Your company has hired a third-party analytics company to help find patterns in user data. Your development team has generated a file containing only the data they've requested; which includes personally identifiable information. What is the best way to share the data with the other company?
A. Create a new user for the company and grant them access to the original data source for them to query.
B. Send the file through email.
C. Put the data on Cloud Storage and generate a signed URL that will expire in one hour, and securely share the URL.
D. Put the data on Cloud Storage in a public bucket and securely share the URL.
What's the easiest way to ensure that the nodes in your Kubernetes cluster are always up-to-date with the latest stable version of Kubernetes?
A. Opt into the Kubernetes Node Update program from the quotas page.
B. Run the kubectl nodes update command.
C. Run the kubectl nodes upgrade command.
D. Enable the automatic node upgrades setting.
Your developers have created an application that needs to be able to make calls to Cloud Storage and BigQuery. The code is going to run inside a container and will run on Kubernetes Engine and on- premises. What's the best way for them to authenticate to the Google Cloud services?
A. Create a service account, grant it the least viable privileges to the required services, generate and download a key. Use the key to authenticate inside the application.
B. Use the default service account for App Engine which already has the required permissions.
C. Use the default service account for Compute Engine which already has the required permissions.
D. Create a service account, with editor permissions, generate and download a key. Use the key to authenticate inside the application.
Your developers are trying to connect to an Ubuntu server over SSH to diagnose some errors. However, the connection times out. Which command should help solve the problem?
A. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --allow tcp:22
B. gcloud compute firewall-rules create "open-ssh"
C. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --deny tcp:22
D. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --allow tcp:3389
Your company is moving its continuous integration and delivery (CI/CD) pipeline to Compute Engine instances. The pipeline will manage the entire cloud infrastructure through code. How can you ensure that the pipeline has appropriate permissions while your system is following security best practices?
A. Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure provisioning. Use the human approvals IAM account for the provisioning.
B. Attach a single service account to the compute instances. Add minimal rights to the service account. Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.
C. Attach a single service account to the compute instances. Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources
D. Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and Access Management (IAM) permissions. Use a secret manager service to store the key files of the service accounts. Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.
You are planning to migrate your on-premises data to Google Cloud. The data includes:
200 TB of video files in SAN storage
Data warehouse data stored on Amazon Redshift
20 GB of PNG files stored on an S3 bucket
You need to load the video files into a Cloud Storage bucket, transfer the data warehouse data into BigQuery, and load the PNG files into a second Cloud Storage bucket. You want to follow Google- recommended practices and avoid writing
any code for the migration.
What should you do?
A. Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.
B. Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.
C. Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.
D. Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.
You are in charge of provisioning access for all Google Cloud users in your organization. Your company recently acquired a startup company that has their own Google Cloud organization. You need to ensure that your Site Reliability Engineers (SREs) have the same project permissions in the startup company's organization as in your own organization. What should you do?
A. In the Google Cloud console for your organization, select Create role from selection, and choose destination as the startup company's organization
B. In the Google Cloud console for the startup company, select Create role from selection and choose source as the startup company's Google Cloud organization.
C. Use the gcloud iam roles copy command, and provide the Organization ID of the startup company's Google Cloud Organization as the destination.
D. Use the gcloud iam roles copy command, and provide the project IDs of all projects in the startup company s organization as the destination.
Your company developed an application to deploy on Google Kubernetes Engine. Certain parts of the application are not fault-tolerant and are allowed to have downtime Other parts of the application are critical and must always be available. You need to configure a Goorj e Kubernfl:es Engine duster while optimizing for cost. What should you do?
A. Create a cluster with a single node-pool by using standard VMs. Label the fault-tolerant Deployments as spot-true.
B. Create a cluster with a single node-pool by using Spot VMs. Label the critical Deployments as spot- false.
C. Create a cluster with both a Spot W node pool and a rode pool by using standard VMs Deploy the critical. Deployments on the Spot VM node pool and the fault; tolerant deployments on the node pool by using standard VMs.
D. Create a cluster with both a Spot VM node pool and by using standard VMs. Deploy the critical deployments on the mode pool by using standard VMs and the fault-tolerant deployments on the Spot VM node pool.
You need to deploy an application in Google Cloud using savorless technology. You want to test a new version of the application with a small percentage of production traffic. What should you do?
A. Deploy the application lo Cloud. Run. Use gradual rollouts for traffic spelling.
B. Deploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.
C. Deploy the application to Cloud functions. Saucily the version number in the functions name.
D. Deploy the application to App Engine. For each new version, create a new service.
Your company's security vulnerability management policy wonts 3 member of the security team to have visibility into vulnerabilities and other OS metadata for a specific Compute Engine instance This Compute Engine instance hosts a critical application in your Goggle Cloud project. You need to implement your company's security vulnerability management policy. What should you dc?
A. Ensure that the Ops Agent Is Installed on the Compute Engine instance. Create a custom metric in the Cloud Monitoring dashboard. Provide the security team member with access to this dashboard.
B. Ensure that the Ops Agent is installed on tie Compute Engine instance. Provide the security team member roles/configure.inventoryViewer permission.
C. Ensure that the OS Config agent Is Installed on the Compute Engine instance. Provide the security team member roles/configure.vulnerabilityViewer permission.
D. Ensure that the OS Config agent is installed on the Compute Engine instance Create a log sink Co a BigQuery dataset. Provide the security team member with access to this dataset.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ASSOCIATE-CLOUD-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.