How to pass Google Associate-Cloud-Engineer exam with the help of dumps?

Question # 1

You have a number of applications that have bursty workloads and are heavily dependent on topics to decouple publishing systems from consuming systems. Your company would like to go serverless to enable developers to focus on writing code without worrying about infrastructure. Your solution architect has already identified Cloud Pub/Sub as a suitable alternative for decoupling systems. You have been asked to identify a suitable GCP Serverless service that is easy to use with Cloud Pub/Sub. You want the ability to scale down to zero when there is no traffic in order to minimize costs. You want to follow Google recommended practices. What should you suggest?

A. Cloud Run for Anthos 
B. Cloud Run 
C. App Engine Standard 
D. Cloud Functions. 

Show Answer

Question # 2

You need to track and verity modifications to a set of Google Compute Engine instances in your Google Cloud project. In particular, you want to verify OS system patching events on your virtual machines (VMs). What should you do?

A. Review the Compute Engine activity logs Select and review the Admin Event logs 
B. Review the Compute Engine activity logs Select and review the System Event logs 
C. Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs 
D. Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs 

Show Answer

Question # 3

Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate an updated version of the application with a specific percentage of your production users (canary deployment). What should you do?

A. Create a new service with the new version of the application. Split traffic between this version and the version that is currently running. 
B. Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running. 
C. Create a new service with the new version of the application. Add an HTTP Load Balancer in front of both services. 
D. Create a new revision with the new version of the application. Add an HTTP Load Balancer in front of both revisions. 

Show Answer

Question # 4

Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Googlerecommended practices. What should you do?

A. 1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery jobUser role to the group. 
B. 1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery dataViewer user role to the group. 
C. 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery jobUser role to the group. 
D. 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery dataViewer user role to the group. 

Show Answer

Question # 5

Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to desig the networking infrastructure on Google Cloud to match these requirements. What should you do?

A. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ. 
B. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ. 
C. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ. 
D. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ. 

Show Answer

Question # 6

The DevOps group in your organization needs full control of Compute Engine resources in your development project. However, they should not have permission to create or update any other resources in the project. You want to follow Google's recommendations for setting permissions for the DevOps group. What should you do?

A. Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps group. 
B. Create an 1AM policy and grant all compute. instanceAdmln." permissions to the policy Attach the policy to the DevOps group.
 C. Create a custom role at the folder level and grant all compute. instanceAdmln. * permissions to the role Grant the custom role to the DevOps group. 
D. Grant the basic role roles/editor to the DevOps group. 

Show Answer

Question # 7

You are designing an application that lets users upload and share photos. You expect your application to grow really fast and you are targeting a worldwide audience. You want to delete uploaded photos after 30 days. You want to minimize costs while ensuring your application is highly available. Which GCP storage solution should you choose?

A. Persistent SSD on VM instances. 
B. Cloud Filestore. 
C. Multiregional Cloud Storage bucket. 
D. Cloud Datastore database. 

Show Answer

Question # 8

You are migrating a business critical application from your local data center into Google Cloud. As part of your high-availability strategy, you want to ensure that any data used by the application will be immediately available if a zonal failure occurs. What should you do? 

A. Store the application data on a zonal persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone. 
B. Store the application data on a zonal persistent disk. If an outage occurs, create an instance in another zone with this disk attached. 
C. Store the application data on a regional persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone.
 D. Store the application data on a regional persistent disk If an outage occurs, create an instance in another zone with this disk attached.

Show Answer

Question # 9

Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

A. Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment. 
B. Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment. 
C. Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool. 
D. Create a separate node pool for each application, and deploy each application to its dedicated node pool. 

Show Answer

Question # 10

You want to verify the IAM users and roles assigned within a GCP project named myproject. What should you do?

A. Run gcloud iam roles list. Review the output section. 
B. Run gcloud iam service-accounts list. Review the output section. 
C. Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles. 
D. Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status. 

Show Answer

Question # 11

Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes. What should you do?

A. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances. 
B. Create a private zone on Cloud DNS, and configure the applications with the DNS name. 
C. Configure the IP of the database as custom metadata for each instance, and query the metadata server.
 D. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database. 

Show Answer

Question # 12

You have developed a containerized web application that will serve Internal colleagues during business hours. You want to ensure that no costs are incurred outside of the hours the application is used. You have just created a new Google Cloud project and want to deploy the application. What should you do?

A. Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero 
B. Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero. 
C. Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml
D. Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml 

Show Answer

Question # 13

The storage costs for your application logs have far exceeded the project budget. The logs are currently being retained indefinitely in the Cloud Storage bucket myapp-gcp-ace-logs. You have been asked to remove logs older than 90 days from your Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do? 

A. Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron. 
B. Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file. 
C. Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file. 
D. Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning. 

Show Answer

Question # 14

Your organization is a financial company that needs to store audit log files for 3 years. Your organization has hundreds of Google Cloud projects. You need to implement a costeffective approach for log file retention. What should you do? 

A. Create an export to the sink that saves logs from Cloud Audit to BigQuery. 
B. Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket. 
C. Write a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery. 
D. Export these logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL. 

Show Answer

Question # 15

You need to verify that a Google Cloud Platform service account was created at a particular time. What should you do?

A. Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account. 
B. Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project. 
C. Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account. 
D. Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project. 

Show Answer

Question # 16

You have two subnets (subnet-a and subnet-b) in the default VPC. Your database servers are running in subnet-a. Your application servers and web servers are running in subnet-b. You want to configure a firewall rule that only allows database traffic from the application servers to the database servers. What should you do?

A. * Create service accounts sa-app and sa-db. • Associate service account: sa-app with the application servers and the service account sa-db with the database servers. • Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db. 
B. • Create network tags app-server and db-server. • Add the app-server lag lo the application servers and the db-server lag to the database servers. • Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server. 
C. * Create a service account sa-app and a network tag db-server. Associate the service account sa-app with the application servers and the network tag dbserver with the database servers. • Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses. 
D. • Create a network lag app-server and service account sa-db. • Add the tag to the application servers and associate the service account with the database servers. • Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db. 

Show Answer

Question # 17

Your company is using Google Workspace to manage employee accounts. Anticipated growth will increase the number of personnel from 100 employees to 1.000 employees within 2 years. Most employees will need access to your company's Google Cloud account. The systems and processes will need to support 10x growth without performance degradation, unnecessary complexity, or security issues. What should you do? 

A. Migrate the users to Active Directory. Connect the Human Resources system to Active Directory. Turn on Google Cloud Directory Sync (GCDS) for Cloud Identity. Turn on Identity Federation from Cloud Identity to Active Directory. 
B. Organize the users in Cloud Identity into groups. Enforce multi-factor authentication in Cloud Identity. 
C. Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation. 
D. Use a third-party identity provider service through federation. Synchronize the users from Google Workplace to the third-party provider in real time. 

Show Answer

Question # 18

You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

A. Assign appropriate access for Google services to the service account used by the Compute Engine VM. 
B. Create a service account with appropriate access for Google services, and configure the application to use this account. 
C. Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application. 
D. Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application. 

Show Answer

Question # 19

Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting to the game with their personal phones over the Internet. The game sends UDP packets to update the servers about the gamers' actions while they are playing in multiplayer mode. Your game backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a single IP address. What should you do?

A. Configure an SSL Proxy load balancer in front of the application servers. 
B. Configure an Internal UDP load balancer in front of the application servers. 
C. Configure an External HTTP(s) load balancer in front of the application servers. tree 
D. Configure an External Network load balancer in front of the application servers. 

Show Answer

Question # 20

You are designing an application that uses WebSockets and HTTP sessions that are not distributed across the web servers. You want to ensure the application runs properly on Google Cloud Platform. What should you do?

