You want to implement a lifecycle rule that changes your storage type from Standard to Nearline after a specific date. What conditions should you use? (Pick two.) A. Age B. CreatedBefore C. MatchesStorageClass D. IsLive E. NumberofNewerVersions
A. Incorrect. Age is specified by number of days, not a specific date. *B. Correct! CreatedBefore lets you specify a date. *C. Correct! MatchesStorageClass is required to look for objects with a Standard storage type. D. Incorrect. IsLive has to do with whether or not the object you are looking at is the latest version. It is not date-based. E. Incorrect. NumberofNewerVersions is based on object versioning and you don't specify a date.
The ________________ provides a web-based, graphical user interface that you can use to manage your Google Cloud projects and resources. The ________________ tool lets you manage development workflow and Google Cloud resources in a terminal window.
1 - Google Cloud console 2 - glcoud
Cymbal Superstore's sales department has a medium-sized MySQL database. This database includes user-defined functions and is used internally by the marketing department at Cymbal Superstore HQ. The sales department asks you to migrate the database to Google Cloud in the most timely and economical way. What should you do? A. Find a MySQL machine image in Cloud Marketplace and configure it to meet your needs. B. Implement a database instance using Cloud SQL, back up your local data, and restore it to the new instance. C. Configure a Compute Engine VM with an N2 machine type, install MySQL, and restore your data to the new instance. D. Use gcloud to implement a Compute Engine instance with an E2-standard-8 machine type, install, and configure MySQL.
A. Incorrect. This meets the requirements but is not the most timely way to implement a solution because it requires additional manual configuration. B. Incorrect. Cloud SQL does not support user-defined functions, which are used in the database being migrated. *C. Correct! N2 is a balanced machine type, which is recommended for medium-large databases. D. Incorrect. E2 is a cost-optimized machine type. A recommended machine type for a medium-sized database is a balanced machine type.
Stella is a new member of a team in your company who has been put in charge of monitoring VM instances in the organization. Stella will need the required permissions to perform this role. How should you grant her those permissions? A. Assign Stella a roles/compute.viewer role. B. Assign Stella compute.instances.get permissions on all of the projects she needs to monitor. C. Add Stella to a Google Group in your organization. Bind that group to roles/compute.viewer. D. Assign the "viewer" policy to Stella.
A. Incorrect. You should not assign roles to an individual user. Users should be added to groups and groups assigned roles to simplify permissions management. B. Incorrect. Roles are combinations of individual permissions. You should assign roles, not individual permissions, to users. * C. Correct! Best practice is to manage role assignment by groups, not by individual users. D. Incorrect. A policy is a binding that is created when you associate a user with a role. Policies are not "assigned" to a user.
You need to analyze and act on files being added to a Cloud Storage bucket. Your programming team is proficient in Python. The analysis you need to do takes at most 5 minutes. You implement a Cloud Function to accomplish your processing and specify a trigger resource pointing to your bucket. How should you configure the --trigger-event parameter using gcloud? A. --trigger-event google.storage.object.finalize B. --trigger-event google.storage.object.create C. --trigger-event google.storage.object.change D. --trigger-event google.storage.object.add
*A. Correct! Finalize event trigger when a write to Cloud Storage is complete. B. Incorrect. This is not a cloud storage notification event. C. Incorrect. This is not a cloud storage notification event. D. Incorrect. This is not a cloud storage notification event.
If you use a cluster that is managed by a cloud provider, which of these will be managed for you by the cloud provider? Monitoring Networking Some security management tasks All of the above
All of the above
Cymbal Superstore asks you to implement Cloud SQL as a database backend to their supply chain application. You want to configure automatic failover in case of a zone outage. You decide to use the gcloud sql instances create command set to accomplish this. Which gcloud command line argument is required to configure the stated failover capability as you create the required instances? A. --availability-type B. --replica-type C. --secondary-zone D. --master-instance-name
*A. Correct! This option allows you to specify zonal or regional availability, with regional providing automatic failover to a standby node in another region. B. Incorrect. If you have --master-instance-name, this option allows you to define the replica type: a default of read, or a legacy MySQL replica type of failover, which has been deprecated. C. Incorrect. This is an optional argument that is valid only when you have a specified availability type: regional. D. Incorrect. This option creates a read replica based on the control plane instance. It replicates data but does not automate failover.
A user prefers services that require minimal setup; why would you recommend Cloud Storage, App Engine, and Cloud Functions? They are charged only by time. They are serverless. They require a user to configure VMs. They can only run applications written in Go.
