GCP Professional Cloud Architect Practice Exam Part 5(2)

Source:

Actual Exam Version:

  1. For this question, refer to the Dress4Win case study.
    A recent security breach has resulted in Dress4Win engaging an external security investigations firm to investigate the incident. The security firm has suggested disabling all but essential access, including disabling external SSH access to their Google Cloud VMs while they analyze the log files expected to take about 4 weeks. An external security researcher has provided a tip-off about a possible security loophole. The development team has implemented a fix to address the loophole and want this deployed as soon as possible; however, the operations team is unable to deploy as they can’t SSH to the VMs. They need to check out the new release, build new docker images, push images to GCR, update GKE deployment to use the new image and delete public objects in a Cloud Storage bucket. You have been asked to identify a way to enable the operations team to deploy the fix immediately without enabling external SSH access. What should you do?

A. Grant the relevant IAM roles to the operations team and ask them to access services through Google Cloud Shell.
B. Ask the operations team to SSH to Google Compute Instances through VPN tunnel from a bastion host on the on-premises data centre.
C. Enable external SSH access, deploy the fix and disable it again.
D. Build an API for deployment that invoke relevant APIs of GCP Services in use to perform the deployment and have the operations team invoke the deployment API.

  1. For this question, refer to the Mountkirk Games case study.
    You work for a company which specializes in setting up resilient architectures in Cloud Platforms, and Mountkirk games have contracted your company to help them set up their Cloud Architecture. You have been passed these requirements: –
    Services should be immune to regional GCP outages and where possible services across all regions should be exposed through a single IP address.
    – The compute layer should not be publicly reachable. Instead, the requests to compute workloads should be directed through well-defined frontend services.
    – Mountkirk Games has already decomposed existing complex interfaces into multiple microservices. Where possible, Mountkirk Games prefers to maintain the immutable nature of these microservice deployments.
    – Mountkirk Games places a high value on being agile and reacting to change by deploying changes quickly and reliably. and rollback changes at short notice.
    – Enable Caching for Static Content.
    Taking into consideration these requirements, which GCP services would you recommend?

A. Google Cloud Dataflow, Google Compute Engine, Google Cloud Storage.
B. Google App Engine Google Cloud Storage Google Network Load Balancer.
C. Cloud CDN, Google Kubernetes Engine, Google Container Registry, Google HTTP(S) Load Balancer.
D. Cloud CDN, Google Cloud Pub/Sub, Google Cloud Functions, Google Cloud Deployment Manager.

  1. For this question, refer to the Dress4Win case study.
    Dress4Win has accumulated 2 TB of database backups, images and logs files in their on-premises data centre and wants to transfer this data to Google Cloud. What should you do?

A. Use a custom gsutil script to copy the files to a Nearline Storage bucket.
B. Use a custom gsutil script to copy the files to a Multi-Regional Storage bucket.
C. Transfer the files to Coldline Storage bucket using a Storage Transfer Service job.
D. Transfer the files to Multi-Regional Storage bucket using a Storage Transfer Service job.

  1. For this question, refer to the Dress4Win case study.
    You work for a company which specializes in setting up resilient and cost-efficient architectures in Cloud Platforms, and Dress4Win have contracted your company to help them set up their Cloud Architecture. Dress4Win has several VMs running Windows Server 2008 R2 and RedHat Linux and feels some of the machines were overprovisioned. You have been asked for your recommendation on what machine types they should migrate to in Google Cloud. What should you suggest?

A. Migrate to GCP machine types that are a close match to the existing physical machine in terms of the number of CPUs and Memory. Then, scale up or scale down the machine size as needed.
B. Migrate to GCP machine types that have the highest RAM to CPU ratio (highmem instance types).
C. Start with the smallest instances and scale up to a larger machine type until the performance is of the desired standard.
D. Migrate to custom machines in GCP with the same number of vCPUs and Memory as the existing virtual machines. Then, scale up or scale down the machine size as needed.

