Google Cloud Associate Cloud Engineer Exam MCQ With Answers GCP ACE 10

0

 

Associate Cloud Engineer

Google Cloud


Google Cloud Associate Cloud Engineer

Associate Cloud Engineers deploy applications, monitor operations, and manage enterprise solutions. They use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud.


The Associate Cloud Engineer exam assesses your ability to:


  • Set up a cloud solution environment
  • Plan and configure a cloud solution
  • Deploy and implement a cloud solution
  • Ensure successful operation of a cloud solution
  • Configure access and security

About this certification exam


  • Length: 2 hours
  • Registration fee: $125 (plus tax where applicable)
  • Languages: English, Japanese, Spanish, Portuguese
  • Exam format: 50-60 multiple choice and multiple select questions

GOOGLE CLOUD ASSOCIATE CLOUD ENGINEER MCQ

 
1. You're migrating an on-premises application to Google Cloud. The application uses a component that requires a licensing server. The license server has the IP address 10.28.0.10. You want to deploy the application without making any changes to the code or configuration. How should you go about deploying the application?

  1. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static internal IP address of 10.28.0.10. Assign the static address to the license server instance.
  2. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static external IP address of 10.28.0.10. Assign the static address to the license server instance.
  3. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve an ephemeral internal IP address of 10.28.0.10. Assign the static address to the license server instance.
  4. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve an ephemeral external IP address of 10.28.0.10. Assign the static address to the license server instance.

Answer: Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static internal IP address of 10.28.0.10. Assign the static address to the license server instance.


2. You've setup and tested several custom roles in your development project. What is the fastest way to create the same roles for your new production project?

  1. Recreate them in the new project.
  2. Use the gcloud iam copy roles command and set the destination project.
  3. In GCP console, select the roles and click the Export button.
  4. Use the gcloud iam roles copy command and set the destination project.

Answer: Use the gcloud iam roles copy command and set the destination project.


3. Your company wants to standardize the creation and management of multiple Google Cloud resources using Infrastructure as Code. You want to minimize the amount of repetitive code needed to manage the environment. What should you do?

  1. Develop templates for the environment using Cloud Deployment Manager.
  2. Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.
  3. Use the Cloud Console interface to provision and manage all related resources.
  4. Create a bash script that contains all requirement steps as gcloud commands.

Answer: Develop templates for the environment using Cloud Deployment Manager.


4. You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud Project. What should you?

  1. Enable Audit Logs for all APIs that are related to data storage.
  2. Review the IAM permissions for any role that allows for data access.
  3. Review the Identity-Aware Proxy settings for each resource.
  4. Create a Data Loss Prevention job.

Answer: Review the IAM permissions for any role that allows for data access.


5. Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your companyגTM€s on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.What should you do?

  1. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.
  2. Create a private zone on Cloud DNS, and configure the applications with the DNS name.
  3. Configure the IP of the database as custom metadata for each instance, and query the metadata server.
  4. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Answer: Create a private zone on Cloud DNS, and configure the applications with the DNS name.


6. You have developed a containerized web application that will serve internal colleagues during business hours. You want to ensure that no costs are incurred outside of the hours the application is used. You have just created a new Google Cloud project and want to deploy the application. What should you do?

  1. Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero.
  2. Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.
  3. Deploy the container on App Engine flexible environment with autoscaling, and set the value min_instances to zero in the app.yaml.
  4. Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app.yaml.

Answer: Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero


7. You have experimented with Google Cloud using your own credit card and expensed the costs to your company. Your company wants to streamline the billing process and charge the costs of your projects to their monthly invoice. What should you do?

  1. Grant the financial team the IAM role of ג€Billing Account Userג €on the billing account linked to your credit card.
  2. Set up BigQuery billing export and grant your financial department IAM access to query the data.
  3. Create a ticket with Google Billing Support to ask them to send the invoice to your company.
  4. Change the billing account of your projects to the billing account of your company.

Answer: Change the billing account of your projects to the billing account of your company.


8. You are running a data warehouse on BigQuery. A partner company is offering a recommendation engine based on the data in your data warehouse. The partner company is also running their application on Google Cloud. They manage the resources in their own project, but they need access to the BigQuery dataset in your project. You want to provide the partner company with access to the dataset. What should you do?

  1. Create a Service Account in your own project, and grant this Service Account access to BigQuery in your project.
  2. Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project.
  3. Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project.
  4. Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project.

Answer: Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project.


9. Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate an updated version of the application with a specific percentage of your production users (canary deployment). What should you do?

  1. Create a new service with the new version of the application. Split traffic between this version and the version that is currently running.
  2. Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.
  3. Create a new service with the new version of the application. Add HTTP Load Balancer in front of both services.
  4. Create a new revision with the new version of the application. Add HTTP Load Balancer in front of both revisions.

Answer: Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.


10. Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting to the game with their personal phones over the Internet. The game sends UDP packets to update the servers about the gamersג TM€actions while they are playing in multiplayer mode. Your game backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a single IP address. What should you do?

  1. Configure an SSL Proxy load balancer in front of the application servers.
  2. Configure an Internal UDP load balancer in front of the application servers.
  3. Configure an External HTTP(s) load balancer in front of the application servers.
  4. Configure an External Network load balancer in front of the application servers.

Answer: Configure an External Network load balancer in front of the application servers.


11. You are working for a hospital that stores its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

  1. Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub topic.
  2. Deploy a Dataflow job from the batch template, ג€Datastore to Cloud Storage.ג €Schedule the batch job on the desired interval.
  3. Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage. Schedule the script as a cron job
  4. In the Cloud Console, go to Cloud Storage. Upload the relevant images to the appropriate bucket.

Answer: Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage. Schedule the script as a cron job


12. Your auditor wants to view your organizationגTM€s use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need. What should you do?

  1. Turn on Data Access Logs for the buckets they want to audit, and then build a query in the log viewer that filters on Cloud Storage.
  2. Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs.
  3. Assign the appropriate permissions, and the use Cloud Monitoring to review metrics.
  4. Use the export logs API to provide the Admin Activity Audit Logs in the format they want.

Answer: Turn on Data Access Logs for the buckets they want to audit, and then build a query in the log viewer that filters on Cloud Storage.


13. You received a JSON file that contained a private key of a Service Account in order to get access to several resources in a Google Cloud project. You downloaded and installed the Cloud SDK and want to use this private key for authentication and authorization when performing gcloud commands. What should you do?

  1. Use the command gcloud auth login and point it to the private key.
  2. Use the command gcloud auth activate-service-account and point it to the private key.
  3. Place the private key file in the installation directory of the Cloud SDK and rename it to .€גjson.credentials€ג
  4. Place the private key file in your home directory and rename it to ג€GOOGLE_APPLICATION_CREDENTIALSג.€

Answer:  Use the command gcloud auth activate-service-account and point it to the private key.


14. You are working with a Cloud SQL MySQL database at your company. You need to retain a month-end copy of the database for three years for audit purposes.What should you do?

  1. Set up an export job for the first of the month. Write the export file to an Archive class Cloud Storage bucket.
  2. Save the automatic first-of-the-month backup for three years. Store the backup file in an Archive class Cloud Storage bucket.
  3. Set up an on-demand backup for the first of the month. Write the backup to an Archive class Cloud Storage bucket.
  4. Convert the automatic first-of-the-month backup to an export file. Write the export file to a Coldline class Cloud Storage bucket.

Answer: Save the automatic first-of-the-month backup for three years. Store the backup file in an Archive class Cloud Storage bucket.


15. You are monitoring an application and receive user feedback that a specific error is spiking. You notice that the error is caused by a Service Account having insufficient permissions. You are able to solve the problem but want to be notified if the problem recurs. What should you do?

  1. In the Log Viewer, filter the logs on severity ג˜€Errorג TM€and the name of the Service Account.
  2. Create a sink to BigQuery to export all the logs. Create a Data Studio dashboard on the exported logs.
  3. Create a custom log-based metrics for the specific error to be used in an Alerting Policy.
  4. Grant Project Owner access to the Service Account.

Answer: Create a custom log-based metrics for the specific error to be used in an Alerting Policy.


16. You've set up an instance inside your new network and subnet. You create firewall rules to target all instances in your network with the following firewall rules.NAME:open-ssh | NETWORK:devnet | DIRECTION:INGRESS | PRIORITY:1000 | ALLOW:tcp:22 NAME:deny-all | NETWORK:devnet | DIRECTION:INGRESS | PRIORITY:5000 | DENY:tcp:0-65535,udp:0-
6553 If you try to SSH to the instance, what would be the result?