They are serverless.
What is not a characteristic of specialized services in Google Cloud Platform? They are serverless, you do not need to configure servers or clusters. They provide a specific function, such as translating text or analyzing images. They require monitoring by the user. They provide an API to access the functionality of the service.
They require monitoring by the user.
Data scientists in your company want to use a machine learning library available only in Apache Spark. They want to minimize the amount of administration and DevOps work. How would you recommend they proceed? Use Cloud Spark Use Cloud Dataproc Use BigQuery Install Apache Spark on a cluster of VMs.
Use Cloud Dataproc
What is the fundamental unit of computing in cloud computing? Physical Server VM Block Subnet
VM
Cymbal Superstore needs to analyze whether they met quarterly sales projections. Analysts assigned to run this query are familiar with SQL. What data solution should they implement? A. BigQuery B. Cloud SQL C. Cloud Spanner D. Cloud Firestore
*A. Correct! BigQuery is Google Cloud's implementation of a modern data warehouse. BigQuery analyzes historical data and uses a SQL query engine. B. Incorrect. Cloud SQL is optimized for transactional reads and writes. It is not a good candidate for querying historical data as described in the scenario. C. Incorrect. Cloud Spanner is an SQL-compatible relational database, but it is not built for analyzing historical data. D. Incorrect. Cloud Firestore is a NoSQL document database used to define entities with attributes. It is not a good choice for the analysis of historical data as described in the scenario.
You want to view a description of your available snapshots using the command line interface (CLI). What gcloud command should you use? A. gcloud compute snapshots list B. gcloud snapshots list C. gcloud compute snapshots get D. gcloud compute list snapshots
*A. Correct! gcloud commands are built with groups and subgroups, followed by a command, which is a verb. In this example, Compute is the Group, snapshots is the subgroup, and list is the command. B. Incorrect. Snapshots is not a main group defined in gcloud. C. Incorrect. Available commands for snapshots are list, describe, and delete. D. Incorrect. Snapshots is a compute command subgroup. It needs to come before the list command.
What are the three types of roles in IAM?
- Basic roles, which include the Owner, Editor, and Viewer roles that existed prior to the introduction of IAM. - Predefined roles, which provide granular access for a specific service and are managed by Google Cloud. - Custom roles, which provide granular access according to a user-specified list of permissions.
1 - ______________ storage is the default storage class. Data stored using this class is immediately available. It is the recommended storage class for frequently accessed data. You should locate your data in the same region as the services you are going to use to ingest and analyze the data to reduce latency as much as possible. 2 - ______________ storage is for data that is only accessed around every 30 days. 3 - ______________ storage is for data that is only accessed around once every quarter, or 90 days. 4 - ______________ storage is long-term storage for data accessed only once a year. A. Archive B. Standard C. Nearline D. Coldline
1 - B 2 - C 3 - D 4 - A
1. Default _________ CLI Commands. Tool for interacting with Google Cloud. Only commands at the General Availability and Preview release levels are installed with this component. 2. BigQuery Command-Line Tool. Tool for working with data in BigQuery. 3. Cloud Storage Command-Line Tool. Tool for performing tasks related to Google Cloud Storage. A. gsutil B. gloud C. bq
1. B 2. C 3. A
Why would an API developer want to use the Apigee API platform? To get the benefits of routing and rate-limiting. Authentication services Version control of code A and B All of the above
A and B
How are resource hierarchies organized in Google Cloud? A. Organization, Project, Resource, Folder. B. Organization, Folder, Project, Resource. C. Project, Organization, Folder, Resource. D. Resource, Folder, Organization, Project.
A: Incorrect. Folders are optional and come in between organizations and projects. *B: Correct! Organization sits at the top of the Google Cloud resource hierarchy. This can be divided into folders, which are optional. Next, there are projects you define. Finally, resources are created under projects. C: Incorrect. Organization is the highest level of the hierarchy. D: Incorrect. Organization is the highest level of the hierarchy, followed by optional folders, projects, and then resources.
You are planning to deploy a SaaS application for customers in North America, Europe, and Asia. To maintain scalability, you will need to distribute workload across servers in multiple regions. Which GVP service would you use to implement the workload distribution? Cloud DNS Cloud Spanner Cloud Load Balancing Cloud CDN
Cloud Load Balancing
Which specialized service supports both batch and stream processing workflows? Cloud Dataproc BigQuery Cloud Datastore AutoML
Cloud Dataproc
_________________ is an open source tool for implementing resources in a declarative way. You specify a _________________ config file that describes the resources you want to deploy. _________________ is known as an infrastructure as code service. A benefit of implementing resources in this way is that your configuration files can be source controlled, thus following devops best practices.
