Summer Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Questions and Answers

Questions 4

You are deploying a new application on a Compute Engine VM instance. This application needs to store operational logs in a Cloud Storage bucket named project-logs-us-central1 and have the ability to create new objects (logs) in this bucket. The application must be restricted from modifying or deleting existing objects or accessing any other buckets in the Google Cloud project. You must configure access following the principle of least privilege. What should you do?

Options:

A.

Create a dedicated service account for the application. Grant this service account the predefined roles/storage.objectCreator IAM role on the project-logs-us-central1 Cloud Storage bucket. Attach the service account to the Compute Engine VM instance.

B.

Grant the Compute Engine default service account the predefined roles/storage.objectAdmin IAM role on the Google Cloud project.

C.

Create a dedicated service account for the application. Generate a service account key, and grant the service account the predefined roles/storage.admin IAM role on the project-logs-us-central1 Cloud Storage bucket. Store the key file on the Compute Engine VM.

D.

Grant the Compute Engine default service account the predefined roles/storage.objectCreator IAM role on the Google Cloud project. Attach the service account to the Compute Engine VM instance.

Buy Now
Questions 5

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20. and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

Options:

A.

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

B.

Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

C.

Add a secondary IP range 10.1.0.0/20 to the subnet.

D.

Convert the subnet IP range from IPv4 to IPv6

Buy Now

Associate-Cloud-Engineer Report Card

Questions 6

Your company uses Google Kubernetes Engine (GKE) for all application deployments. Your team needs to provision and manage other Google Cloud resources using the same declarative approach and tooling as your application deployments. What should you do?

Options:

A.

Use the Google Cloud console to provision and manage Google Cloud resources.

B.

Write shell scripts using gcloud commands to provision and manage Google Cloud resources.

C.

Create Terraform configurations for your Google Cloud resources, and store the state file in a Cloud Storage bucket.

D.

Install Config Connector in a GKE cluster, and define your Google Cloud resources as custom resources in Kubernetes manifests.

Buy Now
Questions 7

You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?

Options:

A.

Export your bill to a Cloud Storage bucket, and then import into Cloud Bigtable for analysis.

B.

Export your bill to a Cloud Storage bucket, and then import into Google Sheets for analysis.

C.

Export your transactions to a local file, and perform analysis with a desktop tool.

D.

Export your bill to a BigQuery dataset, and then write time window-based SQL queries for analysis.

Buy Now
Questions 8

Your company stores data from multiple sources that have different data storage requirements. These data include:

1. Customer data that is structured and read with complex queries

2. Historical log data that is large in volume and accessed infrequently

3. Real-time sensor data with high-velocity writes, which needs to be available for analysis but can tolerate some data loss

You need to design the most cost-effective storage solution that fulfills all data storage requirements. What should you do?

Options:

A.

Use Spanner for all data.

B.

Use Cloud SQL for customer data, Cloud Storage (Coldline) for historical logs, and BigQuery for sensor data.

C.

Use Cloud SQL for customer data, Cloud Storage (Archive) for historical logs, and Bigtable for sensor data.

D.

Use Firestore for customer data, Cloud Storage (Nearline) for historical logs, and Bigtable for sensor data.

Buy Now
Questions 9

You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?

Options:

A.

Use a custom mode VPC network, configure static routes, and use active/passive routing

B.

Use an automatic mode VPC network, configure static routes, and use active/active routing

C.

Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing

D.

Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing

Buy Now
Questions 10

You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do?

Options:

A.

When creating the instances, specify a Service Account for each instance

B.

When creating the instances, assign the name of each Service Account as instance metadata

C.

After starting the instances, use gcloud compute instances update to specify a Service Account for each instance

D.

After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata

Buy Now
Questions 11

You host your website on Compute Engine. The number of global users visiting your website is rapidly expanding. You need to minimize latency and support user growth in multiple geographical regions. You also want to follow Google-recommended practices and minimize operational costs. Which two actions should you take?

Choose 2 answers

Options:

A.

Use a Network Load Balancer

B.

Deploy your VMs in multiple Google Cloud regions closest to your users ' geographical locations.

C.

Use an external Application Load Balancer in Global mode.

D.

Use an external Application Load Balancer in Regional mode.

E.

Deploy all of your VMs in a single Google Cloud region with the largest available CIDR range.

Buy Now
Questions 12

You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

Options:

A.

Change the default region property setting in the existing GCP project to asia-northeast1.

B.

Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

C.

Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.

D.

Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.

Buy Now
Questions 13

You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

Options:

A.

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

B.

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

C.

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

D.

Set up a high-priority (1000) rule to allow the appropriate ports.

Buy Now
Questions 14

(You are managing a stateful application deployed on Google Kubernetes Engine (GKE) that can only have one replica. You recently discovered that the application becomes unstable at peak times. You have identified that the application needs more CPU than what has been configured in the manifest at these peak times. You want Kubernetes to allocate the application sufficient CPU resources during these peak times, while ensuring cost efficiency during off-peak periods. What should you do?)

Options:

A.

Enable cluster autoscaling on the GKE cluster.

B.

Configure a Vertical Pod Autoscaler on the Deployment.

C.

Configure a Horizontal Pod Autoscaler on the Deployment.

D.

Enable node auto-provisioning on the GKE cluster.

Buy Now
Questions 15

You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Options:

A.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

B.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

C.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

D.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Buy Now
Questions 16

You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

Options:

A.

Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.

B.

Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.

C.

Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.

D.

Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

Buy Now
Questions 17

You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

Options:

A.

Use the GCP Console to transfer the file instead of gsutil.

B.

Enable parallel composite uploads using gsutil on the file transfer.

C.

Decrease the TCP window size on the machine initiating the transfer.

D.

Change the storage class of the bucket from Nearline to Multi-Regional.