  1. For this question, refer to the Dress4Win case study.
    The operations team at Dress4Win have been involved in addressing numerous incidents recently. The operations team believe they could have done a better job if they had better monitoring on their systems and were notified quicker when applications experienced issues. One of the main reasons for delays in the investigation was that logs for each system were stored locally, and they had trouble combining logs from multiple systems to get a unified view of the application. Dress4Win want to avoid a repeat of these issues when they migrate their systems to Google Cloud. What GCP services should they use?

A. Cloud Monitoring, Cloud Trace, Cloud Debugger.
B. Cloud Logging Cloud Monitoring, Cloud Trace and Cloud Debugger.
C. Error Reporting, Cloud Logging and Cloud Monitoring.
D. Cloud Logging, Cloud Debugger, Error Reporting.

  1. For this question, refer to the Dress4Win case study.
    The CTO of Dress4Win has signed off on the budget for migration to Google Cloud and has asked teams to get familiar with Google Cloud. The DevOps team manages the deployment of all applications but is inexperienced when it comes to Google Cloud. You are the applications architect and have been approached by the DevOps team to suggest an application they can start migrating to Google Cloud with minimal changes. Their objective is to become familiar with its features, understand the deployment methodologies and develop documentation. What should you recommend?

A. Migrate an application that has several external dependencies.
B. Migrate an application that has no dependencies or minimal internal dependencies.
C. Migrate the MySQL database used for storing user data, inventory and static data.
D. Migrate the three RabbitMQ servers.

  1. For this question, refer to the Dress4Win case study.
    Dress4Win is partway through the migration to Google Cloud, and their next focus is on migration their MySQL database to Google Cloud. The operations team is concerned that this may adversely impact their production performance and cause unplanned downtime. How should you migrate the database to Google Cloud while allaying their anxiety over the impact to live traffic?

A. Shutdown MySQL server to take a full backup, export it to Cloud Storage, and create a Cloud SQL for MySQL instance from it.
B. Replicate data from on-premises MySQL database to a Cloud SQL for MySQL replica. Once replication is complete, modify all applications to write to Cloud SQL for MySQL.
C. Create a new Cloud SQL for MySQL instance in Google Cloud Platform. Update all applications to write to both on the on-premises MySQL database and Cloud SQL database. Then, delete the on-premises database.
D. Shutdown MySQL server to take a full backup and export it to Cloud Datastore. Update all applications to write to Cloud Datastore.

  1. For this question, refer to the Dress4Win case study.
    Dress4Win is partway through the migration to Google Cloud, and their next focus is on migrating their monitoring solution to Google Cloud. A VPN tunnel has already been configured to enable network traffic between the on-premises data centre and GCP network. The operations team have now created several uptime checks in Cloud monitoring to monitor the services in both Google Cloud and on-premises data centre. All uptime checks for services in Google cloud are healthy, while all uptime checks for services in the on-premises data centre are unhealthy. The operations team have logged into the on-premise VMs and found the applications to be healthy. They have approached you for your assistance in identifying and fixing the issue. What should you advise them?

A. Ask the operation team to install Cloud monitoring agents on all on-premise VMs.
B. Update on-premises firewall rules to allow traffic from IP Address range of uptime servers.
C. Update all on-premises application load balancers to pass through requests when User-Agent HTTP header is GoogleStackdriverMonitoring-imeChecks(Cloud Monitoring  |  Google Cloud).
D. Update all on-premises application servers to serve requests when User-Agent HTTP header is GoogleStackdriverMonitoring- /ptimeChecks(Cloud Monitoring  |  Google Cloud).

  1. For this question, refer to the Dress4Win case study.
    Dress4Win has partnered with a group of upmarket retailers to identify the next generation of models for their clothing lines. The new scheme allows users who have bought the retailers modelling samples to try them on and upload their images. Users signing up to the scheme have to agree to their images being shared with the retailer. You are an app developer at Dress4Win, and you want to ensure that images are stored securely, and users can easily retrieve, update and delete their images with minimal latency. How should you configure the system?