Terraform
When setting up a network in GCP, your network the resources are in are treated as what? Virtual private cloud Subdomain Cluster None of the above
Virtual private cloud
What is the declarative way to initialize and update Kubernetes objects? A. kubectl apply B. kubectl create C. kubectl replace D. kubectl run
*A. Correct! kubectl apply creates and updates Kubernetes objects in a declarative way from manifest files. B. Incorrect. kubectl create creates objects in an imperative way. You can build an object from a manifest but you can't change it after the fact. You will get an error. C. Incorrect. kubectl replace downloads the current copy of the spec and lets you change it. The command replaces the object with a new one based on the spec you provide. D. Incorrect. kubectl run creates a Kubernetes object in an imperative way using arguments you specify on the command line.
You company is based in X and will be running a virtual server for Y. What factor determines the unit per minute cost? The time of day the VM is run. The characteristics of the server. The application you run. None of the above.
The characteristics of the server.
You have created a VM. Which of the following system administration operations are you allowed to perform on it? Configure the file system. Patch operating system software. Change file and directory permissions. All of the above.
All of the above.
Managed _______________ help you create and manage groups of identical VM instances. They are based on an instance template that defines how new VMs added to the _______________ should be configured.
instance groups
Which Cloud Audit log is disabled by default with a few exceptions? A. Admin Activity audit logs B. Data Access audit logs C. System Event audit logs D. Policy Denied audit logs
A. Incorrect. Admin Activity audit logs are always written and you cannot disable them. *B. Correct! Data Access audit logs are disabled by default except for BigQuery. C. Incorrect. System Event audit logs are always written. D. Incorrect. Policy Denied audit logs are always written and cannot be disabled.
You have a Python application you'd like to run in a scalable environment with the least amount of management overhead. Which GCP product would you select? App Engine flexible environment Cloud Engine App Engine standard environment Kubernetes Engine
App Engine standard environment
You need to configure access to Cloud Spanner from the GKE cluster that is supporting Cymbal Superstore's ecommerce microservices application. You want to specify an account type to set the proper permissions. What should you do? A. Assign permissions to a Google account referenced by the application. B. Assign permissions through a Google Workspace account referenced by the application. C. Assign permissions through service account referenced by the application. D. Assign permissions through a Cloud Identity account referenced by the application.
A. Incorrect. A Google account uses a username and password to authenticate a user. An application does not authenticate interactively with this type of account. B. Incorrect. A Google Workspace account is an account created for you as part of an organization that is using Google Workspace products to collaborate with one another. It is not appropriate for managing the permissions an application needs to communicate with a backend. *C. Correct! A service account uses an account identity and an access key. It is used by applications to connect to services. D. Incorrect. Cloud Identity is a user management tool for providing login credentials to users of an organization that does not use Google Workspace collaboration tools. Cloud Identity is not used to manage application authentication.
Cymbal Superstore has a subnetwork called mysubnet with an IP range of 10.1.2.0/24. You need to expand this subnet to include enough IP addresses for at most 2000 new users or devices. What should you do? A. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --prefix-length 20 B. gcloud networks subnets expand-ip-range mysubnet --region us-central1 --prefix-length 21 C. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --prefix-length 21 D. gcloud compute networks subnets expand-ip-range mysubnet --region us-cetnral1 --prefix-length 22
A. Incorrect. A prefix length of 20 would expand the IP range to 4094, which is far too many for the scenario. B. Incorrect. This command is missing the compute command-set. *C. Correct! This command gives a total of 2046 addresses available and meets the requirement. D. Incorrect. This command doesn't give you enough IP addresses (only 1,000).
Which Virtual Private Cloud (VPC) network type allows you to fully control IP ranges and the definition of regional subnets? A. Default Project network B. Auto mode network C. Custom mode network D. An auto mode network converted to a custom network
A. Incorrect. A project's default network is an auto mode network that creates one subnet in each Google Cloud region automatically with a predetermined set of IP ranges. B. Incorrect. An auto mode network creates one subnet in each Google Cloud region automatically with a predetermined set of IP ranges. *C. Correct! A custom mode network gives you control over regions that you place your subnets in and lets you specify IP ranges for them as well. D. Incorrect. An auto mode network converted to a custom network retains the currently assigned IP addresses and requires additional steps to change subnet characteristics.