Buy Now
Questions 18

You have created a code snippet that should be triggered whenever a new file is uploaded to a Cloud Storage bucket. You want to deploy this code snippet. What should you do?

Options:

A.

Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.

B.

Use Cloud Functions and configure the bucket as a trigger resource.

C.

Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.

D.

Use Dataflow as a batch job, and configure the bucket as a data source.

Buy Now
Questions 19

You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?

Options:

A.

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

B.

Fill in local SSD. Add estimated cost for cluster management.

C.

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

D.

Select Add GPUs. Add estimated cost for cluster management.

Buy Now
Questions 20

You are managing resources in a Google Cloud project. A new service account needs the ability to invoke a Cloud Run service. You need to gain the permissions to modify IAM policies for service accounts while adhering to the principle of least privilege. What should you do?

Options:

A.

Request the roles/run.invoker role for your user account.

B.

Request the roles/iam.serviceAccountAdmin role for your user account.

C.

Request the Editor role for your user account.

D.

Request the Owner role for your user account.

Buy Now
Questions 21

You need to add a group of new users to Cloud Identity. Some of the users already have existing Google accounts. You want to follow one of Google ' s recommended practices and avoid conflicting accounts. What should you do?

Options:

A.

Invite the user to transfer their existing account

B.

Invite the user to use an email alias to resolve the conflict

C.

Tell the user that they must delete their existing account

D.

Tell the user to remove all personal email from the existing account

Buy Now
Questions 22

You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google’s recommended practices. Which method should you use?

Options:

A.

Deployment Manager

B.

Cloud Composer

C.

Managed Instance Group

D.

Unmanaged Instance Group

Buy Now
Questions 23

You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be able to record all requests that read any of the stored data. You want to make sure you comply with these requirements. What should you do?

Options:

A.

Enable the Identity Aware Proxy API on the project.

B.

Scan the bucker using the Data Loss Prevention API.

C.

Allow only a single Service Account access to read the data.

D.

Enable Data Access audit logs for the Cloud Storage API.

Buy Now
Questions 24

You are developing a financial trading application that will be used globally. Data is stored and queried using a relational structure, and clients from all over the world should get the exact identical state of the data. The application will be deployed in multiple regions to provide the lowest latency to end users. You need to select a storage option for the application data while minimizing latency. What should you do?

Options:

A.

Use Cloud Bigtable for data storage.

B.

Use Cloud SQL for data storage.

C.

Use Cloud Spanner for data storage.

D.

Use Firestore for data storage.

Buy Now
Questions 25

Your company has multiple projects linked to a single billing account in Google Cloud. You need to visualize the costs with specific metrics that should be dynamically calculated based on company-specific criteria. You want to automate the process. What should you do?

Options:

A.

In the Google Cloud console, visualize the costs related to the projects in the Reports section.

B.

In the Google Cloud console, visualize the costs related to the projects in the Cost breakdown section.

C.

In the Google Cloud console, use the export functionality of the Cost table. Create a Looker Studiodashboard on top of the CSV export.

D.

Configure Cloud Billing data export to BigOuery for the billing account. Create a Looker Studio dashboard on top of the BigQuery export.

Buy Now
Questions 26

Users of your application are complaining of slowness when loading the application. You realize the slowness is because the App Engine deployment serving the application is deployed in us-central whereas all users of this application are closest to europe-west3. You want to change the region of the App Engine application to europe-west3 to minimize latency. What’s the best way to change the App Engine region?

Options:

A.

Create a new project and create an App Engine instance in europe-west3

B.

Use the gcloud app region set command and supply the name of the new region.

C.

From the console, under the App Engine page, click edit, and change the region drop-down.

D.

Contact Google Cloud Support and request the change.

Buy Now
Questions 27

You have a Google Cloud Platform account with access to both production and development projects. You need to create an automated process to list all compute instances in development and production projects on a daily basis. What should you do?

Options:

A.

Create two configurations using gcloud config. Write a script that sets configurations as active, individually. For each configuration, use gcloud compute instances list to get a list of compute resources.

B.

Create two configurations using gsutil config. Write a script that sets configurations as active, individually. For each configuration, use gsutil compute instances list to get a list of compute resources.

C.

Go to Cloud Shell and export this information to Cloud Storage on a daily basis.

D.

Go to GCP Console and export this information to Cloud SQL on a daily basis.

Buy Now
Questions 28

You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?

Options:

A.

When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section.

B.

Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.

C.

Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.

D.

Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.

Buy Now
Questions 29

You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.

You check the status of the deployed pods and notice that one of them is still in PENDING status:

Associate-Cloud-Engineer Question 29

You want to find out why the pod is stuck in pending status. What should you do?

Options:

A.

Review details of the myapp-service Service object and check for error messages.

B.

Review details of the myapp-deployment Deployment object and check for error messages.

C.

Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.

D.

View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.

Buy Now
Questions 30

Your coworker has helped you set up several configurations for gcloud. You ' ve noticed that you ' re running commands against the wrong project. Being new to the company, you haven ' t yet memorized any of the projects. With the fewest steps possible, what ' s the fastest way to switch to the correct configuration?

Options:

A.

Run gcloud configurations list followed by gcloud configurations activate .

B.

Run gcloud config list followed by gcloud config activate.

C.

Run gcloud config configurations list followed by gcloud config configurations activate.

D.

Re-authenticate with the gcloud auth login command and select the correct configurations on login.

Buy Now
Questions 31

Your company is running a critical workload on a single Compute Engine VM instance. Your company ' s disaster recovery policies require you to backup the entire instance ' s disk data every day. The backups must be retained for 7 days. You must configure a backup solution that complies with your company ' s security policies and requires minimal setup and configuration. What should you do?

Options:

A.

Configure the instance to use persistent disk asynchronous replication.

B.

Configure daily scheduled persistent disk snapshots with a retention period of 7 days.

C.

