Get Instant Access to Associate-Cloud-Engineer Practice Exam Questions [Q134-Q157]

Share

Get Instant Access to Associate-Cloud-Engineer Practice Exam Questions

Reliable Study Materials & Testing Engine for Associate-Cloud-Engineer Exam Success!


To prepare for the exam, individuals can take advantage of a variety of resources, including online courses, official Google Cloud Platform documentation, and practice exams. Google also provides a certification guide that outlines the topics covered on the exam and provides tips for preparing for the exam.

 

NEW QUESTION # 134
You have a Google Cloud Platform account with access to both production and development projects. You need to create an automated process to list all compute instances in development and production projects on a daily basis. What should you do?

  • A. Go to Cloud Shell and export this information to Cloud Storage on a daily basis.
  • B. Go to GCP Console and export this information to Cloud SQL on a daily basis.
  • C. Create two configurations using gsutil config. Write a script that sets configurations as active, individually. For each configuration, use gsutil compute instances list to get a list of compute resources.
  • D. Create two configurations using gcloud config. Write a script that sets configurations as active, individually. For each configuration, use gcloud compute instances list to get a list of compute resources.

Answer: D

Explanation:
gcloud compute instances list - list Google Compute Engine instances
gcloud compute instances list displays all Google Compute Engine instances in a project.
By default, instances from all zones are listed. The results can be narrowed down using a filter: -- filter="zone:( ZONE ... )".
https://cloud.google.com/sdk/gcloud/reference/compute/instances/list


NEW QUESTION # 135
You have a single binary application that you want to run on Google Cloud Platform. You decided to automatically scale the application based on underlying infrastructure CPU usage. Your organizational policies require you to use virtual machines directly. You need to ensure that the application scaling is operationally efficient and completed as quickly as possible. What should you do?

  • A. Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring.
  • B. Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application.
  • C. Create an instance template, and use the template in a managed instance group with autoscaling configured.
  • D. Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day.

Answer: C

Explanation:
A managed instance group can help use virtual machines directly and with autoscaling can scaling as per the demand.Refer GCP documentation. Managed Instance Groups AutoScaling Managed instance groups offer autoscaling capabilities that allow you to automatically add or delete instances from a managed instance group based on increases or decreases in load.


NEW QUESTION # 136
You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost- effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end. What should you do?

  • A. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.
  • B. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.
  • C. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.
  • D. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

Answer: A

Explanation:
https://cloud.google.com/storage/docs/managing-lifecycles


NEW QUESTION # 137
You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

  • A. Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.
  • B. Grant all engineer's permission to create their own billing accounts for each new project.
  • C. Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.
  • D. Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

Answer: C


NEW QUESTION # 138
You need to reduce GCP service costs for a division of your company using the fewest possible steps. You need to turn off all configured services in an existing GCP project. What should you do?

  • A. 1. Verify that you are assigned the Organizational Administrator IAM role for this project.
    2. Locate the project in the GCP console, enter the project ID and then click Shut down.
  • B. 1. Verify that you are assigned the Organizational Administrators IAM role for this project.
    2. Switch to the project in the GCP console, locate the resources and delete them.
  • C. 1. Verify that you are assigned the Project Owners IAM role for this project.
    2. Switch to the project in the GCP console, locate the resources and delete them.
  • D. 1. Verify that you are assigned the Project Owners IAM role for this project.
    2. Locate the project in the GCP console, click Shut down and then enter the project ID.

Answer: A


NEW QUESTION # 139
You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.
How should you configure the auditor's permissions?

  • A. Select the built-in IAM service Viewer role. Add the user's account to this role.
  • B. Create a custom role with view-only service permissions. Add the user's account to the custom role.
  • C. Select the built-in IAM project Viewer role. Add the user's account to this role.
  • D. Create a custom role with view-only project permissions. Add the user's account to the custom role.

Answer: C


NEW QUESTION # 140
You need to manage a Cloud Spanner Instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

  • A. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%.
    Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.
  • B. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%.
    If you exceed this threshold, add nodes to your instance
  • C. Create an alert in Cloud Monitoring to alert when the percentage ot high priority CPU utilization reaches 45%.
    Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage
  • D. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45%.
    If you exceed this threshold, add nodes lo your instance.

Answer: D


NEW QUESTION # 141
You deployed an application on a managed instance group in Compute Engine. The application accepts Transmission Control Protocol (TCP) traffic on port 389 and requires you to preserve the IP address of the client who is making a request. You want to expose the application to the internet by using a load balancer. What should you do?

  • A. Expose the application by using an external TCP Network Load Balancer.
  • B. Expose the application by using an SSL Proxy Load Balancer.
  • C. Expose the application by using an internal TCP Network Load Balancer.
  • D. Expose the application by using a TCP Proxy Load Balancer.

Answer: D


NEW QUESTION # 142
You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

  • A. Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.
  • B. Create a service account with appropriate access for Google services, and configure the application to use this account.
  • C. Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.
  • D. Assign appropriate access for Google services to the service account used by the Compute Engine VM.

