Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Google Associate Cloud Engineer

Google Associate Cloud Engineer Exam Practice Questions (P. 3)

  • Full Access (326 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new
Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?
  1. A
    Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.
  2. B
    Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.
  3. C
    Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.
  4. D
    Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.

Correct Answer:
A
chatbot-img GPT-4o - Answer
Option A is indeed correct for running Compute Engine instances across different GCP accounts. By creating distinct configurations for each account with `gcloud config configurations create [NAME]`, you can neatly separate settings per account. Activating these configurations using `gcloud config configurations activate [NAME]` allows you to switch context effortlessly between these accounts, making it practical to manage resources in them accordingly. Remember, the vital step is activating the right configuration before launching an instance to ensure you are operating within the intended account's context.

Question #22
You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?
  1. A
    Use granular logging statements within a Deployment Manager template authored in Python.
  2. B
    Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
  3. C
    Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.
  4. D
    Execute the Deployment Manager template using the ג€"-preview option in the same project, and observe the state of interdependent resources.

Correct Answer:
D
Reference:
https://cloud.google.com/deployment-manager/docs/deployments/updating-deployments

Question #23
You are building a pipeline to process time-series data. Which Google Cloud Platform services should you put in boxes 1,2,3, and 4?

  1. A
    Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery
  2. B
    Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
  3. C
    Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
  4. D
    Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

Correct Answer:
D
Reference:
https://cloud.google.com/solutions/correlating-time-series-dataflow

Question #24
You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?
  1. A
    Use gcloud to create the new project, and then deploy your application to the new project.
  2. B
    Use gcloud to create the new project and to copy the deployed application to the new project.
  3. C
    Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.
  4. D
    Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.

Correct Answer:
A
chatbot-img GPT-4o - Answer
When you are ready to move from a development to a production environment for an App Engine application, the most effective approach is straightforward. First, use the `gcloud` command line tool to create the new project. Following the creation, deploy your application to this freshly established project. This ensures that your production environment is set up with a clean configuration, preventing any inconsistencies that could arise from trying to copy configurations or applications directly from the development environment.

Question #25
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?
  1. A
    Add the auditors group to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
  2. B
    Add the auditors group to two new custom IAM roles.
  3. C
    Add the auditor user accounts to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
  4. D
    Add the auditor user accounts to two new custom IAM roles.

Correct Answer:
A
Reference:
https://cloud.google.com/iam/docs/roles-audit-logging

Question #26
You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow
Google-recommended practices. What should you do?
  1. A
    Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/devstorage.write_only'.
  2. B
    Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/cloud-platform'.
  3. C
    Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket.
  4. D
    Create a service account and add it to the IAM role 'storage.objectAdmin' for that bucket.

Correct Answer:
C
chatbot-img GPT-4o - Answer
When setting up permissions for Compute Engine instances to interact with Cloud Storage buckets, the IAM role approach in D, which specifies 'storage.objectAdmin', is optimal. This role encompasses permissions beyond creating objects, such as deleting or updating them, aligning well when broader object management within a bucket is necessary. However, if the requirement is strictly to write data without deletion or other management capabilities, role 'storage.objectCreator' mentioned in option C would be more aligned with the principle of least privilege. Thus, both D and potentially C are viable, depending on specific operational needs.

Question #27
You have sensitive data stored in three Cloud Storage buckets and have enabled data access logging. You want to verify activities for a particular user for these buckets, using the fewest possible steps. You need to verify the addition of metadata labels and which files have been viewed from those buckets. What should you do?
  1. A
    Using the GCP Console, filter the Activity log to view the information.
  2. B
    Using the GCP Console, filter the Stackdriver log to view the information.
  3. C
    View the bucket in the Storage section of the GCP Console.
  4. D
    Create a trace in Stackdriver to view the information.

Correct Answer:
A
chatbot-img GPT-4o - Answer
The best approach to verify activities for a particular user across multiple Cloud Storage buckets is by filtering the Activity logs in the GCP Console. This allows you to efficiently review all user interactions, including metadata modifications and file access. The process involves navigating to the Activity log section, applying filters for specific buckets and the user in question. This method provides a comprehensive view of all relevant activities without the need for advanced configuration or additional tools, confirming the functionality of data access logging as outlined in Google Cloud's documentation on administrative and data access activities.

Question #28
You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google- recommended practices. Which IAM roles should you grant your colleagues?
  1. A
    Project Editor
  2. B
    Storage Admin
  3. C
    Storage Object Admin
  4. D
    Storage Object Creator

Correct Answer:
B
chatbot-img GPT-4o - Answer
Opting for the Storage Admin role in this case is spot on. This role provides comprehensive permissions, including full control over both buckets and objects within Google Cloud Storage. It's exactly what you need if you want your colleagues to manage everything within Cloud Storage without restrictions. Remember, granting broader access like this should always be done with a clear understanding of trust and responsibility due to the extensive capabilities it enables.

Question #29
You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive data. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?
  1. A
    Create a signed URL with a four-hour expiration and share the URL with the company.
  2. B
    Set object access to 'public' and use object lifecycle management to remove the object after four hours.
  3. C
    Configure the storage bucket as a static website and furnish the object's URL to the company. Delete the object from the storage bucket after four hours.
  4. D
    Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.

Correct Answer:
A
chatbot-img GPT-4o - Answer
Creating a signed URL for sharing an object from Cloud Storage is both efficient and secure. This method gives the external company a time-limited access to the sensitive data, expiring automatically after four hours. Since the external company does not have a Google account, this approach bypasses the need for user-based access privileges, maintaining security without any unnecessary complexity. It's a swift, straightforward solution without the overhead of managing public access or additional storage resources.

Question #30
You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?
  1. A
    Deploy the monitoring pod in a StatefulSet object.
  2. B
    Deploy the monitoring pod in a DaemonSet object.
  3. C
    Reference the monitoring pod in a Deployment object.
  4. D
    Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

Correct Answer:
B
chatbot-img GPT-4o - Answer
To ensure that each node in your GKE cluster has a monitoring pod operating, deploying these pods as a DaemonSet is optimal. DaemonSets are specifically tailored for such purposes, as they automatically deploy a copy of the pod to all current and future nodes within the cluster. This means consistent monitoring across all nodes, which is crucial for effective container metrics collection sent to your third-party monitoring solution. Other options like StatefulSets, Deployments, or cluster initializers do not specifically guarantee this node-wide pod distribution, making DaemonSet the most appropriate choice for this scenario.

Previous Questions Next Questions

All Pages