Configure Cloud Scheduler to trigger a Cloud Function each day that creates a new machine image and deletes machine images that are older than 7 days.

D.

Configure a bash script using gsutil to run daily through a cron job. Copy the disk ' s files to a Cloud Storage bucket with archive storage class and an object lifecycle rule to delete the objects after 7 days.

Buy Now
Questions 32

You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?

Options:

A.

Create the instance with the default Compute Engine service account Grant the service account permissions on Cloud Storage.

B.

Create the instance with the default Compute Engine service account Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

C.

Create a new service account and assig n this service account to the new instance Grant the service account permissions on Cloud Storage.

D.

Create a new service account and assign this service account to the new instance Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Buy Now
Questions 33

You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

Options:

A.

Open the Cloud Spanner console to review configurations.

B.

Open the IAM & admin console to review IAM policies for Cloud Spanner roles.

C.

Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

D.

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Buy Now
Questions 34

You are writing a shell script that includes a few gcloud CLI commands to access some Google Cloud resources. You want to test the script in your local development environment with a service account in the most secure way. What should you do?

Options:

A.

Download the service account key file and save it in a secure location. Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the key file.

B.

Enable service account impersonation, and use the gcloud config set auth/impersonate_service_account command to use it by default.

C.

Generate an ID token for the service account. Use the token with the gcloud CLI commands.

D.

Download the service account key file, and use it to generate an access token. Use the token with the gcloud CLI commands.

Buy Now
Questions 35

Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

Options:

A.

Ask the auditor for their Google account, and give them the Viewer role on the project.

B.

Ask the auditor for their Google account, and give them the Security Reviewer role on the project.

C.

Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.

D.

Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

Buy Now
Questions 36

A team of data scientists infrequently needs to use a Google Kubernetes Engine (GKE) cluster that you manage. They require GPUs for some long-running, non-restartable jobs. You want to minimize cost. What should you do?

Options:

A.

Enable node auto-provisioning on the GKE cluster.

B.

Create a VerticalPodAutscaler for those workloads.

C.

Create a node pool with preemptible VMs and GPUs attached to those VMs.

D.

Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a minimum size of 1.

Buy Now
Questions 37

You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions. You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?

Options:

A.

Create a single budget for all projects and configure budget alerts on this budget.

B.

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

C.

Create a budget per project and configure budget alerts on all of these budgets.

D.

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

Buy Now
Questions 38

You are deploying an application on Google Cloud that requires a relational database for storage. To satisfy your company ' s security policies, your application must connect to your database through an encrypted and authenticated connection that requires minimal management and integrates with Identity and Access Management (IAM). What should you do?

Options:

A.

Deploy a Cloud SQL database with the SSL mode set to encrypted only, configure SSL/TLS client certificates, and configure a database user and password.

B.

Deploy a Cloud SOL database and configure IAM database authentication. Access the database through the Cloud SQL Auth Proxy.

C.

Deploy a Cloud SQL database with the SSL mode set to encrypted only, configure SSL/TLS client certificates, and configure IAM database authentication.

D.

Deploy a Cloud SQL database and configure a database user and password. Access the database through the Cloud SQL Auth Proxy.

Buy Now
Questions 39

Your development team needs a new Jenkins server for their project. You need to deploy the server using the fewest steps possible. What should you do?

Options:

A.

Download and deploy the Jenkins Java WAR to App Engine Standard.

B.

Create a new Compute Engine instance and install Jenkins through the command line interface.

C.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

D.

Use GCP Marketplace to launch the Jenkins solution.

Buy Now
Questions 40

(You are deploying a web application using Compute Engine. You created a managed instance group (MIG) to host the application. You want to follow Google-recommended practices to implement a secure and highly available solution. What should you do?)

Options:

A.

Use a proxy Network Load Balancer for the MIG and an A record in your DNS private zone with the load balancer ' s IP address.

B.

Use a proxy Network Load Balancer for the MIG and a CNAME record in your DNS public zone with the load balancer ' s IP address.

C.

Use an Application Load Balancer for the MIG and a CNAME record in your DNS private zone with the load balancer ' s IP address.

D.

Use an Application Load Balancer for the MIG and an A record in your DNS public zone with the load balancer ' s IP address.

Buy Now
Questions 41

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

Options:

A.

After the VM has been created, use your Google Account credentials to log in into the VM.

B.

After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.

C.

When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value.

D.

After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.

Buy Now
Questions 42

You have developed an application that consists of multiple microservices, with each microservice packaged in its own Docker container image. You want to deploy the entire application on Google Kubernetes Engine so that each microservice can be scaled individually. What should you do?

Options:

A.

Create and deploy a Custom Resource Definition per microservice.

B.

Create and deploy a Docker Compose File.

C.

Create and deploy a Job per microservice.

D.

Create and deploy a Deployment per microservice.

Buy Now
Questions 43

(You are managing the security configuration of your company ' s Google Cloud organization. The Operations team needs specific permissions on both a Google Kubernetes Engine (GKE) cluster and a Cloud SQL instance. Two predefined Identity and Access Management (IAM) roles exist that contain a subset of the permissions needed by the team. You need to configure the necessary IAM permissions for this team while following Google-recommended practices. What should you do?)

Options:

A.

Grant the team the two predefined IAM roles.

B.

Create a custom IAM role that combines the permissions from the two relevant predefined roles.

C.

Create a custom IAM role that includes only the required permissions from the predefined roles.

D.

Grant the team the IAM roles of Kubernetes Engine Admin and Cloud SQL Admin.

Buy Now
Questions 44

You need to select and configure compute resources for a set of batch processing jobs. These jobs take around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?

Options:

A.

Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.

B.

Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

C.

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

D.

Select Compute Engine. Use VM instance types that support micro bursting.

Buy Now
Questions 45

You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?

Options:

A.

Run gcloud iam roles list. Review the output section.

B.

Run gcloud iam service-accounts list. Review the output section.

