Test Baru 2
|
|
Title of test:
![]() Test Baru 2 Description: Test Terbaru 2 |



| New Comment |
|---|
NO RECORDS |
|
You want to make a copy of a production Linux virtual machine in the US-Central region. You want to manage and replace the copy easily if there are changes on the production virtual machine. You will deploy the copy as a new instance in a different project in the US-East region. What steps must you take?. A.Use the Linux dd and netcat commands to copy and stream the root disk contents to a new virtual machine instance in the US-East region. B.Create a snapshot of the root disk and select the snapshot as the root disk when you create a new virtual machine instance in the US-East region. C.Create an image file from the root disk with Linux dd command, create a new virtual machine instance in the US-East region. D.Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file the root disk. Your company runs several databases on a single MySQL instance. They need to take backups of a specific database at regular intervals. The backup activity needs to complete as quickly as possible and cannot be allowed to impact disk performance. How should you configure the storage?. A.Configure a cron job to use the gcloud tool to take regular backups using persistent disk snapshots. B.Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage. C.Use gcsfise to mount a Google Cloud Storage bucket as a volume directly on the instance and write backups to the mounted location using mysqldump. D.Mount additional persistent disk volumes onto each virtual machine (VM) instance in a RAID10 array and use LVM to create snapshots to send to Cloud Storage. You are helping the QA team to roll out a new load-testing tool to test the scalability of your primary cloud services that run on Google Compute Engine with Cloud Bigtable. Which three requirements should they include? (Choose three.). A.Ensure that the load tests validate the performance of Cloud Bigtable. B.Create a separate Google Cloud project to use for the load-testing environment. C.Schedule the load-testing tool to regularly run against the production environment. D.Ensure all third-party systems your services use is capable of handling high load. E.Instrument the production services to record every transaction for replay by the load-testing tool. F.Instrument the load-testing tool and the target services with detailed logging and metrics collection. Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all projects in the organization. You provision the Google Cloud Resource Manager and set up yourself as the org admin. What Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team?. A.Org viewer, project owner. B.Org viewer, project viewer. C.Org admin, project browser. D.Project owner, network admin. Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take? (Choose two.). A.Ensure every code check-in is peer reviewed by a security SME. B.Use source code security analyzers as part of the CI/CD pipeline. C.Ensure you have stubs to unit test all interfaces between components. D.Enable code signing and a trusted binary repository integrated with your CI/CD pipeline. E.Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline. You want to enable your running Google Kubernetes Engine cluster to scale as demand for your application changes. What should you do?. A.Add additional nodes to your Kubernetes Engine cluster using the following command: gcloud container clusters resize CLUSTER_Name ג€" -size 10. B.Add a tag to the instances in the cluster with the following command: gcloud compute instances add-tags INSTANCE - -tags enable- autoscaling max-nodes-10. C.Update the existing Kubernetes Engine cluster with the following command: gcloud alpha container clusters update mycluster - -enable- autoscaling - -min-nodes=1 - -max-nodes=10. D.Create a new Kubernetes Engine cluster with the following command: gcloud alpha container clusters create mycluster - -enable- autoscaling - -min-nodes=1 - -max-nodes=10 and redeploy your application. Your marketing department wants to send out a promotional email campaign. The development team wants to minimize direct operation management. They project a wide range of possible customer responses, from 100 to 500,000 click-through per day. The link leads to a simple website that explains the promotion and collects user information and preferences. Which infrastructure should you recommend? (Choose two.). A.Use Google App Engine to serve the website and Google Cloud Datastore to store user data. B.Use a Google Container Engine cluster to serve the website and store data to persistent disk. C.Use a managed instance group to serve the website and Google Cloud Bigtable to store user data. D.Use a single Compute Engine virtual machine (VM) to host a web server, backend by Google Cloud SQL. Your company just finished a rapid lift and shift to Google Compute Engine for your compute needs. You have another 9 months to design and deploy a more cloud-native solution. Specifically, you want a system that is no-ops and auto-scaling. Which two compute products should you choose? (Choose two.). A.Compute Engine with containers. B.Google Kubernetes Engine with containers. C.Google App Engine Standard Environment. D.Compute Engine with custom instance types. E.Compute Engine with managed instance groups. You are creating a solution to remove backup files older than 90 days from your backup Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?. A.Write a lifecycle management rule in XML and push it to the bucket with gsutil. B.Write a lifecycle management rule in JSON and push it to the bucket with gsutil. C.Schedule a cron script using gsutil ls ג€"lr gs://backups/** to find and remove items older than 90 days. D.Schedule a cron script using gsutil ls ג€"l gs://backups/** to find and remove items older than 90 days and schedule it with cron. One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify authenticity of your logs?. A.Write the log concurrently in the cloud and on premises. B.Use a SQL database and limit who can modify the log table. C.Digitally sign each timestamp and log entry and store the signature. D.Create a JSON dump of each log entry and store it in Google Cloud Storage. Your company has a Google Workspace account and Google Cloud Organization. Some developers in the company have created Google Cloud projects outside of the Google Cloud Organization. You want to create an Organization structure that allows developers to create projects, but prevents them from modifying production projects. You want to manage policies for all projects centrally and be able to set more restrictive policies for production projects. You want to minimize disruption to users and developers when business needs change in the future. You want to follow Google-recommended practices. Now should you design the Organization structure?. A.1. Create a second Google Workspace account and Organization. 