  1. SSH would be denied and would need gcloud firewall refresh command for the allow rule to take effect.
  2. SSH would be allowed as the allow rule overrides the deny
  3. SSH would be denied as the deny rule overrides the allow
  4. SSH would be denied and would need instance reboot for the allow rule to take effect

Answer: SSH would be allowed as the allow rule overrides the deny


17. You have been tasked to grant access to sensitive files to external auditors for a limited time period of 4 hours only. The files should not be strictly available after 4 hours. Adhering to Google best practices, how would you efficiently share the file?

  1. Host a website on Compute Engine instance and expose the files using Public DNS and share the URL with the auditors. Bring down the instance after 4 hours.
  2. Host a website on App Engine instance and expose the files using Public DNS and share the URL with the auditors. Bring down the instance after 4 hours.
  3. Store the file in Cloud Storage. Generate a signed URL with 4 hours expiry and share it with the auditors.
  4. Store the file in Cloud Storage. Grant the allUsers access to the file share it with the auditors. Remove allUsers access after 4 hours.

Answer: Store the file in Cloud Storage. Generate a signed URL with 4 hours expiry and share it with the auditors.


18. A member of the finance team informed you that one of the projects is using the old billing account. What steps should you take to resolve the problem?

  1. Go to the Project page; expand the Billing tile; select the Billing Account option; select the correct billing account and save.
  2. Go to the Billing page; view the list of projects; find the project in question and select Change billing account; select the correct billing account and save.
  3. Delete the project and recreate it with the correct billing account.
  4. Submit a support ticket requesting the change.

Answer: Go to the Billing page; view the list of projects; find the project in question and select Change billing account; select the correct billing account and save.


19. Your billing department has asked you to help them track spending against a specific billing account. They've indicated that they prefer to use Excel to create their reports so that they don't need to learn new tools. Which export option would work best for them?

  1. BigQuery Export
  2. File Export with JSON
  3. SQL Export
  4. File Export with CSV

Answer: File Export with CSV


20. A company wants to setup a template for deploying resources. They want the provisioning to be dynamic with the specifications in configuration files. Which of the following service would be ideal for this requirement?

  1. Cloud Composer
  2. Deployment Manager
  3. Cloud Scheduler
  4. Cloud Deployer

Answer: Deployment Manager


21. Your project manager wants to delegate the responsibility to upload objects to Cloud Storage buckets to his team members. Considering the principle of least privilege, which role should you assign to the team members?

  1. roles/storage.objectAdmin
  2. roles/storage.objectViewer
  3. roles/storage.objectCreator
  4. roles/storage.admin

Answer: roles/storage.objectCreator


22. Your company needs to create a new Kubernetes Cluster on Google Cloud Platform. As a security requirement, they want to upgrade the nodes to the latest stable version of Kubernetes with no manual intervention. How should the Kubernetes cluster be configured?

  1. Always use the latest version while creating the cluster
  2. Enable node auto-repairing
  3. Enable node auto-upgrades
  4. Apply security patches on the nodes as they are released

Answer: Enable node auto-upgrades


23. You have created an App engine application in the us-central region. However, you found out the network team has configured all the VPN connections in the asia-east2 region, which are not possible to move. How can you change the location efficiently?

  1. Change the region in app.yaml and redeploy
  2. From App Engine console, change the region of the application
  3. Change the region in application.xml within the application and redeploy
  4. Create a new project in the asia-east2 region and create app engine in the project

Answer: Create a new project in the asia-east2 region and create app engine in the project


24. Your team needs to set up a MongoDB instance as quickly as possible. You don't know how to install it and what configuration files are needed. What's the best way to get it up-and-running quickly?

  1. Use Cloud Memorystore
  2. Learn and deploy MongoDB to a Compute Engine instance.
  3. Install with Cloud Launcher Marketplace
  4. Create a Deployment Manager template and deploy it.

Answer: Install with Cloud Launcher Marketplace


25. Your company wants to setup Production and Test environment. They want to use different subjects and the key requirement is that the VMs must be able to communicate with each other using internal IPs no additional routes configured. How can the solution be designed?

  1. Configure a single VPC with 2 subnets having the same CIDR range hosted in the same region
  2. Configure a single VPC with 2 subnets having the different CIDR range hosted in the different region 
  3. Configure 2 VPCs with 1 subnet each having the same CIDR range hosted in the same region
  4. Configure 2 VPCs with 1 subnet each having the different CIDR range hosted in the different region

Answer: Configure a single VPC with 2 subnets having the different CIDR range hosted in the different region 



Tags:

Post a Comment