C.

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

D.

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

Buy Now
Questions 46

You are managing your company’s archival records that are stored in a Cloud Storage bucket using the Multi-Regional storage class. These objects are rarely accessed after 90 days but must be retained indefinitely to meet regulatory compliance requirements. You need to implement a cost-effective process that automatically transitions these objects to the lowest-cost storage class suitable for long-term retention immediately after the 90-day period. What should you do?

Options:

A.

Enable Object Versioning on the bucket, and create an Object Lifecycle Management rule that sets the daysSinceNoncurrentTime condition to 90 days, transitioning noncurrent versions to Archive storage.

B.

Create an Object Lifecycle Management rule on the bucket that specifies an age condition of 90 days and uses the SetStorageClass action to transition the objects to Archive storage.

C.

Create a nightly scheduled Cloud Run function that uses the Cloud Storage API to change the storage class of all objects older than 90 days to Archive storage.

D.

Create an Object Lifecycle Management rule on the bucket that specifies the createdBefore condition set to 90 days ago and uses the Delete action to remove the objects.

Buy Now
Questions 47

Your company is active in the European Economic Area (EEA), and will adopt Google Cloud for its workloads. Projects are currently structured within different folders. You need to ensure any resources that will be deployed are using Google Cloud locations within the EEA by using the Organization Policy Service resource locations constraint. What should you do?

Options:

A.

Configure the policy at the organization level, and add all allowed locations to the policy.

B.

Configure the policy at the folder level, and add all disallowed locations to the policy.

C.

Configure the policy at the organization level, and add all disallowed locations to the policy.

D.

Configure the policy at the folder level, and add all allowed locations to the policy.

Buy Now
Questions 48

You are defining a standard procedure for managing team access to hundreds of Google Cloud resources. Your organization uses Cloud Identity as its primary identity provider, and you want to base access on team membership. You need a solution that simplifies the process of granting and revoking access as individuals join and leave teams. Your solution must minimize administrative effort and follow Google-recommended security practices. What should you do?

Options:

A.

For each team, create a Google Group in Cloud Identity with the cloudidentity.googleapis.com/groups.discussion_forum group property label. Add team members to the group, and use the group in IAM policies.

B.

For each team, create a service account. Grant each team member the IAM permission to impersonate that service account.

C.

For each team, create a service account. Grant each team member the IAM permission to generate and download keys for that service account.

D.

For each team, create a Google Group in Cloud Identity with the cloudidentity.googleapis.com/groups.discussion_forum and cloudidentity.googleapis.com/groups.security group property labels. Add team members to the group, and use the group in IAM policies.

Buy Now
Questions 49

You are creating and deploying an application on Cloud Run that uses Cloud SQL for data storage. You need to track the number of database connections created by the application to ensure that database connections are reused. What should you do?

Options:

A.

In Cloud Monitoring, create a custom metric that tracks the creation of Cloud Run instances, and display the metric on a dashboard.

B.

Log each new database connection in the application. In Cloud Monitoring, create a custom metric for these logs, and display the metric on a dashboard.

C.

In the Google Cloud console, navigate to the Cloud SQL instance, and review the instance logs.

D.

In Cloud Trace, enable trace storage for your project, and use a filter to check for new database connections.

Buy Now
Questions 50

You are developing a new web application that will be deployed on Google Cloud Platform. As part of your release cycle, you want to test updates to your application on a small portion of real user traffic. The majority of the users should still be directed towards a stable version of your application. What should you do?

Options:

A.

Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version

B.

Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service.

C.

Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version

D.

Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment.

Buy Now
Questions 51

You are planning to migrate your on-premises data to Google Cloud. The data includes:

• 200 TB of video files in SAN storage

• Data warehouse data stored on Amazon Redshift

• 20 GB of PNG files stored on an S3 bucket

You need to load the video files into a Cloud Storage bucket, transfer the data warehouse data into BigQuery, and load the PNG files into a second Cloud Storage bucket. You want to follow Google-recommended practices and avoid writing any code for the migration. What should you do?

Options:

A.

Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

B.

Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

C.

Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

D.

Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Buy Now
Questions 52

You have a number of applications that have bursty workloads and are heavily dependent on topics to decouple publishing systems from consuming systems. Your company would like to go serverless to enable developers to focus on writing code without worrying about infrastructure. Your solution architect has already identified Cloud Pub/Sub as a suitable alternative for decoupling systems. You have been asked to identify a suitable GCP Serverless service that is easy to use with Cloud Pub/Sub. You want the ability to scale down to zero when there is no traffic in order to minimize costs. You want to follow Google recommended practices. What should you suggest?

Options:

A.

Cloud Run for Anthos

B.

Cloud Run

C.

App Engine Standard

D.

Cloud Functions.

Buy Now
Questions 53

You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named dev that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster. What should you do?

Options:

A.

Use the command gcloud config set container/cluster dev.

B.

Use the command gcloud container clusters update dev.

C.

Create a file called gke.default in the ~/.gcloud aname.

D.

Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.

Buy Now
Questions 54

You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

Options:

A.

Manual Scaling with 3 instances.

B.

Basic Scaling with min_instances set to 3.

C.

Basic Scaling with max_instances set to 3.

D.

Automatic Scaling with min_idle_instances set to 3.

Buy Now
Questions 55

You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?

Options:

A.

Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity-Aware Proxy to access the instance.

B.

Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.

C.

Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant.Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

D.

Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant.Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.

Buy Now
Questions 56

You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

Options:

A.

Enable API and then share charts from project A, B, and C.

B.

Enable API and then give the metrics.reader role to projects A, B, and C.

C.

Enable API and then use default dashboards to view all projects in sequence.

D.

Enable API, create a workspace under project A, and then add project B and C.

Buy Now
Questions 57

Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?

Options:

A.

Add the group for the finance team to roles/billing user role.