2. Grant all developers the Project Creator IAM role on the new Organization. 3. Move the developer projects into the new Organization. 4. Set the policies for all projects on both Organizations. 5. Additionally, set the production policies on the original Organization. B.1. Create a folder under the Organization resource named ג€Production.ג€ 2. Grant all developers the Project Creator IAM role on the new Organization. 3. Move the developer projects into the new Organization. 4. Set the policies for all projects on the Organization. 5. Additionally, set the production policies on the ג€Productionג€ folder. C.1. Create folders under the Organization resource named ג€Developmentג€ and ג€Production.ג€ 2. Grant all developers the Project Creator IAM role on the ג€Developmentג€ folder. 3. Move the developer projects into the ג€Developmentג€ folder. 4. Set the policies for all projects on the Organization. 5. Additionally, set the production policies on the ג€Productionג€ folder. D.1. Designate the Organization for production projects only. 2. Ensure that developers do not have the Project Creator IAM role on the Organization. 3. Create development projects outside of the Organization using the developer Google Workspace accounts. 4. Set the policies for all projects on the Organization. 5. Additionally, set the production policies on the individual production projects. Your company has an application running on Compute Engine that allows users to play their favorite music. There are a fixed number of instances. Files are stored in Cloud Storage, and data is streamed directly to users. Users are reporting that they sometimes need to attempt to play popular songs multiple times before they are successful. You need to improve the performance of the application. What should you do?. A.1. Mount the Cloud Storage bucket using gcsfuse on all backend Compute Engine instances. 2. Serve music files directly from the backend Compute Engine instance. B.1. Create a Cloud Filestore NFS volume and attach it to the backend Compute Engine instances. 2. Download popular songs in Cloud Filestore. 3. Serve music files directly from the backend Compute Engine instance. C.1. Copy popular songs into CloudSQL as a blob. 2. Update application code to retrieve data from CloudSQL when Cloud Storage is overloaded. D.1. Create a managed instance group with Compute Engine instances. 2. Create a global load balancer and configure it with two backends: ג—‹ Managed instance group ג—‹ Cloud Storage bucket 3. Enable Cloud CDN on the bucket backend. The operations team in your company wants to save Cloud VPN log events for one year. You need to configure the cloud infrastructure to save the logs. What should you do?. A.Set up a filter in Cloud Logging and a Cloud Storage bucket as an export target for the logs you want to save. B.Enable the Compute Engine API, and then enable logging on the firewall rules that match the traffic you want to save. C.Set up a Cloud Logging Dashboard titled Cloud VPN Logs, and then add a chart that queries for the VPN metrics over a one-year time period. D.Set up a filter in Cloud Logging and a topic in Pub/Sub to publish the logs. You are working with a data warehousing team that performs data analysis. The team needs to process data from external partners, but the data contains personally identifiable information (PII). You need to process and store the data without storing any of the PIIE data. What should you do?. A.Create a Dataflow pipeline to retrieve the data from the external sources. As part of the pipeline, use the Cloud Data Loss Prevention (Cloud DLP) API to remove any PII data. Store the result in BigQuery. B.Create a Dataflow pipeline to retrieve the data from the external sources. As part of the pipeline, store all non-PII data in BigQuery and store all PII data in a Cloud Storage bucket that has a retention policy set. C.Ask the external partners to upload all data on Cloud Storage. Configure Bucket Lock for the bucket. Create a Dataflow pipeline to read the data from the bucket. As part of the pipeline, use the Cloud Data Loss Prevention (Cloud DLP) API to remove any PII data. Store the result in BigQuery. D.Ask the external partners to import all data in your BigQuery dataset. Create a dataflow pipeline to copy the data into a new table. As part of the Dataflow bucket, skip all data in columns that have PII data. You want to allow your operations team to store logs from all the production projects in your Organization, without including logs from other projects. All of the production projects are contained in a folder. You want to ensure that all logs for existing and new production projects are captured automatically. What should you do?. A.Create an aggregated export on the Production folder. Set the log sink to be a Cloud Storage bucket in an operations project. B.Create an aggregated export on the Organization resource. Set the log sink to be a Cloud Storage bucket in an operations project. C.Create log exports in the production projects. Set the log sinks to be a Cloud Storage bucket in an operations project. D.Create log exports in the production projects. Set the log sinks to be BigQuery datasets in the production projects, and grant IAM access to the operations team to run queries on the datasets. Your company has an application that is running on multiple instances of Compute Engine. It generates 1 TB per day of logs. For compliance reasons, the logs need to be kept for at least two years. The logs need to be available for active query for 30 days. After that, they just need to be retained for audit purposes. You want to implement a storage solution that is compliant, minimizes costs, and follows Google-recommended practices. What should you do?. A.1. Install a Cloud Logging agent on all instances. 