A. Meet with the cloud enablement team to discuss load balancer options. 
B. Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions. 
C. Review the encryption requirements for WebSocket connections with the security team. 
D. Convert the WebSocket code to use HTTP streaming. 

Show Answer

Question # 21

You are managing a project for the Business Intelligence (BI) department in your company A data pipeline ingests data into BigQuery via streaming. You want the users in the BI department to be able to run the custom SQL queries against the latest data in BigQuery. What should you do?

A. Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard. 
B. Create a Service Account for the BI team and distribute a new private key to each member of the BI team. 
C. Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team's internal data warehouse. 
D. Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team. 

Show Answer

Question # 22

You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?

A. 1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message. 
B. 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription. 
C. 1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint. 
D. 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Show Answer

Question # 23

A company wants to build an application that stores images in a Cloud Storage bucket and wants to generate thumbnails as well as resize the images. They want to use a google managed service that can scale up and scale down to zero automatically with minimal effort. You have been asked to recommend a service. Which GCP service would you suggest? 

A. Google Compute Engine 
B. Google App Engine 
C. Cloud Functions
 D. Google Kubernetes Engine 

Show Answer

Question # 24

You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

A. Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects. 
B. Grant all engineer’s permission to create their own billing accounts for each new project. 
C. Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team. 
D. Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud. 

Show Answer

Question # 25

You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named dev that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster. What should you do?

A. Use the command gcloud config set container/cluster dev. 
B. Use the command gcloud container clusters update dev. 
C. Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.
 D. Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name. 

Show Answer

Question # 26

You have a workload running on Compute Engine that is critical to your business. You want to ensure that the data on the boot disk of this workload is backed up regularly. You need to be able to restore a backup as quickly as possible in case of disaster. You also want older backups to be cleaned automatically to save on cost. You want to follow Google recommended practices. What should you do?

A. Create a Cloud Function to create an instance template. 
B. Create a snapshot schedule for the disk using the desired interval. 
C. Create a cron job to create a new disk from the disk using gcloud. 
D. Create a Cloud Task to create an image and export it to Cloud Storage. 

Show Answer

Question # 27

You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do? 

A. Provision preemptible Compute Engine instances. 
B. Provision Compute Engine instances with GPUs attached. 
C. Provision Compute Engine instances with local SSDs attached. %3F
D. Provision Compute Engine instances with M1 machine type. 

Show Answer

Question # 28

You are setting up a Windows VM on Compute Engine and want to make sure you can log in to the VM via RDP. What should you do?

A. After the VM has been created, use your Google Account credentials to log in into the VM. 
B. After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM. 
C. When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value.
D. After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM. 

Show Answer

Question # 29

You manage an App Engine Service that aggregates and visualizes data from BigQuery. The application is deployed with the default App Engine Service account. The data that needs to be visualized resides in a different project managed by another team. You do not have access to this project, but you want your application to be able to read data from the BigQuery dataset. What should you do?

A. Ask the other team to grant your default App Engine Service account the role of BigQuery Job User. 
B. Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer. 
C. In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.
D. In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project. 

Show Answer

Question # 30

You have an application that runs on Compute Engine VM instances in a custom Virtual Private Cloud (VPC). Your company's security policies only allow the use to internal IP addresses on VM instances and do not let VM instances connect to the internet. You need to ensure that the application can access a file hosted in a Cloud Storage bucket within your project. What should you do?

A. Enable Private Service Access on the Cloud Storage Bucket. 
B. Add slorage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list to protected projects. 
C. Enable Private Google Access on the subnet within the custom VPC. 
D. Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket. 

Show Answer

Question # 31

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud Project. What should you do? 

A. Enable Audit Logs for all APIs that are related to data storage. 
B. Review the IAM permissions for any role that allows for data access. Most Voted 
C. Review the Identity-Aware Proxy settings for each resource. 
D. Create a Data Loss Prevention job. 

