DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Conquer the Google Exam with Associate Cloud Engineer Study Materials

Preparing for the Google Associate Cloud Engineer certification exam requires a comprehensive understanding of cloud computing concepts and hands-on experience. SPOTO's exam questions and answers, test questions, and mock exams offer a valuable resource for exam preparation. These study materials cover a wide range of topics, including application deployment, infrastructure security, operations monitoring, and enterprise solution maintenance, ensuring you have a well-rounded understanding of an Associate Cloud Engineer's responsibilities. SPOTO's exam resources are designed to simulate the actual exam environment, providing you with realistic exam questions and scenarios. By practicing with these materials, you can identify your strengths and weaknesses, allowing you to focus your efforts on areas that need improvement. Additionally, the detailed explanations accompanying each question and answer help reinforce your understanding and provide valuable insights, increasing your chances of passing the exam successfully.
Take other online exams

Question #1
You want to select and configure a solution for storing and archiving data on Google Cloud Platform. You need to support compliance objectives for data from one geographic location. This data is archived after 30 days and needs to be accessed annually. What should you do?
A. elect Multi-Regional Storage
B. elect Multi-Regional Storage
C. elect Regional Storage
D. elect Regional Storage
View answer
Correct Answer: C
Question #2
Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet has no more free IP addresses and you require an additional 10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other without additional routes. What should you do?
A. se gcloud to expand the IP range of the current subnet
B. elete the subnet, and recreate it using a wider range of IP addresses
C. reate a new project
D. reate a new subnet with the same starting IP but a wider range to overwrite the current subnet
View answer
Correct Answer: C
Question #3
You need to manage multiple Google Cloud Platform (GCP) projects in the fewest steps possible. You want to configure the Google Cloud SDK command line interface (CLI) so that you can easily manage multiple GCP projects. What should you?
A.
B.
C.
D.
View answer
Correct Answer: D
Question #4
You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?
A. After the VM has been created, use your Google Account credentials to log in into the VM
B. After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM
C. When creating the VM, add metadata to the instance using ?€?windows-password?€? as the key and a password as the value
D. After the VM has been created, download the JSON private key for the default Compute Engine service account
View answer
Correct Answer: D
Question #5
You have a Dockerfile that you need to deploy on Kubernetes Engine. What should you do?
A. se kubectl app deploy
B. se gcloud app deploy
C. reate a docker image from the Dockerfile and upload it to Container Registry
D. reate a docker image from the Dockerfile and upload it to Cloud Storage
View answer
Correct Answer: C
Question #6
You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?
A. pen the Cloud Spanner console to review configurations
B. pen the IAM & admin console to review IAM policies for Cloud Spanner roles
C. o to the Stackdriver Monitoring console and review information for Cloud Spanner
D. o to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles
View answer
Correct Answer: B
Question #7
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:What is the most likely cause?
A. he pending Pod's resource requests are too large to fit on a single node of the cluster
B. oo many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod
C. he node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod
D. he pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods' status
View answer
Correct Answer: B
Question #8
You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?
A. anual Scaling with 3 instances
B. asic Scaling with min_instances set to 3
C. asic Scaling with max_instances set to 3
D. utomatic Scaling with min_idle_instances set to 3
View answer
Correct Answer: D
Question #9
You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?
A. 1
B. 1
C. 1
D. 1
View answer
Correct Answer: D
Question #10
You have an application that looks for its licensing server on the IP 10.0.3.21. You need to deploy the licensing server on Compute Engine. You do not want to change the configuration of the application and want the application to be able to reach the licensing server. What should you do?
A. eserve the IP 10
B. eserve the IP 10
C. se the IP 10
D. tart the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address
View answer
Correct Answer: A
Question #11
You have a Google Cloud Platform account with access to both production and development projects. You need to create an automated process to list all compute instances in development and production projects on a daily basis. What should you do?
A. reate two configurations using gcloud config
B. reate two configurations using gsutil config
C. o to Cloud Shell and export this information to Cloud Storage on a daily basis
D. o to GCP Console and export this information to Cloud SQL on a daily basis
View answer
Correct Answer: A
Question #12
You have a development project with appropriate IAM roles defined. You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps.What should you do?
A. se gcloud iam roles copy and specify the production project as the destination project
B. se gcloud iam roles copy and specify your organization as the destination organization
C. n the Google Cloud Platform Console, use the `create role from role' functionality
D. n the Google Cloud Platform Console, use the `create role' functionality and select all applicable permissions
View answer
Correct Answer: B
Question #13
You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?