2. Create a sink to export logs into a regional Cloud Storage bucket. 3. Create an Object Lifecycle rule to move files into a Coldline Cloud Storage bucket after one month. 4. Configure a retention policy at the bucket level using bucket lock. B.1. Write a daily cron job, running on all instances, that uploads logs into a Cloud Storage bucket. 2. Create a sink to export logs into a regional Cloud Storage bucket. 3. Create an Object Lifecycle rule to move files into a Coldline Cloud Storage bucket after one month. C.1. Install a Cloud Logging agent on all instances. 2. Create a sink to export logs into a partitioned BigQuery table. 3. Set a time_partitioning_expiration of 30 days. D.1. Create a daily cron job, running on all instances, that uploads logs into a partitioned BigQuery table. 2. Set a time_partitioning_expiration of 30 days. Your company has just recently activated Cloud Identity to manage users. The Google Cloud Organization has been configured as well. The security team needs to secure projects that will be part of the Organization. They want to prohibit IAM users outside the domain from gaining permissions from now on. What should they do?. A.Configure an organization policy to restrict identities by domain. B.Configure an organization policy to block creation of service accounts. C.Configure Cloud Scheduler to trigger a Cloud Function every hour that removes all users that don't belong to the Cloud Identity domain from all projects. D.Create a technical user (e.g., crawler@yourdomain.com), and give it the project owner role at root organization level. Write a bash script that: ג€¢ Lists all the IAM rules of all projects within the organization. ג€¢ Deletes all users that do not belong to the company domain. Create a Compute Engine instance in a project within the Organization and configure gcloud to be executed with technical user credentials. Configure a cron job that executes the bash script every hour. Your company has an application running on Google Cloud that is collecting data from thousands of physical devices that are globally distributed. Data is published to Pub/Sub and streamed in real time into an SSD Cloud Bigtable cluster via a Dataflow pipeline. The operations team informs you that your Cloud Bigtable cluster has a hotspot, and queries are taking longer than expected. You need to resolve the problem and prevent it from happening in the future. What should you do. A.Advise your clients to use HBase APIs instead of NodeJS APIs. B.Delete records older than 30 days. C.Review your RowKey strategy and ensure that keys are evenly spread across the alphabet. D.Double the number of nodes you currently have. Your company has a Google Cloud project that uses BigQuery for data warehousing. There are some tables that contain personally identifiable information (PII). Only the compliance team may access the PII. The other information in the tables must be available to the data science team. You want to minimize cost and the time it takes to assign appropriate access to the tables. What should you do?. A.1. From the dataset where you have the source data, create views of tables that you want to share, excluding PII. 2. Assign an appropriate project-level IAM role to the members of the data science team. 3. Assign access controls to the dataset that contains the view. B.1. From the dataset where you have the source data, create materialized views of tables that you want to share, excluding PII. 2. Assign an appropriate project-level IAM role to the members of the data science team. 3. Assign access controls to the dataset that contains the view. C.1. Create a dataset for the data science team. 2. Create views of tables that you want to share, excluding PII. 3. Assign an appropriate project-level IAM role to the members of the data science team. 4. Assign access controls to the dataset that contains the view. 5. Authorize the view to access the source dataset. D.1. Create a dataset for the data science team. 2. Create materialized views of tables that you want to share, excluding PII. 3. Assign an appropriate project-level IAM role to the members of the data science team. 4. Assign access controls to the dataset that contains the view. 5. Authorize the view to access the source dataset. Your company is forecasting a sharp increase in the number and size of Apache Spark and Hadoop jobs being run on your local datacenter. You want to utilize the cloud to help you scale this upcoming demand with the least amount of operations work and code change. Which product should you use?. A.Google Cloud Dataflow. B.Google Cloud Dataproc. C.Google Compute Engine. D.Google Kubernetes Engine. Your operations team currently stores 10 TB of data in an object storage service from a third-party provider. They want to move this data to a Cloud Storage bucket as quickly as possible, following Google-recommended practices. They want to minimize the cost of this data migration. Which approach should they use?. A.Use the gsutil mv command to move the data. B.Use the Storage Transfer Service to move the data. C.Download the data to a Transfer Appliance, and ship it to Google. D.Download the data to the on-premises data center, and upload it to the Cloud Storage bucket. You have a Compute Engine managed instance group that adds and removes Compute Engine instances from the group in response to the load on your application. The instances have a shutdown script that removes REDIS database entries associated with the instance. You see that many database entries have not been removed, and you suspect that the shutdown script is the problem. You need to ensure that the commands in the shutdown script are run reliably every time an instance is shut down. You create a Cloud Function to remove the database entries. What should you do next?. A.Modify the shutdown script to wait for 30 seconds before triggering the Cloud Function. B.Do not