Show Answer

Question # 32

You have files in a Cloud Storage bucket that you need to share with your suppliers. You want to restrict the time that the files are available to your suppliers to 1 hour. You want to follow Google recommended practices. What should you do?

A. Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*. 
B. Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///**. 
C. Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///. 
D. Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///*** 

Show Answer

Question # 33

Your coworker has helped you set up several configurations for gcloud. You've noticed that you're running commands against the wrong project. Being new to the company, you haven't yet memorized any of the projects. With the fewest steps possible, what's the fastest way to switch to the correct configuration?

A. Run gcloud configurations list followed by gcloud configurations activate . 
B. Run gcloud config list followed by gcloud config activate. 
C. Run gcloud config configurations list followed by gcloud config configurations activate. 
D. Re-authenticate with the gcloud auth login command and select the correct configurations on login

Show Answer

Question # 34

All development (dev) teams in your organization are located in the United States. Each dev team has its own Google Cloud project. You want to restrict access so that each dev team can only create cloud resources in the United States (US). What should you do? 

A. Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.
B. Create an organization to contain all the dev projects. Create an Identity and Access Management (1AM) policy to limit the resources in US regions.
C. Create an Identity and Access Management <IAM) policy to restrict the resources locations in the US. Apply the policy to all dev projects.
D. Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles. 

Show Answer

Question # 35

Your company completed the acquisition of a startup and is now merging the IT systems of both companies. The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is billed lo your organization. You want to accomplish this task with minimal effort. What should you do?

A. Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization. 
B. Ensure that you have an Organization Administrator Identity and Access Management (1AM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization. 
C. Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project. 
D. Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization. 

Show Answer

Question # 36

Your team is running an on-premises ecommerce application. The application contains a complex set of microservices written in Python, and each microservice is running on Docker containers. Configurations are injected by using environment variables. You need to deploy your current application to a serverless Google Cloud cloud solution. What should you do? 

A. Use your existing CI/CD pipeline Use the generated Docker images and deploy them to Cloud Run. Update the configurations and the required endpoints. 
B. Use your existing continuous integration and delivery (CI/CD) pipeline. Use the generated Docker images and deploy them to Cloud Function. Use the same configuration as on-premises. 
C. Use the existing codebase and deploy each service as a separate Cloud Function Update the configurations and the required endpoints. 
D. Use your existing codebase and deploy each service as a separate Cloud Run Use the same configurations as on-premises. 

Show Answer

Question # 37

You are developing a financial trading application that will be used globally. Data is stored and queried using a relational structure, and clients from all over the world should get the exact identical state of the data. The application will be deployed in multiple regions to provide the lowest latency to end users. You need to select a storage option for the application data while minimizing latency. What should you do?

A. Use Cloud Bigtable for data storage. 
B. Use Cloud SQL for data storage.
 C. Use Cloud Spanner for data storage. 
D. Use Firestore for data storage.

Show Answer

Question # 38

You created a Kubernetes deployment by running kubectl run nginx image=nginx replicas=1. After a few days, you decided you no longer want this deployment. You identified the pod and deleted it by running kubectl delete pod. You noticed the pod got recreated. $ kubectl get pods NAME READY STATUS RESTARTS AGE nginx-84748895c4-nqqmt 1/1 Running 0 9m41s $ kubectl delete pod nginx-84748895c4-nqqmt pod nginx-84748895c4-nqqmt deleted $ kubectl get pods NAME READY STATUS RESTARTS AGE nginx-84748895c4-k6bzl 1/1 Running 0 25s What should you do to delete the deployment and avoid pod getting recreated?

A. kubectl delete deployment nginx 
B. kubectl delete –deployment=nginx 
C. kubectl delete pod nginx-84748895c4-k6bzl –no-restart 2 
D. kubectl delete inginx 

Show Answer

Question # 39

You have been asked to migrate a docker application from datacenter to cloud. Your solution architect has suggested uploading docker images to GCR in one project and running an application in a GKE cluster in a separate project. You want to store images in the project img-278322 and run the application in the project prod-278986. You want to tag the image as acme_track_n_trace:v1. You want to follow Google-recommended practices. What should you do? 

A. Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace 
B. Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace:v1 
C. Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace 
D. Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace:v1 

Show Answer

Question # 40

You are configuring Cloud DNS. You want !to create DNS records to point home.mydomain.com, mydomain.com. and www.mydomain.com to the IP address of your Google Cloud load balancer. What should you do?

A. Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively. 
B. Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively. 
C. Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively. 
D. Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively. 

Show Answer

Question # 41

You have developed an application that consists of multiple microservices, with each microservice packaged in its own Docker container image. You want to deploy the entire application on Google Kubernetes Engine so that each microservice can be scaled individually. What should you do?

A. Create and deploy a Custom Resource Definition per microservice. 
B. Create and deploy a Docker Compose File. 
C. Create and deploy a Job per microservice. 
D. Create and deploy a Deployment per microservice. 

Show Answer

Question # 42

The sales team has a project named Sales Data Digest that has the ID acme-data-digest You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?

A. Grant the Project Editor role to the Marketing learn for acme data digest 
B. Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team 
C. Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there 
D. Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team. 

Show Answer

Question # 43

Your application development team has created Docker images for an application that will be deployed on Google Cloud. Your team does not want to manage the infrastructure associated with this application. You need to ensure that the application can scale automatically as it gains popularity. What should you do?

A. gcloud deployment-manager deployments create my-gcp-ace-cluster --config cluster.yaml 
B. gcloud deployment-manager deployments create my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml 
C. gcloud deployment-manager deployments apply my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml 
D. gcloud deployment-manager deployments apply my-gcp-ace-cluster --config cluster.yaml 

Show Answer

Question # 44

Your application development team has created Docker images for an application that will be deployed on Google Cloud. Your team does not want to manage the infrastructure associated with this application. You need to ensure that the application can scale automatically as it gains popularity. What should you do?

A. Create an Instance template with the container image, and deploy a Managed Instance Group with Autoscaling. 
B. Upload Docker images to Artifact Registry, and deploy the application on Google Kubernetes Engine using Standard mode.
 C. Upload Docker images to the Cloud Storage, and deploy the application on Google Kubernetes Engine using Standard mode.
 D. Upload Docker images to Artifact Registry, and deploy the application on Cloud Run. 

Show Answer

Question # 45

You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Googlerecommended practices. What should you do?

A. 1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint. 
B. 1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint. 
C. 1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint. 
D. 1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint. 

Show Answer

Question # 46

You are running a web application on Cloud Run for a few hundred users. Some of your users complain that the initial web page of the application takes much longer to load than the following pages. You want to follow Google's recommendations to mitigate the issue. What should you do? 

A. Update your web application to use the protocol HTTP/2 instead of HTTP/1.1 
B. Set the concurrency number to 1 for your Cloud Run service. 
C. Set the maximum number of instances for your Cloud Run service to 100. 
D. Set the minimum number of instances for your Cloud Run service to 3. 

Show Answer

Question # 47

2. Your auditor wants to view your organization's use of data in Google Cloud. The auditoris most interested in auditing who accessed data in Cloud Storage buckets. You need tohelp the auditor access the data they need. What should you do?

A. Assign the appropriate permissions, and then use Cloud Monitoring to review metrics 
B. Use the export logs API to provide the Admin Activity Audit Logs in the format they want 
C. Turn on Data Access Logs for the buckets they want to audit, and Then build a query inthe log viewer that filters on Cloud Storage 
D. Assign the appropriate permissions, and then create a Data Studio report on AdminActivity Audit Logs 

Show Answer

Question # 48

Your organization has three existing Google Cloud projects. You need to bill the Marketingdepartment for only their Google Cloud services for a new initiative within their group. Whatshould you do?

