option
Questions
ayuda
daypo
search.php

Test baru 3

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
Test baru 3

Description:
test basru 3

Creation Date: 2026/07/14

Category: Others

Number of questions: 70

Rating:(0)
Share the Test:
Nuevo ComentarioNuevo Comentario
New Comment
NO RECORDS
Content:

You are building a continuous deployment pipeline for a project stored in a Git source repository and want to ensure that code changes can be verified before deploying to production. What should you do?. A.Use Spinnaker to deploy builds to production using the red/black deployment strategy so that changes can easily be rolled back. B.Use Spinnaker to deploy builds to production and run tests on production deployments. C.Use Jenkins to build the staging branches and the master branch. Build and deploy changes to production for 10% of users before doing a complete rollout. D.Use Jenkins to monitor tags in the repository. Deploy staging tags to a staging environment for testing. After testing, tag the repository for production and deploy that to the production environment.

You have an outage in your Compute Engine managed instance group: all instances keep restarting after 5 seconds. You have a health check configured, but autoscaling is disabled. Your colleague, who is a Linux expert, offered to look into the issue. You need to make sure that he can access the VMs. What should you do?. A.Grant your colleague the IAM role of project Viewer. B.Perform a rolling restart on the instance group. C.Disable the health check for the instance group. Add his SSH key to the project-wide SSH Keys. D.Disable autoscaling for the instance group. Add his SSH key to the project-wide SSH Keys.

Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Google Kubernetes Engine (GKE) for workload orchestration. Parts of your architecture must also be PCI DSS-compliant. Which of the following is most accurate?. A.App Engine is the only compute platform on GCP that is certified for PCI DSS hosting. B.GKE cannot be used under PCI DSS because it is considered shared hosting. C.GKE and GCP provide the tools you need to build a PCI DSS-compliant environment. D.All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.

Your company has multiple on-premises systems that serve as sources for reporting. The data has not been maintained well and has become degraded over time. You want to use Google-recommended practices to detect anomalies in your company data. What should you do?. A.Upload your files into Cloud Storage. Use Cloud Datalab to explore and clean your data. B.Upload your files into Cloud Storage. Use Cloud Dataprep to explore and clean your data. C.Connect Cloud Datalab to your on-premises systems. Use Cloud Datalab to explore and clean your data. D.Connect Cloud Dataprep to your on-premises systems. Use Cloud Dataprep to explore and clean your data.

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?. A.The effective policy is determined only by the policy set at the node. B.The effective policy is the policy set at the node and restricted by the policies of its ancestors. C.The effective policy is the union of the policy set at the node and policies inherited from its ancestors. D.The effective policy is the intersection of the policy set at the node and policies inherited from its ancestors.

An application development team believes their current logging tool will not meet their needs for their new cloud-based product. They want a better tool to capture errors and help them analyze their historical log data. You want to help them find a solution that meets their needs. What should you do?. A.Direct them to download and install the Google StackDriver logging agent. B.Send them a list of online resources about logging best practices. C.Help them define their requirements and assess viable logging tools. D.Help them upgrade their current tool to take advantage of any new features.

You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google Cloud until the migration is completed. You want to make sure all your on-premise systems remain reachable during this period. How should you organize your networking in Google Cloud?. A.Use the same IP range on Google Cloud as you use on-premises. B.Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use a secondary range that does not overlap with the range you use on-premises. C.Use an IP range on Google Cloud that does not overlap with the range you use on-premises. D.Use an IP range on Google Cloud that does not overlap with the range you use on-premises for your primary IP range and use a secondary range with the same IP range as you use on-premises.

You have found an error in your App Engine application caused by missing Cloud Datastore indexes. You have created a YAML file with the required indexes and want to deploy these new indexes to Cloud Datastore. What should you do?. A.Point gcloud datastore create-indexes to your configuration file. B.Upload the configuration file to App Engine's default Cloud Storage bucket, and have App Engine detect the new indexes. C.In the GCP Console, use Datastore Admin to delete the current indexes and upload the new configuration file. D.Create an HTTP request to the built-in python module to send the index configuration file to your application.

You have an application that will run on Compute Engine. You need to design an architecture that takes into account a disaster recovery plan that requires your application to fail over to another region in case of a regional outage. What should you do?. A.Deploy the application on two Compute Engine instances in the same project but in a different region. Use the first instance to serve traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster. B.Deploy the application on a Compute Engine instance. Use the instance to serve traffic, and use the HTTP load balancing service to fail over to an instance on your premises in case of a disaster. C.Deploy the application on two Compute Engine instance groups, each in the same project but in a different region. Use the first instance group to serve traffic, and use the HTTP load balancing service to fail over to the standby instance group in case of a disaster. D.Deploy the application on two Compute Engine instance groups, each in a separate project and a different region. Use the first instance group to serve traffic, and use the HTTP load balancing service to fail over to the standby instance group in case of a disaster.

