Google Cloud Associate Cloud Engineer Exam MCQ With Answers GCP ACE 7

0

 

Associate Cloud Engineer

Google Cloud


Google Cloud Associate Cloud Engineer

Associate Cloud Engineers deploy applications, monitor operations, and manage enterprise solutions. They use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud.


The Associate Cloud Engineer exam assesses your ability to:


  • Set up a cloud solution environment
  • Plan and configure a cloud solution
  • Deploy and implement a cloud solution
  • Ensure successful operation of a cloud solution
  • Configure access and security

About this certification exam


  • Length: 2 hours
  • Registration fee: $125 (plus tax where applicable)
  • Languages: English, Japanese, Spanish, Portuguese
  • Exam format: 50-60 multiple choice and multiple select questions

GOOGLE CLOUD ASSOCIATE CLOUD ENGINEER MCQ


1. You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?
  1. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.
  2. Set up a high-priority (1000) rule that pairs both ingress and egress ports.
  3. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.
  4. Set up a high-priority (1000) rule to allow the appropriate ports.

Answer: Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.


2. Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a newoperations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?
  1. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.
  2. Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.
  3. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.
  4. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Answer: Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.


3. You have created a code snippet that should be triggered whenever a new file is uploaded to a Cloud Storage bucket. You want to deploy this code snippet. What should you do?
  1. Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.
  2. Use Cloud Functions and configure the bucket as a trigger resource.
  3. Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.
  4. Use Dataflow as a batch job, and configure the bucket as a data source.

Answer: Use Cloud Functions and configure the bucket as a trigger resource.


4. You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The object should be kept for three years, and you need to minimize cost. What should you do?
  1. Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.
  2. Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.
  3. Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.
  4. Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Answer: Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.


5. You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be able to record all requests that read any of the stored data. You want to make sure you comply with these requirements. What should you do?
  1. Enable the Identity Aware Proxy API on the project.
  2. Scan the bucker using the Data Loss Prevention API.
  3. Allow only a single Service Account access to read the data.
  4. Enable Data Access audit logs for the Cloud Storage API.

Answer: Enable Data Access audit logs for the Cloud Storage API.


6. You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions. You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?
  1. Create a single budget for all projects and configure budget alerts on this budget.
  2. Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.
  3. Create a budget per project and configure budget alerts on all of these budgets.
  4. Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

Answer: Create a budget per project and configure budget alerts on all of these budgets.


7. You are deploying a production application on Compute Engine. You want to prevent anyone from accidentally destroying the instance by clicking the wrong button. What should you do?
  1. Disable the flag "Delete boot disk when instance is deleted."
  2. Enable delete protection on the instance.
  3. Disable Automatic restart on the instance.
  4. Enable Preemptibility on the instance.

Answer: Enable delete protection on the instance.


8. Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The DevOps team needs access to all of the production services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Googlerecommended practices. What should you do?

  1. Grant all members of the DevOps team the role of Project Editor on the organization level.
  2. Grant all members of the DevOps team the role of Project Editor on the production project.
  3. Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.
  4. Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

Answer: Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.


9. You are building an application that processes data files uploaded from thousands of suppliers. Your primary goals for the application are data security and the expiration of aged data. You need to design the application to: "¢ Restrict access so that suppliers can access only their own data. "¢ Give suppliers write access to data only for 30 minutes. "¢ Delete data that is over 45 days old.You have a very short development cycle, and you need to make sure that the application requires minimal maintenance. Which two strategies should you use?
  1. Build a lifecycle policy to delete Cloud Storage objects after 45 days.
  2. Use signed URLs to allow suppliers limited time access to store their objects.
  3. Set up an SFTP server for your application, and create a separate user for each supplier.
  4. Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.
  5. Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

Answer:
1.Build a lifecycle policy to delete Cloud Storage objects after 45 days.
2.Use signed URLs to allow suppliers limited time access to store their objects.


10. You are hosting an application from Compute Engine virtual machines (VMs) in us–central1–a. You want to adjust your design to support the failure of a single Compute Engine zone, eliminate downtime, and minimize cost. What should you do?
  1. – Create Compute Engine resources in us–central1–b.– Balance the load across both us–central1–a and us–central1–b.
  2. – Create a Managed Instance Group and specify us–central1–a as the zone.– Configure the Health Check with a short Health Interval.
  3. – Create an HTTP(S) Load Balancer.– Create one or more global forwarding rules to direct traffic to your VMs.
  4. – Perform regular backups of your application.– Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.– Restore from backups when notified.

Answer: – Create Compute Engine resources in us–central1–b.
– Balance the load across both us–central1–a and us–central1–b.


11. Your development team has asked you to set up an external TCP load balancer with SSL 
Offload. Which load balancer should you use?
  1. SSL proxy 
  2. HTTP load balancer 
  3. TCP proxy 
  4. HTTPS load balancer

Answer: HTTPS load balancer
 

12. Your company has hired a third-party analytics company to help find patterns in user data. Your development team has generated a file containing only the data they'v’ requested; which 
includes personally identifiable information. What is the best way to share the data with the other company?
  1. Create a new user for the company and grant them access to the original data source for Them to query. 
  2. Send the file through email
  3. Put the data on Cloud Storage and generate a signed URL that wil expire in one hour, and Securely share the URL. 
  4. Put the data on Cloud Storage in a public bucket and securely share the URL.

Answer:  Put the data on Cloud Storage and generate a signed URL that wil expire in one hour, and 
Securely share the URL.
  

13. You have an autoscaled managed instance group that is set to scale based on CPU utilization 
Of 60%. There are currently 3 instances in the instance group. You’re connected to one of the 
Instances and notice that the CPU usage is a 70%. However, the instance group isn’t starting up 
Another instance. What’s the most likely reason?
  1. The autoscaler is disabled. 
  2. The autoscaler takes 60 seconds before creating a new instance. 
  3. The load balancer doesn’t recognize the instance as healthy. 
  4. The average CPU for the entire instance group is below 60%.

