Google Associate Cloud Engineer Section 1. Setting Up a Cloud Solution Environment.
The Operations Department at Cymbal Superstore wants to provide managers access to information about VM usage without allowing them to make changes that would affect the state. You assign them the Compute Engine Viewer role. Which two permissions will they receive? A. compute.images.list B. compute.images.get C. compute.images.create D. compute.images.setIAM E. computer.images.update
*A: Correct! Viewer can perform read-only actions that do not affect state. *B: Correct! Get is read-only. Viewer has this permission.
Fiona is the billing administrator for the project associated with Cymbal Superstore's eCommerce application. Jeffrey, the marketing department lead, wants to receive emails related to budget alerts. Jeffrey should have access to no additional billing information. What should you do? A. Change the budget alert default threshold rules to include Jeffrey as a recipient. B. Use Cloud Monitoring notification channels to send Jeffrey an email alert. C. Add Jeffrey and Fiona to the budget scope custom email delivery dialog. D. Send alerts to a Pub/Sub topic that Jeffrey is subscribed to.
*B. Correct! You can set up to 5 Cloud Monitoring channels to define email recipients that will receive budget alerts.
You need to add new groups of employees in Cymbal Superstore's production environment. You need to consider Google's recommendation of using least privilege. What should you do? A. Grant the most restrictive basic role to most services, grant predefined or custom roles as necessary. B. Grant predefined and custom roles that provide necessary permissions and grant basic roles only where needed. C. Grant the least restrictive basic roles to most services and grant predefined and custom roles only when necessary. D. Grant custom roles to individual users and implement basic roles at the resource level.
*B: Correct! Basic roles are broad and don't use the concept of least privilege. You should grant only the roles that someone needs through predefined and custom roles.
Pick two choices that provide a command line interface to Google Cloud. A. Google Cloud Console B. Cloud Shell C. Cloud Console Mobile App D. Cloud SDK
*B: Correct! Cloud Shell provides a cloud-based CLI environment. *D: Correct! Cloud SDK provides a local CLI environment.
How are resource hierarchies organized in Google Cloud? A. Organization, Project, Resource, Folder. B. Organization, Folder, Project, Resource. C. Project, Organization, Folder, Resource. D. Resource, Folder, Organization, Project.
*B: Correct! Organization sits at the top of the Google Cloud resource hierarchy. This can be divided into folders, which are optional. Next, there are projects you define. Finally, resources are created under projects.
What Google Cloud project attributes can be changed? A. The Project ID. B. The Project Name. C. The Project Number. D. The Project Category.
*B: Correct! Project name is set by the user at creation. It does not have to be unique. It can be changed after creation time.
You want to use the Cloud Shell to copy files to your Cloud Storage bucket. Which Cloud SDK command should you use? A. gcloud B. gsutil C. bq D. Cloud Storage Browser
*B: Correct! Use gsutil to interact with Cloud Storage via the Cloud SDK.
How are billing accounts applied to projects in Google Cloud? (Pick two.) A.Set up Cloud Billing to pay for usage costs in Google Cloud projects and Google Workspace accounts. B.A project and its resources can be tied to more than one billing account. C.A billing account can be linked to one or more projects. A project and its resources can only be tied to one billing account. D.If your project only uses free resources you don't need a link to an active billing account.
*C: Correct! A billing account can handle billing for more than one project. *D: Correct! A project can only be linked to one billing account at a time.
Jane will manage objects in Cloud Storage for the Cymbal Superstore. She needs to have access to the proper permissions for every project across the organization. What should you do? A. Assign Jane the roles/storage.objectCreator on every project. B. Assign Jane the roles/viewer on each project and the roles/storage.objectCreator for each bucket. C. Assign Jane the roles/editor at the organizational level. D. Add Jane to a group that has the roles/storage.objectAdmin role assigned at the organizational level.
*D. Correct! This would give Jane the right level of access across all projects in your company.
Stella is a new member of a team in your company who has been put in charge of monitoring VM instances in the organization. Stella will need the required permissions to perform this role. A. Assign Stella a roles/compute.viewer role. B. Assign Stella compute.instances.get permissions on all of the projects she needs to monitor. C. Add Stella to a Google Group in your organization. Bind that group to roles/compute.viewer. D. Assign the "viewer" policy to Stella.
C. Correct! Best practice is to manage role assignment by groups, not by individual users.