Cymbal Superstore is implementing a mobile app for end users to track deliveries that are en route to them. The app needs to access data about truck location from Pub/Sub using Google recommended practices. What kind of credentials should you use? A. API key B. OAuth 2.0 client C. Environment provided service account D. Service account key
A. Incorrect. API keys are used to access publicly available data. B. Incorrect. OAuth 2.0 clients provide access to an application for private data on behalf of end users. C. Incorrect. Environment-provided service accounts are for applications running on resources inside Google Cloud. *D. Correct! Service account keys are used for accessing private data such as your Pub/Sub truck information from an external environment such as a mobile app running on a phone.
You are configuring audit logging for Cloud Storage. You want to know when objects are added to a bucket. Which type of audit log entry should you monitor? A. Admin Activity log entries B. ADMIN_READ log entries C. DATA_READ log entries D. DATA_WRITE log entries
A. Incorrect. Admin Activity logs record when buckets are created and deleted. B. Incorrect. ADMIN_READ log entries are created when buckets are listed and bucket metadata is accessed. C. Incorrect. DATA_READ log entries contain operations such as listing and getting object data. *D. Correct! DATA_WRITE log entries include information about when objects are created or deleted.
You need to quickly deploy a containerized web application on Google Cloud. You know the services you want to be exposed. You do not want to manage infrastructure. You only want to pay when requests are being handled and need support for custom packages. What technology meets these needs? A. App Engine flexible environment B. App Engine standard environment C. Cloud Run D. Cloud Functions
A. Incorrect. App Engine flexible environment does not scale to zero. B. Incorrect. App Engine standard environment does not allow custom packages. *C. Correct! Cloud Run is serverless, exposes your services as an endpoint, and abstracts all infrastructure. D. Incorrect. You do not deploy your logic using containers when developing for Cloud Functions. Cloud Functions executes small snippets of code in a serverless way.
Cymbal Superstore's supply chain application frequently analyzes large amounts of data to inform business processes and operational dashboards. What storage class would make sense for this use case? A. Archive B. Coldline C. Nearline D. Standard
A. Incorrect. Archive storage is the best choice for data that you plan to access less than once a year. B. Incorrect. Dashboards need current data to analyze. Coldline is good for storing data accessed only every 90 days. C. Incorrect. Dashboards need current data to analyze. Nearline is good for storing data accessed only every 30 days. *D. Correct. Standard storage is best for data that is frequently accessed ("hot" data) and/or stored for only brief periods of time. In addition, co-locating your resources by selecting the regional option maximizes the performance for data-intensive computations and can reduce network charges.
Fiona is the billing administrator for the project associated with Cymbal Superstore's eCommerce application. Jeffrey, the marketing department lead, wants to receive emails related to budget alerts. Jeffrey should have access to no additional billing information. What should you do? A. Change the budget alert default threshold rules to include Jeffrey as a recipient. B. Use Cloud Monitoring notification channels to send Jeffrey an email alert. C. Add Jeffrey and Fiona to the budget scope custom email delivery dialog. D. Send alerts to a Pub/Sub topic that Jeffrey is subscribed to.
A. Incorrect. To add Jeffrey as a recipient to the default alert behavior you would have to grant him the role of a billing administrator or billing user. The qualifier in the questions states he should have no additional access. *B. Correct! You can set up to 5 Cloud Monitoring channels to define email recipients that will receive budget alerts. C. Incorrect. Budget scope defines what is reported in the alert. D. Incorrect. Pub/Sub is for programmatic use of alert content.
Cymbal Superstore is piloting an update to its ecommerce app for the flagship store in Minneapolis, Minnesota. The app is implemented as a three-tier web service with traffic originating from the local area and resources dedicated for it in us-central1. You need to configure a secure, low-cost network load-balancing architecture for it. How do you proceed? A. Implement a premium tier pass-through external https load balancer connected to the web tier as the frontend and a regional internal load balancer between the web tier and backend. B. Implement a proxied external TCP/UDP network load balancer connected to the web tier as the frontend and a premium network tier ssl load balancer between the web tier and the backend. C. Configure a standard tier proxied external https load balancer connected to the web tier as a frontend and a regional internal load balancer between the web tier and the backend. D. Configure a proxied SSL load balancer connected to the web tier as the frontend and a standard tier internal TCP/UDP load balancer between the web tier and the backend.
