This page was exported from Latest Exam Prep [ http://certify.vceprep.com ]

Export date:Sat Sep 21 12:32:16 2024 / +0000 GMT

___________________________________________________


Title: [Jun 11, 2024] Google Associate-Cloud-Engineer Real Exam Questions and Answers FREE [Q127-Q146]

---------------------------------------------------



 [Jun 11, 2024] Google Associate-Cloud-Engineer Real Exam Questions and Answers FREE
Pass Google Associate-Cloud-Engineer Exam Info and Free Practice Test


Google Associate Cloud Engineer Exam is a certification that validates the skills of an individual to work effectively as a cloud engineer on the Google Cloud Platform. Associate-Cloud-Engineer exam is intended for individuals who have a good understanding of cloud computing concepts and are familiar with the tools and services offered by the Google Cloud Platform. Google Associate Cloud Engineer Exam certification exam evaluates the candidate's knowledge on various topics such as computing, networking, storage, security, and deployment.
 


QUESTION 127You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?
 Create the instance with the default Compute Engine service account.Grant the service account permissions on Cloud Storage.
 Create the instance with the default Compute Engine service account.Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
 Create a new service account and assign this service account to the new instance.Grant the service account permissions on Cloud Storage.
 Create a new service account and assign this service account to the new instance.Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
If an application uses third-party or custom identities and needs to access a resource, such as a BigQuery dataset or a Cloud Storage bucket, it must perform a transition between principals.Because Google Cloud APIs don’t recognize third-party or custom identities, the application can’t propagate the end-user’s identity to BigQuery or Cloud Storage. Instead, the application has to perform the access by using a different Google identity.https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accountsQUESTION 128A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?
 In the console, validate which SSH keys have been stored as project-wide keys.
 Navigate to Identity-Aware Proxy and check the permissions for these resources.
 Enable Audit Logs on the IAM & admin page for all resources, and validate the results.
 Use the command gcloud projects get-iam-policy to view the current role assignments.
QUESTION 129Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization.What should you do?
 Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.
 Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.
 Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.
 Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.
Google Cloud Directory Sync enables administrators to synchronize users, groups and other data from an Active Directory/LDAP service to their Google Cloud domain directoryhttps://tools.google.com/dlpage/dirsync/QUESTION 130You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site. Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly, without prompting the user to save the file locally. What should you do?
 Enable Cloud CDN on the website frontend.
 Enable ‘Share publicly’ on the PDF file objects.
 Set Content-Type metadata to application/pdf on the PDF file objects.
 Add a label to the storage bucket with a key of Content-Type and value of application/pdf.
QUESTION 131You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over Internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?
 Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.
 Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.
 Create 2 custom VPCs, each with a single subnet. Create each subnet in a different region and with a different CIDR range.
 Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.
QUESTION 132You have an application on a general-purpose Compute Engine instance that is experiencing excessive disk read throttling on its Zonal SSD Persistent Disk. The application primarily reads large files from disk. The disk size is currently 350 GB. You want to provide the maximum amount of throughput while minimizing costs. What should you do?
 Increase the size of the disk to 1 TB.
 Increase the allocated CPU to the instance.
 Migrate to use a Local SSD on the instance.
 Migrate to use a Regional SSD on the instance.
QUESTION 133You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?
 Assign appropriate access for Google services to the service account used by the Compute Engine VM.
 Create a service account with appropriate access for Google services, and configure the application to use this account.
 Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.
 Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.
In general, Google recommends that each instance that needs to call a Google API should run as a service account with the minimum permissions necessary for that instance to do its job. In practice, this means you should configure service accounts for your instances with the following process: Create a new service account rather than using the Compute Engine default service account. Grant IAM roles to that service account for only the resources that it needs. Configure the instance to run as that service account. Grant the instance the https://www.googleapis.com/auth/cloud-platform scope to allow full access to all Google Cloud APIs, so that the IAM permissions of the instance are completely determined by the IAM roles of the service account. Avoid granting more access than necessary and regularly check your service account permissions to make sure they are up-to-date. https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practicesQUESTION 134Your company completed the acquisition of a startup and is now merging the IT systems of both companies.The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is billed lo your organization. You want to accomplish this task with minimal effort. What should you do?
 Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.
 Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup’s Google Cloud organization, and drag the project to your company’s organization.
 Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.
 Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup’s Google Cloud organization.
QUESTION 135You are designing an application that lets users upload and share photos. You expect your application to grow really fast and you are targeting a worldwide audience. You want to delete uploaded photos after 30 days. You want to minimize costs while ensuring your application is highly available. Which GCP storage solution should you choose?
 Persistent SSD on VM instances.
 Cloud Filestore.
 Multiregional Cloud Storage bucket.
 Cloud Datastore database.
Cloud Storage allows world-wide storage and retrieval of any amount of data at any time. We dont need to set up auto-scaling ourselves. Cloud Storage autoscaling is managed by GCP. Cloud Storage is an object store so it is suitable for storing photos. Cloud Storage allows world-wide storage and retrieval so cater well to our worldwide audience. Cloud storage provides us lifecycle rules that can be configured to automatically delete objects older than 30 days. This also fits our requirements. Finally, Google Cloud Storage offers several storage classes such as Nearline Storage ($0.01 per GB per Month) Coldline Storage ($0.007 per GB per Month) and Archive Storage ($0.004 per GB per month) which are significantly cheaper than any of the options above.Ref: https://cloud.google.com/storage/docsRef: https://cloud.google.com/storage/pricingQUESTION 136You want to select and configure a solution for storing and archiving data on Google Cloud Platform. You need to support compliance objectives for data from one geographic location. This data is archived after 30 days and needs to be accessed annually. What should you do?
 Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.
 Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.
 Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.
 Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.
The Real description is about Coldline storage Class:Coldline StorageColdline Storage is a very-low-cost, highly durable storage service for storing infrequently accessed data. Coldline Storage is a better choice than Standard Storage or Nearline Storage in scenarios where slightly lower availability, a 90-day minimum storage duration, and higher costs for data access are acceptable trade-offs for lowered at-rest storage costs.Coldline Storage is ideal for data you plan to read or modify at most once a quarter. Note, however, that for data being kept entirely for backup or archiving purposes, Archive Storage is more cost-effective, as it offers the lowest storage costs.https://cloud.google.com/storage/docs/storage-classes#coldlineQUESTION 137The sales team has a project named Sales Data Digest that has the ID acme-data-digest You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?
 Grant the Project Editor role to the Marketing learn for acme data digest
 Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team
 Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there
 Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team.
QUESTION 138You want to send and consume Cloud Pub/Sub messages from your App Engine application. The Cloud Pub/Sub API is currently disabled. You will use a service account to authenticate your application to the API.You want to make sure your application can use Cloud Pub/Sub. What should you do?
 Enable the Cloud Pub/Sub API in the API Library on the GCP Console.
 Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.
 Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.
 Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.
ExplanationQuickstart: using the Google Cloud ConsoleThis page shows you how to perform basic tasks in Pub/Sub using the Google Cloud Console.Note: If you are new to Pub/Sub, we recommend that you start with the interactive tutorial.Before you beginSet up a Cloud Console project.Set up a projectClick to:Create or select a project.Enable the Pub/Sub API for that project.You can view and manage these resources at any time in the Cloud Console.Install and initialize the Cloud SDK.Note: You can run the gcloud tool in the Cloud Console without installing the Cloud SDK. To run the gcloud tool in the Cloud Console, use Cloud Shell .https://cloud.google.com/pubsub/docs/quickstart-consoleQUESTION 139Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?
 Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.
 Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment.
 Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.
 Create a separate node pool for each application, and deploy each application to its dedicated node pool.
https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-autoscaler#adding_a_node_pool_with_autoscalQUESTION 140You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?
 Configure an HTTP(S) load balancer.
 Configure an internal TCP load balancer.
 Configure an external SSL proxy load balancer.
 Configure an external TCP proxy load balancer.
Explanation/Reference: https://cloud.google.com/load-balancing/docs/https/QUESTION 141You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.You check the status of the deployed pods and notice that one of them is still in PENDING status:You want to find out why the pod is stuck in pending status. What should you do?
 Review details of the myapp-service Service object and check for error messages.
 Review details of the myapp-deployment Deployment object and check for error messages.
 Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
 View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
QUESTION 142You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?
 Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.
 Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.
 Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.
 Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.
