GCP Associate Cloud Engineer Practice Exam Part 3

Source:

Actual Exam Version:

  1. You developed an application that reads objects from a cloud storage bucket. You followed GCP documentation and created a service account with just the permissions to read objects from the cloud storage bucket. However, when your application uses this service account, it fails to read objects from the bucket. You suspect this might be an issue with the permissions assigned to the service account. You would like to authenticate a gsutil session with the service account credentials, reproduce the issue yourself and identify the root cause. How can you authenticate gsutil with service account credentials?

A. Create JSON keys for the service account and execute gcloud authenticate service-account –key-file [KEY_FILE].
B. Create JSON keys for the service account and execute gcloud authenticate activate-service-account –key-file [KEY_FILE].
C. Create JSON keys for the service account and execute gcloud auth activate-service-account –key-file [KEY_FILE].
D. Create JSON keys for the service account and execute gcloud auth service- account – –key-file [KEY_FILE].

  1. You have an application deployed in a GKE Cluster as a Kubernetes workload with Daemon Sets. Your application has become very popular and is now struggling to cope up with increased traffic. You want to add more pods to your workload and want to ensure your cluster scales up and scales down automatically based on volume. What should you do?

A. Enable autoscaling on Kubernetes Engine.
B. Perform a rolling update to modify machine type from 11-standard-2 to n1- – standard-4.
C. Enable Horizontal Pod Autoscaling for the Kubernetes deployment.
D. Create another identical Kubernetes workload and split traffic between the two workloads.

  1. You developed an application to serve production users and you plan to use Cloud SQL to host user state data which is very critical for the application flow. You want to protect your user state data from zone failures. What should you do?

A. Create a Read replica in the same region but in a different zone.
B. Configure High Availability (HA) for Cloud SQL and Create a Failover replica in the same region but in a different zone.
C. Create a Read replica in a different region.
D. Configure High Availability (HA) for Cloud SQL and Create a Failover replica in a different region.

  1. Your Company is planning to migrate all Java web applications to Google App Engine. However, you still want to continue using your on-premise database. How can you set up the app engine to communicate with your on-premise database while minimizing effort?

A. Setup the application using App Engine Flexible environment with Cloud Router to connect to an on-premise database.
B. Setup the application using App Engine Standard environment with Cloud VPN to connect to an on-premise database.
C. Setup the application using App Engine Standard environment with Cloud Router to connect to an on-premise database.
D. Setup the application using App Engine Flexible environment with Cloud VPN to connect to an on-premise database.

  1. You want to migrate an XML parser application from the on-premises data centre to Google Cloud Platform. You created a development project, set up the necessary IAM roles and deployed the application in a compute engine instance. The testing has succeeded, and you are ready to deploy the staging instance. You want to create the same IAM roles in a new staging GCP project. How can you do this efficiently without compromising security?

A. Make use of gcloud iam roles copy command to copy the IAM roles from the Development GCP organization to the Staging GCP organization.
B. Make use of Create Role feature in GCP console to create all necessary IAM roles from new in the Staging project.
C. Make use of gcloud iam roles copy command to copy the IAM roles from the Development GCP project to the Staging GCP project.
D. Make use of the Create Role from Role feature in GCP console to create IAM roles in the Staging project from the Development IAM roles.

  1. Your company’s auditors carry out an annual audit every year and have asked you to provide them with all the IAM policy changes in Google Cloud since the last audit. You want to streamline and expedite the analysis for audit. How should you share the information requested by auditors?

A. Export all audit logs to Cloud Pub/Sub via an export sink. Use a Cloud Function to read the messages and store them in Cloud SQL. Make use of ACLs and views to restrict the data shared with the auditors.
B. Export all audit logs to Google Cloud Storage bucket and set up the necessary IAM acces to restrict the data shared with auditors.
C. Export all audit logs to BigQuery dataset. Make use of ACLs and views to restrict the data shared with the auditors.
D. Have the auditors query the required information quickly. Configure alerts in Cloud Monitoring and trigger notifications to the auditors.

  1. You work at a large organization where each team has a distinct role. The development team can create Google Cloud projects but can’t link them to a billing account – this role is reserved for the finance team, and the development team do not want finance team to make changes to their project resources. How should you configure IAM access controls to enable this?