You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must not be accessible through the public internet. What should you do?. A.Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database. B.Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the on-premises database. C.Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database. D.Deploy your application on App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.

You are working in a highly secured environment where public Internet access from the Compute Engine VMs is not allowed. You do not yet have a VPN connection to access an on-premises file server. You need to install specific software on a Compute Engine instance. How should you install the software?. A.Upload the required installation files to Cloud Storage. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gsutil. B.Upload the required installation files to Cloud Storage and use firewall rules to block all traffic except the IP address range for Cloud Storage. Download the files to the VM using gsutil. C.Upload the required installation files to Cloud Source Repositories. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gcloud. D.Upload the required installation files to Cloud Source Repositories and use firewall rules to block all traffic except the IP address range for Cloud Source Repositories. Download the files to the VM using gsutil.

Your company is moving 75 TB of data into Google Cloud. You want to use Cloud Storage and follow Google-recommended practices. What should you do?. A.Move your data onto a Transfer Appliance. Use a Transfer Appliance Rehydrator to decrypt the data into Cloud Storage. B.Move your data onto a Transfer Appliance. Use Cloud Dataprep to decrypt the data into Cloud Storage. C.Install gsutil on each server that contains data. Use resumable transfers to upload the data into Cloud Storage. D.Install gsutil on each server containing data. Use streaming transfers to upload the data into Cloud Storage.

You have an application deployed on Google Kubernetes Engine using a Deployment named echo-deployment. The deployment is exposed using a Service called echo-service. You need to perform an update to the application with minimal downtime to the application. What should you do?. A.Use kubectl set image deployment/echo-deployment <new-image>. B.Use the rolling update functionality of the Instance Group behind the Kubernetes cluster. C.Update the deployment yaml file with the new container image. Use kubectl delete deployment/echo-deployment and kubectl create ג€"f <yaml-file>. D.Update the service yaml file which the new container image. Use kubectl delete service/echo-service and kubectl create ג€"f <yaml-file>.

Your company is using BigQuery as its enterprise data warehouse. Data is distributed over several Google Cloud projects. All queries on BigQuery need to be billed on a single project. You want to make sure that no query costs are incurred on the projects that contain the data. Users should be able to query the datasets, but not edit them. How should you configure users' access roles?. A.Add all users to a group. Grant the group the role of BigQuery user on the billing project and BigQuery dataViewer on the projects that contain the data. B.Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery user on the projects that contain the data. C.Add all users to a group. Grant the group the roles of BigQuery jobUser on the billing project and BigQuery dataViewer on the projects that contain the data. D.Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery jobUser on the projects that contain the data.

You have developed an application using Cloud ML Engine that recognizes famous paintings from uploaded images. You want to test the application and allow specific people to upload images for the next 24 hours. Not all users have a Google Account. How should you have users upload images?. A.Have users upload the images to Cloud Storage. Protect the bucket with a password that expires after 24 hours. B.Have users upload the images to Cloud Storage using a signed URL that expires after 24 hours. C.Create an App Engine web application where users can upload images. Configure App Engine to disable the application after 24 hours. Authenticate users via Cloud Identity. D.Create an App Engine web application where users can upload images for the next 24 hours. Authenticate users via Cloud Identity.

Your web application must comply with the requirements of the European Union's General Data Protection Regulation (GDPR). You are responsible for the technical architecture of your web application. What should you do?. A.Ensure that your web application only uses native features and services of Google Cloud Platform, because Google already has various certifications and provides ג€pass-onג€ compliance when you use native features. B.Enable the relevant GDPR compliance setting within the GCPConsole for each of the services in use within your application. C.Ensure that Cloud Security Scanner is part of your test planning strategy in order to pick up any compliance gaps. D.Define a design for the security of data in your web application that meets GDPR requirements.

You need to reduce the number of unplanned rollbacks of erroneous production deployments in your company's web hosting platform. Improvement to the QA/ Test processes accomplished an 80% reduction. Which additional two approaches can you take to further reduce the rollbacks? (Choose two.). A.Introduce a green-blue deployment model. B.Replace the QA environment with canary releases. C.Fragment the monolithic platform into microservices. D.Reduce the platform's dependency on relational database systems. E.Replace the platform's relational database systems with a NoSQL database.

You need to set up Microsoft SQL Server on GCP. Management requires that there's no downtime in case of a data center outage in any of the zones within a GCP region. What should you do?. A.Configure a Cloud SQL instance with high availability enabled. B.Configure a Cloud Spanner instance with a regional instance configuration. C.Set up SQL Server on Compute Engine, using Always On Availability Groups using Windows Failover Clustering. Place nodes in different subnets. D.Set up SQL Server Always On Availability Groups using Windows Failover Clustering. Place nodes in different zones.