A. reate an instance template for the instances
B. reate an instance template for the instances
C. reate an instance group for the instances
D. reate an instance group for the instance
View answer
Correct Answer: B
Question #14
You need to run an important query in BigQuery but expect it to return a lot of records. You want to find out how much it will cost to run the query. You are using on-demand pricing. What should you do?
A. rrange to switch to Flat-Rate pricing for this query, then move back to on-demand
B. se the command line to run a dry run query to estimate the number of bytes read
C. se the command line to run a dry run query to estimate the number of bytes returned
D. un a select count (*) to get an idea of how many records your query will look through
View answer
Correct Answer: B
Question #15
You have a developer laptop with the Cloud SDK installed on Ubuntu. The Cloud SDK was installed from the Google Cloud Ubuntu package repository. You want to test your application locally on your laptop with Cloud Datastore. What should you do?
A. xport Cloud Datastore data using gcloud datastore export
B. reate a Cloud Datastore index using gcloud datastore indexes create
C. nstall the google-cloud-sdk-datastore-emulator component using the apt get install command
D. nstall the cloud-datastore-emulator component using the gcloud components install command
View answer
Correct Answer: D
Question #16
Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: A
Question #17
You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?
A. se the GCP Console to transfer the file instead of gsutil
B. nable parallel composite uploads using gsutil on the file transfer
C. ecrease the TCP window size on the machine initiating the transfer
D. hange the storage class of the bucket from Nearline to Multi-Regional
View answer
Correct Answer: B
Question #18
You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate your application to the API. You want to make sure your application can use Cloud Pub/Sub. What should you do?
A. nable the Cloud Pub/Sub API in the API Library on the GCP Console
B. ely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it
C. se Deployment Manager to deploy your application
D. rant the App Engine Default service account the role of Cloud Pub/Sub Admin
View answer
Correct Answer: A
Question #19
Your organization is a financial company that needs to store audit log files for 3 years. Your organization has hundreds of Google Cloud projects. You need to implement a cost-effective approach for log file retention. What should you do?
A. Create an export to the sink that saves logs from Cloud Audit to BigQuery
B. Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket
C. Write a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery
D. Export these logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL
View answer
Correct Answer: A
Question #20
You have a development project with appropriate IAM roles defined. You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps.What should you do?
A. se gcloud iam roles copy and specify the production project as the destination project
B. se gcloud iam roles copy and specify your organization as the destination organization
C. n the Google Cloud Platform Console, use the `create role from role' functionality
D. n the Google Cloud Platform Console, use the `create role' functionality and select all applicable permissions
View answer
Correct Answer: B
Question #21
You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps. What should you do?
A. nstall a RDP client on your desktop
B. nstall a RDP client in your desktop
C. et a Windows password in the GCP Console
D. et a Windows username and password in the GCP Console
View answer
Correct Answer: B
Question #22
You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?
A. reate a single custom VPC with 2 subnets
B. reate a single custom VPC with 2 subnets
C. reate 2 custom VPCs, each with a single subnet
D. reate 2 custom VPCs, each with a single subnet
View answer
Correct Answer: A
Question #23
You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?
A. eploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic
B. eploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic
C. eploy a new version as a separate app in App Engine
D. eploy a new version of your application in App Engine
View answer
Correct Answer: A
Question #24
Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices.What should you do?
A. dd users to roles/bigquery user role only, instead of roles/bigquery dataOwner
B. dd users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner
C. reate a custom role by removing delete permissions, and add users to that role only
D. reate a custom role by removing delete permissions
View answer
Correct Answer: B
Question #25
You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator forKubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?
A. ill in local SSD
B. ill in local SSD
C. elect Add GPUs
D. elect Add GPUs
View answer
Correct Answer: C
Question #26
You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a GoogleKubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?
A. In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes
B. When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ?€?Access scopes?€?
C. Create a service account, and give it access to Cloud Storage
D. Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account
View answer
Correct Answer: C
Question #27
You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?
A. hange the default region property setting in the existing GCP project to asia-northeast1
B. hange the region property setting in the existing App Engine application from us-central to asia- northeast1
C. reate a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application
D. reate a new GCP project and create an App Engine application inside this new project
View answer
Correct Answer: C
Question #28
You need to deploy an application, which is packaged in a container image, in a new project. The application exposes an HTTP endpoint and receives very few requests per day. You want to minimize costs. What should you do?
