Google CLOUD-DIGITAL-LEADER Online Practice Questions and Exam Preparation

Google CLOUD-DIGITAL-LEADER Online Questions & Answers

• Question 71:

  Your organization is developing an application that will capture a large amount of data from millions of different sensor devices spread all around the world. Your organization needs a database that is suitable for worldwide, high-speed data storage of a large amount of unstructured data.

  Which Google Cloud product should your organization choose?

  A. Firestore
  B. Cloud Data Fusion
  C. Cloud SQL
  D. Cloud Bigtable
  D. Cloud Bigtable

  ---

  https://cloud.google.com/bigtable Cloud Bigtable is a sparsely populated table that can scale to billions of rows and thousands of columns, enabling you to store terabytes or even petabytes of data. A single value in each row is indexed; this value is known as the row key. Bigtable is ideal for storing very large amounts of single-keyed data with very low latency. It supports high read and write throughput at low latency, and it is an ideal data source for MapReduce operations. Bigtable is exposed to applications through multiple client libraries, including a supported extension to the Apache HBase library for Java. As a result, it integrates with the existing Apache ecosystem of open-source Big Data software. Bigtable's powerful back-end servers offer several key advantages over a self-managed HBase installation: Incredible scalability. Bigtable scales in direct proportion to the number of machines in your cluster. A self-managed HBase installation has a design bottleneck that limits the performance after a certain threshold is reached. Bigtable does not have this bottleneck, so you can scale your cluster up to handle more reads and writes. Simple administration. Bigtable handles upgrades and restarts transparently, and it automatically maintains high data durability. To replicate your data, simply add a second cluster to your instance, and replication starts automatically. No more managing replicas or regions; just design your table schemas, and Bigtable will handle the rest for you. Cluster resizing without downtime. You can increase the size of a Bigtable cluster for a few hours to handle a large load, then reduce the cluster's size again--all without any downtime. After you change a cluster's size, it typically takes just a few minutes under load for Bigtable to balance performance across all of the nodes in your cluster.

• Question 72:

  You are working with a user to set up an application in a new VPC behind a firewall and it is no-ticed that the user is concerned about data egress. Therefore, to provide assistance you want to con-figure the fewest open egress ports. Which of the following statement is correct?

  A. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.
  B. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.
  C. Set up a high-priority (1000) rule to allow the appropriate ports.
  D. Set up a high-priority (1000) rule that pairs both ingress and egress ports.
  B. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

  ---

  Implied rules Every VPC network has two implied firewall rules. These rules exist, but are not shown in the Cloud Console: Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by Google Cloud. A higher priority firewall rule may restrict outbound access. Internet access is allowed if no other firewall rules deny outbound traffic and if the instance has an external IP address or uses a Cloud NAT instance. For more information, see Internet access requirements. Reference link-https://cloud.google.com/vpc/docs/firewalls

• Question 73:

  When is data automatically encrypted in Google Cloud?

  A. When it is at rest only.
  B. When it is at rest and in transit.
  C. When it is in transit only.
  D. Data is not automatically encrypted by default.
  B. When it is at rest and in transit.

  ---

  The question is about when data is automatically encrypted by Google Cloud. Google Cloud Product Relevance: Why Not Other Options: Google Cloud Digital Leader References: Refer to Google Cloud Encryption documentation for more information on how data is encrypted in Google Cloud.

• Question 74:

  An organization wants to measure everything as part of its new DevOps philosophy. What should the organization measure?

  A. The reliability and health of their systems.
  B. The satisfaction and happiness of their employees.
  C. The risk and reward of their investments.
  D. The speed of their cloud adoption process.
  A. The reliability and health of their systems.

  ---

  https://newrelic.com/devops/measuring-devops#toc-devops-measurments-for-team-health

• Question 75:

  Your organization recently migrated its compute workloads to Google Cloud. You want these workloads in Google Cloud to privately and securely access your large volume of on-premises data, and you also want to minimize latency. What should your organization do?

  A. Use Storage Transfer Service to securely make your data available to Google Cloud
  B. Create a VPC between your on-premises data center and your Google resources
  C. Peer your on-premises data center to Google's Edge Network
  D. Use Transfer Appliance to securely make your data available to Google Cloud
  B. Create a VPC between your on-premises data center and your Google resources

  ---

  Explanation Explanation/Reference:create a VPC between your on-premises data center and your Google resources. This can be achieved by using Private Google Access for on-premises hosts, which provides a way for on-premises systems to connect to Google APIs and services by routing traffic through a Cloud VPN tunnel or a VLAN attachment for Cloud Interconnect. This solution should minimize latency as traffic is routed through a Cloud VPN tunnel or a VLAN attachment for Cloud Interconnect, instead of traversing the public internet.

• Question 76:

  Your organization needs a large amount of extra computing power within the next two weeks.

  After those two weeks, the need for the additional resources will end.

  Which is the most cost-effective approach?

  A. Use a committed use discount to reserve a very powerful virtual machine
  B. Purchase one very powerful physical computer
  C. Start a very powerful virtual machine without using a committed use discount
  D. Purchase multiple physical computers and scale workload across them
  C. Start a very powerful virtual machine without using a committed use discount

  ---

  When you purchase a committed use contract, you purchase Compute Engine resources--such as vCPUs, memory, GPUs, local SSDs, and sole-tenant nodes--at a discounted price in return for committing to paying for those resources for 1 year or 3 years

• Question 77:

  An organization has a small development team that has created a web application which runs in a single container. They need a simple serverless and scalable way to host their container Which Google service should the organization use?

  A. Cloud Run
  B. Kubernetes Engine
  C. App Engine
  D. Compute Engine
  A. Cloud Run

• Question 78:

  An organization is concerned about the unlikely event that Google Cloud infrastructure is physically accessed by someone with malicious intent

  How is data protected in Google Cloud?

  A. Data is immediately deleted whenever an intrusion is detected
  B. Data is stored on quantum computers with unbreakable encryption.
  C. Data is stored using robust encryption
  D. Data is stored in random locations around the world to prevent it being found
  C. Data is stored using robust encryption

• Question 79:

  Your company security team manages access control to production systems using an LDAP directory group. How is this access control managed in the Google Cloud production project?

  A. Assign the proper role to the Service Account in the project's IAM Policy
  B. Grant each user the roles/iam.serviceAccountUser role on a service account that exists in the Google Group.
  C. Assign the proper role to the Google Group in the project's IAM Policy.
  D. Create the project in a folder with the same name as the LDAP directory group.
  C. Assign the proper role to the Google Group in the project's IAM Policy.

  ---

  Explanation Explanation/Reference:https://cloud.google.com/blog/products/identity-security/achieving-identity-and-access-governance-on-google-cloud

• Question 80:

  In Google Cloud IAM: if a policy applied at the project level gives you Owner permissions, your access to an individual resource in that project might be restricted to View permission if someone applies a more restrictive policy directly to that resource. What is correct below the options

  A. False
  B. None of the above.
  C. True
  D. Not defined by GCP.
  A. False

  ---

  Policies are a union of those applied to resources themselves and those inherited from higher levels in the hierarchy. If a parent policy is less restrictive, it overrides a more restrictive policy applied to the resource. If a parent policy is more restrictive, it does not override a less restrictive policy applied to the resource. Therefore, access granted at a higher level in the hierarchy cannot be taken away by policies applied at a lower level in the hierarchy.