The development team has provided you with a Kubernetes Deployment file. You have no infrastructure yet and need to deploy the application. What should you do?. A.Use gcloud to create a Kubernetes cluster. Use Deployment Manager to create the deployment. B.Use gcloud to create a Kubernetes cluster. Use kubectl to create the deployment. C.Use kubectl to create a Kubernetes cluster. Use Deployment Manager to create the deployment. D.Use kubectl to create a Kubernetes cluster. Use kubectl to create the deployment.

You need to evaluate your team readiness for a new GCP project. You must perform the evaluation and create a skills gap plan which incorporates the business goal of cost optimization. Your team has deployed two GCP projects successfully to date. What should you do?. A.Allocate budget for team training. Set a deadline for the new GCP project. B.Allocate budget for team training. Create a roadmap for your team to achieve Google Cloud certification based on job role. C.Allocate budget to hire skilled external consultants. Set a deadline for the new GCP project. D.Allocate budget to hire skilled external consultants. Create a roadmap for your team to achieve Google Cloud certification based on job role.

You are designing an application for use only during business hours. For the minimum viable product release, you'd like to use a managed product that automatically `scales to zero` so you don't incur costs when there is no activity. Which primary compute resource should you choose?. A.Cloud Functions. B.Compute Engine. C.Google Kubernetes Engine. D.AppEngine flexible environment.

You are creating an App Engine application that uses Cloud Datastore as its persistence layer. You need to retrieve several root entities for which you have the identifiers. You want to minimize the overhead in operations performed by Cloud Datastore. What should you do?. A.Create the Key object for each Entity and run a batch get operation. B.Create the Key object for each Entity and run multiple get operations, one operation for each entity. C.Use the identifiers to create a query filter and run a batch query operation. D.Use the identifiers to create a query filter and run multiple query operations, one operation for each entity.

You need to upload files from your on-premises environment to Cloud Storage. You want the files to be encrypted on Cloud Storage using customer-supplied encryption keys. What should you do?. A.Supply the encryption key in a .boto configuration file. Use gsutil to upload the files. B.Supply the encryption key using gcloud config. Use gsutil to upload the files to that bucket. C.Use gsutil to upload the files, and use the flag --encryption-key to supply the encryption key. D.Use gsutil to create a bucket, and use the flag --encryption-key to supply the encryption key. Use gsutil to upload the files to that bucket.

Your customer wants to capture multiple GBs of aggregate real-time key performance indicators (KPIs) from their game servers running on Google Cloud Platform and monitor the KPIs with low latency. How should they capture the KPIs?. A.Store time-series data from the game servers in Google Bigtable, and view it using Google Data Studio. B.Output custom metrics to Stackdriver from the game servers, and create a Dashboard in Stackdriver Monitoring Console to view them. C.Schedule BigQuery load jobs to ingest analytics files uploaded to Cloud Storage every ten minutes, and visualize the results in Google Data Studio. D.Insert the KPIs into Cloud Datastore entities, and run ad hoc analysis and visualizations of them in Cloud Datalab.

You have a Python web application with many dependencies that requires 0.1 CPU cores and 128 MB of memory to operate in production. You want to monitor and maximize machine utilization. You also want to reliably deploy new versions of the application. Which set of steps should you take?. A.Perform the following: 1. Create a managed instance group with f1-micro type machines. 2. Use a startup script to clone the repository, check out the production branch, install the dependencies, and start the Python app. 3. Restart the instances to automatically deploy new production releases. B.Perform the following: 1. Create a managed instance group with n1-standard-1 type machines. 2. Build a Compute Engine image from the production branch that contains all of the dependencies and automatically starts the Python app. 3. Rebuild the Compute Engine image, and update the instance template to deploy new production releases. C.Perform the following: 1. Create a Google Kubernetes Engine (GKE) cluster with n1-standard-1 type machines. 2. Build a Docker image from the production branch with all of the dependencies, and tag it with the version number. 3. Create a Kubernetes Deployment with the imagePullPolicy set to 'IfNotPresent' in the staging namespace, and then promote it to the production namespace after testing. D.Perform the following: 1. Create a GKE cluster with n1-standard-4 type machines. 2. Build a Docker image from the master branch with all of the dependencies, and tag it with 'latest'. 3. Create a Kubernetes Deployment in the default namespace with the imagePullPolicy set to 'Always'. Restart the pods to automatically deploy new production releases.