A. eploy the container on Cloud Run
B. eploy the container on Cloud Run on GKE
C. eploy the container on App Engine Flexible
D. eploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled
View answer
Correct Answer: A
Question #29
You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?
A. hen creating the VM, use machine type n1-standard-96
B. hen creating the VM, use Intel Skylake as the CPU platform
C. reate the VM using Compute Engine default settings
D. tart the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations
View answer
Correct Answer: C
Question #30
Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?
A. dd your SREs to roles/iam
B. dd your SREs to roles/accessapproval approver role
C. dd your SREs to a group and then add this group to roles/iam roleAdmin role
D. dd your SREs to a group and then add this group to roles/accessapproval approver role
View answer
Correct Answer: A
Question #31
You have a large 5-TB AVRO file stored in a Cloud Storage bucket. Your analysts are proficient only in SQL and need access to the data stored in this file. You want to find a cost-effective way to complete their request as soon as possible. What should you do?
A. oad data in Cloud Datastore and run a SQL query against it
B. reate a BigQuery table and load data in BigQuery
C. reate external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request
D. reate a Hadoop cluster and copy the AVRO file to NDFS by compressing it
View answer
Correct Answer: C
Question #32
You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?
A. un gcloud iam roles list
B. un gcloud iam service-accounts list
C. avigate to the project and then to the IAM section in the GCP Console
D. avigate to the project and then to the Roles section in the GCP Console
View answer
Correct Answer: D
Question #33
You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?
A. se gcloud to create the new project, and then deploy your application to the new project
B. se gcloud to create the new project and to copy the deployed application to the new project
C. reate a Deployment Manager configuration file that copies the current App Engine deployment into a new project
D. eploy your application again using gcloud and specify the project parameter with the new project name to create the new project
View answer
Correct Answer: C
Question #34
You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?
A. se gcloud config configurations describe to review the output
B. se gcloud config configurations activate and gcloud config list to review the output
C. se kubectl config get-contexts to review the output
D. se kubectl config use-context and kubectl config view to review the output
View answer
Correct Answer: D
Question #35
You are building an application that will run in your data center. The application will use Google Cloud Platform (GCP) services like AutoML. You created a service account that has appropriate access to AutoML. You need to enable authentication to the APIs from your on-premises environment. What should you do?
A. se service account credentials in your on-premises application
B. se gcloud to create a key file for the service account that has appropriate permissions
C. et up direct interconnect between your data center and Google Cloud Platform to enable authentication for your on-premises applications
D. o to the IAM & admin console, grant a user account permissions similar to the service account permissions, and use this user account for authentication from your data center
View answer
Correct Answer: B
Question #36
Your customer has implemented a solution that uses Cloud Spanner and notices some read latency- related performance issues on one table. This table is accessed only by their users using a primary key. The table schema is shown below.You want to resolve the issue. What should you do?
A. ption A
B. ption B
C. ption C
D. ption D
View answer
Correct Answer: D
Question #37
Your customer has implemented a solution that uses Cloud Spanner and notices some read latency- related performance issues on one table. This table is accessed only by their users using a primary key. The table schema is shown below.You want to resolve the issue. What should you do?
A. ption A
B. ption B
C. ption C
D. ption D
View answer
Correct Answer: D
Question #38
Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure. You need to assign minimum permissions to these team members and you want to follow Google-recommended practices. What should you do?
A. dd the users to roles/browser role
B. dd the users to roles/iam
C. dd the users to a group, and add this group to roles/browser role
D. dd the users to a group, and add this group to roles/iam
View answer
Correct Answer: C
Question #39
You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate your application to the API. You want to make sure your application can use Cloud Pub/Sub. What should you do?
A. nable the Cloud Pub/Sub API in the API Library on the GCP Console
B. ely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it
C. se Deployment Manager to deploy your application
D. rant the App Engine Default service account the role of Cloud Pub/Sub Admin
View answer
Correct Answer: A
Question #40
You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?
A. et autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1
B. et autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1
C. et autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2
D. et autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2
View answer
Correct Answer: A
Question #41
You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive dat
A. ou want access to the content to be removed after four hours
B. reate a signed URL with a four-hour expiration and share the URL with the company
C. et object access to `public' and use object lifecycle management to remove the object after four hours
D. onfigure the storage bucket as a static website and furnish the object's URL to the company
E. reate a new Cloud Storage bucket specifically for the external company to access
View answer
Correct Answer: A
Question #42
Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?