A. 1. Use Google Cloud Storage to save images. 2. Use Firestore (in Datastore mode) to map the customer ID and the location of their images in Google Cloud Storage.
B. 1. Use Google Cloud Storage to save images. 2. Tag each image with key as customer_id and value as the value of unique customer ID.
C. 1. Use Persistent SSDs to save images. Add monitoring to receive alerts when storage is full and more SSDs. 2. Name the files based on customer ID and a random suffix.
D. 1. Use Persistent SSDs to save images. Add monitoring to receive alerts when storage is full and more SSDs. 2. Map the customer ID and the location of their images on SSDs in Cloud SQL.

  1. For this question, refer to the Dress4Win case study.
    Your company is an industry-leading ISTQB certified software testing firm, and Dress4Win has recently partnered with your company for designing their new testing strategy. Dress4Win’s existing end to end tests cover all their endpoints running in their on-premises data centre, and they have asked you for your suggestion on the changes needed in the test plan to ensure no new issues crop up when they migrate to Google Cloud. What should you suggest?

A. Update the test plan to include stress testing of GCP infrastructure.
B. Update the test plan to include additional unit tests and load tests on production-like traffic.
C. Update the test plan to modify end to end tests for GCP environment.
D. Update the test plan to add canary tests to assess the impact of new releases in the production environment.

  1. For this question, refer to the Dress4Win case study.
    You work for a company which specializes in setting up resilient and cost-efficient architectures in Cloud Platforms, and Dress4Win have contracted your company to help them lower their Cloud Opex costs. You identified terabytes of audit data in Google Cloud Storage bucket, and this accounts for 22% of all Cloud costs. Although regulations require Dress4Win to retain their audit logs for 10 years, they are only used if there is an investigation into the company’s finances by the financial ombudsman. What should you do to reduce the storage costs?

A. Transition the data to Coldline Storage class.
B. Transition the data to Nearline Storage class.
C. Migrate the data to BigTable.
D. Migrate the data to BigQuery.

  1. For this question, refer to the Dress4Win case study.
    Dress4Win’s revenue from its Asian markets has dipped by over 50% in the previous quarter. The simulation testing from various locations in Asia has ed that 62% of all tests have failed with timeout issues or slow responses. Dress4Win suspects this is because of the latency between its US-based data centre and the customers in Asia. Dress4Win wants to avoid such issues with its new Google Cloud backed solution. What should it do?

A. Configure the Global HTTP(s) load balancer to forward the request to managed instance groups.
B. Set up a custom regional software load balancer in each region. Configure the Global HTTP(s) load balancer to send requests to the region closest to traffic and configure the software load balancer to forward the request in round-robin pattern to an instance in each zone.
C. Configure the Global HTTP(s) load balancer to forward the request to the nearest region. Provision a VM instance in each zone to protect from zone failures.
D. Set up a custom regional software load balancer in each region. Configure the Global HTTP(s) load balancer to send requests to the region closest to traffic andconfigure the software load balancer to forward the requests to a regional managed instance group.

  1. For this question, refer to the Mountkirk Games case study.
    You work for a company which specializes in setting up resilient architectures in Cloud Platforms, and Mountkirk games have contracted your company to help them address few niggling issues in their Cloud Platform. Cloud Monitoring dashboards set up by MountKirk Games indicate 1% of its game users are being displayed Service Unavailable page upon trying to login with their credentials and 6.7% users take over 2 minutes to log in. You analyzed the code and found that this error page is displayed when an internal user management service throws HTTP 503 error. You suspect the issue might be with autoscaling. What should you do next?

A. Ensure the database used for managing user profiles is not down.
B. Ensure you the scaleup hasn’t hit the project quota limits.
C. Review recent releases to check for performance issues.
D. Ensure performance testing is not happening in the live environment.