Your company wants to start using Google Cloud resources but wants to retain their on-premises Active Directory domain controller for identity management. What should you do?. A.Use the Admin Directory API to authenticate against the Active Directory domain controller. B.Use Google Cloud Directory Sync to synchronize Active Directory usernames with cloud identities and configure SAML SSO. C.Use Cloud Identity-Aware Proxy configured to use the on-premises Active Directory domain controller as an identity provider. D.Use Compute Engine to create an Active Directory (AD) domain controller that is a replica of the on-premises AD domain controller using Google Cloud Directory Sync.

You are running a cluster on Kubernetes Engine (GKE) to serve a web application. Users are reporting that a specific part of the application is not responding anymore. You notice that all pods of your deployment keep restarting after 2 seconds. The application writes logs to standard output. You want to inspect the logs to find the cause of the issue. Which approach can you take?. A.Review the Stackdriver logs for each Compute Engine instance that is serving as a node in the cluster. B.Review the Stackdriver logs for the specific GKE container that is serving the unresponsive part of the application. C.Connect to the cluster using gcloud credentials and connect to a container in one of the pods to read the logs. D.Review the Serial Port logs for each Compute Engine instance that is serving as a node in the cluster.

To reduce costs, the Director of Engineering has required all developers to move their development infrastructure resources from on-premises virtual machines (VMs) to Google Cloud Platform. These resources go through multiple start/stop events during the day and require state to persist. You have been asked to design the process of running a development environment in Google Cloud while providing cost visibility to the finance department. Which two steps should you take? (Choose two.). A.Use the - -no-auto-delete flag on all persistent disks and stop the VM. B.Use the - -auto-delete flag on all persistent disks and terminate the VM. C.Apply VM CPU utilization label and include it in the BigQuery billing export. D.Use Google BigQuery billing export and labels to associate cost to groups. E.Store all state into local SSD, snapshot the persistent disks, and terminate the VM. F.Store all state in Google Cloud Storage, snapshot the persistent disks, and terminate the VM.

You are using a single Cloud SQL instance to serve your application from a specific zone. You want to introduce high availability. What should you do?. A.Create a read replica instance in a different region. B.Create a failover replica instance in a different region. C.Create a read replica instance in the same region, but in a different zone. D.Create a failover replica instance in the same region, but in a different zone.

Your company is running a stateless application on a Compute Engine instance. The application is used heavily during regular business hours and lightly outside of business hours. Users are reporting that the application is slow during peak hours. You need to optimize the application's performance. What should you do?. A.Create a snapshot of the existing disk. Create an instance template from the snapshot. Create an autoscaled managed instance group from the instance template. B.Create a snapshot of the existing disk. Create a custom image from the snapshot. Create an autoscaled managed instance group from the custom image. C.Create a custom image from the existing disk. Create an instance template from the custom image. Create an autoscaled managed instance group from the instance template. D.Create an instance template from the existing disk. Create a custom image from the instance template. Create an autoscaled managed instance group from the custom image.

Your web application has several VM instances running within a VPC. You want to restrict communications between instances to only the paths and ports you authorize, but you don't want to rely on static IP addresses or subnets because the app can autoscale. How should you restrict communications? A.Use separate VPCs to restrict traffic B.Use firewall rules based on network tags attached to the compute instances C.Use Cloud DNS and only allow connections from authorized hostnames D.Use service accounts and configure the web application to authorize particular service accounts to have access. A.Use separate VPCs to restrict traffic. B.Use firewall rules based on network tags attached to the compute instances. C.Use Cloud DNS and only allow connections from authorized hostnames. D.Use service accounts and configure the web application to authorize particular service accounts to have access.

You are using Cloud SQL as the database backend for a large CRM deployment. You want to scale as usage increases and ensure that you don't run out of storage, maintain 75% CPU usage cores, and keep replication lag below 60 seconds. What are the correct steps to meet your requirements?. A.1. Enable automatic storage increase for the instance. 2. Create a Stackdriver alert when CPU usage exceeds 75%, and change the instance type to reduce CPU usage. 3. Create a Stackdriver alert for replication lag, and shard the database to reduce replication time. B.1. Enable automatic storage increase for the instance. 2. Change the instance type to a 32-core machine type to keep CPU usage below 75%. 3. Create a Stackdriver alert for replication lag, and deploy memcache to reduce load on the master. C.1. Create a Stackdriver alert when storage exceeds 75%, and increase the available storage on the instance to create more space. 2. Deploy memcached to reduce CPU load. 3. Change the instance type to a 32-core machine type to reduce replication lag. D.1. Create a Stackdriver alert when storage exceeds 75%, and increase the available storage on the instance to create more space. 2. Deploy memcached to reduce CPU load. 3. Create a Stackdriver alert for replication lag, and change the instance type to a 32-core machine type to reduce replication lag.