B.

Add the group for the finance team to roles/billing admin role.

C.

Add the group for the finance team to roles/billing viewer role.

D.

Add the group for the finance team to roles/billing project/Manager role.

Buy Now
Questions 58

You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The files are used in a mission-critical analytics pipeline that is used continually. The users are in Boston, MA (United States). What should you do?

Options:

A.

Configure regional storage for the region closest to the users Configure a Nearline storage class

B.

Configure regional storage for the region closest to the users Configure a Standard storage class

C.

Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class

D.

Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class

Buy Now
Questions 59

Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup Language (SAML) integration with service providers. Your company has users in Cloud Identity. You would like users to authenticate using your company’s SSO provider. What should you do?

Options:

A.

In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.

B.

In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.

C.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps.

D.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.

Buy Now
Questions 60

You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

Options:

A.

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

B.

Grant all engineer’s permission to create their own billing accounts for each new project.

C.

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

D.

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

Buy Now
Questions 61

Your company uses BigQuery for data warehousing. Over time, many different business units in your company have created 1000+ datasets across hundreds of projects. Your CIO wants you to examine all datasets to find tables that contain an employee_ssn column. You want to minimize effort in performing this task. What should you do?

Options:

A.

Go to Data Catalog and search for employee_ssn in the search box.

B.

Write a shell script that uses the bq command line tool to loop through all the projects in your organization.

C.

Write a script that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find the employee_ssn column.

D.

Write a Cloud Dataflow job that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find employee_ssn column.

Buy Now
Questions 62

You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps. What should you do?

Options:

A.

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

B.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

C.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

D.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

Buy Now
Questions 63

You are developing a new application and are looking for a Jenkins installation to build and deploy your source code. You want to automate the installation as quickly and easily as possible. What should you do?

Options:

A.

Deploy Jenkins through the Google Cloud Marketplace.

B.

Create a new Compute Engine instance. Run the Jenkins executable.

C.

Create a new Kubernetes Engine cluster. Create a deployment for the Jenkins image.

D.

Create an instance template with the Jenkins executable. Create a managed instance group with this template.

Buy Now
Questions 64

You have created an application that is packaged into a Docker image. You want to deploy the Docker image as a workload on Google Kubernetes Engine. What should you do?

Options:

A.

Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.

B.

Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.

C.

Upload the image to Container Registry and create a Kubernetes Service referencing the image.

D.

Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.

Buy Now
Questions 65

You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

Options:

A.

Run gcloud projects list to get the project ID, and then run gcloud services list --project < project ID > .

B.

Run gcloud init to set the current project to my-project, and then run gcloud services list --available.

C.

Run gcloud info to view the account value, and then run gcloud services list --account < Account > .

D.

Run gcloud projects describe < project ID > to verify the project value, and then run gcloud services list --available.

Buy Now
Questions 66

You have been asked to set up the billing configuration for a new Google Cloud customer. Your customer wants to group resources that share common IAM policies. What should you do?

Options:

A.

Use labels to group resources that share common IAM policies

B.

Use folders to group resources that share common IAM policies

C.

Set up a proper billing account structure to group IAM policies

D.

Set up a proper project naming structure to group IAM policies

Buy Now
Questions 67

You are assisting a new Google Cloud user who just installed the Google Cloud SDK on their VM. The server needs access to Cloud Storage. The user wants your help to create a new storage bucket. You need to make this change in multiple environments. What should you do?

Options:

A.

Use a Deployment Manager script to automate creating storage buckets in an appropriate region

B.

Use a local SSD to improve performance of the VM for the targeted workload

C.

Use the gsutii command to create a storage bucket in the same region as the VM

D.

Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM

Buy Now
Questions 68

Your company uses BigQuery to store and analyze data. Upon submitting your query in BigQuery, the query fails with a quotaExceeded error. You need to diagnose the issue causing the error. What should you do?

Choose 2 answers

Options:

A.

Search errors in Cloud Audit Logs to analyze the issue.

B.

Configure Cloud Trace to analyze the issue.

C.

View errors in Cloud Monitoring to analyze the issue.

D.

Use the information schema views to analyze the underlying issue.

E.

Use BigQuery Bl Engine to analyze the issue.

Buy Now
Questions 69

Your company publishes large files on an Apache web server that runs on a Compute Engine instance. The Apache web server is not the only application running in the project. You want to receive an email when the egress network costs for the server exceed 100 dollars for the current month as measured by Google Cloud Platform (GCP). What should you do?

Options:

A.

Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

B.

Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

C.

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

D.

Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging. Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Buy Now
Questions 70

Your company requires that Google Cloud products are created with a specific configuration to comply with your company ' s security policies You need to implement a mechanism that will allow software engineers at your company to deploy and update Google Cloud products in a preconfigured and approved manner. What should you do?

Options:

A.

Create Java packages that utilize the Google Cloud Client Libraries for Java to configure Google Cloud products. Store and share the packages in a source code repository.

B.

Create bash scripts that utilize the Google Cloud CLI to configure Google Cloud products. Store and share the bash scripts in a source code repository.

C.

Create Terraform modules that utilize the Google Cloud Terraform Provider to configure Google Cloud products. Store and share the modules in a source code repository.

D.

Use the Google Cloud APIs by using curl to configure Google Cloud products. Store and share the curl commands in a source code repository.

Buy Now
Questions 71

You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images. The microservice responsible for the image rendering requires a large amount of CPU time compared to the memory it requires. The other microservices are workloads that are optimized for n1-standard machine types. You need to optimize your cluster so that all workloads are using resources as efficiently as possible. What should you do?

Options:

A.

Assign the pods of the image rendering microservice a higher pod priority than the older microservices

B.

Create a node pool with compute-optimized machine type nodes for the image rendering microservice Use the node pool with general-purposemachine type nodes for the other microservices

C.