A. sk the auditor for their Google account, and give them the Viewer role on the project
B. sk the auditor for their Google account, and give them the Security Reviewer role on the project
C. reate a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project
D. reate a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project
View answer
Correct Answer: A
Question #43
You recently deployed a new version of an application to App Engine and then discovered a bug in the release. You need to immediately revert to the prior version of the application. What should you do?
A. un gcloud app restore
B. n the App Engine page of the GCP Console, select the application that needs to be reverted and click Revert
C. n the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version
D. eploy the original version as a separate application
View answer
Correct Answer: D
Question #44
You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?
A. eploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic
B. eploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic
C. eploy a new version as a separate app in App Engine
D. eploy a new version of your application in App Engine
View answer
Correct Answer: A
Question #45
You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator forKubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?
A. ill in local SSD
B. ill in local SSD
C. elect Add GPUs
D. elect Add GPUs
View answer
Correct Answer: C
Question #46
You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google- recommended practices to obtain the combined logs for all projects. What should you do?
A. avigate to Stackdriver Logging and select resource
B. reate a Stackdriver Logging Export with a Sink destination to a BigQuery dataset
C. reate a Stackdriver Logging Export with a Sink destination to Cloud Storage
D. onfigure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery
View answer
Correct Answer: B
Question #47
You need to reduce GCP service costs for a division of your company using the fewest possible steps. You need to turn off all configured services in an existing GCP project. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: C
Question #48
Several employees at your company have been creating projects with Cloud Platform and paying for it with their personal credit cards, which the company reimburses. The company wants to centralize all these projects under a single, new billing account. What should you do?
A. ontact cloud-billing@google
B. reate a ticket with Google Support and wait for their call to share your credit card details over the phone
C. n the Google Platform Console, go to the Resource Manage and move all projects to the root Organization
D. n the Google Cloud Platform Console, create a new billing account and set up a payment method
View answer
Correct Answer: D
Question #49
You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?
A. hen creating the VM, use machine type n1-standard-96
B. hen creating the VM, use Intel Skylake as the CPU platform
C. reate the VM using Compute Engine default settings
D. tart the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations
View answer
Correct Answer: C
Question #50
Your organization has a dedicated person who creates and manages all service accounts for Google Cloud projects. You need to assign this person the minimum role for projects. What should you do?
A. dd the user to roles/iam
B. dd the user to roles/iam
C. dd the user to roles/iam
D. dd the user to roles/iam
View answer
Correct Answer: C
Question #51
Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices.What should you do?
A. dd users to roles/bigquery user role only, instead of roles/bigquery dataOwner
B. dd users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner
C. reate a custom role by removing delete permissions, and add users to that role only
D. reate a custom role by removing delete permissions
View answer
Correct Answer: B
Question #52
You have a Compute Engine instance hosting a production application. You want to receive an email if the instance consumes more than 90% of its CPU resources for more than 15 minutes. You want to use Google services. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: D
Question #53
You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?
A. eploy the monitoring pod in a StatefulSet object
B. eploy the monitoring pod in a DaemonSet object
C. eference the monitoring pod in a Deployment object
D. eference the monitoring pod in a cluster initializer at the GKE cluster creation time
View answer
Correct Answer: B
Question #54
You have a large 5-TB AVRO file stored in a Cloud Storage bucket. Your analysts are proficient only in SQL and need access to the data stored in this file. You want to find a cost-effective way to complete their request as soon as possible. What should you do?
A. oad data in Cloud Datastore and run a SQL query against it
B. reate a BigQuery table and load data in BigQuery
C. reate external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request
D. reate a Hadoop cluster and copy the AVRO file to NDFS by compressing it
View answer
Correct Answer: C
Question #55
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?
A. dd the auditors group to the `logging
B. dd the auditors group to two new custom IAM roles
C. dd the auditor user accounts to the `logging
D. dd the auditor user accounts to two new custom IAM roles
View answer
Correct Answer: C
Question #56
Your organization has a dedicated person who creates and manages all service accounts for Google Cloud projects. You need to assign this person the minimum role for projects. What should you do?
A. dd the user to roles/iam
B. dd the user to roles/iam
C. dd the user to roles/iam
D. dd the user to roles/iam
View answer
Correct Answer: C
Question #57
You need to reduce GCP service costs for a division of your company using the fewest possible steps. You need to turn off all configured services in an existing GCP project. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: C
Question #58
You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.How should you configure the auditor's permissions?
