Google ASSOCIATE-CLOUD-ENGINEER Online Practice Questions and Exam Preparation

Google ASSOCIATE-CLOUD-ENGINEER Online Questions & Answers

• Question 331:

  You're using Deployment Manager to deploy your application to an autoscaled, managed instance group on Compute Engine. The application is a single binary, What is the fastest way to get the binary onto the instance, without introducing undue complexity?

  A. When creating the instance template use the startup script metadata key to bootstrap the application.
  B. Use a "golden image" that contains everything you need.
  C. When creating the instance template, use the startup script metadata key to install Ansible. Have the instance run the play-book at startup to install the application.
  D. Once the instance starts up, connect over SSH and install the application.
  A. When creating the instance template use the startup script metadata key to bootstrap the application.

  ---

  Explanation

• Question 332:

  You manage an App Engine Service that aggregates and visualizes data from BigQuery. The application is deployed with the default App Engine Service account. The data that needs to be visualized resides in a different project managed by another team. You do not have access to this project, but you want your application to be able to read data from the BigQuery dataset. What should you do?

  A. Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.
  B. Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.
  C. In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.
  D. In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.
  B. Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.

  ---

  Explanation

  As the question states you need only read access to the BigQuery datasets residing in other project, we need to request the other project team to give data viewer role to access the Bigquery datasets.

• Question 333:

  You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version. What should you do?

  A. Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.
  B. Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.
  C. Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.
  D. Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.
  D. Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

  ---

  Explanation

  Splitting the question to the key requirements

  1.new version of an application hosted in an App Engine environment.

  2.test the new version with 1% of users

  App engine supports versioning and traffic splitting so no need to involve anything else (source - https://cloud.google.com/appengine#all-features)

  A. ....'Google Kubernetes Engine'.... - No need to involve GKE. Not the right option

  B. ....'Compute Engine instance'.... - No need to involve Compute Engine.

  C. ....'Separate app in App Engine'....- No need to deploy as a separate app. versioning is supported already. Not the right option.

  D. This is the right answer.

• Question 334:

  Your company publishes large files on an Apache web server that runs on a Compute Engine instance. The Apache web server is not the only application running in the project. You want to receive an email when the egress network costs for the server exceed 100 dollars for the current month as measured by Google Cloud Platform (GCP). What should you do?

  A. Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of "email."
  B. Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of "email."
  C. Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.
  D. Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging. Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.
  C. Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

  ---

  Explanation

  Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

• Question 335:

  You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

  A. Create a health check on port 443 and use that when creating the Managed Instance Group.
  B. Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.
  C. In the Instance Template, add the label `health-check'.
  D. In the Instance Template, add a startup script that sends a heartbeat to the metadata server.
  A. Create a health check on port 443 and use that when creating the Managed Instance Group.

  ---

  Explanation

  MIGs support autohealing, load balancing, autoscaling, and auto-updating. no the Images templates, this is set up in the MIG

• Question 336:

  Your boss has asked you to set up something to perform monitoring and logging. The ideal solution would allow you to monitor your Google Cloud resources as well as a few different EC2 instances running inside AWS. Which option would meet the criteria with the least amount of work?

  A. Deploy a custom solution based on the ELK stack.
  B. Datadog
  C. Stackdriver
  D. AWS Cloudwatch
  C. Stackdriver

  ---

  Explanation

• Question 337:

  You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using UDP. You want to make sure it is reachable by clients over that port. What should you do?

  A. Add the network tag allow-udp-636 to the VM instance running the LDAP server.
  B. Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.
  C. Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.
  D. Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.
  C. Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.

  ---

  Explanation

  You tag the instances ,then create ingress firewall rules to allow udp on desired port for target-tags name applied to instances

• Question 338:

  You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?

  A. 1. Create a subnetwork in the same VPC, in europe-west1. 2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
  B. 1. Create a VPC and a subnetwork in europe-west1. 2.Expose the application with an internal load balancer. 3.Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.
  C. 1. Create a subnetwork in the same VPC, in europe-west1. 2.Use Cloud VPN to connect the two subnetworks. 3.Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
  D. 1. Create a VPC and a subnetwork in europe-west1. 2.Peer the 2 VPCs. 3.Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
  A. 1. Create a subnetwork in the same VPC, in europe-west1. 2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

  ---

  Explanation

  VPC allows you to spawn multiple subnets in different zones. Routing is handled automatically (because Routers are created automatically).

  "use the first instance's private address as the endpoint" means that this new instance will be accessing the app via first intance's private IP (so there should be some routing rules created). Question says: "This new instance needs access to the application."

• Question 339:

  You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

  A. Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.
  B. Grant all engineer's permission to create their own billing accounts for each new project.
  C. Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.
  D. Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.
  A. Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

  ---

  Explanation

  It allows you to centralize billing and payment management while providing flexibility to project creators. By creating a billing account and associating a payment method with it, you establish a central source for billing and payment for all projects.

  Granting project creators permission to associate the billing account with their projects ensures that they can create projects without the need for their individual credit card information. This approach streamlines the process and avoids the hassle of collecting credit card details from each engineer.

  Additionally, this option allows for easy monitoring and management of project costs through a single billing account, making it simpler to track expenses and allocate resources effectively.

• Question 340:

  You've run a command to start up 2 new instances. However, you do not see the instances in the console. What command(s) would help you to identify the cause of the problem?

  A. gcloud debug
  B. gcloud config list
  C. gcloud auth login
  D. gcloud info
  B. gcloud config list
  D. gcloud info

  ---

  Explanation