Use the node pool with general-purpose machine type nodes for lite mage rendering microservice Create a nodepool with compute-optimized machine type nodes for the other microservices

D.

Configure the required amount of CPU and memory in the resource requests specification of the image rendering microservice deployment Keep the resource requests for the other microservices at the default

Buy Now
Questions 72

(Your company is modernizing its applications and refactoring them to containerized microservices. You need to deploy the infrastructure on Google Cloud so that teams can deploy their applications. The applications cannot be exposed publicly. You want to minimize management and operational overhead. What should you do?)

Options:

A.

Provision a Standard zonal Google Kubernetes Engine (GKE) cluster.

B.

Provision a fleet of Compute Engine instances and install Kubernetes.

C.

Provision a Google Kubernetes Engine (GKE) Autopilot cluster.

D.

Provision a Standard regional Google Kubernetes Engine (GKE) cluster.

Buy Now
Questions 73

You have files in a Cloud Storage bucket that you need to share with your suppliers. You want to restrict the time that the files are available to your suppliers to 1 hour. You want to follow Google recommended practices. What should you do?

Options:

A.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

B.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///.

C.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

D.

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///*

Buy Now
Questions 74

You have deployed multiple Linux instances on Compute Engine. You plan on adding more instances in the coming weeks. You want to be able to access all of these instances through your SSH client over me Internet without having to configure specific access on the existing and new instances. You do not want the Compute Engine instances to have a public IP. What should you do?

Options:

A.

Configure Cloud Identity-Aware Proxy (or HTTPS resources

B.

Configure Cloud Identity-Aware Proxy for SSH and TCP resources.

C.

Create an SSH keypair and store the public key as a project-wide SSH Key

D.

Create an SSH keypair and store the private key as a project-wide SSH Key

Buy Now
Questions 75

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

Options:

A.

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

B.

Create a custom role based on the Compute Image User role Add the compute.disks, list to theincludedPermissions field Grant the custom role to the user at the project level

C.

Grant the Compute Storage Admin role at the project level.

D.

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Buy Now
Questions 76

You just installed the Google Cloud CLI on your new corporate laptop. You need to list the existing instances of your company on Google Cloud. What must you do before you run the gcloud compute instances list command?

Choose 2 answers

Options:

A.

Run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.

B.

Create a Google Cloud service account, and download the service account key. Place the key file in a folder on your machine where gcloud CLI can find it.

C.

Download your Cloud Identity user account key. Place the key file in a folder on your machine where gcloud CLI can find it.

D.

Run gcloud config set compute/zone $my_zone to set the default zone for gcloud CLI.

E.

Run gcloud config set project $my_project to set the default project for gcloud CLI.

Buy Now
Questions 77

You used the gcloud container clusters command to create two Google Cloud Kubernetes (GKE) clusters prod-cluster and dev-cluster.

• prod-cluster is a standard cluster.

• dev-cluster is an auto-pilot duster.

When you run the Kubect1 get nodes command, you only see the nodes from prod-cluster Which commands should you run to check the node status for dev-cluster?

Options:

A.
B.
C.
D.
Buy Now
Questions 78

Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

Options:

A.

Create the instance without a public IP address.

B.

Create the instance with Private Google Access enabled.

C.

Create a deny-all egress firewall rule on the VPC network.

D.

Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

Buy Now
Questions 79

You are the organization and billing administrator for your company. The engineering team has the Project Creator role on the organization. You do not want the engineering team to be able to link projects to the billing account. Only the finance team should be able to link a project to a billing account, but they should not be able to make any other changes to projects. What should you do?

Options:

A.

Assign the finance team only the Billing Account User role on the billing account.

B.

Assign the engineering team only the Billing Account User role on the billing account.

C.

Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

D.

Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Buy Now
Questions 80

You are a Google Cloud organization policy administrator for your company that operates in a regulated industry. You need to enforce a policy that restricts all new location-based Google Cloud resources to the australia-southeast1 and australia-southeast2 regions only. You want to ensure that this policy requires minimal configuration. What should you do?

Options:

A.

Create a custom organization policy that uses the resource.location == ' australia-southeast1 ' || resource.location == ' australia-southeast2 ' Common Expression Language (CEL) condition.

B.

Modify the gcp.resourceLocations list constraint by adding in:australia-locations to the allowed_values list.

C.

Modify the gcp.resourceLocations list constraint by adding in:australia-locations to the denied_values list.

D.

Create a custom organization policy that uses the resource.location.startsWith( ' australia ' ) Common Expression Language (CEL) condition.

Buy Now
Questions 81

You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

Options:

A.

Coldline Storage

B.

Nearline Storage

C.

Regional Storage

D.

Multi-Regional Storage

Buy Now
Questions 82

(Your company was recently impacted by a service disruption that caused multiple Dataflow jobs to get stuck, resulting in significant downtime in downstream applications and revenue loss. You were able to resolve the issue by identifying and fixing an error you found in the code. You need to design a solution with minimal management effort to identify when jobs are stuck in the future to ensure that this issue does not occur again. What should you do?)

Options:

A.

Set up Error Reporting to identify stack traces that indicate slowdowns in Dataflow jobs. Set up alerts based on these log entries.

B.

Use the Personalized Service Health dashboard to identify issues with Dataflow jobs across regions.

C.

Update the Dataflow job configurations to send messages to a Pub/Sub topic when there are delays. Configure a backup Dataflow job to process jobs that are delayed. Use Cloud Tasks to trigger an alert when messages are pushed to the Pub/Sub topic.

D.

Set up Cloud Monitoring alerts on the data freshness metric for the Dataflow jobs to receive a notification when a certain threshold is reached.

Buy Now
Questions 83

You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?

Options:

A.

Use granular logging statements within a Deployment Manager template authored in Python.

B.

Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.

C.

Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.

D.

Execute the Deployment Manager template using the –-preview option in the same project, and observe the state of interdependent resources.

