Google Google Certifications PROFESSIONAL-CLOUD-ARCHITECT Questions & Answers

• Question 251:

  Your company just finished a rapid lift and shift to Google Compute Engine for your compute needs. You have another 9 months to design and deploy a more cloud-native solution. Specifically, you want a system that is no-ops and auto-scaling.

  Which two compute products should you choose? Choose 2 answers.

  A. Compute Engine with containers

  B. Google Kubernetes Engine with containers

  C. Google App Engine Standard Environment

  D. Compute Engine with custom instance types

  E. Compute Engine with managed instance groups

  Correct Answer: BC

  B: With Container Engine, Google will automatically deploy your cluster for you, update, patch, secure the nodes.

  Kubernetes Engine's cluster autoscaler automatically resizes clusters based on the demands of the workloads you want to run.

  C: Solutions like Datastore, BigQuery, AppEngine, etc are truly NoOps.

  App Engine by default scales the number of instances running up and down to match the load, thus providing consistent performance for your app at all times while minimizing idle instances and thus reducing cost. Note: At a high level,

  NoOps means that there is no infrastructure to build out and manage during usage of the platform. Typically, the compromise you make with NoOps is that you lose control of the underlying infrastructure.

  References: https://www.quora.com/How-well-does-Google-Container-Engine-support-Google-Cloud-Platform%E2%80%99s-NoOps-claim

• Question 252:

  You want to enable your running Google Kubernetes Engine cluster to scale as demand for your application changes.

  What should you do?

  A. Add additional nodes to your Kubernetes Engine cluster using the following command: gcloud container clusters resize CLUSTER_Name ?-size 10

  B. Add a tag to the instances in the cluster with the following command: gcloud compute instances add-tags INSTANCE - -tags enableautoscaling max-nodes-10

  C. Update the existing Kubernetes Engine cluster with the following command: gcloud alpha container clusters update mycluster - -enableautoscaling - -min-nodes=1 - -max-nodes=10

  D. Create a new Kubernetes Engine cluster with the following command: gcloud alpha container clusters create mycluster - -enableautoscaling - -min-nodes=1 - -max-nodes=10 and redeploy your application

  Correct Answer: C

  https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler

  To enable autoscaling for an existing node pool, run the following command:

  gcloud container clusters update [CLUSTER_NAME] --enable-autoscaling \--min-nodes 1 -- max-nodes 10 --zone [COMPUTE_ZONE] --node-pool default-pool

• Question 253:

  Your marketing department wants to send out a promotional email campaign. The development team wants to minimize direct operation management. They project a wide range of possible customer responses, from 100 to 500,000 click-through per day. The link leads to a simple website that explains the promotion and collects user information and preferences.

  Which infrastructure should you recommend? Choose 2 answers.

  A. Use Google App Engine to serve the website and Google Cloud Datastore to store user data.

  B. Use a Google Container Engine cluster to serve the website and store data to persistent disk.

  C. Use a managed instance group to serve the website and Google Cloud Bigtable to store user data.

  D. Use a single Compute Engine virtual machine (VM) to host a web server, backend by Google Cloud SQL.

  Correct Answer: AC

  

  References: https://cloud.google.com/storage-options/

• Question 254:

  Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced.

  Which two actions can you take? Choose 2 answers.

  A. Ensure every code check-in is peer reviewed by a security SME

  B. Use source code security analyzers as part of the CI/CD pipeline

  C. Ensure you have stubs to unit test all interfaces between components

  D. Enable code signing and a trusted binary repository integrated with your CI/CD pipeline

  E. Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline

  Correct Answer: BE

  https://docs.microsoft.com/en-us/vsts/articles/security-validation-cicd-pipeline?view=vsts

• Question 255:

  Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all projects in the organization. You provision the Google Cloud Resource Manager and set up yourself as the org admin.

  What Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team?

  A. Org viewer, project owner

  B. Org viewer, project viewer

  C. Org admin, project browser

  D. Project owner, network admin

  Correct Answer: B

  https://cloud.google.com/iam/docs/using-iam-securely

• Question 256:

  You are helping the QA team to roll out a new load-testing tool to test the scalability of your primary cloud services that run on Google Compute Engine with Cloud Bigtable.

  Which three requirements should they include? Choose 3 answers.

  A. Ensure that the load tests validate the performance of Cloud Bigtable

  B. Create a separate Google Cloud project to use for the load-testing environment

  C. Schedule the load-testing tool to regularly run against the production environment

  D. Ensure all third-party systems your services use is capable of handling high load

  E. Instrument the production services to record every transaction for replay by the load-testing tool

  F. Instrument the load-testing tool and the target services with detailed logging and metrics collection

  Correct Answer: ABF

• Question 257:

  A recent audit revealed that a new network was created in your GCP project. In this network, a GCE instance has an SSH port open to the world. You want to discover this network's origin.

  What should you do?

  A. Search for Create VM entry in the Stackdriver alerting console

  B. Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry

  C. In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry

  D. Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list

  Correct Answer: C

  Incorrect Answers:

  A: To use the Stackdriver alerting console we must first set up alerting policies.

  B: Data access logs only contain read-only operations.

  Audit logs help you determine who did what, where, and when.

  Cloud Audit Logging returns two types of logs:

  Admin activity logs

  Data access logs: Contains log entries for operations that perform read-only operations do not modify any data, such as get, list, and aggregated list methods.

• Question 258:

  You want to make a copy of a production Linux virtual machine in the US-Central region. You want to manage and replace the copy easily if there are changes on the production virtual machine. You will deploy the copy as a new instance in a different project in the US-East region.

  What steps must you take?

  A. Use the Linux dd and netcat commands to copy and stream the root disk contents to a new virtual machine instance in the US-East region.

  B. Create a snapshot of the root disk and select the snapshot as the root disk when you create a new virtual machine instance in the US-East region.

  C. Create an image file from the root disk with Linux dd command, create a new virtual machine instance in the US-East region

  D. Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file the root disk.

  Correct Answer: D

  https://stackoverflow.com/questions/36441423/migrate-google-compute-engine-instance-to-a-different-region

• Question 259:

  Your company runs several databases on a single MySQL instance. They need to take backups of a specific database at regular intervals. The backup activity needs to complete as quickly as possible and cannot be allowed to impact disk

  performance.

  How should you configure the storage?

  A. Configure a cron job to use the gcloud tool to take regular backups using persistent disk snapshots.

  B. Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage.

  C. Use gcsfise to mount a Google Cloud Storage bucket as a volume directly on the instance and write backups to the mounted location using mysqldump.

  D. Mount additional persistent disk volumes onto each virtual machine (VM) instance in a RAID10 array and use LVM to create snapshots to send to Cloud Storage

  Correct Answer: B

  References: https://github.com/mvarrieur/MySQL-backup-to-Google-Cloud-Storage https://cloud.google.com/storage/docs/gcs-fuse

• Question 260:

  Your company's test suite is a custom C++ application that runs tests throughout each day on Linux virtual machines. The full test suite takes several hours to complete, running on a limited number of on-premises servers reserved for testing. Your company wants to move the testing infrastructure to the cloud, to reduce the amount of time it takes to fully test a change to the system, while changing the tests as little as possible.

  Which cloud infrastructure should you recommend?

  A. Google Compute Engine unmanaged instance groups and Network Load Balancer

  B. Google Compute Engine managed instance groups with auto-scaling

  C. Google Cloud Dataproc to run Apache Hadoop jobs to process each test

  D. Google App Engine with Google StackDriver for logging

  Correct Answer: B