use the Cloud Function. Modify the shutdown script to restart if it has not completed in 30 seconds. C.Set up a Cloud Monitoring sink that triggers the Cloud Function after an instance removal log message arrives in Cloud Logging. D.Modify the shutdown script to wait for 30 seconds and then publish a message to a Pub/Sub queue. You are managing several projects on Google Cloud and need to interact on a daily basis with BigQuery, Bigtable, and Kubernetes Engine using the gcloud CL tool. You are travelling a lot and work on different workstations during the week. You want to avoid having to manage the gcloud CLI manually. What should you do?. A.Use Google Cloud Shell in the Google Cloud Console to interact with Google Cloud. B.Create a Compute Engine instance and install gcloud on the instance. Connect to this instance via SSH to always use the same gcloud installation when interacting with Google Cloud. C.Install gcloud on all of your workstations. Run the command gcloud components auto-update on each workstation. D.Use a package manager to install gcloud on your workstations instead of installing it manually. Your company recently acquired a company that has infrastructure in Google Cloud. Each company has its own Google Cloud organization. Each company is using a Shared Virtual Private Cloud (VPC) to provide network connectivity for its applications. Some of the subnets used by both companies overlap. In order for both businesses to integrate, the applications need to have private network connectivity. These applications are not on overlapping subnets. You want to provide connectivity with minimal re-engineering. What should you do?. A.Set up VPC peering and peer each Shared VPC together. B.Migrate the projects from the acquired company into your company's Google Cloud organization. Re-launch the instances in your companies Shared VPC. C.Set up a Cloud VPN gateway in each Shared VPC and peer Cloud VPNs. D.Configure SSH port forwarding on each application to provide connectivity between applications in the different Shared VPCs. You are managing several internal applications that are deployed on Compute Engine. Business users inform you that an application has become very slow over the past few days. You want to find the underlying cause in order to solve the problem. What should you do first?. A.Inspect the logs and metrics from the instances in Cloud Logging and Cloud Monitoring. B.Change the Compute Engine Instances behind the application to a machine type with more CPU and memory. C.Restore a backup of the application database from a time before the application became slow. D.Deploy the applications on a managed instance group with autoscaling enabled. Add a load balancer in front of the managed instance group, and have the users connect to the IP of the load balancer. Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. When releasing new versions of the application via a rolling deployment, the team has been causing outages. The root cause of the outages is misconfigurations with parameters that are only used in production. You want to put preventive measures for this in the platform to prevent outages. What should you do?. A.Configure liveness and readiness probes in the Pod specification. B.Configure health checks on the managed instance group. C.Create a Scheduled Task to check whether the application is available. D.Configure an uptime alert in Cloud Monitoring. Your company uses Google Kubernetes Engine (GKE) as a platform for all workloads. Your company has a single large GKE cluster that contains batch, stateful, and stateless workloads. The GKE cluster is configured with a single node pool with 200 nodes. Your company needs to reduce the cost of this cluster but does not want to compromise availability. What should you do?. A.Create a second GKE cluster for the batch workloads only. Allocate the 200 original nodes across both clusters. B.Configure CPU and memory limits on the namespaces in the cluster. Configure all Pods to have a CPU and memory limits. C.Configure a HorizontalPodAutoscaler for all stateless workloads and for all compatible stateful workloads. Configure the cluster to use node auto scaling. D.Change the node pool to use preemptible VMs. Your company has a Google Cloud project that uses BigQuery for data warehousing on a pay-per-use basis. You want to monitor queries in real time to discover the most costly queries and which users spend the most. What should you do?. A.1. In the BigQuery dataset that contains all the tables to be queried, add a label for each user that can launch a query. 2. Open the Billing page of the project. 3. Select Reports. 4. Select BigQuery as the product and filter by the user you want to check. B.1. Create a Cloud Logging sink to export BigQuery data access logs to BigQuery. 2. Perform a BigQuery query on the generated table to extract the information you need. C.1. Create a Cloud Logging sink to export BigQuery data access logs to Cloud Storage. 2. Develop a Dataflow pipeline to compute the cost of queries split by users. D.1. Activate billing export into BigQuery. 2. Perform a BigQuery query on the billing table to extract the information you need. Your company and one of its partners each have a Google Cloud project in separate organizations. Your company's project (prj-a) runs in Virtual Private Cloud (vpc-a). The partner's project (prj-b) runs in vpc-b. There are two instances running on vpc-a and one instance running on vpc-b. Subnets defined in both VPCs are not overlapping. You need to ensure that all instances communicate with each other via internal IPs, minimizing latency and maximizing throughput. What should you do?. A.Set up a network peering between vpc-a and vpc-b. B.Set up a VPN between vpc-a and vpc-b using Cloud VPN. C.Configure IAP TCP forwarding on the instance in vpc-b, and then launch the following gcloud command from one of the instances in vpc-a gcloud: gcloud compute start-iap-tunnel INSTANCE_NAME_IN_VPC_8 22 \ --local-host-port=localhost:22. D.1. Create an additional instance in vpc-a. 2. Create an additional instance in vpc-b. 3. Install OpenVPN in newly created instances. 