GCP Associate Cloud Engineer Practice Exam Part 4

Source:

Actual Exam Version:

  1. You deployed a workload to your GKE cluster by running the command kubectl apply -f app.yaml. You also enabled a LoadBalancer service to expose the deployment by running kubectl apply – f service.yaml. Your pods are struggling due to increased load so you decided to enable horizontal pod autoscaler by running kubectl autoscale deployment [YOUR DEPLOYMENT] –cpu-percent=5t -min= 1 max=10. You noticed the autoscaler has launched several new pods but the new pods have failed with the message “Insufficient cpu”. What should you do to resolve this issue?

A. Use “kubectl container clusters resize” to add more nodes to the node pool.
B. Use “gcloud container clusters resize” to add more nodes to the node pool.
C. Edit the managed instance group of the cluster and enable autoscaling.
D. Edit the managed instance group of the cluster and increase the number of VMs by 1.

  1. Your organization is planning to deploy a Python web application to Google Cloud. The web application uses a custom Linux distribution and you want to minimize rework. The web application underpins an important website that is accessible to the customers globally. You have been asked to design a solution that scales to meet demand. What would you recommend to fulfill this requirement? (Select Two)

A. Cloud Functions
B. App Engine Standard environment
C. HTTP(S) Load Balancer
D. Managed Instance Group on Compute Engine
E. Network Load Balance

  1. The application development team at your company wants to use the biggest CIDR range possible for a VPC and has asked for your suggestion. Your operations team is averse to using any beta features. What should you suggest?

A. Use 0.0.0.0/0 CIDR range.
B. Use 10.0.0.0/8 CIDR range.
C. Use 172.16.0.0/12 CIDR range.
D. Use 192.168.0.0/16 CIDR range.

  1. The storage costs for your application logs have far exceeded the project budget. The logs are currently being retained indefinitely in the Cloud Storage bucket myapp-gcp-ace-logs. You have been asked to remove logs older than 90 days from your Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?

A. Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.
B. Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.
C. Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.
D. Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

  1. Your company wants to migrate a mission-critical application to Google Cloud Platform. The application is currently hosted in your on-premises data centre and runs off several VMs. Your migration manager has suggested a “lift and shift” to Google Compute Engine Virtual Machines and has asked you to ensure the application scales quickly, automatically and efficiently based on the CPU utilization. You want to follow Google recommended practices. What should you do?

A. Deploy the application to Google Compute Engine Managed Instance Group (MIG) with autoscaling enabled based on CPU utilization.
B. Deploy the application to GKE cluster with Horizontal Pod Autoscaling (HPA) enabled based on CPU utilization.
C. Deploy the application to Google Compute Engine Managed Instance Group (MIG) with time-based autoscaling based on last months traffic patterns.
D. Deploy the application to Google Compute Engine Managed Instance Group (MIG). Deploy a Cloud Function to look up CPU utilization in Cloud Monitoring every minute and scale up or scale down the MIG group as needed.

  1. Your company is migrating all applications from the on-premises data centre to Google Cloud, and one of the applications is dependent on Websockets protocol and session affinity. You want to ensure this application can be migrated to Google Cloud platform and continue serving requests without issues. What should you do?

A. Modify application code to not depend on session affinity.
B. Review the design with the security team.
C. Modify application code to use HTTP streaming.
D. Discuss load balancer options with the relevant teams.

  1. Your organization processes a very high volume of timestamped loT data. The total volume can be several petabytes. The data needs to be written and changed at a high speed. You want to use the most performant storage option for your data. Which product should you use?

A. Cloud Bigtable
B. Cloud Datastore
C. BigQuery
D. Cloud Storage

  1. The deployment team currently spends a lot of time creating and configuring VMs in Google Cloud Console, and feel they could be more productive and consistent if the same can be automated using Infrastructure as Code. You want to help them identify a suitable service. What should you recommend?

A. Managed Instance Group (MIG).
B. Unmanaged Instance Group.
C. Deployment Manager.
D. Cloud Build.

  1. You work for a multinational consumer credit reporting company that collects and aggregates financial information and provides a credit report for over 100 million individuals and businesses. The company wants to trial a new application for a small geography and requires a relational database for storing important user information. Your company places a high value on reliability and requires point-in-time recovery while minimizing operational cost. What should you do?