  1. You work for a company which specializes in setting up resilient and cost-efficient architectures in Cloud Platforms, and Dress4Win have contracted your company to help them migrate to Google Cloud. Taking into consideration the business and technical requirements, where and how should you deploy the services?

A. 1. Use Cloud Marketplace to provision Tomcat and Nginx on Google Compute Engine. 2. Replace MySQL with Cloud SQL for MySQL. 3. Use the Deployment Manager to provision Jenkins on Google Compute Engine.
B. 1. Use Cloud Marketplace to provision Tomcat and Nginx on Google Compute Engine. 2. Use Cloud Marketplace to provision MySQL server. 3. Use the Deployment Manager to provision Jenkins on Google Compute Engine.
C. 1. Migrate applications from Tomcat/Nginx to Google App Engine Standard. 2. Replace on-premises MySQL with Cloud Datastore. 3. Use Cloud Marketplace to provision Jenkins on Google Compute Engine.
D. 1. Migrate applications from Tomcat/Nginx to Google App Engine Standard. 2. Use Cloud Marketplace to provision MySQL Server. 3. Use Cloud Marketplace to provision Jenkins on Google Compute Engine.

  1. For this question, refer to the Dress4Win case study.
    You work for a company which specializes in setting up resilient and cost-efficient architectures in Cloud Platforms, and Dress4Win have contracted your company to help migrate to Google Cloud. The CTO at Dress4Win is keen on migrating the existing solution to Google Cloud as soon as possible. Where a “lift and shift” approach is not possible, the CTO is prepared to sign off an additional budget to redesign the required components to work in a Cloud-native way. Which of the below should you recommend Dress4Win do?

A. Migrate the Tomcat/Nginx applications to App Engine Standard service.
B. Configure RabbitMQ on a regional unmanaged instance group with an instance in each zone.
C. Replace Hadoop/Spark servers with Cloud Dataproc cluster.
D. Use custom machine types to deploy bastion hosts, security scanners and Jenkins for continuous integration.

  1. For this question, refer to the Dress4Win case study.
    Dress4Win failed to provide visibility into all administrative actions on the components/artefacts in its production solution that handle customer PII data. This has resulted in Dress4Win failing an audit and subsequently losing revenue. Dress4Win have contracted your company, which specializes in setting up resilient and cost-efficient architectures in Cloud Platforms, to help migrate their solution to Google Cloud and has asked you to identify what can be done in Google Cloud to satisfy the audit requirements. All modifications to the configuration and the metadata of individual components or GCP services that handle PII data are in the scope of the audit. What should you do?

A. Enable Cloud Trace on all web applications, identify the user identities and write them to logs.
B. Set up a dashboard in Cloud Monitoring based on the default metrics captured.
C. Enable Cloud Identity-Aware Proxy (IAP) on all web applications.
D. Pick up this information from Cloud Logging Console and Activity Page in GCP.

  1. For this question, refer to the Dress4Win case study.
    Dress4Win relies on the Active Directory structure (users and groups) to enable secure access to applications and VMs. While the current approach works, it is cumbersome and has not been maintained over the years resulting in a proliferation of groups in AD. The team that manages AD is unaware of the purpose of more than half of all AD groups, and they now assign applications directly to users instead of using AD groups. You are asked to recommend the simplest design to handle identity and access management when the solution moves to Google Cloud. What should you do?

A. Create custom IAM roles with the relevant access and grant them to the relevant Google Groups. Encrypt objects with Customer Supplied Encryption Key (CSEK) when uploading to Cloud Storage bucket.
B. Create custom IAM roles with the relevant access and grant them to the relevant Google Groups. Enable the default encryption feature in Cloud Storage to encrypt all uploads automatically.
C. Grant the predefined IAM roles to the relevant Google Groups. Rely on the encryption at rest by default feature of Google Cloud
D. Storage to encrypt objects at rest. Grant the predefined IAM roles to the relevant Google Groups. Encrypt objects with Customer Supplied Encryption Key (CSEK) when uploading to Cloud Storage bucket.

  1. For this question, refer to the Dress4Win case study.
    Dress4Win Cloud migration project manager has prepared a plan to start the migration work in 4 months. Your Team Lead is keen on driving strategic architectural changes in the existing on-premises solution to simplify the migration work to Google Cloud while aligning with the business requirements. What can you do to enable this?

A. Replace RabbitMQ servers with on-prem Google Pub/Sub.
B. Migrate MySQL to a version supported by Cloud SQL for MySQL.
C. Resize all VMs to match the sizing of predefined machine types in Google Cloud.
D. Migrate applications to GKE on-prem.

  1. For this question, refer to the Mountkirk Games case study.
    You have been hired as a Cloud Security Administrator at Mountkirk Games to improve the security landscape in their GCP platform. You notice that the development team and testing team work together to deliver new features, and they must have access to each other’s environments. A concerning observation is that they both also have access to staging and production environments and you are worried that they may accidentally break production applications. Further talks with the development team have ed that one of the staging environments used for performance testing needs to import data from the production environment every night. What should you do to isolate production environments from all others?

A. Deploy development and test resources to one project. Deploy staging and production resources to another project.
B. Deploy development and test resources in one VPC. Deploy staging and production resources in another VPC.
C. Deploy development and test resources in one subnet. Deploy staging and production resources in another subnet.
D. Deploy development, test, staging and production resources in their respective projects.

  1. For this question, refer to the Mountkirk Games case study.
    Taking into consideration the technical requirements outlined in Mountkirk Games case study, what combination of services would you recommend for their batch and real-time analytics platform?

A. Kubernetes Engine, Container Registry, Cloud Pub/Sub, and Cloud SQL Cloud Storage, Cloud Pub/Sub, Dataflow, and BigQuery.
B. Cloud SQL for MySQL, Cloud Pub/Sub, and Dataflow.
C. Cloud Dataproc, Cloud Datalab, Cloud SQL and Dataflow.
D. Cloud Pub/Sub, Cloud Storage, and Cloud Dataproc.

  1. For this question, refer to the Mountkirk Games case study.
    Taking into consideration the technical requirements outlined in Mountkirk Games case study, what steps should you execute when migrating the batch and real-time game analytics solution to Google Cloud Platform? (Choose two)

A. Assess the impact of moving the current batch ETL code to Cloud Dataflow.
B. Denormalize data in BigQuery for better performance.
C. Migrate data from MySQL to Cloud SQL for MySQL.
D. Carry out performance testing in Clou SQL with 10 TB of analytics data.
E. Implement measures to defend against DDoS & SQL injection attacks when uploading files to Cloud Storage.

  1. For this question, refer to the Mountkirk Games case study.
    Taking into consideration the technical requirements for the game backend platform as well as the business requirements, how should you design the game backend on Google Cloud platform?

A. Use Google Compute Engine preemptible instances with Network Load Balancer.
B. Use Google Compute Engine non-preemptible instances with Network Load Balancer.
C. Use Google Compute Engine preemptible instances in a Managed Instances
D. Group (MIG) with autoscaling and Global HTTP(s) Load Balancer.
E. Use Google Compute Engine non-preemptible instances in a Managed Instances Group (MIG) with autoscaling and Global HTTP(s) Load Balancer.

  1. For this question, refer to the Mountkirk Games case study.
    The CTO of Mountkirk Games is concerned that the existing Cloud solution may lack the flexibility to embrace the next wave of transformations in cloud computing and technology advancements. He has asked you for your recommendation on implementing changes now that would help the business in future. What should you recommend?

A. Store more data and use it as training data for machine learning.
B. Migrate to GKE for better autoscaling.
C. Enable CI/CD integration to improve deployment velocity, agility and reaction to change.
D. Restructure the tables in MySQL database with a schema versioning tool to make it easier to support new features in future.
E. Patch servers frequently and stay on the latest supported patch levels and kernel version.