A. Incorrect. Premium external https load balancer is global and more expensive. All the resources for the scenario are in the same region. Also, https load balancer is proxied, not pass-through. B. Incorrect. TCP/UDP is a pass-through balancer. Premium tier SSL is global and is not the proper solution between web and backend within a region. *C. Correct! A standard tier proxied external load balancer is effectively a regional resource. A regional internal load balancer doesn't require external IPs and is more secure. D. Incorrect. SSL load balancer is not a good solution for web front ends. For a web frontend, you should use an HTTP/S load balancer (layer 7) whenever possible.
Which of the scenarios below is an example of a situation where you should use a service account? A. To directly access user data B. For development environments C. For interactive analysis D. For individual GKE pods
A. Incorrect. Service accounts should not be used to access user data without consent. B. Incorrect. Service accounts should not be used for development environments. Use the application default credentials. C. Incorrect. Service accounts should be used for unattended work that does not require user interaction. *D. Correct! When configuring access for GKE, you set up dedicated service accounts for each pod. You then use workload identity to map them to dedicated Kubernetes service accounts.
What action does the terraform apply command perform? A. Downloads the latest version of the terraform provider. B. Verifies syntax of terraform config file. C. Shows a preview of resources that will be created. D. Sets up resources requested in the terraform config file.
A. Incorrect. Terraform init downloads the latest version. B. Incorrect. Terraform plan verifies the syntax. C. Incorrect. Terraform plan outputs a preview of resources. *D. Correct! Terraform Apply sets up resources specified in the terraform config file.
The projected amount of cloud storage required for Cymbal Superstore to enable users to post pictures for project reviews is 10 TB of immediate access storage in the US and 30 TB of storage for historical posts in a bucket located near Cymbal Superstore's headquarters. The contents of this bucket will need to be accessed once every 30 days. You want to estimate the cost of these storage resources to ensure this is economically feasible. What should you do? A. Use the pricing calculator to estimate the costs for 10 TB of regional Standard storage, 30 TB of regional Coldline storage, and egress charges for reads from storage. B. Use the pricing calculator to estimate the price for 10 TB of regional Standard storage, 30 TB of regional Nearline storage, and ingress charges for posts to the bucket. C. Use the pricing calculator to estimate the price for 10 TB of multi-region standard storage, 30 TB for regional Coldline storage, and ingress charges for posts to the bucket. D. Use the pricing calculator to estimate the price for 10 TB of multi-region Standard storage, 30 TB for regional Nearline, and egress charges for reads from the bucket.
A. Incorrect. The storage is US which indicates multi-region storage instead of regional Standard storage. The 30-day requirement points to Nearline storage, not Coldline. B. Incorrect. The storage is US which indicates multi-region storage instead of regional Standard storage and ingress (data writes) is free. There are no costs associated with ingress. C. Incorrect. The 30-day requirement points to Nearline storage, not Coldline and ingress (data writes) is free, there are no costs associated with ingress. *D. Correct! Data storage pricing is based on the amount of data and storage type. Standard storage is immediately available. Nearline storage is for data accessed roughly every 30 days. Egress is the amount of data read from the bucket and is also chargeable.
You have a scheduled snapshot you are trying to delete, but the operation returns an error. What should you do to resolve this problem? A. Delete the downstream incremental snapshots before deleting the main reference. B. Delete the object the snapshot was created from. C. Detach the snapshot schedule before deleting it. D. Restore the snapshot to a persistent disk before deleting it.
A. Incorrect. This is not required to delete a scheduled snapshot and would be a lot of manual work. B. Incorrect. This is not required to delete a scheduled snapshot and is destructive. *C. Correct! You can't delete a snapshot schedule that is still attached to a persistent disk. D. Incorrect. This does not allow you to delete a scheduled snapshot.
Cymbal Superstore's marketing department needs to load some slowly changing data into BigQuery. The data arrives hourly in a Cloud Storage bucket. You want to minimize cost and implement this in the fewest steps. What should you do? A. Implement a bq load command in a command line script and schedule it with cron. B. Read the data from your bucket by using the BigQuery streaming API in a program. C. Create a Cloud Function to push data to BigQuery through a Dataflow pipeline. D. Use the BigQuery data transfer service to schedule a transfer between your bucket and BigQuery.
A. Incorrect. This solution doesn't cost anything but is more complex than setting up a data transfer. B. Incorrect. The streaming API has pricing associated with it based on how much data you stream in. C. Incorrect. A Dataflow pipeline will incur charges for the resources performing the sink into BigQuery. *D. Correct! BigQuery transfer service is the simplest process to set up transfers between Cloud Storage and BigQuery. It is encompassed by one command. It is also free.