You are tasked with building an online analytical processing (OLAP) marketing analytics and reporting tool. This requires a relational database that can operate on hundreds of terabytes of data. What is the Google-recommended tool for such applications?. A.Cloud Spanner, because it is globally distributed. B.Cloud SQL, because it is a fully managed relational database. C.Cloud Firestore, because it offers real-time synchronization across devices. D.BigQuery, because it is designed for large-scale processing of tabular data.

You have deployed an application to Google Kubernetes Engine (GKE), and are using the Cloud SQL proxy container to make the Cloud SQL database available to the services running on Kubernetes. You are notified that the application is reporting database connection issues. Your company policies require a post- mortem. What should you do?. A.Use gcloud sql instances restart. B.Validate that the Service Account used by the Cloud SQL proxy container still has the Cloud Build Editor role. C.In the GCP Console, navigate to Stackdriver Logging. Consult logs for (GKE) and Cloud SQL. D.In the GCP Console, navigate to Cloud SQL. Restore the latest backup. Use kubectl to restart all pods.

Your company pushes batches of sensitive transaction data from its application server VMs to Cloud Pub/Sub for processing and storage. What is the Google- recommended way for your application to authenticate to the required Google Cloud services?. A.Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles. B.Ensure that VM service accounts do not have access to Cloud Pub/Sub, and use VM access scopes to grant the appropriate Cloud Pub/Sub IAM roles. C.Generate an OAuth2 access token for accessing Cloud Pub/Sub, encrypt it, and store it in Cloud Storage for access from each VM. D.Create a gateway to Cloud Pub/Sub using a Cloud Function, and grant the Cloud Function service account the appropriate Cloud Pub/Sub IAM roles.

ou want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN to an on-premises network. How should you deploy the VPN?. A.Use VPC Network Peering between the VPC and the on-premises network. B.Expose the VPC to the on-premises network using IAM and VPC Sharing. C.Create a global Cloud VPN Gateway with VPN tunnels from each region to the on-premises peer gateway. D.Deploy Cloud VPN Gateway in each region. Ensure that each region has at least one VPN tunnel to the on-premises peer gateway.

Your applications will be writing their logs to BigQuery for analysis. Each application should have its own table. Any logs older than 45 days should be removed. You want to optimize storage and follow Google-recommended practices. What should you do?. A.Configure the expiration time for your tables at 45 days. B.Make the tables time-partitioned, and configure the partition expiration at 45 days. C.Rely on BigQuery's default behavior to prune application logs older than 45 days. D.Create a script that uses the BigQuery command line tool (bq) to remove records older than 45 days.

You want your Google Kubernetes Engine cluster to automatically add or remove nodes based on CPU load. What should you do?. A.Configure a HorizontalPodAutoscaler with a target CPU usage. Enable the Cluster Autoscaler from the GCP Console. B.Configure a HorizontalPodAutoscaler with a target CPU usage. Enable autoscaling on the managed instance group for the cluster using the gcloud command. C.Create a deployment and set the maxUnavailable and maxSurge properties. Enable the Cluster Autoscaler using the gcloud command. D.Create a deployment and set the maxUnavailable and maxSurge properties. Enable autoscaling on the cluster managed instance group from the GCP Console.

Your company wants to track whether someone is present in a meeting room reserved for a scheduled meeting. There are 1000 meeting rooms across 5 offices on 3 continents. Each room is equipped with a motion sensor that reports its status every second. The data from the motion detector includes only a sensor ID and several different discrete items of information. Analysts will use this data, together with information about account owners and office locations. Which database type should you use?. A.Flat file. B.NoSQL. C.Relational. D.Blobstore.

You need to develop procedures to verify resilience of disaster recovery for remote recovery using GCP. Your production environment is hosted on-premises. You need to establish a secure, redundant connection between your on-premises network and the GCP network. What should you do?. A.Verify that Dedicated Interconnect can replicate files to GCP. Verify that direct peering can establish a secure connection between your networks if Dedicated Interconnect fails. B.Verify that Dedicated Interconnect can replicate files to GCP. Verify that Cloud VPN can establish a secure connection between your networks if Dedicated Interconnect fails. C.Verify that the Transfer Appliance can replicate files to GCP. Verify that direct peering can establish a secure connection between your networks if the Transfer Appliance fails. D.Verify that the Transfer Appliance can replicate files to GCP. Verify that Cloud VPN can establish a secure connection between your networks if the Transfer Appliance fails.

Your company operates nationally and plans to use GCP for multiple batch workloads, including some that are not time-critical. You also need to use GCP services that are HIPAA-certified and manage service costs. How should you design to meet Google best practices?. A.Provision preemptible VMs to reduce cost. Discontinue use of all GCP services and APIs that are not HIPAA-compliant. B.Provision preemptible VMs to reduce cost. Disable and then discontinue use of all GCP services and APIs that are not HIPAA-compliant. C.Provision standard VMs in the same region to reduce cost. Discontinue use of all GCP services and APIs that are not HIPAA-compliant. D.Provision standard VMs to the same region to reduce cost. Disable and then discontinue use of all GCP services and APIs that are not HIPAA-compliant.