4. Configure a VPN tunnel between vpc-a and vpc-b with the help of OpenVPN. You want to store critical business information in Cloud Storage buckets. The information is regularly changed, but previous versions need to be referenced on a regular basis. You want to ensure that there is a record of all changes to any information in these buckets. You want to ensure that accidental edits or deletions can be easily rolled back. Which feature should you enable. A.Bucket Lock. B.Object Versioning. C.Object change notification. D.Object Lifecycle Management. The database administration team has asked you to help them improve the performance of their new database server running on Google Compute Engine. The database is for importing and normalizing their performance statistics and is built with MySQL running on Debian Linux. They have an n1-standard-8 virtual machine with 80 GB of SSD persistent disk. What should they change to get better performance from this system?. A.Increase the virtual machine's memory to 64 GB. B.Create a new virtual machine running PostgreSQL. C.Dynamically resize the SSD persistent disk to 500 GB. D.Migrate their performance metrics warehouse to BigQuery. E.Modify all of their batch jobs to use bulk inserts into the database. You have a Compute Engine application that you want to autoscale when total memory usage exceeds 80%. You have installed the Cloud Monitoring agent and configured the autoscaling policy as follows: ✑ Metric identifier: agent.googleapis.com/memory/percent_used ✑ Filter: metric.label.state = 'used' ✑ Target utilization level: 80 ✑ Target type: GAUGE You observe that the application does not scale under high load. You want to resolve this. What should you do?. A.Change the Target type to DELTA_PER_MINUTE. B.Change the Metric identifier to agent.googleapis.com/memory/bytes_used. C.Change the filter to metric.label.state = 'used' AND metric.label.state = 'buffered' AND metric.label.state = 'cached' AND metric.label.state = 'slab'. D.Change the filter to metric.label.state = 'free' and the Target utilization to 20. You are deploying an application to Google Cloud. The application is part of a system. The application in Google Cloud must communicate over a private network with applications in a non-Google Cloud environment. The expected average throughput is 200 kbps. The business requires: ✑ as close to 100% system availability as possible ✑ cost optimization You need to design the connectivity between the locations to meet the business requirements. What should you provision?. A.An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway. B.Two Classic Cloud VPN gateways connected to two on-premises VPN gateways Configure each Classic Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways. C.Two HA Cloud VPN gateways connected to two on-premises VPN gateways Configure each HA Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways. D.A single Cloud VPN gateway connected to an on-premises VPN gateway. Your company has an application running on App Engine that allows users to upload music files and share them with other people. You want to allow users to upload files directly into Cloud Storage from their browser session. The payload should not be passed through the backend. What should you do?. A.1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App Engine application is an allowed origin. 2. Use the Cloud Storage Signed URL feature to generate a POST URL. B.1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App Engine application is an allowed origin. 2. Assign the Cloud Storage WRITER role to users who upload files. C.1. Use the Cloud Storage Signed URL feature to generate a POST URL. 2. Use App Engine default credentials to sign requests against Cloud Storage. D.1. Assign the Cloud Storage WRITER role to users who upload files. 2. Use App Engine default credentials to sign requests against Cloud Storage. You are configuring the cloud network architecture for a newly created project in Google Cloud that will host applications in Compute Engine. Compute Engine virtual machine instances will be created in two different subnets (sub-a and sub-b) within a single region: • Instances in sub-a will have public IP addresses. • Instances in sub-b will have only private IP addresses. To download updated packages, instances must connect to a public repository outside the boundaries of Google Cloud. You need to allow sub-b to access the external repository. What should you do?. A.Enable Private Google Access on sub-b. B.Configure Cloud NAT and select sub-b in the NAT mapping section. C.Configure a bastion host instance in sub-a to connect to instances in sub-b. D.Enable Identity-Aware Proxy for TCP forwarding for instances in sub-b. Your company is planning to migrate their Windows Server 2022 from their on-premises data center to Google Cloud. You need to bring the licenses that are currently in use in on-premises virtual machines into the target cloud environment. What should you do?. A.1. Create an image of the on-premises virtual machines and upload into Cloud Storage. 2. Import the image as a virtual disk on Compute Engine. B.1. Create standard instances on Compute Engine. 2. Select as the OS the same Microsoft Windows version that is currently in use in the on-premises environment. C.1. Create an image of the on-premises virtual machine. 2. Import the image as a virtual disk on Compute Engine. 3. Create a standard instance on Compute Engine, selecting as the OS the same Microsoft Windows version that is currently in use in the on-premises environment. 4. Attach a data disk that includes data that matches the created image. D.1. Create an image of the on-premises virtual machines. 