Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Google Associate-Cloud-Engineer - Google Cloud Certified - Associate Cloud Engineer

Page: 9 / 10
Total 325 questions

Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Google-recommended practices. What should you do?

A.

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery jobUser role to the group.

B.

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery dataViewer user role to the group.

C.

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery jobUser role to the group.

D.

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery dataViewer user role to the group.

You received a JSON file that contained a private key of a Service Account in order to get access to several resources in a Google Cloud project. You downloaded and installed the Cloud SDK and want to use this private key for authentication and authorization when performing gcloud commands. What should you do?

A.

Use the command gcloud auth login and point it to the private key

B.

Use the command gcloud auth activate-service-account and point it to the private key

C.

Place the private key file in the installation directory of the Cloud SDK and rename it to "credentials ison"

D.

Place the private key file in your home directory and rename it to ‘’GOOGLE_APPUCATION_CREDENTiALS".

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud

Project. What should you do?

A.

Enable Audit Logs for all APIs that are related to data storage.

B.

Review the IAM permissions for any role that allows for data access.

C.

Review the Identity-Aware Proxy settings for each resource.

D.

Create a Data Loss Prevention job.

Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate an updated version of the application with a specific percentage of your production users (canary deployment). What should you do?

A.

Create a new service with the new version of the application. Split traffic between this version and the version that is currently running.

B.

Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.

C.

Create a new service with the new version of the application. Add an HTTP Load Balancer in front of both services.

D.

Create a new revision with the new version of the application. Add an HTTP Load Balancer in front of both revisions.

You need to verify that a Google Cloud Platform service account was created at a particular time. What should you do?

A.

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

B.

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

C.

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

D.

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

The storage costs for your application logs have far exceeded the project budget. The logs are currently being retained indefinitely in the Cloud Storage bucket myapp-gcp-ace-logs. You have been asked to remove logs older than 90 days from your Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?

A.

Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/ to find and remove items older than 90 days. Schedule the script with cron.

B.

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

C.

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

D.

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/ to find and remove items older than 90 days. Repeat this process every morning.

You are working with a Cloud SQL MySQL database at your company. You need to retain a month-end copy of the database for three years for audit purposes. What should you do?

A.

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

B.

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

C.

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

D.

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

You are building an application that processes data files uploaded from thousands of suppliers. Your primary goals for the application are data security and the expiration of aged data. You need to design the application to:

•Restrict access so that suppliers can access only their own data.

•Give suppliers write access to data only for 30 minutes.

•Delete data that is over 45 days old.

You have a very short development cycle, and you need to make sure that the application requires minimal maintenance. Which two strategies should you use? (Choose two.)

A.

Build a lifecycle policy to delete Cloud Storage objects after 45 days.

B.

Use signed URLs to allow suppliers limited time access to store their objects.

C.

Set up an SFTP server for your application, and create a separate user for each supplier.

D.

Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.

E.

Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

You are developing an application that will be deployed on Google Cloud. The application will use a service account to retrieve data from BigGuery. Before you deploy your application, you want to test the permissions of this service account from your local machine to ensure there will be no authentication issues. You want to ensure that you use the most secure method while following Google-recommended practices What should you do?

A.

Configure the gcloud CLI with Application Default Credentials using your user account. Issue a relevant BigGuery request through the gcloud CLI to test the access.

B.

Grant the service account the BlgQuery Administrator 1AM role to ensure the service account has all required access.

C.

Generate a service account key, and configure the gcloud CLI to use this key. Issue a relevant BlgQuery request through the gcloud CLI to test the access.

D.

Configure the gcloud CLI to use service account impersonation. Issue a relevant BigQuery request through the gcloud CLI to test the access.

(You are deploying a web application using Compute Engine. You created a managed instance group (MIG) to host the application. You want to follow Google-recommended practices to implement a secure and highly available solution. What should you do?)

A.

Use a proxy Network Load Balancer for the MIG and an A record in your DNS private zone with the load balancer's IP address.

B.

Use a proxy Network Load Balancer for the MIG and a CNAME record in your DNS public zone with the load balancer's IP address.

C.

Use an Application Load Balancer for the MIG and a CNAME record in your DNS private zone with the load balancer's IP address.

D.

Use an Application Load Balancer for the MIG and an A record in your DNS public zone with the load balancer's IP address.