Google Google Certifications ASSOCIATE-CLOUD-ENGINEER Questions & Answers

• Question 41:

  You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

  A. Use the GCP Console to transfer the file instead of gsutil.

  B. Enable parallel composite uploads using gsutil on the file transfer.

  C. Decrease the TCP window size on the machine initiating the transfer.

  D. Change the storage class of the bucket from Nearline to Multi-Regional.

  Correct Answer: B

  Correct answer is B as the bandwidth is good and its a single file, gsutil parallel composite uploads can be used to split the large file and upload in parallel.Refer GCP documentation - Transferring Data to GCP andamp

• Question 42:

  You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

  A. Configure an HTTP(S) load balancer.

  B. Configure an internal TCP load balancer.

  C. Configure an external SSL proxy load balancer.

  D. Configure an external TCP proxy load balancer.

  Correct Answer: A

  Reference: https://cloud.google.com/load-balancing/docs/https/

  According to this guide for setting up an HTTP (S) load balancer in GCP: The client SSL session terminates at the load balancer. Sessions between the load balancer and the instance can either be HTTPS (recommended) or HTTP.

• Question 43:

  You need to grant access for three users so that they can view and edit table data on a Cloud Spanner instance. What should you do?

  A. Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to the role.

  B. Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new group. Add the group to the role.

  C. Run gcloud iam roles describe roles/spanner.viewer - -project my-project. Add the users to the role.

  D. Run gcloud iam roles describe roles/spanner.viewer - -project my-project. Add the users to a new group. Add the group to the role.

  Correct Answer: B

  as per IAM best practices

• Question 44:

  You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

  A. Enable the Node Auto-Repair feature for your GKE cluster.

  B. Enable the Node Auto-Upgrades feature for your GKE cluster.

  C. Select the latest available cluster version for your GKE cluster.

  D. Select "Container-Optimized OS (cos)" as a node image for your GKE cluster.

  Correct Answer: B

  "Creating or upgrading a cluster by specifying the version as does not provide automatic upgrades. Enable automatic node upgrades to ensure that the nodes in your cluster up to date with the latest stable version." --source: https:// cloud.google.com/kubernetes-engine/versioning-and-upgrades

• Question 45:

  You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asianortheast1 region. What should you do?

  A. Change the default region property setting in the existing GCP project to asia-northeast1.

  B. Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

  C. Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.

  D. Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.

  Correct Answer: D

  Option D is correct, as there can be only one App Engine application inside a project . C is incorrect, as GCP can't have two app engine applications.

• Question 46:

  You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?

  A. Run gcloud iam roles list. Review the output section.

  B. Run gcloud iam service-accounts list. Review the output section.

  C. Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

  D. Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

  Correct Answer: C

  C is the only logical answers. If you go IAM and Admin > IAM: You can see Principals and Roles. Users, groups, service accounts are Principals

• Question 47:

  You need to create a new billing account and then link it with an existing Google Cloud Platform project. What should you do?

  A. Verify that you are Project Billing Manager for the GCP project. Update the existing project to link it to the existing billing account.

  B. Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project.

  C. Verify that you are Billing Administrator for the billing account. Create a new project and link the new project to the existing billing account.

  D. Verify that you are Billing Administrator for the billing account. Update the existing project to link it to the existing billing account.

  Correct Answer: B

  Billing Account Administrator

  (roles/billing.admin) Manage billing accounts (but not create them).

  Billing Account User

  (roles/billing.user)

  When granted in conjunction with the Project Owner role or Project Billing Manager role, provides access to associate projects with billing accounts.

• Question 48:

  You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm. What should you do?

  A. Download the private key from the service account, and add it to each VMs custom metadata.

  B. Download the private key from the service account, and add the private key to each VM's SSH keys.

  C. Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

  D. When creating the VMs, set the service account's API scope for Compute Engine to read/write.

  Correct Answer: C

  Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

• Question 49:

  You are deploying an application to a Compute Engine VM in a managed instance group. The application must be running at all times, but only a single instance of the VM should run per GCP project. How should you configure the instance group?

  A. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

  B. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

  C. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

  D. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

  Correct Answer: A

  In my GCP console, I created a managed instance group for each answer. For each answer I deleted the instance that was created as a simple test to prove or disprove each answer.

  In answer A, another instance was created after I deleted the instance In answer B, no other instance was created after I deleted the instance In answer C, another instance was created after I deleted the instance In answer D, no other instance was created after I deleted the instance

  My observation is A is the correct Answer.

  A - Correct - It correctly solves the problem with only a single instance at one time B - Incorrect - Does not fit the requirement because AFTER the deletion of the instance, no other instance was created C - Incorrect - It creates another instance after the delete HOWEVER it 2 VM's could be created even if the target is exceeded D - Incorrect - Does not fit the requirement because AFTER the deletion of the instance, no other instance was created

• Question 50:

  You need to monitor resources that are distributed over different projects in Google Cloud Platform. You want to consolidate reporting under the same Stackdriver Monitoring dashboard. What should you do?

  A. Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.

  B. For each project, create a Stackdriver account. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects.

  C. Configure a single Stackdriver account, and link all projects to the same account.

  D. Configure a single Stackdriver account for one of the projects. In Stackdriver, create a Group and add the other project names as criteria for that Group.

  Correct Answer: C

  First of all D is incorrect, Groups are used to define alerts on set of resources(such as VM instances, databases, and load balancers). FYI tried adding Two projects into a group it did not allowed me as the "AND"/"OR" criteria for the group

  failed with this combination of resources.

  C is correct because,

  When you intially click on Monitoring(Stackdriver Monitoring) it creates a workspac(a stackdriver account) linked to the ACTIVE(CURRENT) Project from which it was clicked.

  Now if you change the project and again click onto Monitoring it would create an another workspace(a stackdriver account) linked to the changed ACTIVE(CURRENT) Project, we don't want this as this would not consolidate our result into a single dashboard(workspace/stackdriver account).

  If you have accidently created two diff workspaces merge them under Monitoring > Settings > Merge Workspaces > MERGE.

  If we have only one workspace and two projects we can simply add other GCP Project under

  Monitoring > Settings > GCP Projects > Add GCP Projects.

  In both of these cases we did not create a GROUP, we just linked GCP Project to the workspace(stackdriver account).