A. reate a custom role with view-only project permissions
B. reate a custom role with view-only service permissions
C. elect the built-in IAM project Viewer role
D. elect the built-in IAM service Viewer role
View answer
Correct Answer: C
Question #59
You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps. You need to configure re- creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?
A. reate an HTTP load balancer with a backend configuration that references an existing instance group
B. reate an HTTP load balancer with a backend configuration that references an existing instance group
C. reate a managed instance group
D. reate a managed instance group
View answer
Correct Answer: A
Question #60
You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?
A. nable the Node Auto-Repair feature for your GKE cluster
B. nable the Node Auto-Upgrades feature for your GKE cluster
C. elect the latest available cluster version for your GKE cluster
D. elect "Container-Optimized OS (cos)" as a node image for your GKE cluster
View answer
Correct Answer: B
Question #61
You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?
A. et autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1
B. et autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1
C. et autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2
D. et autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2
View answer
Correct Answer: A
Question #62
You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?
A. reate two configurations using gcloud config configurations create [NAME]
B. reate two configurations using gcloud config configurations create [NAME]
C. ctivate two configurations using gcloud configurations activate [NAME]
D. ctivate two configurations using gcloud configurations activate [NAME]
View answer
Correct Answer: C
Question #63
You need to enable traffic between multiple groups of Compute Engine instances that are currently running two different GCP projects. Each group of Compute Engine instances is running in its own VPC. What should you do?
A. erify that both projects are in a GCP Organization
B. erify that both projects are in a GCP Organization
C. erify that you are the Project Administrator of both projects
D. erify that you are the Project Administrator of both projects
View answer
Correct Answer: B
Question #64
You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application. You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce- network, that has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE. You want to minimize effort. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: A
Question #65
Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: A
Question #66
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:What is the most likely cause?
A. he pending Pod's resource requests are too large to fit on a single node of the cluster
B. oo many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod
C. he node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod
D. he pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods' status
View answer
Correct Answer: B
Question #67
You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?
A. Create a Cloud Memorystore for Redis instance with 32-GB capacity
B. Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory
C. Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes
D. Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB
View answer
Correct Answer: B
Question #68
You have an application that uses Cloud Spanner as a backend database. The application has a very predictable traffic pattern. You want to automatically scale up or down the number of Spanner nodes depending on traffic. What should you do?
A. reate a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly
B. reate a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold
C. reate a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold
D. reate a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold
View answer
Correct Answer: D
Question #69
You have a Dockerfile that you need to deploy on Kubernetes Engine. What should you do?
A. se kubectl app deploy
B. se gcloud app deploy
C. reate a docker image from the Dockerfile and upload it to Container Registry
D. reate a docker image from the Dockerfile and upload it to Cloud Storage
View answer
Correct Answer: C
Question #70
You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site. Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly, without prompting the user to save the file locally. What should you do?
A. nable Cloud CDN on the website frontend
B. nable `Share publicly' on the PDF file objects
C. et Content-Type metadata to application/pdf on the PDF file objects
D. dd a label to the storage bucket with a key of Content-Type and value of application/pdf
View answer
Correct Answer: C
Question #71
You need to select and configure compute resources for a set of batch processing jobs. These jobs take around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?
A. elect Google Kubernetes Engine
B. elect Google Kubernetes Engine
C. elect Compute Engine
D. elect Compute Engine
View answer
Correct Answer: C
Question #72
You deployed an App Engine application using gcloud app deploy, but it did not deploy to the intended project. You want to find out why this happened and where the application deployed. What should you do?
A. heck the app
B. heck the web-application
C. o to Deployment Manager and review settings for deployment of applications
D. o to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment
View answer
Correct Answer: A
Question #73
You have an application that uses Cloud Spanner as a backend database. The application has a very predictable traffic pattern. You want to automatically scale up or down the number of Spanner nodes depending on traffic. What should you do?
A. reate a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly
B. reate a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold
C. reate a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold
D. reate a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold
View answer
Correct Answer: D
Question #74
You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?
A. reate a Cloud Memorystore for Redis instance with 32-GB capacity
B. un it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory
C. ackage it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes
D. un it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB
View answer
Correct Answer: B
Question #75
You are building a pipeline to process time-series dat
A. hich Google Cloud Platform services should you put in boxes 1,2,3, and 4?
B. loud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery
C. irebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
D. loud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
E. loud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery
View answer
Correct Answer: D
Question #76
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?