Explanationhttps://cloud.google.com/compute/docs/autoscaler#specificationsAutoscaling works independently from autohealing. If you configure autohealing for your group and an instance fails the health check, the autohealer attempts to recreate the instance. Recreating an instance can cause the number of instances in the group to fall below the autoscaling threshold (minNumReplicas) that you specify.Since we need the application running at all times, we need a minimum 1 instance.Only a single instance of the VM should run, we need a maximum 1 instance.We want the application running at all times. If the VM crashes due to any underlying hardware failure, we want another instance to be added to MIG so that application can continue to serve requests. We can achieve this by enabling autoscaling. The only option that satisfies these three is Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.Ref: https://cloud.google.com/compute/docs/autoscalerQUESTION 143Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Google-recommended practices. What should you do?
 1. Create an IAM entry for each data scientist’s user account.2. Assign the BigQuery jobUser role to the group.
 1. Create an IAM entry for each data scientist’s user account.2. Assign the BigQuery dataViewer user role to the group.
 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist’s user account to the group.3. Assign the BigQuery jobUser role to the group.
 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist’s user account to the group.3. Assign the BigQuery dataViewer user role to the group.
Reference:https://cloud.google.com/bigquery/docs/cloud-sql-federated-queriesQUESTION 144Your team has developed a stateless application which requires it to be run directly on virtual machines. The application is expected to receive a fluctuating amount of traffic and needs to scale automatically. You need to deploy the application. What should you do?
 Deploy the application on Cloud Run and configure autoscaling.
 Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.
 Deploy the application on a managed instance group and configure autoscaling.
 Deploy the application on Cloud Functions and configure the maximum number instances.
A managed instance group is a group of identical virtual machines that are created from a common instance template and are managed by the Compute Engine service. A managed instance group can scale automatically based on the load or a schedule, and can distribute the traffic across the instances using a load balancer. A managed instance group is a suitable choice for deploying a stateless application that requires to be run directly on virtual machines and needs to scale automatically. You can use the Google Cloud console, the Cloud SDK (gcloud), or the REST API to create and manage a managed instance group.The other options are not correct because they either do not meet the requirements of the application, or they do not run the application directly on virtual machines. Option A is not correct because Cloud Run is a serverless platform that runs stateless containers, not virtual machines. Option B is not correct because a Kubernetes Engine cluster is a managed Kubernetes service that runs containerized applications, not virtual machines. Option D is not correct because Cloud Functions is a serverless platform that runs single-purpose functions, not virtual machines.Reference:Managed instance groupsAutoscaling groups of instancesCreating and starting a managed instance groupQUESTION 145You’re working on setting up a cluster of virtual machines with GPUs to perform some 3D rendering for a customer. They’re on a limited budget and are looking for ways to save money. What is the best solution for implementing this?
 Use an autoscaled managed instance group containing some preemptible instances.
 Use an unmanaged instance group with preemptible instances.
 Use App Engine with Flexible Environments.
 Use App Engine with Standard Environments.
QUESTION 146Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The DevOps team needs access to all of the production services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Google- recommended practices. What should you do?
 Grant all members of the DevOps team the role of Project Editor on the organization level.
 Grant all members of the DevOps team the role of Project Editor on the production project.
 Create a custom role that combines the required permissions.Grant the DevOps team the custom role on the production project.
 Create a custom role that combines the required permissions.Grant the DevOps team the custom role on the organization level.
Understanding IAM custom rolesKey Point: Custom roles enable you to enforce the principle of least privilege, ensuring that the user and service accounts in your organization have only the permissions essential to performing their intended functions.Basic conceptsCustom roles are user-defined, and allow you to bundle one or more supported permissions to meet your specific needs. Custom roles are not maintained by Google; when new permissions, features, or services are added to Google Cloud, your custom roles will not be updated automatically.When you create a custom role, you must choose an organization or project to create it in. You can then grant the custom role on the organization or project, as well as any resources within that organization or project.https://cloud.google.com/iam/docs/understanding-custom-roles#basic_concepts Loading …






	
	


To earn the Google Associate-Cloud-Engineer certification, candidates must pass a 2-hour online exam that consists of multiple-choice and multiple-select questions. Associate-Cloud-Engineer exam covers a range of topics, including cloud computing, networking, security, storage, and database management. Candidates must also demonstrate an understanding of Google Cloud Platform's key components, such as Compute Engine, Kubernetes Engine, App Engine, and Cloud Storage. With this certification, individuals can showcase their expertise in Google Cloud Platform and stand out among other cloud professionals in the industry.
 

Latest Associate-Cloud-Engineer Exam Dumps Google Exam: https://www.vceprep.com/Associate-Cloud-Engineer-latest-vce-prep.html


---------------------------------------------------


Images: https://certify.vceprep.com/wp-content/plugins/watu/loading.gif
https://certify.vceprep.com/wp-content/plugins/watu/loading.gif


---------------------------------------------------




---------------------------------------------------


Post date: 2024-06-11 15:42:32

Post date GMT: 2024-06-11 15:42:32

Post modified date: 2024-06-11 15:42:32

Post modified date GMT: 2024-06-11 15:42:32