A. 1. Verify that you ace assigned the Billing Administrator IAM role tor your organization's Google Cloud Project for the Marketing department 2. Link the new project to a Marketing Billing Account 
B. 1. Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud account 2. Create a new Google Cloud Project for the Marketing department 3. Set the default key-value project labels to department marketing for all services in this project 
C. 1. Verify that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account 2. Create a new Google Cloud Project for the Marketing department 3. Link the new project to a Marketing Billing Account. 
D. 1. Verity that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account 2. Create a new Google Cloud Project for the Marketing department 3. Set the default key value project labels to department marketing for all services in this protect 

Show Answer

Question # 49

You will have several applications running on different Compute Engine instances in thesame project. You want to specify at a more granular level the service account eachinstance uses when calling Google Cloud APIs. What should you do?

A. When creating the instances, specify a Service Account for each instance 
B. When creating the instances, assign the name of each Service Account as instancemetadata 
C. After starting the instances, use gcloud compute instances update to specify a ServiceAccount for each instance 
D. After starting the instances, use gcloud compute instances update to assign the name ofthe relevant Service Account as instance metadata 

Show Answer

Question # 50

An application generates daily reports in a Compute Engine virtual machine (VM). The VMis in the project corp-iot-insights. Your team operates only in the project corp-aggregatereports and needs a copy of the daily exports in the bucket corp-aggregate-reports-storage.You want to configure access so that the daily reports from the VM are available in thebucket corp-aggregate-reports-storage and use as few steps as possible while followingGoogle-recommended practices. What should you do?

A. Move both projects under the same folder. 
B. Grant the VM Service Account the role Storage Object Creator on corp-aggregatereports-storage. 
C. Create a Shared VPC network between both projects. Grant the VM Service Accountthe role Storage Object Creator on corp-iot-insights. 
D. Make corp-aggregate-reports-storage public and create a folder with a pseudorandomized suffix name. Share the folder with the IoT team. 

Show Answer

Question # 51

You want to verify the IAM users and roles assigned within a GCP project named myproject. What should you do?

A. Run gcloud iam roles list. Review the output section. 
B. Run gcloud iam service-accounts list. Review the output section. 
C. Navigate to the project and then to the IAM section in the GCP Console. Review themembers and roles. 
D. Navigate to the project and then to the Roles section in the GCP Console. Review theroles and status. 

Show Answer

Question # 52

You need to add a group of new users to Cloud Identity. Some of the users already haveexisting Google accounts. You want to follow one of Google's recommended practices andavoid conflicting accounts. What should you do?

A. Invite the user to transfer their existing account 
B. Invite the user to use an email alias to resolve the conflict 
C. Tell the user that they must delete their existing account 
D. Tell the user to remove all personal email from the existing account 

Show Answer

Question # 53

30. You are running multiple microservices in a Kubernetes Engine cluster. Onemicroservice is rendering images. The microservice responsible for the image renderingrequires a large amount of CPU time compared to the memory it requires. The othermicroservices are workloads that are optimized for n1-standard machine types. You needto optimize your cluster so that all workloads are using resources as efficiently as possible.What should you do?

A. Assign the pods of the image rendering microservice a higher pod priority than the oldermicroservices 
B. Create a node pool with compute-optimized machine type nodes for the image renderingmicroservice Use the node pool with general-purpose machine type nodes for the other microservices 
C. Use the node pool with general-purpose machine type nodes for lite mage renderingmicroservice Create a nodepool with compute-optimized machine type nodes for the othermicroservices 
D. Configure the required amount of CPU and memory in the resource requestsspecification of the image rendering microservice deployment Keep the resource requestsfor the other microservices at the default 

Show Answer

Question # 54

You have been asked to set up the billing configuration for a new Google Cloud customer.Your customer wants to group resources that share common IAM policies. What shouldyou do?

A. Use labels to group resources that share common IAM policies 
B. Use folders to group resources that share common IAM policies 
C. Set up a proper billing account structure to group IAM policies 
D. Set up a proper project naming structure to group IAM policies 

Show Answer