A. Store the data in Cloud SQL for MySQL instance. Ensure Binary
B. Logging on the Cloud SQL instance.
C. Store the data in a multi-regional Cloud Spanner instance.
D. Store the data in Highly Available Cloud SQL for MySQL instance.
E. Store the data in a 2-node Cloud Spanner instance.

  1. Your company owns a mobile game that is popular with users all over the world. The mobile game backend uses Cloud Spanner to store user state. An overnight job exports user state to a Cloud Storage bucket. Your operations team needs access to monitor the spanner instance but not have the permissions to view or edit user data. What IAM role should you grant the operations team?

A. Grant the operations team roles/stackdriver.accounts. viewer IAM role.
B. Grant the operations team roles/spanner.database.reader IAM role.
C. Grant the operations team roles/monitoring.viewer IAM role.
D. Grant the operations team roles/spanner.database.user IAM role.

  1. Your company has an App Engine application that needs to store stateful data in a proper storage service. Your data is non-relational data. You do not expect the database size to grow beyond 10 GB and you need to have the ability to scale down to zero to avoid unnecessary costs. Which storage service should you use?

A. Cloud SQL
B. Cloud Bigtable
C. Cloud Datastore
D. Cloud Dataproc

  1. A mission-critical application running in Google Cloud Platform requires an urgent update to fix a security issue without any downtime. How should you do this in CLI using deployment manager?

A. Use gcloud deployment-manager resources create and point to the deployment config file.
B. Use gcloud deployment-manager resources update and point to the deployment config file.
C. Use gcloud deployment-manager deployments update and point to the deployment config file.
D. Use gcloud deployment-manager deployments create and point to the deployment config file.

  1. An intern joined your team recently and needs access to Google Compute Engine in your sandbox project to explore various settings and spin up compute instances to test features. You have been asked to facilitate this. How should you give your intern access to compute engine without giving more permissions than is necessary?

A. Create a shared VPC to enable the intern access Compute resources.
B. Grant Project Editor IAM role for sandbox project.
C. Grant Compute Engine Instance Admin Role for the sandbox project.
D. Grant Compute Engine Admin Role for sandbox project.

  1. A recent reorganization in your company has seen the creation of a new data custodian team – responsible for managing data in all storage locations. Your production GCP project uses buckets in Cloud Storage, and you need to delegate control to the new team to manage objects and buckets in your GCP project. What role should you grant them?

A. Grant the data custodian team Project Editor IAM role.
B. Grant the data custodian team Storage Object Creator IAM role.
C. Grant the data custodian team Storage Admin IAM role.
D. Grant the data custodian team Storage Object Admin IAM role.

  1. You are the operations manager at your company, and you have been requested to provide administrative access to the virtual machines in the development GCP project to all members of the development team. There are over a hundred VM instances, and everyone at your company has a Google account. How can you simplify this access request while ensuring you can audit logins if needed?

A. Run a script to generate SSH key pairs for all developers. Send an email to each developer with their private key attached. Add public keys to project-wide public SSH keys in your GCP project and configure all VM instances in the project to allow project-wide SSH keys.
B. Share a script with the developers and ask them to run it to generate a new SSH key pair. Have the developers add their public key to their Google Account. Ask the security administrator to grant compute.osAdminLogin role to the developers’ Google group.
C. Run a script to generate SSH key pairs for all developers. Send an email to each developer with their private key attached. Update all VM instances in the development to add all the public keys. Have the developers present their private key to SSH to the instances.
D. Share a script with the developers and ask them to run it to generate a new SSH key pair. Have them email their pubic key to you and run a script to add all the public keys to all instances in the project.

  1. Your company owns a web application that lets users post travel stories. You began noticing errors in logs for a specific Deployment. The deployment is responsible for translating a post from one language to another. You’ve narrowed the issue down to a specific container named “msg-translator-22” that is throwing the errors. You are unable to reproduce the error in any other environment, and none of the other containers serving the deployment have this issue. You would like to connect to this container to figure out the root cause. What steps would allow you to run commands against the msg-translator-22?

A. Use the kubectl run msg-translator-22 /bin/ bash command to run a shell on that container.
B. Use the kubectl exec -it msg-translator-22 — /bin/bash command to run a shell on that container.
C. Use the kubectl run command to run a shell on that container.
D. Use the kubectl exec Fit — /bin/bash command to run a shell on that container.