2. Import the image as a virtual disk on Compute Engine using --os=windows-2022-dc-v. 3. Create a sole-tenancy instance on Compute Engine that uses the imported disk as a boot disk. You are deploying an application to Google Cloud. The application is part of a system. The application in Google Cloud must communicate over a private network with applications in a non-Google Cloud environment. The expected average throughput is 200 kbps. The business requires: • 99.99% system availability • cost optimization You need to design the connectivity between the locations to meet the business requirements. What should you provision?. A.An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway. B.A Classic Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway. C.Two HA Cloud VPN gateways connected to two on-premises VPN gateways. Configure each HA Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways. D.A Classic Cloud VPN gateway connected with one tunnel to an on-premises VPN gateway. Your company wants to migrate their 10-TB on-premises database export into Cloud Storage. You want to minimize the time it takes to complete this activity and the overall cost. The bandwidth between the on-premises environment and Google Cloud is 1 Gbps. You want to follow Google-recommended practices. What should you do?. A.Develop a Dataflow job to read data directly from the database and write it into Cloud Storage. B.Use the Data Transfer appliance to perform an offline migration. C.Use a commercial partner ETL solution to extract the data from the on-premises database and upload it into Cloud Storage. D.Upload the data with gcloud storage cp. You are working at a financial institution that stores mortgage loan approval documents on Cloud Storage. Any change to these approval documents must be uploaded as a separate approval file. You need to ensure that these documents cannot be deleted or overwritten for the next 5 years. What should you do?. A.Create a retention policy on the bucket for the duration of 5 years. Create a lock on the retention policy. B.Create a retention policy organizational constraint constraints/storage.retentionPolicySeconds at the organization level. Set the duration to 5 years. C.Use a customer-managed key for the encryption of the bucket. Rotate the key after 5 years. D.Create a retention policy organizational constraint constraints/storage.retentionPolicySeconds at the project level. Set the duration to 5 years. Your company has decided to make a major revision of their API in order to create better experiences for their developers. They need to keep the old version of the API available and deployable, while allowing new customers and testers to try out the new API. They want to keep the same SSL and DNS records in place to serve both APIs. What should they do?. A.Configure a new load balancer for the new version of the API. B.Reconfigure old clients to use a new endpoint for the new API. C.Have the old API forward traffic to the new API based on the path. D.Use separate backend pools for each API path behind the load balancer. You have a Compute Engine application that you want to autoscale when total memory usage exceeds 80%. You have installed the Cloud Monitoring agent and configured the autoscaling policy as follows: You observe that the application does not scale under high load. You want to resolve this. What should you do?. A.Change the Target type to DELTA_PER_MINUTE. B.Change the Metric identifier to agent.googleapis.com/memory/bytes_used. C.Change the filter to metric.label.state = ‘used’. D.Change the filter to metric.label.state = ‘free’ and the Target utilization to 20. Your company plans to migrate a multi-petabyte data set to the cloud. The data set must be available 24hrs a day. Your business analysts have experience only with using a SQL interface. How should you store the data to optimize it for ease of analysis?. A.Load data into Google BigQuery. B.Insert data into Google Cloud SQL. C.Put flat files into Google Cloud Storage. D.Stream data into Google Cloud Datastore. You want to optimize the performance of an accurate, real-time, weather-charting application. The data comes from 50,000 sensors sending 10 readings a second, in the format of a timestamp and sensor reading. Where should you store the data?. A.Google BigQuery. B.Google Cloud SQL. C.Google Cloud Bigtable. D.Google Cloud Storage. Your company has a Google Cloud project that uses BigOuery for data warehousing. The VPN tunnel between the on-premises environment and Google Cloud is configured with Cloud VPN. Your security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing. What should you do?. A.Configure Private Service Connect. B.Configure VPC Service Controls and configure Private Google Access for on-promises hosts. C.Create a service account, grant the BigQuery JobUser role and Storage Object Viewer role to the service account, and remove all other Identity and Access Management (IAM) access from the project. D.Configure Private Google Access. Your company's user-feedback portal comprises a standard LAMP stack replicated across two zones. It is deployed in the us-central1 region and uses autoscaled managed instance groups on all layers, except the database. Currently, only a small group of select customers have access to the portal. The portal meets a 99,99% availability SLA under these conditions. However next quarter, your company will be making the portal available to all users, including unauthenticated users. You need to develop a resiliency testing strategy to ensure the system maintains the SLA once they introduce additional user load. What should you do?. A.Capture existing users input, and replay captured user load until autoscale is triggered on all layers. At the same time, terminate all resources in one of the zones. B.Create synthetic random user input, replay synthetic load until autoscale logic is triggered on at least one layer, and introduce ג€chaosג€ to the system by terminating random resources on both zones. C.Expose the new system to a larger group of users, and increase group size each day until autoscale logic is triggered on all layers. At the same time, terminate random resources on both zones. D.Capture existing users input, and replay captured user load until resource utilization crosses 80%. Also, derive estimated number of users based on existing user's usage of the app, and deploy enough resources to handle 200% of expected load. One of the developers on your team deployed their application in Google Container Engine with the Dockerfile below. They report that their application deployments are taking too long. Question You want to optimize this Dockerfile for faster deployment times without adversely affecting the app's functionality. Which two actions should you take? (Choose