A. Grant the development team Billing Account User (roles/billing.user) role on the billing account and Project Billing Manager (roles/billing.projectManager) on the GCP organization.
B. Grant the finance team Billing Account User (roles/billing.user) role on the billing account and Project Billing Manager roles/billing.projectManager) on the GCP organization.
C. Grant the finance team Billing Account User (roles/billing.user) role on the billing account.
D. Grant the development team Billing Account User (roles/billing.user) role on the billing account.

  1. You have a number of applications that have bursty workloads and are heavily dependent on topics to decouple publishing systems from consuming systems. Your company would like to go serverless to enable developers to focus on writing code without worrying about infrastructure. Your solution architect has already identified Cloud Pub/Sub as a suitable alternative for decoupling systems. You have been asked to identify a suitable GCP Serverless service that is easy to use with Cloud Pub/Sub. You want the ability to scale down to zero when there is no traffic in order to minimize costs. You want to follow Google recommended practices. What should you suggest?

A. Cloud Run for Anthos
B. Cloud Run
C. App Engine Standard
D. Cloud Functions.

  1. You deployed a Java application on four Google Cloud Compute Engine VMs in two zones behind a network load balancer. During peak usage, the application has stuck threads. This issue ultimately takes down the whole system and requires a reboot of all VMs. Your operations team have recently heard about self-healing mechanisms in Google Cloud and have asked you to identify if it is possible to automatically recreate the VMs if they remain unresponsive for 3 attempts 10 seconds apart. What should you do?

A. Enable autoscaling on the Managed Instance Group (MIG).
B. Enable autohealing and set the autohealing health check to healthy (HTTP).
C. Use a global HTTP(s) Load Balancer instead and limit Requests Per Second (RPS) to 10.
D. Use a global HTTP(s) Load Balancer instead and set the load balancer health check to healthy (HTTP).

  1. You’ve created a Kubernetes engine cluster named “my-gcp-ace-proj-1”, which has a cluster pool named my-gcp-ace-primary-node-pool. You want to increase the number of nodes within your cluster pool from 10 to 20 to meet capacity demands. What is the command to change the number of nodes in your pool?

A. gcloud container clusters update my-gcp-ace-proj-1 – -node-pool my-gcp-ace- primary-node-pool -num-nodes 20
B. gcloud container clusters resize my-gcp-ace-proj- 1 – -node-pool my-gcp-ace- primary-node-pool -new-size 20
C. gcloud container clusters resize my-gcp-ace-proj- 1 – -node-pool my-gcp-ace-primary-node-pool -num-nodes 20
D. kubectl container clusters update my-gcp-ace-proj-1 – -node-pool my-gcp-ace- primary-node-pool–num-nodes 20

  1. A company wants to build an application that stores images in a Cloud Storage bucket and wants to generate thumbnails as well as resize the images. They want to use a google managed service that can scale up and scale down to zero automatically with minimal effort. You have been asked to recommend a service. Which GCP service would you suggest?

A. Google Compute Engine
B. Google App Engine
C. Cloud Functions
D. Google Kubernetes Engine

  1. Your company is migrating a mission-critical application from the on-premises data centre to Google Cloud Platform. The application requires 12 Compute Engine VMs to handle traffic at peak usage times. Your operations team have asked you to ensure the VMs restart automatically (i.e. without manual intervention) if/when they crash, and the processing capacity of the application does not reduce down during system maintenance. What should you do?

A. Deploy the application on a Managed Instance Group (MIG) that disables the creation retry mode by setting the -nocreation-retries flag.
B. Create an instance template with availability policy that turns off the automatic restart behaviour and sets on-host maintenance to terminate instances during maintenance events. Deploy the application on a Managed Instance Group (MIG) based on this template.
C. Deploy the application on a Managed Instance Group (MIG) with autohealing health check set to healthy (HTTP).
D. Create an instance template with availability policy that turns on the automatic restart behaviour and sets on-host maintenance to live migrate instances during maintenance events. Deploy the application on a Managed Instance Group (MIG) based on this template.

  1. You want to ensure the boot disk of a preemptible instance is persisted for re-use. How should you provision the gcloud compute instance to ensure your requirement is met.