Buy Now
Questions 84

Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to design the networking infrastructure on

Google Cloud to match these requirements. What should you do?

Options:

A.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

B.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

C.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

D.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

Buy Now
Questions 85

You are planning to migrate a database and a backend application to a Standard Google Kubernetes Engine (GKE) cluster. You need to prevent data loss and make sure there are enough nodes available for your backend application based on the demands of your workloads. You want to follow Google-recommended practices and minimize the amount of manual work required. What should you do?

Options:

A.

Run your database as a StatefulSet. Configure cluster autoscaling to handle changes in the demands of your workloads.

B.

Run your database as a single Pod. Run the resize command when you notice changes in the demands of your workloads.

C.

Run your database as a Deployment. Configure cluster autoscaling to handle changes in the demands of your workloads.

D.

Run your database as a DaemonSet. Run the resize command when you notice changes in the demands of your workloads.

Buy Now
Questions 86

You have a development project with appropriate IAM roles defined. You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps. What should you do?

Options:

A.

Use gcloud iam roles copy and specify the production project as the destination project.

B.

Use gcloud iam roles copy and specify your organization as the destination organization.

C.

In the Google Cloud Platform Console, use the ‘create role from role’ functionality.

D.

In the Google Cloud Platform Console, use the ‘create role’ functionality and select all applicable permissions.

Buy Now
Questions 87

You need to host an application on a Compute Engine instance in a project shared with other teams. You want to prevent the other teams from accidentally causing downtime on that application. Which feature should you use?

Options:

A.

Use a Shielded VM.

B.

Use a Preemptible VM.

C.

Use a sole-tenant node.

D.

Enable deletion protection on the instance.

Buy Now
Questions 88

You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?

Options:

A.

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

B.

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

C.

Create a custom Compute Engine image from a snapshot. Create your images from that image.

D.

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

Buy Now
Questions 89

You are building a multi-player gaming application that will store game information in a database. As the popularity of the application increases, you are concerned about delivering consistent performance. You need to ensure an optimal gaming performance for global users, without increasing the management complexity. What should you do?

Options:

A.

Use Cloud SQL database with cross-region replication to store game statistics in the EU, US, and APAC regions.

B.

Use Cloud Spanner to store user data mapped to the game statistics.

C.

Use BigQuery to store game statistics with a Redis on Memorystore instance in the front to provide global consistency.

D.

Store game statistics in a Bigtable database partitioned by username.

Buy Now
Questions 90

You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:

What is the most likely cause?

Options:

A.

The pending Pod ' s resource requests are too large to fit on a single node of the cluster.

B.

Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

C.

The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

D.

The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods’ status. It is currently being rescheduled on a new node.

Buy Now
Questions 91

Your team is building a website that handles votes from a large user population. The incoming votes will arrive at various rates. You want to optimize the storage and processing of the votes. What should you do?

Options:

A.

Save the incoming votes to Firestore. Use Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes.

B.

Use a dedicated instance to process the incoming votes. Send the votes directly to this instance.

C.

Save the incoming votes to a JSON file on Cloud Storage. Process the votes in a batch at the end of the day.

D.

Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.

Buy Now
Questions 92

You’ve deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below:

Associate-Cloud-Engineer Question 92

You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

Options:

A.

Store the database password inside the Docker image of the container, not in the YAML file.

B.

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

C.

Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.

D.

Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.

Buy Now
Questions 93

(You are managing an application deployed on Cloud Run. The development team has released a new version of the application. You want to deploy and redirect traffic to this new version of the application. To ensure traffic to the new version of the application is served with no startup time, you want to ensure that there are two idle instances available for incoming traffic before adjusting the traffic flow. You also want to minimize administrative overhead. What should you do?)

Options:

A.

Ensure the checkbox " Serve this revision immediately " is unchecked when deploying the new revision. Before changing the traffic rules, use a traffic simulation tool to send load to the new revision.

B.

Configure service autoscaling and set the minimum number of instances to 2.

C.

Configure revision autoscaling for the new revision and set the minimum number of instances to 2.

D.

Configure revision autoscaling for the existing revision and set the minimum number of instances to 2.

Buy Now
Questions 94

You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do?

Options:

A.

Provision preemptible Compute Engine instances.

B.

Provision Compute Engine instances with GPUs attached.

C.

Provision Compute Engine instances with local SSDs attached.

D.

Provision Compute Engine instances with M1 machine type.

Buy Now
Questions 95

You have developed a web application that serves traffic for a local event and are expecting unpredictable traffic. You have containerized the application, and you now want to deploy the application on Google Cloud. You also want to minimize costs. What should you do?

Options:

A.

Deploy the web application as a Cloud Run service.

B.

Deploy the web application on Google Kubernetes Engine In Standard mode.

C.

Deploy the web application as a Cloud Run job.

D.

Deploy the web application on Google Kubernetes Engine in Autopilot mode.

Buy Now
Questions 96

You have developed a containerized web application that will serve Internal colleagues during business hours. You want to ensure that no costs are incurred outside of the hours the application is used. You have just created a new Google Cloud project and want to deploy the application. What should you do?

Options:

A.

Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero

B.

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.

C.

Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml

D.

Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml

Buy Now
Questions 97

Your team has developed a stateless application which requires it to be run directly on virtual machines. The application is expected to receive a fluctuating amount of traffic and needs to scale automatically. You need to deploy the application. What should you do?

Options:

A.

Deploy the application on a managed instance group and configure autoscaling.

B.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

C.

Deploy the application on Cloud Functions and configure the maximum number instances.

D.

Deploy the application on Cloud Run and configure autoscaling.

Buy Now
Questions 98

You work for a large company that recently acquired three smaller startups. All of the startups’ Google Cloud resources must be centrally managed under a single Google Cloud organization. However, each startup has its own budget and financial reporting structure. You need to ensure that each startup receives a separate monthly invoice for its Google Cloud consumption. What should you do?