two.). A.Remove Python after running pip. B.Remove dependencies from requirements.txt. C.Use a slimmed-down base image like Alpine Linux. D.Use larger machine types for your Google Container Engine node pools. E.Copy the source after he package dependencies (Python and pip) are installed. Your solution is producing performance bugs in production that you did not see in staging and test environments. You want to adjust your test and deployment procedures to avoid this problem in the future. What should you do?. A.Deploy fewer changes to production. B.Deploy smaller changes to production. C.Increase the load on your test and staging environments. D.Deploy changes to a small subset of users before rolling out to production. A small number of API requests to your microservices-based application take a very long time. You know that each request to the API can traverse many services. You want to know which service takes the longest in those cases. What should you do?. A.Set timeouts on your application so that you can fail requests faster. B.Send custom metrics for each of your requests to Stackdriver Monitoring. C.Use Stackdriver Monitoring to look for insights that show when your API latencies are high. D.Instrument your application with Stackdriver Trace in order to break down the request latencies at each microservice. During a high traffic portion of the day, one of your relational databases crashes, but the replica is never promoted to a master. You want to avoid this in the future. What should you do?. A.Use a different database. B.Choose larger instances for your database. C.Create snapshots of your database more regularly. D.Implement routinely scheduled failovers of your databases. Your organization requires that metrics from all applications be retained for 5 years for future analysis in possible legal proceedings. Which approach should you use?. A.Grant the security team access to the logs in each Project. B.Configure Stackdriver Monitoring for all Projects, and export to BigQuery. C.Configure Stackdriver Monitoring for all Projects with the default retention policies. D.Configure Stackdriver Monitoring for all Projects, and export to Google Cloud Storage. Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires private address space communication. Which networking approach should you use?. A.Google Cloud Dedicated Interconnect. B.Google Cloud VPN connected to the data center network. C.A NAT and TLS translation gateway installed on-premises. D.A Google Compute Engine instance with a VPN server installed connected to the data center network. Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process. What should you do?. A.Create custom Google Stackdriver alerts and send them to the auditor. B.Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor. C.Use cloud functions to transfer log entries to Google Cloud SQL and use ACLs and views to limit an auditor's view. D.Enable Google Cloud Storage (GCS) log export to audit logs into a GCS bucket and delegate access to the bucket. You are designing a large distributed application with 30 microservices. Each of your distributed microservices needs to connect to a database back-end. You want to store the credentials securely. Where should you store the credentials?. A.In the source code. B.In an environment variable. C.In a secret management system. D.In a config file that has restricted access through ACLs. The operations manager asks you for a list of recommended practices that she should consider when migrating a J2EE application to the cloud. Which three practices should you recommend? (Choose three.). A.Port the application code to run on Google App Engine. B.Integrate Cloud Dataflow into the application to capture real-time metrics. C.Instrument the application with a monitoring tool like Stackdriver Debugger. D.Select an automation framework to reliably provision the cloud infrastructure. E.Deploy a continuous integration tool with automated testing in a staging environment. F.Migrate from MySQL to a managed NoSQL database like Google Cloud Datastore or Bigtable. A lead engineer wrote a custom tool that deploys virtual machines in the legacy data center. He wants to migrate the custom tool to the new cloud environment. You want to advocate for the adoption of Google Cloud Deployment Manager. What are two business risks of migrating to Cloud Deployment Manager? (Choose two.). A.Cloud Deployment Manager uses Python. B.Cloud Deployment Manager APIs could be deprecated in the future. C.Cloud Deployment Manager is unfamiliar to the company's engineers. D.Cloud Deployment Manager requires a Google APIs service account to run. E.Cloud Deployment Manager can be used to permanently delete cloud resources. F.Cloud Deployment Manager only supports automation of Google Cloud resources. A development manager is building a new application. He asks you to review his requirements and identify what cloud technologies he can use to meet them. The application must: 1. Be based on open-source technology for cloud portability 2. Dynamically scale compute capacity based on demand 3. Support continuous software delivery 4. Run multiple segregated copies of the same application stack 5. Deploy application bundles using dynamic templates 6. Route network traffic to specific services based on URL Which combination of technologies will meet all of his requirements?. A.Google Kubernetes Engine, Jenkins, and Helm. B.Google Kubernetes Engine and Cloud Load Balancing. oogle Kubernetes Engine and Cloud Deployment Manager. D.Google Kubernetes Engine, Jenkins, and Cloud Load Balancing. Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform. Each tier (web, API, and database) scales independently of the others. Network traffic should flow through the web to the API tier and then on to the database tier. Traffic should not flow between the web and the database tier. How should you configure the network?. A.Add each tier to a different subnetwork. B.Set up software based firewalls on individual VMs. C.Add tags to each tier and set up routes to allow the desired traffic flow. D.Add tags to each tier and set up firewall rules to allow the desired traffic flow. Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation, 50% of the batch servers failed the nightly batch run. You want to collect details on the failure to pass back to the development team. Which three actions should you take? (Choose three.). A.Use Stackdriver Logging to search for the module log entries. B.Read the debug GCE Activity log using the API or Cloud Console. C.Use gcloud or Cloud Console to connect to the serial console and observe the logs. D.Identify whether a live migration event of the failed server occurred, using in the activity log. E.Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics. F.Export a debug VM into an image, and run the image on a local server where kernel log messages will be displayed on the native screen. Your company wants to try out the cloud with low risk. They want to archive approximately 100 TB of their log data to the cloud and test the analytics features available to them there, while also retaining that data as a long-term disaster recovery backup. Which two steps should you take? (Choose two.). A.Load logs into Google BigQuery. B.Load logs into Google Cloud SQL. C.Import logs into Google Stackdriver. D.Insert logs into Google Cloud Bigtable. E.Upload log files into Google Cloud Storage. You created a pipeline that can deploy your source code changes to your infrastructure in instance groups for self-healing. One of the changes negatively affects your key performance indicator. You are not sure how to fix it, and investigation could take up to a week. What should you do?. A.Log in to a server, and iterate on the fox locally. B.Revert the source code change, and rerun the deployment pipeline. C.Log into the servers with the bad code change, and swap in the previous code. D.Change the instance group template to the previous one, and delete all instances. Your organization wants to control IAM policies for different departments independently, but centrally. Which approach should you take?. A.Multiple Organizations with multiple Folders. B.Multiple Organizations, one for each department. C.A single Organization with Folders for each department. D.A single Organization with multiple projects, each with a central owner. You deploy your custom Java application to Google App Engine. It fails to deploy and gives you the following stack trace. What should you do?. A.Upload missing JAR files and redeploy your application. B.Digitally sign all of your JAR files and redeploy your application. C.Recompile the CLoakedServlet class using and MD5 hash instead of SHA1. You are designing a mobile chat application. You want to ensure people cannot spoof chat messages, by providing a message were sent by a specific user. What should you do?. A.Tag messages client side with the originating user identifier and the destination user. B.Encrypt the message client side using block-based encryption with a shared key. C.Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key. D.Use a trusted certificate authority to enable SSL connectivity between the client application and the server. A news feed web service has the following code running on Google App Engine. During peak load, users report that they can see news articles they already viewed. What is the most likely cause of this problem?. A.The session variable is local to just a single instance. B.The session variable is being overwritten in Cloud Datastore. C.The URL of the API needs to be modified to prevent caching. D.The HTTP Expires header needs to be set to -1 stop caching. As part of implementing their disaster recovery plan, your company is trying to replicate their production MySQL database from their private data center to their GCP project using a Google Cloud VPN connection. They are experiencing latency issues and a small amount of packet loss that is disrupting the replication. What should they do?. A.Configure their replication to use UDP. B.Configure a Google Cloud Dedicated Interconnect. C.Restore their database daily using Google Cloud SQL. D.Add additional VPN connections and load balance them. E.Send the replicated transaction to Google Cloud Pub/Sub. Your customer support tool logs all email and chat conversations to Cloud Bigtable for retention and analysis. What is the recommended approach for sanitizing this data of personally identifiable information or payment card information before initial storage?. A.Hash all data using SHA256. B.Encrypt all data using elliptic curve cryptography. C.De-identify the data with the Cloud Data Loss Prevention API. D.Use regular expressions to find and redact phone numbers, email addresses, and credit card numbers. You are using Cloud Shell and need to install a custom utility for use in a few weeks. Where can you store the file so it is in the default execution path and persists across sessions?. A.~/bin. B.Cloud Storage. C./google/scripts. D./usr/local/bin. You want to create a private connection between your instances on Compute Engine and your on-premises data center. You require a connection of at least 20 Gbps. You want to follow Google-recommended practices. How should you set up the connection?. A.Create a VPC and connect it to your on-premises data center using Dedicated Interconnect. B.Create a VPC and connect it to your on-premises data center using a single Cloud VPN. C.Create a Cloud Content Delivery Network (Cloud CDN) and connect it to your on-premises data center using Dedicated Interconnect. D.Create a Cloud Content Delivery Network (Cloud CDN) and connect it to your on-premises datacenter using a single Cloud VPN. You are analyzing and defining business processes to support your startup's trial usage of GCP, and you don't yet know what consumer demand for your product will be. Your manager requires you to minimize GCP service costs and adhere to Google best practices. What should you do?. A.Utilize free tier and sustained use discounts. Provision a staff position for service cost management. B.Utilize free tier and sustained use discounts. Provide training to the team about service cost management. C.Utilize free tier and committed use discounts. Provision a staff position for service cost management. D.Utilize free tier and committed use discounts. Provide training to the team about service cost management. |