A. se permissions in your role that use the `supported' support level for role permissions
B. se permissions in your role that use the `supported' support level for role permissions
C. se permissions in your role that use the `testing' support level for role permissions
D. se permissions in your role that use the `testing' support level for role permissions
View answer
Correct Answer: C
Question #77
You need to set up a policy so that videos stored in a specific Cloud Storage Regional bucket are moved to Coldline after 90 days, and then deleted after one year from their creation. How should you set up the policy?
A. se Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions
B. se Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass andDelete actions
C. se gsutil rewrite and set the Delete action to 275 days (365-90)
D. se gsutil rewrite and set the Delete action to 365 days
View answer
Correct Answer: A
Question #78
You are building a pipeline to process time-series dat
A. hich Google Cloud Platform services should you put in boxes 1,2,3, and 4?
B. loud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery
C. irebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
D. loud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
E. loud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery
View answer
Correct Answer: D
Question #79
Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization. What should you do?
A. se Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity
B. se the cloud Identity APIs and write a script to synchronize users to Cloud Identity
C. xport users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console
D. sk each employee to create a Google account using self signup
View answer
Correct Answer: A
Question #80
Your company has an existing GCP organization with hundreds of projects and a billing account. Your company recently acquired another company that also has hundreds of projects and its own billing account. You would like to consolidate all GCP costs of both GCP organizations onto a single invoice. You would like to consolidate all costs as of tomorrow. What should you do?
A. ink the acquired company's projects to your company's billing account
B. onfigure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset
C. igrate the acquired company's projects into your company's GCP organization
D. reate a new GCP organization and a new billing account
View answer
Correct Answer: D
Question #81
You built an application on Google Cloud Platform that uses Cloud Spanner. Your support team needs to monitor the environment but should not have access to table dat
A. ou need a streamlined solution to grant the correct permissions to your support team, and you want to follow Google-recommended practices
B. dd the support team group to the roles/monitoring
C. dd the support team group to the roles/spanner
D. dd the support team group to the roles/spanner
E. dd the support team group to the roles/stackdriver
View answer
Correct Answer: B
Question #82
You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us- central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: B
Question #83
You have a web application deployed as a managed instance group. You have a new version of the application to gradually deploy. Your web application is currently receiving live web traffic. You want to ensure that the available capacity does not decrease during the deployment. What should you do?
A. erform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1
B. erform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0
C. reate a new managed instance group with an updated instance template
D. reate a new instance template with the new application version
View answer
Correct Answer: B
Question #84
You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you grant your colleagues?
A. roject Editor
B. torage Admin
C. torage Object Admin
D. torage Object Creator
View answer
Correct Answer: B
Question #85
You need to verify that a Google Cloud Platform service account was created at a particular time.What should you do?
A. ilter the Activity log to view the Configuration category
B. ilter the Activity log to view the Configuration category
C. ilter the Activity log to view the Data Access category
D. ilter the Activity log to view the Data Access category
View answer
Correct Answer: D
Question #86
You need to select and configure compute resources for a set of batch processing jobs. These jobs take around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?
A. elect Google Kubernetes Engine
B. elect Google Kubernetes Engine
C. elect Compute Engine
D. elect Compute Engine
View answer
Correct Answer: C
Question #87
Your development team needs a new Jenkins server for their project. You need to deploy the server using the fewest steps possible. What should you do?
A. ownload and deploy the Jenkins Java WAR to App Engine Standard
B. reate a new Compute Engine instance and install Jenkins through the command line interface
C. reate a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image
D. se GCP Marketplace to launch the Jenkins solution
View answer
Correct Answer: D
Question #88
You need to set a budget alert for use of Compute Engineer services on one of the three Google Cloud Platform projects that you manage. All three projects are linked to a single billing account.What should you do?
A. erify that you are the project billing administrator
B. erify that you are the project billing administrator
C. erify that you are the project administrator
D. erify that you are project administrator
View answer
Correct Answer: B
Question #89
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?
A. dd the auditors group to the `logging
B. dd the auditors group to two new custom IAM roles
C. dd the auditor user accounts to the `logging
D. dd the auditor user accounts to two new custom IAM roles
View answer
Correct Answer: C
Question #90
You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?
A. se gcloud to create the new project, and then deploy your application to the new project
B. se gcloud to create the new project and to copy the deployed application to the new project
C. reate a Deployment Manager configuration file that copies the current App Engine deployment into a new project
D. eploy your application again using gcloud and specify the project parameter with the new project name to create the new project
View answer
Correct Answer: C
Question #91
You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?