You need serverless computing for file processing and running the backend of a website; which two products can you choose from Google Cloud Platform? Kubernetes Engine and Compute Engine App Engine and Cloud Functions Cloud Functions and Compute Engine Cloud Functions and Kubernetes Engine
App Engine and Cloud Functions
Which specialized services are most likely to be used to build a data warehousing platform that requires complex extraction, transformation, and loading operations on batch data as well as processing streaming data? Apigee API platform Data analytics AI and machine learning Cloud SDK
Data analytics
A product manager at your company reports that customers are complaining about the reliability of one of your applications. The application is crashing periodically, but developers have not found a common pattern that triggers the crashes. They are concerned that they do not have good insight into the behavior of the application and want to perform detailed review of all crash data. Which Stackdriver tool would you use to view consolidated crash information? DataProc Monitoring Logging Error Reporting
Error Reporting
Why can cloud providers offer elastic resource allocation? Cloud providers can take resources from lower-priority customers and give them to higher-priority customers. Extensive resources and the ability to quickly shift resources between customers enables public cloud providers to offer elastic resource allocation more efficiently than can be done in smaller data centers. They charge more the more resources you use. They don't.
Extensive resources and the ability to quickly shift resources between customers enables public cloud providers to offer elastic resource allocation more efficiently than can be done in smaller data centers.
You have been asked to setup network security in a virtual private cloud. Your company wants to have multiple subnetworks and limit traffic between the subnetworks. Which network security control would you use to control the flow of traffic between subnets? Identity access management Router Firewall IP Address table
Firewall
You have decided to deploy a set of microservices using containers. You could install and manage Docker on Compute Engine instances, but you'd rather have GCP provide some container management services. Which two GCP services allow you to run containers in a managed service? App Engine standard environment and App Engine flexible environment Kubernetes Engine and App Engine standard environment Kubernetes Engine and App Engine flexible environment App Engine standard environment and Cloud Functions
Kubernetes Engine and App Engine flexible environment
You have been assigned the task of consolidating log data generated by each instance of an application. Which of the Stackdriver management tools would you use? Monitoring Trace Debugger Logging
Logging
Cloud Filestore is based on what file system technology? Network File System (NFS) XFS EXT4 ResiserFS
Network File System (NFS)
When you create a machine learning service to identify text in an image, what type of servers should you choose to manage compute resources? VMs Clusters of VMs No servers; specialized services are serverless VMs running Linux only
No servers; specialized services are serverless
You plan to use Cloud Vision to analyze images and extract text seen in the image. You plan to process between 1,000 and 2,500 images per hour. How many VMs should you allocate to meet peak demand? 1 10 25 None; Cloud Vision is a serverless service.
None; Cloud Vision is a serverless service.
You have been asked to design a storage system for a web application that allows users to upload large data files to be analyzed by a business intelligence workflow. The files should be stored in a high-availability storage system. File system functionality is not required. Which storage system in Google Cloud Platform should be used? Block storage Object storage Cache Network File System
Object storage
You ahve an application that uses a Pub/Sub message queue to maintain a list of tasks that are to be processed by another application. The application that consumes messages from the Pub/Sub queue removes the message only after completing the task. It takes approximately 10 seconds to complete a task. It is not a proglem if two ore more VMs perform the same task. What is a cost-effective configuration for processing this workload? Use preemptible VMs Use standard VMs Use DataProc Use Spanner
Use preemptible VMs
You are tasked with mapping the authentication and authorization policies of your on-premises applications to GPC's authentication and authorization mechanisms. The GCP documentation statesthat an identity must be authenticated in order to grant privileges to that identity. What does the term identity refer to? VM ID User Role Set of privileges
User
You have to run a number of services to support an application. Which of the following is a good deployment model? Run on a large, single VM. User containers in a managed cluster. User two large VMs, making one of them read only. User a small VM for all services and increase the size of the VM when CPU utilization exceeds 90 percent.
User containers in a managed cluster.
You need to store data for X and therefore you are using a cache for Y. How will the cache affect data retrieval? A cache improves the execution of client-side JavaScript. A cache will continue to store data even if power is lose, improving availability. Caches can get you of sync with the system of truth. Using a cache will reduce latency, since retrieving from a cache is faster than retrieving from SSDs or HDDs.
Using a cache will reduce latency, since retrieving from a cache is faster than retrieving from SSDs or HDDs.