A. gcloud compute instances create [INSTANCE_NAME] -preemptible. The flag — boot-disk-auto-delete is disabled by default.
B. gcloud compute instances create [INSTANCE_NAME] -preemptible — -boot-disk- auto-delete=no
C. gcloud compute instances create [INSTANCE_NAME] –preemptible — no-boot-disk-auto-delete
D. gcloud compute instances create [INSTANCE_NAME] -no-auto-delete

  1. You want to ingest and analyze large volumes of stream data from sensors in real- time, matching the high speeds of loT data to track normal and abnormal behavior. You want to run it through a data processing pipeline and store the results. Finally, you want to enable customers to build dashboards and drive analytics on their data in real-time. What services should you use for this task?

A. Cloud Pub/Sub, Cloud Dataflow, Cloud Dataprep
B. Stackdriver, Cloud Dataflow, BigQuery
C. Cloud Pub/Sub, Cloud Dataflow, Cloud Dataproc
D. Cloud Pub/Sub, Cloud Dataflow, BigQuery

  1. Your company is migrating an application from its on-premises data centre to Google Cloud. One of the applications uses a custom Linux distribution that is not available on Google Cloud. Your solution architect has suggested using VMWare tools to exporting the image and store it in a Cloud Storage bucket. The VM Image is a single compressed 64 GB tar file. You started copying this file using gsutil over a dedicated 1Gbps network, but the transfer is taking a very long time to complete. Your solution architect has suggested using all of the 1Gbps Network to transfer the file quickly. What should you do?

A. Use parallel composite uploads to speed up the transfer.
B. Upload the file Multi-Regional instead and move the file to Nearline Storage Class.
C. Restart the transfer from GCP console.
D. Increase the transfer speed by decreasing the TCP window size.

  1. You want to migrate an application from Google App Engine Standard to Google App Engine Flex. Your application is currently serving live traffic and you want to ensure everything is working in Google App Engine Flex before migrating all traffic. You want to minimize effort and ensure the availability of service. What should you do?

A. Set env: app-engine-flex in app.yaml 2. gcloud app deploy -no-promote -version=[NEW_VERSION] 3. Validate [NEW_VERSION] in App Engine Flex 4. gcloud app versions start [NEW_VERSION] B. Set env: app-engine-flex in app.yaml 2. gcloud app deploy –version=[NEW_VERSION] 3. Validate [NEW_VERSION] in App Engine Flex 4. gcloud app versions start [NEW_VERSION] C. Set env: flex in app.yaml 2. gcloud app deploy–no-promote –version=[NEW_VERSION] 3. Validate [NEW_VERSION] in App Engine Flex 4. gcloud app versions migrate [NEW_VERSION] D. Set env: flex in app.yaml 2. gcloud app deploy –version=[NEW_VERSION] 3. Validate [NEW_VERSION] in App Engine Flex 4. gcloud app versions migrate [NEW_VERSION]

  1. Your company collects and stores CCTV footage videos in raw format in Google Cloud Storage. Within the first 30 days, the footage is processed regularly for detecting patterns such as threat/object/face detection and suspicious behavior detection. You want to minimize the cost of storing all the data in Google Cloud. How should you store the videos?

A. Use Google Cloud Regional Storage for the first 30 days, and use lifecycle rules to transition to Nearline Storage.
B. Use Google Cloud Nearline Storage for the first 30 days, and use lifecycle rules to transition to Coldline Storage.
C. Use Google Cloud Regional Storage for the first 30 days, and then move videos to Google Persistent Disk.
D. Use Google Cloud Regional Storage for the first 30 days, and use lifecycle rules to transition to Coldline Storage.

  1. You migrated an internal HR system from an on-premises database to Google Cloud Compute Engine Managed Instance Group (MIG). The networks team at your company has asked you to associate the internal DNS records of the VMs with a custom DNS zone. You want to follow Google recommended practices. What should you do?

A. 1.Create a new Cloud DNS zone and a new VPC and associate the DNS zone with the VPC. 2. When provisioning the VMs, associate the DNS records with the new DNS zone. 3. Configure firewall rules to block all external (public) traffic. 4. Finally, configure the DNS zone associated with the default VPC to direct all requests to the new DNS zone.
B. 1.Provision the VMs with custom hostnames.
C. 1.Create a new Cloud DNS zone and set its visibility to private. 2. When provisioning the VMs, associate the DNS records with the new DNS zone.
D. 1.Install a new BIND DNS server on Google Compute Engine, using the BIND name server software (BIND9). 2. Configure a Cloud DNS forwarding zone to direct all requests to the Internal BIND DNS server. 3. When provisioning the VMs, associate the DNS records with the Internal BIND DNS server.