A. reate two configurations using gcloud config configurations create [NAME]
B. reate two configurations using gcloud config configurations create [NAME]
C. ctivate two configurations using gcloud configurations activate [NAME]
D. ctivate two configurations using gcloud configurations activate [NAME]
View answer
Correct Answer: C
Question #92
You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?
A. hen creating the VM via the web console, specify the service account under the `Identity and API Access' section
B. ownload a JSON Private Key for the service account
C. ownload a JSON Private Key for the service account
D. ownload a JSON Private Key for the service account
View answer
Correct Answer: A
Question #93
Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup Language (SAML) integration with service providers. Your company has users in Cloud Identity. You would like users to authenticate using your company's SSO provider. What should you do?
A. n Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps
B. n Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider
C. btain OAuth 2
D. btain OAuth 2
View answer
Correct Answer: C
Question #94
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?
A. se permissions in your role that use the `supported' support level for role permissions
B. se permissions in your role that use the `supported' support level for role permissions
C. se permissions in your role that use the `testing' support level for role permissions
D. se permissions in your role that use the `testing' support level for role permissions
View answer
Correct Answer: C
Question #95
You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you grant your colleagues?
A. roject Editor
B. torage Admin
C. torage Object Admin
D. torage Object Creator
View answer
Correct Answer: B
Question #96
You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.You check the status of the deployed pods and notice that one of them is still in PENDING status:You want to find out why the pod is stuck in pending status. What should you do?
A. eview details of the myapp-service Service object and check for error messages
B. eview details of the myapp-deployment Deployment object and check for error messages
C. eview details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages
D. iew logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages
View answer
Correct Answer: C
Question #97
You need to deploy an application, which is packaged in a container image, in a new project. The application exposes an HTTP endpoint and receives very few requests per day. You want to minimize costs. What should you do?
A. eploy the container on Cloud Run
B. eploy the container on Cloud Run on GKE
C. eploy the container on App Engine Flexible
D. eploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled
View answer
Correct Answer: A
Question #98
You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us- central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: B
Question #99
You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?
A. Run gcloud projects list to get the project ID, and then run gcloud services list --project
B. Run gcloud init to set the current project to my-project, and then run gcloud services list --available
C. Run gcloud info to view the account value, and then run gcloud services list --account
D. Run gcloud projects describe to verify the project value, and then run gcloud services list --available
View answer
Correct Answer: A
Question #100
You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps. You need to configure re- creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?
A. reate an HTTP load balancer with a backend configuration that references an existing instance group
B. reate an HTTP load balancer with a backend configuration that references an existing instance group
C. reate a managed instance group
D. reate a managed instance group
View answer
Correct Answer: A
Question #101
You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: D
Question #102
You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps.You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?
A. reate an HTTP load balancer with a backend configuration that references an existing instance group
B. reate an HTTP load balancer with a backend configuration that references an existing instance group
C. reate a managed instance group
D. reate a managed instance group
View answer
Correct Answer: D
Question #103
Your company has an existing GCP organization with hundreds of projects and a billing account. Your company recently acquired another company that also has hundreds of projects and its own billing account. You would like to consolidate all GCP costs of both GCP organizations onto a single invoice. You would like to consolidate all costs as of tomorrow. What should you do?
A. ink the acquired company's projects to your company's billing account
B. onfigure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset
C. igrate the acquired company's projects into your company's GCP organization
D. reate a new GCP organization and a new billing account
View answer
Correct Answer: D
Question #104
You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?
A. se gcloud config configurations describe to review the output
B. se gcloud config configurations activate and gcloud config list to review the output
C. se kubectl config get-contexts to review the output
D. se kubectl config use-context and kubectl config view to review the output
View answer
Correct Answer: D
Question #105
You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?
A. et metadata to enable-oslogin=true for the instance
B. et metadata to enable-oslogin=true for the instance
C. nable block project wide keys for the instance
D. nable block project wide keys for the instance
View answer
Correct Answer: D
Question #106
You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?
A. eploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic
B. eploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic
C. eploy a new version as a separate app in App Engine
D. eploy a new version of your application in App Engine
View answer
Correct Answer: A
Question #107
You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.You check the status of the deployed pods and notice that one of them is still in PENDING status:You want to find out why the pod is stuck in pending status. What should you do?
A. eview details of the myapp-service Service object and check for error messages
B. eview details of the myapp-deployment Deployment object and check for error messages
C. eview details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages
D. iew logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages
View answer
Correct Answer: C
Question #108
You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application. You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce- network, that has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE. You want to minimize effort. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: A
Question #109
You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost-effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end.What should you do?