Options:

A.

Create a Google Cloud organization with a folder for each startup. Share a single Cloud Billing account, and use the detailed billing export to allocate costs.

B.

Create a Google Cloud organization for each startup. Configure each startup to have its own Cloud Billing account.

C.

Create a Google Cloud organization with a folder for each startup. Configure each startup to have its own Cloud Billing account.

D.

Create a Google Cloud organization for each startup. Share a single Cloud Billing account, and use the detailed billing export to allocate costs.

Buy Now
Questions 99

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company ' s security policy also restricts developer permissions to Compute Engine. Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

Options:

A.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.• Copy the role across all projects created within the organization with the gcloud iam roles copy command.• Assign the role to developers in those projects.

B.

• Add all developers to a Google group in Google Groups for Workspace.• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

C.

• Add all developers to a Google group in Cloud Identity.• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

D.

• Add all developers to a Google group in Cloud Identity.• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.• Assign the custom role to the Google group.

Buy Now
Questions 100

You need to verify that a Google Cloud Platform service account was created at a particular time. What should you do?

Options:

A.

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

B.

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

C.

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

D.

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

Buy Now
Questions 101

Your organization has created hundreds of service accounts for different applications hosted on-premises and in other clouds that use Google Cloud APIs. You need to audit the service account keys that have been created and identify the keys that are older than 90 days. What should you do?

Options:

A.

Execute the gcloud kms keys list --filter= " createTime < [DATE_90_DAYS_AGO] " command.

B.

Execute the gcloud iam service-accounts list --filter= " createTime < [DATE_90_DAYS_AGO] " command.

C.

Execute the gcloud asset search-all-resources --scope= " organizations/[ORG_ID] " --query= " createTime < [DATE_90_DAYS_AGO] " --asset-types= " iam.googleapis.com/ServiceAccountKey " --order-by= " createTime " command.

D.

Execute the gcloud asset search-all-resources --scope= " organizations/[ORG_ID] " --query= " createTime < [DATE_90_DAYS_AGO] " --asset-types= " apikeys.googleapis.com/Key " --order-by= " createTime " command.

Buy Now
Questions 102

Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

Options:

A.

Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.

B.

Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment.

C.

Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.

D.

Create a separate node pool for each application, and deploy each application to its dedicated node pool.

Buy Now
Questions 103

You need to update a deployment in Deployment Manager without any resource downtime in the deployment. Which command should you use?

Options:

A.

gcloud deployment-manager deployments create --config < deployment-config-path >

B.

gcloud deployment-manager deployments update --config < deployment-config-path >

C.

gcloud deployment-manager resources create --config < deployment-config-path >

D.

gcloud deployment-manager resources update --config < deployment-config-path >

Buy Now
Questions 104

You have two Google Cloud projects: project-a with VPC vpc-a (10.0.0.0/16) and project-b with VPC vpc-b (10.8.0.0/16). Your frontend application resides in vpc-a and the backend API services ate deployed in vpc-b. You need to efficiently and cost-effectively enable communication between these Google Cloud projects. You also want to follow Google-recommended practices. What should you do?

Options:

A.

Configure a Cloud Router in vpc-a and another Cloud Router in vpc-b.

B.

Configure a Cloud Interconnect connection between vpc-a and vpc-b.

C.

Create VPC Network Peering between vpc-a and vpc-b.

D.

Create an OpenVPN connection between vpc-a and vpc-b.

Buy Now
Questions 105

You are using Data Studio to visualize a table from your data warehouse that is built on top of BigQuery. Data is appended to the data warehouse during the day. At night, the daily summary is recalculated by overwriting the table. You just noticed that the charts in Data Studio are broken, and you want to analyze the problem. What should you do?

Options:

A.

Use the BigQuery interface to review the nightly Job and look for any errors

B.

Review the Error Reporting page in the Cloud Console to find any errors.

C.

In Cloud Logging create a filter for your Data Studio report

D.

Use the open source CLI tool. Snapshot Debugger, to find out why the data was not refreshed correctly.

Buy Now
Questions 106

You have a number of compute instances belonging to an unmanaged instances group. You need to SSH to one of the Compute Engine instances to run an ad hoc script. You’ve already authenticated gcloud, however, you don’t have an SSH key deployed yet. In the fewest steps possible, what’s the easiest way to SSH to the instance?

Options:

A.

Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

B.

Use the gcloud compute ssh command.

C.

Create a key with the ssh-keygen command. Then use the gcloud compute ssh command.

D.

Create a key with the ssh-keygen command. Upload the key to the instance. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

Buy Now
Questions 107

You are managing a project for the Business Intelligence (BI) department in your company. A data pipeline ingests data into BigQuery via streaming. You want the users in the BI department to be able to run the custom SQL queries against the latest data in BigQuery. What should you do?

Options:

A.

Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard.

B.

Create a Service Account for the BI team and distribute a new private key to each member of the BI team.

C.

Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team ' s internal data warehouse.

D.

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team.

Buy Now
Questions 108

You need to migrate invoice documents stored on-premises to Cloud Storage. The documents have the following storage requirements:

• Documents must be kept for five years.

• Up to five revisions of the same invoice document must be stored, to allow for corrections.

• Documents older than 365 days should be moved to lower cost storage tiers.

You want to follow Google-recommended practices to minimize your operational and development costs. What should you do?

Options:

A.

Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.

B.

Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

C.

Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.

D.

Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.

Buy Now
Exam Name: Google Cloud Certified - Associate Cloud Engineer
Last Update: Jul 6, 2026
Questions: 363

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now Associate-Cloud-Engineer testing engine

PDF (Q&A)

$31.5  $104.99
buy now Associate-Cloud-Engineer pdf
dumpsmate guaranteed to pass

24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 06 Jul 2026