Answer: The average CPU for the entire instance group is below 60%.


14. Your manager needs you to test out the latest version of MS-SQL on a Windows instance. 
You’ve created the VM and need to connect into the instance. What steps should you follow to 
Connect to the instance?
  1. Generate a Windows password in the console, then use a client capable of communicating Via RDP and provide the credentials. 
  2. Generate a Windows password in the console, then use the RDP button to connect in Through the console. 
  3. Connect in with your own RDP client using your Google Cloud username and password. 
  4. From the console click the SSH button to automatically connect.

Answer: From the console click the SSH button to automatically connect.


15. You’ve created a bucket to store some data archives for compliance. The data isn’t likely to 
Need to be viewed. However, you need to store it for at least 7 years. What is the best default 
Storage class?
  1. Multi-regional 
  2. Coldline 
  3. Regional 
  4. Nearline

Answer: Coldline 


16. The development team needs a regional MySQL database with point-in-time recovery for a new Proof- of-concept application. What’s the most inexpensive way to enable point-in-time 
Recovery?
  1. Replicate to a Cloud Spanner database. 
  2. Create a read replica in the same region. 
  3. Enable binary logging. 
  4. Create hourly back-ups.

Answer: Enable binary logging.
 

17. You’re attempting to deploy a new instance that uses the centos 7 family. You can’t recal the 
Exact name of the family. Which command could you use to determine the family names?
  1. gcloud compute instances list 
  2. gcloud compute images show-families 
  3. gcloud compute instances show-families 
  4. gcloud compute images list

Answer: gcloud compute images list


18. You'r’ working on setting up a cluster of virtual machines with GPUs to perform some 3D 
Rendering for a customer. They’re on a limited budget and are looking for ways to save money. 
What is the best solution for implementing this?
  1. Use an autoscaled managed instance group containing some preemptible instances. 
  2. Use an unmanaged instance group with preemptible instances. 
  3. Use App Engine with Flexible Environments. 
  4. Use App Engine with Standard Environments.

Answer: Use an unmanaged instance group with preemptible instances.


19. You’ve created the code for a Cloud Function that wil respond to HTTP triggers and return 
Some data in JSON format. You have the code local y, it’s tested and working. Which command 
Can you use to create the function inside Google Cloud? (two)
  1. gcloud functions deploy 
  2. gcloud function create 
  3. gcloud functions create 
  4. gcloud function deploy

Answer: gcloud function deploy


20. You’ve found that your Linux server keeps running low on memory. It’s currently using 8 Gigs of Memory, and you want to increase it to 16. What is the simplest way to do that?
  1. Use the gcloud compute add-memory command to increase the memory. 
  2. Use the Linux memincr command to increase the memory. 
  3. Stop the instance and change the machine type. 
  4. Create a new instance with the correct amount of memory.

Answer: 
1.Use the Linux memincr command to increase the memory. 

2.Stop the instance and change the machine type. 


21. You’re working on creating a script that can extract the IP address of a Kubernetes Service. 
Your coworker sent you a code snippet that they had saved. Which one is the best starting point 
For your code?
  1. kubectl get svc -o filtered- json=’{.items[*].status.loadBalancer.ingress[0].ip}’ 
  2. kubectl get svc -o jsonpath=’{.items[*].status.loadBalancer.ingress[0].ip}’ 
  3. kubectl get svc -o html 
  4. kubectl get svc

Answer: kubectl get svc -o jsonpath=’{.items[*].status.loadBalancer.ingress[0].ip}


22. You have a Linux server running on a custom network. There’s an allow firewall rule with an IP Filter of 0.0.0.0/0 with a protocol/port of tcp:22. The logs on the instance show a constant stream Of attempts from different IP addresses, trying to connect via SSH. You suspect this is a brute Force attack. How might you change the firewall rule to stop this from happening and stil enable access for Legit users?
  1. Stop the instance. 
  2. Deny all traffic to port 22. 
  3. Change the port that SSH is running on in the instance and change the port number in the 
  4. Firewall rule. 
  5. Change the IP address range in the filter to only allow known IP addresses.

Answer: Change the IP address range in the filter to only allow known IP addresses.
 

23. You’re about to deploy your team’s App Engine application. They’re using the Go runtime with a Standard Environment. Which command should you use to deploy the application?
  1. gcloud app deploy app.yaml 
  2. gcloud app-engine apply app.yaml
  3. gcloud app apply app.yaml 
  4. gcloud app-engine deploy app.yaml

Answer: gcloud app deploy app.yaml 
 

24. You need to create a new development Kubernetes cluster with 4 nodes. The cluster wil be 
Named linux- academy-dev-cluster. Which of the following truncated commands wil create a 
Cluster?
  1. gcloud container clusters create linux-academy-dev- cluster –num-nodes 4 
  2. kubectl clusters create linux-academy-dev-cluster 4 
  3. kubectl clusters create linux-academy-dev-cluster –num-nodes 4 
  4. gcloud container clusters create linux-academy-dev-cluster 4

Answer: gcloud container clusters create linux-academy-dev- cluster –num-nodes 4 
  

25. You have a Cloud Storage bucket that needs to host static web assets. How do you make the 
Bucket public?
  1. Trick question. Don’t ever make a bucket public. 
  2. Check the “make public” box in the UI. 
  3. Set allUsers to have the Storage Object Viewer role. 
  4. gsutil make-public gs://bucket-name

Answer: Set allUsers to have the Storage Object Viewer role. 

Tags:

Post a Comment