New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Google Associate-Cloud-Engineer - Google Cloud Certified - Associate Cloud Engineer

Google Associate-Cloud-Engineer Premium Access     Download Demo    
Page: 8 / 11
Total 343 questions

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

A.

Deploy the monitoring pod in a StatefulSet object.

B.

Deploy the monitoring pod in a DaemonSet object.

C.

Reference the monitoring pod in a Deployment object.

D.

Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps. What should you do?

A.

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

B.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

C.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

D.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

You are assisting a new Google Cloud user who just installed the Google Cloud SDK on their VM. The server needs access to Cloud Storage. The user wants your help to create a new storage bucket. You need to make this change in multiple environments. What should you do?

A.

Use a Deployment Manager script to automate creating storage buckets in an appropriate region

B.

Use a local SSD to improve performance of the VM for the targeted workload

C.

Use the gsutii command to create a storage bucket in the same region as the VM

D.

Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM

Your company is moving from an on-premises environment to Google Cloud Platform (GCP). You have multiple development teams that use Cassandra environments as backend databases. They all need a development environment that is isolated from other Cassandra instances. You want to move to GCP quickly and with minimal support effort. What should you do?

A.

1. Build an instruction guide to install Cassandra on GCP.2. Make the instruction guide accessible to your developers.

B.

1. Advise your developers to go to Cloud Marketplace.2. Ask the developers to launch a Cassandra image for their development work.

C.

1. Build a Cassandra Compute Engine instance and take a snapshot of it.2. Use the snapshot to create instances for your developers.

D.

1. Build a Cassandra Compute Engine instance and take a snapshot of it.2.Upload the snapshot to Cloud Storage and make it accessible to your developers.3.Build instructions to create a Compute Engine instance from the snapshot so that developers can do it themselves.

Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?

A.

Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.

B.

Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

C.

Create a custom role by removing delete permissions, and add users to that role only.

D.

Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.

Your company is moving its continuous integration and delivery (CI/CD) pipeline to Compute Engine instances. The pipeline will manage the entire cloud infrastructure through code. How can you ensure that the pipeline has appropriate permissions while your system is following security best practices?

A.

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructureprovisioning.• Use the human approvals IAM account for the provisioning.

B.

• Attach a single service account to the compute instances.• Add minimal rights to the service account.• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

C.

• Attach a single service account to the compute instances.• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

D.

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity andAccess Management (IAM) permissions.• Use a secret manager service to store the key files of the service accounts.• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

You use Cloud Logging lo capture application logs. You now need to use SOL to analyze the application logs in Cloud Logging, and you want to follow Google-recommended practices. What should you do?

A.

Develop SQL queries by using Gemini for Google Cloud.

B.

Enable Log Analytics for the log bucket and create a linked dataset in BigQuery.

C.

Create a schema for the storage bucket and run SQL queries for the data in the bucket.

D.

Export logs to a storage bucket and create an external view in BigQuery.

You are deploying a large multi-tiered application with more than 1,000 IP addresses in a Google Cloud project that needs to be securely isolated. The application includes the:

    web tier with frontend servers for public traffic

    application tier with servers running core application logic that only need access from the web tier and

    database tier with database servers that only need access from the application tierYou want to minimize cost, complexity, and administrative overhead in the network architecture. What should you do?

    database tier with database servers that only need access from the application tierYou want to minimize cost, complexity, and administrative overhead in the network architecture. What should you do?

A.

Create a /24 Shared VPC with separate subnets for each tier. Use firewall rules that reference network tags to control traffic.

B.

Create one custom mode /16 VPC with three subnets. Place each tier in its own subnet and use firewall rules that reference IP subnets to control traffic.

C.

Deploy each tier into a separate custom mode VPC. Use VPC Network Peering to securely connect each Custom mode VPC. Manage firewall rules individually in each VPC.

D.

Deploy each tier in a /24 VPC by using network tags to identify instances. Implement firewall rules for fine-grained network segmentation.

Your application is running on Google Cloud in a managed instance group (MIG). You see errors in Cloud Logging for one VM that one of the processes is not responsive. You want to replace this VM in the MIG quickly. What should you do?

A.

Select the MIG from the Compute Engine console and, in the menu, select Replace VMs.

B.

Use the gcloud compute instance-groups managed recreate-instances command to recreate theVM.

C.

Use the gcloud compute instances update command with a REFRESH action for the VM.

D.

Update and apply the instance template of the MIG.

You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?

A.

When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section.

B.

Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.

C.

Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.

D.

Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.