A. dd a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage
B. dd a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage
C. dd a bucket lifecycle rule that archives data from regional storage after 30 days to ColdlineStorage
D. dd a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage
View answer
Correct Answer: B
Question #110
You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?
A. reate a single custom VPC with 2 subnets
B. reate a single custom VPC with 2 subnets
C. reate 2 custom VPCs, each with a single subnet
D. reate 2 custom VPCs, each with a single subnet
View answer
Correct Answer: A
Question #111
You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible. Which range should you use?
A.
B. 0
C. 72
D. 92
View answer
Correct Answer: B
Question #112
You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster.For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods. What should you do?
A. se Binary Authorization and whitelist only the container images used by your customers' Pods
B. se the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods
C. reate a GKE node pool with a sandbox type configured to gvisor
D. se the cos_containerd image for your GKE nodes
View answer
Correct Answer: C
Question #113
Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?
A. dd the group for the finance team to roles/billing user role
B. dd the group for the finance team to roles/billing admin role
C. dd the group for the finance team to roles/billing viewer role
D. dd the group for the finance team to roles/billing project/Manager role
View answer
Correct Answer: A
Question #114
You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive dat
A. ou want access to the content to be removed after four hours
B. reate a signed URL with a four-hour expiration and share the URL with the company
C. et object access to `public' and use object lifecycle management to remove the object after four hours
D. onfigure the storage bucket as a static website and furnish the object's URL to the company
E. reate a new Cloud Storage bucket specifically for the external company to access
View answer
Correct Answer: A
Question #115
You have successfully created a development environment in a project for an application. This application uses Compute Engine and Cloud SQL. Now, you need to create a production environment for this application.The security team has forbidden the existence of network routes between these 2 environments, and asks you to follow Google-recommended practices. What should you do?
A. reate a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment
B. reate a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources
C. reate a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VP
D. sk the security team to grant you the Project Editor role in an existing production project used by another division of your company
View answer
Correct Answer: A
Question #116
You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application. You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce- network, that has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE. You want to minimize effort. What should you do?
A.
B.
C.
D.
View answer
Correct Answer: A
Question #117
You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate your application to the API. You want to make sure your application can use Cloud Pub/Sub. What should you do?
A. nable the Cloud Pub/Sub API in the API Library on the GCP Console
B. ely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it
C. se Deployment Manager to deploy your application
D. rant the App Engine Default service account the role of Cloud Pub/Sub Admin
View answer
Correct Answer: A
Question #118
You have a workload running on Compute Engine that is critical to your business. You want to ensure that the data on the boot disk of this workload is backed up regularly. You need to be able to restore a backup as quickly as possible in case of disaster. You also want older backups to be cleaned automatically to save on cost. You want to follow Google-recommended practices. What should you do?
A. reate a Cloud Function to create an instance template
B. reate a snapshot schedule for the disk using the desired interval
C. reate a cron job to create a new disk from the disk using gcloud
D. reate a Cloud Task to create an image and export it to Cloud Storage
View answer
Correct Answer: B
Question #119
You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?
A. pen the Cloud Spanner console to review configurations
B. pen the IAM & admin console to review IAM policies for Cloud Spanner roles
C. o to the Stackdriver Monitoring console and review information for Cloud Spanner
D. o to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles
View answer
Correct Answer: B
Question #120
You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?
A. se gcloud config configurations describe to review the output
B. se gcloud config configurations activate and gcloud config list to review the output
C. se kubectl config get-contexts to review the output
D. se kubectl config use-context and kubectl config view to review the output
View answer
Correct Answer: D
Question #121
You need to verify that a Google Cloud Platform service account was created at a particular time.What should you do?
A. ilter the Activity log to view the Configuration category
B. ilter the Activity log to view the Configuration category
C. ilter the Activity log to view the Data Access category
D. ilter the Activity log to view the Data Access category
View answer
Correct Answer: D
Question #122
You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?
A. reate a service account with an access scope
B. reate a service account with an access scope
C. reate a service account and add it to the IAM role `storage
D. reate a service account and add it to the IAM role `storage
View answer
Correct Answer: B
Question #123
You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?
A. ssign the auditor the IAM role roles/logging
B. ssign the auditor the IAM role roles/logging
C. ssign the auditor's IAM user to a custom role that has logging
D. ssign the auditor's IAM user to a custom role that has logging
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: