Your boss has asked you to onboard a new user and provide them with access to their team's project. What set of steps best describes what needs to happen?
A. Add them as a member of the project, grant them the required roles, and sync the user back to G Suite.
B. Add the user inside of G Suite, create a user group, and add them to that user group.
C. Add the user inside of G Suite; sync from G Suite to the Active Directory using the Directory Sync util; add them as a member and grant them the required roles.
D. Add the user inside of G Suite, add them as a member of the project, and grant them the required roles.
You've setup and tested several custom roles in your development project. What is the fastest way to create the same roles for your new production project?
A. Recreate them in the new project.
B. Use the gcloud iam copy roles command and set the destination project.
C. In the UI, select the roles and click the Export button.
D. Use the gcloud iam roles copy command and set the destination project.
Regarding audit logs, which of the following is a Google recommended best practice?
A. Export your audit logs to App Engine
B. Export your audit logs to Pub/Sub.
C. Flush your audit logs monthly so you can more easily notice security events.
D. Export your audit logs to Cloud Storage and store them for a long period of time.
While looking at your application's source code in your private Github repo, you've noticed that a service account key has been committed to git. What steps should you take next?
A. Revoke the key, remove the key from Git, purge the Git history to remove all traces of the file, ensure the key is added to the .gitignore file.
B. Delete the project and create a new one.
C. Do nothing. Git is fine for keys if the repo is private.
D. Contact Google Cloud Support
You've been asked to help onboard a new member of the big-data team. They need full access to BigQuery. Which type of role would be the most efficient to set up while following the principle of least privilege?
A. Primitive Role
B. Custom Role
C. Managed Role
D. Predefined Role
You have 3 Cloud Storage buckets that all store sensitive data.
Which grantees should you audit to ensure that these buckets are not public?
A. allUsers
B. allAuthenticatedUsers
C. publicUsers
D. allUsers and allAuthenticatedUsers
You have a 20 GB file that you need to securely share with some contractors. They need it as fast as possible. Which steps would get them the file quickly and securely?
A. Using composite objects and parallel uploads to upload the file to Cloud Storage quickly. Then generate a signed URL and securely share it with the contractors.
B. Set up a VPC with a custom subnet. Create a subnet tunnel. Upload the file to a network share. Grant the contractors temporary access.
C. Upload the file to Bigtable using the bulk data import tool. Then provide the contractors with read access to the database.
D. Upload the file to Cloud Storage. Grant the allAuthenticated users token view permissions.
You have several users who need access to some very specific Google Cloud functionality. You'd like to follow the principle of least privilege. What's the best way to ensure these users can list Cloud Storage buckets, list BigQuery jobs, and list compute disks?
A. Add the users to the viewer role.
B. Use the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.
C. Create a custom role for this job role, add the required permissions, and add the users to the role.
D. Add the users to a group, apply the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.
Your boss has asked you to set up something to perform monitoring and logging. The ideal solution would allow you to monitor your Google Cloud resources as well as a few different EC2 instances running inside AWS. Which option would meet the criteria with the least amount of work?
A. Deploy a custom solution based on the ELK stack.
B. Datadog
C. Stackdriver
D. AWS Cloudwatch
Your development team has asked for your help. They need a simple, reproducible way to create and terminate a new Compute Engine instance so that they can automate it as a part of their CI/CD process. What is the best option for accomplishing that?
A. Show them how to use the Console to create and terminate instances.
B. Recommend that they use the REST API to develop the functionality in the language of their choosing.
C. Show them how to use the gcloud component of the Cloud SDK.
D. Show them how to use a Docker container. Then they can get rid of the need for the VM.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ASSOCIATE-CLOUD-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.