Answer: B


NEW QUESTION # 143
You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

  • A. Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.
  • B. Change the default region property setting in the existing GCP project to asia-northeast1.
  • C. Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.
  • D. Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

Answer: A

Explanation:
https://cloud.google.com/appengine/docs/flexible/managing-projects-apps-billing#:~:text=Each%20Cloud%20project%20can%20contain%20only%20a%20single%20App%20Engine%20application%2C%20and%20once%20created%20you%20cannot%20change%20the%20location%20of%20your%20App%20Engine%20application.
Two App engine can't be running on the same project: you can check this easy diagram for more info: https://cloud.google.com/appengine/docs/standard/an-overview-of-app-engine#components_of_an_application And you can't change location after setting it for your app Engine. https://cloud.google.com/appengine/docs/standard/locations App Engine is regional and you cannot change an apps region after you set it. Therefore, the only way to have an app run in another region is by creating a new project and targeting the app engine to run in the required region (asia-northeast1 in our case).
Ref: https://cloud.google.com/appengine/docs/locations


NEW QUESTION # 144
Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

  • A. Add your SREs to a group and then add this group to roles/accessapproval approver role.
  • B. Add your SREs to roles/accessapproval approver role.
  • C. Add your SREs to a group and then add this group to roles/iam roleAdmin role.
  • D. Add your SREs to roles/iam.roleAdmin role.

Answer: B


NEW QUESTION # 145
A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

  • A. Navigate to Identity-Aware Proxy and check the permissions for these resources.
  • B. Use the command gcloud projects get-iam-policy to view the current role assignments.
  • C. Enable Audit Logs on the IAM & admin page for all resources, and validate the results.
  • D. In the console, validate which SSH keys have been stored as project-wide keys.

Answer: B

Explanation:
A simple approach would be to use the command flags available when listing all the IAM policy for a given project. For instance, the following command:
`gcloud projects get-iam-policy $PROJECT_ID --flatten="bindings[].members" -- format="table(bindings.members)" --filter="bindings.role:roles/owner"` outputs all the users and service accounts associated with the role 'roles/owner' in the project in question.
https://groups.google.com/g/google-cloud-dev/c/Z6sZs7TvygQ?pli=1


NEW QUESTION # 146
You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named dev that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster. What should you do?

  • A. Use the command gcloud container clusters update dev.
  • B. Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.
  • C. Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.
  • D. Use the command gcloud config set container/cluster dev.

Answer: D

Explanation:
To set a default cluster for gcloud commands, run the following command: gcloud config set container/cluster CLUSTER_NAME https://cloud.google.com/kubernetes-engine/docs/how-to/managing-clusters?hl=en


NEW QUESTION # 147
You need to reduce GCP service costs for a division of your company using the fewest possible steps. You need to turn off all configured services in an existing GCP project. What should you do?

  • A. 1. Verify that you are assigned the Organizational Administrator IAM role for this project.
    2. Locate the project in the GCP console, enter the project ID and then click Shut down.
  • B. 1. Verify that you are assigned the Organizational Administrators IAM role for this project.
    2. Switch to the project in the GCP console, locate the resources and delete them.
  • C. 1. Verify that you are assigned the Project Owners IAM role for this project.
    2. Switch to the project in the GCP console, locate the resources and delete them.
  • D. 1. Verify that you are assigned the Project Owners IAM role for this project.
    2. Locate the project in the GCP console, click Shut down and then enter the project ID.

Answer: D

Explanation:
No need of giving Organization admin role for doing this.
If you have the project owner role, you can locate the project and shut it down.


NEW QUESTION # 148
You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem.
What should you do?

  • A. Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.
  • B. Connect to the instance's serial console and read the application logs.
  • C. Navigate to Cloud Logging and view the application logs.
  • D. Configure a Health Check on the instance and set a Low Healthy Threshold value.

Answer: C

Explanation:
Activity logging is enabled by default for all Compute Engine projects.
You can see your project's activity logs through the Logs Viewer in the Google Cloud Console:
In the Cloud Console, go to the Logging page.
Go to the Logging page
When in the Logs Viewer, select and filter your resource type from the first drop-down list.
From the All logs drop-down list, select compute.googleapis.com/activity_log to see Compute Engine activity logs.
https://cloud.google.com/compute/docs/logging/activity-logs#viewing_logs Besides:
Activity logs are provided as part of the Cloud Logging service. For more information about Logging in general, read the Cloud Logging documentation.
https://cloud.google.com/compute/docs/logging/activity-logs


NEW QUESTION # 149
A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

  • A. Navigate to Identity-Aware Proxy and check the permissions for these resources.
  • B. Use the command gcloud projects get-iam-policy to view the current role assignments.
  • C. Enable Audit Logs on the IAM & admin page for all resources, and validate the results.
  • D. In the console, validate which SSH keys have been stored as project-wide keys.

Answer: A

Explanation:
Reference:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys


NEW QUESTION # 150
You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do?

  • A. Provision Compute Engine instances with GPUs attached.
  • B. Provision Compute Engine instances with M1 machine type.
  • C. Provision preemptible Compute Engine instances.
  • D. Provision Compute Engine instances with local SSDs attached.

Answer: B

Explanation:
M1 machine series Medium in-memory databases such as SAP HANA Tasks that require intensive use of memory with higher memory-to-vCPU ratios than the general-purpose high-memory machine types. In-memory databases and in-memory analytics, business warehousing (BW) workloads, genomics analysis, SQL analysis services. Microsoft SQL Server and similar databases.
https://cloud.google.com/compute/docs/machine-types
https://cloud.google.com/compute/docs/machine-types#:~:text=databases%20such%20as-,SAP%20HANA,-In%2Dmemory%20databases
https://www.sap.com/india/products/hana.html#:~:text=is%20SAP%20HANA-,in%2Dmemory,-database%3F


NEW QUESTION # 151
Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running on four GKE n1-standard-2 nodes. You need to deploy additional pods requiring n2- highmem-16 nodes without any downtime. What should you do?

  • A. Create a new cluster with n2-highmem-16 nodes.
    Redeploy the pods and delete the old cluster.
  • B. Create a new cluster with both n1-standard-2 and n2-highmem-16 nodes.
    Redeploy the pods and delete the old cluster.
  • C. Use gcloud container clusters upgrade.
    Deploy the new services.
  • D. Create a new Node Pool and specify machine type n2-highmem-16.
    Deploy the new pods.

Answer: D

Explanation:
When you need to change the machine profile of your Compute Engine cluster, you can create a new node pool and then migrate your workloads over to the new node pool.


NEW QUESTION # 152
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

  • A. 1. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to
    10.0.1.0/24)* Protocols: allow TCP: 8080
  • B. 1. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow all
  • C. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow all
  • D. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow TCP: 8080

Answer: D


NEW QUESTION # 153
You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods. What should you do?

  • A. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods.
  • B. Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers' Pods.
  • C. Use Binary Authorization and whitelist only the container images used by your customers' Pods.
  • D. Use the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods.

Answer: B


NEW QUESTION # 154
You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps. What should you do?

  • A. Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.
  • B. Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.
  • C. Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.
  • D. Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

Answer: C

Explanation:
Reference:
https://medium.com/falafel-software/sql-server-in-the-google-cloud-a17e8a1f11ce


NEW QUESTION # 155
You want to configure 10 Compute Engine instances for availability when maintenance occurs.
Your requirements state that these instances should attempt to automatically restart if they crash.
Also, the instances should be highly available including during system maintenance. What should you do?

  • A. Create an instance template for the instances.
    `Automatic Restart' to off. Set `On-host maintenance' to Terminate VM instances.
    Add the instance template to an instance group.
  • B. Create an instance group for the instance.
    Verify that the `Advanced creation options' setting for `do not retry machine creation' is set to off.
  • C. Create an instance template for the instances.
    Set the `Automatic Restart' to on. Set the `On-host maintenance' to Migrate VM instance.
    Add the instance template to an intsance group.
  • D. Create an instance group for the instances.
    Set the `Autohealing' health check to healthy (HTTP).

Answer: C

Explanation:
onHostMaintenance: Determines the behavior when a maintenance event occurs that might cause your instance to reboot.
[Default] MIGRATE, which causes Compute Engine to live migrate an instance when there is a maintenance event.
TERMINATE, which stops an instance instead of migrating it.
automaticRestart: Determines the behavior when an instance crashes or is stopped by the system.
[Default] true, so Compute Engine restarts an instance if the instance crashes or is stopped.
false, so Compute Engine does not restart an instance if the instance crashes or is stopped.
https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options


NEW QUESTION # 156
Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.
What should you do?

  • A. Create a private zone on Cloud DNS, and configure the applications with the DNS name.
  • B. Configure the IP of the database as custom metadata for each instance,
  • C. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.
  • D. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Answer: A

Explanation:
Cloud DNS offers DNS forwarding zones and DNS server policies to allow lookups of DNS names between your on-premises and Google Cloud environment. You have multiple options for configuring DNS forwarding. The following section lists best practices for hybrid DNS setup.
These best practices are illustrated in the Reference architectures for hybrid DNS.
https://cloud.google.com/dns/docs/best-
practices#best_practices_for_dns_forwarding_zones_and_server_policies


NEW QUESTION # 157
......


Google Associate Cloud Engineer certification exam is a great way for individuals to start their journey in cloud computing. Google Associate Cloud Engineer Exam certification provides a solid foundation for individuals who want to pursue further certifications and specializations in Google Cloud Platform. Associate-Cloud-Engineer exam is designed to test an individual's knowledge in various areas of cloud computing, including cloud architecture, security, networking, and operations. By passing Associate-Cloud-Engineer exam, individuals can prove their proficiency in these areas and demonstrate their ability to use GCP services effectively.

 

Validate your Skills with Updated Associate-Cloud-Engineer Exam Questions & Answers and Test Engine: https://www.torrentvce.com/Associate-Cloud-Engineer-valid-vce-collection.html

Tested & Approved Associate-Cloud-Engineer Study Materials Download: https://drive.google.com/open?id=1-A-I_HE2CTV_L9WtLu2JqDVf9fg0lQUn