Your customer wants to do resilience testing of their authentication layer. This consists of a regional managed instance group serving a public REST API that reads from and writes to a Cloud SQL instance. What should you do?. A.Engage with a security company to run web scrapers that look your for users' authentication data om malicious websites and notify you if any is found. B.Deploy intrusion detection software to your virtual machines to detect and log unauthorized access. C.Schedule a disaster simulation exercise during which you can shut off all VMs in a zone to see how your application behaves. D.Configure a read replica for your Cloud SQL instance in a different zone than the master, and then manually trigger a failover while monitoring KPIs for our REST API.

Your BigQuery project has several users. For audit purposes, you need to see how many queries each user ran in the last month. What should you do?. A.Connect Google Data Studio to BigQuery. Create a dimension for the users and a metric for the amount of queries per user. B.In the BigQuery interface, execute a query on the JOBS table to get the required information. C.Use 'bq show' to list all jobs. Per job, use 'bq ls' to list job information and get the required information. D.Use Cloud Audit Logging to view Cloud Audit Logs, and create a filter on the query operation to get the required information.

You want to automate the creation of a managed instance group. The VMs have many OS package dependencies. You want to minimize the startup time for new VMs in the instance group. What should you do?. A.Use Terraform to create the managed instance group and a startup script to install the OS package dependencies. B.Create a custom VM image with all OS package dependencies. Use Deployment Manager to create the managed instance group with the VM image. C.Use Puppet to create the managed instance group and install the OS package dependencies. D.Use Deployment Manager to create the managed instance group and Ansible to install the OS package dependencies.

Your company captures all web traffic data in Google Analytics 360 and stores it in BigQuery. Each country has its own dataset. Each dataset has multiple tables. You want analysts from each country to be able to see and query only the data for their respective countries. How should you configure the access rights?. A.Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate dataset with view access with each respective analyst country-group. B.Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate tables with view access with each respective analyst country-group. C.Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery dataViewer. Share the appropriate dataset with view access with each respective analyst country- group. D.Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery dataViewer. Share the appropriate table with view access with each respective analyst country-group.

You have been engaged by your client to lead the migration of their application infrastructure to GCP. One of their current problems is that the on-premises high performance SAN is requiring frequent and expensive upgrades to keep up with the variety of workloads that are identified as follows: 20 TB of log archives retained for legal reasons; 500 GB of VM boot/data volumes and templates; 500 GB of image thumbnails; 200 GB of customer session state data that allows customers to restart sessions even if off-line for several days. Which of the following best reflects your recommendations for a cost-effective storage allocation?. A.Local SSD for customer session state data. Lifecycle-managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes. B.Memcache backed by Cloud Datastore for the customer session state data. Lifecycle-managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes. C.Memcache backed by Cloud SQL for customer session state data. Assorted local SSD-backed instances for VM boot/data volumes. Cloud Storage for log archives and thumbnails. D.Memcache backed by Persistent Disk SSD storage for customer session state data. Assorted local SSD-backed instances for VM boot/data volumes. Cloud Storage for log archives and thumbnails.

Your web application uses Google Kubernetes Engine to manage several workloads. One workload requires a consistent set of hostnames even after pod scaling and relaunches. Which feature of Kubernetes should you use to accomplish this?. A.StatefulSets. B.Role-based access control. C.Container environment variables. D.Persistent Volumes.

You are using Cloud CDN to deliver static HTTP(S) website content hosted on a Compute Engine instance group. You want to improve the cache hit ratio. What should you do?. A.Customize the cache keys to omit the protocol from the key. B.Shorten the expiration time of the cached objects. C.Make sure the HTTP(S) header ג€Cache-Regionג€ points to the closest region of your users. D.Replicate the static content in a Cloud Storage bucket. Point CloudCDN toward a load balancer on that bucket.

Your architecture calls for the centralized collection of all admin activity and VM system logs within your project. How should you collect these logs from both VMs and services?. A.All admin and VM system logs are automatically collected by Stackdriver. B.Stackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent must be installed on each instance to collect system logs. C.Launch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it. D.Install the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.

You set up an autoscaling instance group to serve web traffic for an upcoming launch. After configuring the instance group as a backend service to an HTTP(S) load balancer, you notice that virtual machine (VM) instances are being terminated and re-launched every minute. The instances do not have a public IP address. You have verified the appropriate web response is coming from each instance using the curl command. You want to ensure the backend is configured correctly. What should you do?. A.Ensure that a firewall rules exists to allow source traffic on HTTP/HTTPS to reach the load balancer. B.Assign a public IP to each instance and configure a firewall rule to allow the load balancer to reach the instance public IP. C.Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group. D.Create a tag on each instance with the name of the load balancer. Configure a firewall rule with the name of the load balancer as the source and the instance tag as the destination.

You have an App Engine application that needs to be updated. You want to test the update with production traffic before replacing the current application version. What should you do?. A.Deploy the update using the Instance Group Updater to create a partial rollout, which allows for canary testing. B.Deploy the update as a new version in the App Engine application, and split traffic between the new and current versions. C.Deploy the update in a new VPC, and use Google's global HTTP load balancing to split traffic between the update and current applications. D.Deploy the update as a new App Engine application, and use Google's global HTTP load balancing to split traffic between the new and current applications.

All Compute Engine instances in your VPC should be able to connect to an Active Directory server on specific ports. Any other traffic emerging from your instances is not allowed. You want to enforce this using VPC firewall rules. How should you configure the firewall rules?. A.Create an egress rule with priority 1000 to deny all traffic for all instances. Create another egress rule with priority 100 to allow the Active Directory traffic for all instances. B.Create an egress rule with priority 100 to deny all traffic for all instances. Create another egress rule with priority 1000 to allow the Active Directory traffic for all instances. C.Create an egress rule with priority 1000 to allow the Active Directory traffic. Rely on the implied deny egress rule with priority 100 to block all traffic for all instances. D.Create an egress rule with priority 100 to allow the Active Directory traffic. Rely on the implied deny egress rule with priority 1000 to block all traffic for all instances.

Your customer runs a web service used by e-commerce sites to offer product recommendations to users. The company has begun experimenting with a machine learning model on Google Cloud Platform to improve the quality of results. What should the customer do to improve their model's results over time?. A.Export Cloud Machine Learning Engine performance metrics from Stackdriver to BigQuery, to be used to analyze the efficiency of the model. B.Build a roadmap to move the machine learning model training from Cloud GPUs to Cloud TPUs, which offer better results. C.Monitor Compute Engine announcements for availability of newer CPU architectures, and deploy the model to them as soon as they are available for additional performance. D.Save a history of recommendations and results of the recommendations in BigQuery, to be used as training data.

A development team at your company has created a dockerized HTTPS web application. You need to deploy the application on Google Kubernetes Engine (GKE) and make sure that the application scales automatically. How should you deploy to GKE?. A.Use the Horizontal Pod Autoscaler and enable cluster autoscaling. Use an Ingress resource to load-balance the HTTPS traffic. B.Use the Horizontal Pod Autoscaler and enable cluster autoscaling on the Kubernetes cluster. Use a Service resource of type LoadBalancer to load-balance the HTTPS traffic. C.Enable autoscaling on the Compute Engine instance group. Use an Ingress resource to load-balance the HTTPS traffic. D.Enable autoscaling on the Compute Engine instance group. Use a Service resource of type LoadBalancer to load-balance the HTTPS traffic.

You need to design a solution for global load balancing based on the URL path being requested. You need to ensure operations reliability and end-to-end in- transit encryption based on Google best practices. What should you do?. A.Create a cross-region load balancer with URL Maps. B.Create an HTTPS load balancer with URL Maps. C.Create appropriate instance groups and instances. Configure SSL proxy load balancing. D.Create a global forwarding rule. Configure SSL proxy load balancing.

You have an application that makes HTTP requests to Cloud Storage. Occasionally the requests fail with HTTP status codes of 5xx and 429. How should you handle these types of errors?. A.Use gRPC instead of HTTP for better performance. B.Implement retry logic using a truncated exponential backoff strategy. C.Make sure the Cloud Storage bucket is multi-regional for geo-redundancy. D.Monitor https://status.cloud.google.com/feed.atom and only make requests if Cloud Storage is not reporting an incident.

You need to develop procedures to test a disaster plan for a mission-critical application. You want to use Google-recommended practices and native capabilities within GCP. What should you do?. A.Use Deployment Manager to automate service provisioning. Use Activity Logs to monitor and debug your tests. B.Use Deployment Manager to automate service provisioning. Use Stackdriver to monitor and debug your tests. C.Use gcloud scripts to automate service provisioning. Use Activity Logs to monitor and debug your tests. D.Use gcloud scripts to automate service provisioning. Use Stackdriver to monitor and debug your tests.

Your company creates rendering software which users can download from the company website. Your company has customers all over the world. You want to minimize latency for all your customers. You want to follow Google-recommended practices. How should you store the files?. A.Save the files in a Multi-Regional Cloud Storage bucket. B.Save the files in a Regional Cloud Storage bucket, one bucket per zone of the region. C.Save the files in multiple Regional Cloud Storage buckets, one bucket per zone per region. D.Save the files in multiple Multi-Regional Cloud Storage buckets, one bucket per multi-region.

Your company acquired a healthcare startup and must retain its customers' medical information for up to 4 more years, depending on when it was created. Your corporate policy is to securely retain this data, and then delete it as soon as regulations allow. Which approach should you take?. A.Store the data in Google Drive and manually delete records as they expire. B.Anonymize the data using the Cloud Data Loss Prevention API and store it indefinitely. C.Store the data in Cloud Storage and use lifecycle management to delete files when they expire. D.Store the data in Cloud Storage and run a nightly batch script that deletes all expired data.

You are deploying a PHP App Engine Standard service with Cloud SQL as the backend. You want to minimize the number of queries to the database. What should you do?. A.Set the memcache service level to dedicated. Create a key from the hash of the query, and return database values from memcache before issuing a query to Cloud SQL. B.Set the memcache service level to dedicated. Create a cron task that runs every minute to populate the cache with keys containing query results. C.Set the memcache service level to shared. Create a cron task that runs every minute to save all expected queries to a key called ג€cached_queriesג€. D.Set the memcache service level to shared. Create a key called ג€cached_queriesג€, and return database values from the key before using a query to Cloud SQL.

For this question, refer to the TerramEarth case study. You start to build a new application that uses a few Cloud Functions for the backend. One use case requires a Cloud Function func_display to invoke another Cloud Function func_query. You want func_query only to accept invocations from func_display. You also want to follow Google's recommended best practices. What should you do?. A.Create a token and pass it in as an environment variable to func_display. When invoking func_query, include the token in the request. Pass the same token to func_query and reject the invocation if the tokens are different. B.Make func_query 'Require authentication.' Create a unique service account and associate it to func_display. Grant the service account invoker role for func_query. Create an id token in func_display and include the token to the request when invoking func_query. C.Make func_query 'Require authentication' and only accept internal traffic. Create those two functions in the same VPC. Create an ingress firewall rule for func_query to only allow traffic from func_display. D.Create those two functions in the same project and VPC. Make func_query only accept internal traffic. Create an ingress firewall for func_query to only allow traffic from func_display. Also, make sure both functions use the same service account.

For this question, refer to the TerramEarth case study. You have broken down a legacy monolithic application into a few containerized RESTful microservices. You want to run those microservices on Cloud Run. You also want to make sure the services are highly available with low latency to your customers. What should you do?. A.Deploy Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTTP(S) Load Balancing instance and attach the Cloud Endpoints to its backend. B.Deploy Cloud Run services to multiple regions. Create serverless network endpoint groups pointing to the services. Add the serverless NEGs to a backend service that is used by a global HTTP(S) Load Balancing instance. C.Deploy Cloud Run services to multiple regions. In Cloud DNS, create a latency-based DNS name that points to the services. D.Deploy Cloud Run services to multiple availability zones. Create a TCP/IP global load balancer. Add the Cloud Run Endpoints to its backend service.

For this question, refer to the TerramEarth case study. You are migrating a Linux-based application from your private data center to Google Cloud. The TerramEarth security team sent you several recent Linux vulnerabilities published by Common Vulnerabilities and Exposures (CVE). You need assistance in understanding how these vulnerabilities could impact your migration. What should you do? (Choose two.). A.Open a support case regarding the CVE and chat with the support engineer. B.Read the CVEs from the Google Cloud Status Dashboard to understand the impact. C.Read the CVEs from the Google Cloud Platform Security Bulletins to understand the impact. D.Post a question regarding the CVE in Stack Overflow to get an explanation. E.Post a question regarding the CVE in a Google Cloud discussion group to get an explanation.

For this question, refer to the TerramEarth case study. TerramEarth has a legacy web application that you cannot migrate to cloud. However, you still want to build a cloud-native way to monitor the application. If the application goes down, you want the URL to point to a "Site is unavailable" page as soon as possible. You also want your Ops team to receive a notification for the issue. You need to build a reliable solution for minimum cost. What should you do?. A.Create a scheduled job in Cloud Run to invoke a container every minute. The container will check the application URL. If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team. B.Create a cron job on a Compute Engine VM that runs every minute. The cron job invokes a Python program to check the application URL. If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team. C.Create a Cloud Monitoring uptime check to validate the application URL. If it fails, put a message in a Pub/Sub queue that triggers a Cloud Function to switch the URL to the "Site is unavailable" page, and notify the Ops team. D.Use Cloud Error Reporting to check the application URL. If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team.

For this question, refer to the TerramEarth case study. You are building a microservice-based application for TerramEarth. The application is based on Docker containers. You want to follow Google-recommended practices to build the application continuously and store the build artifacts. What should you do?. A.Configure a trigger in Cloud Build for new source changes. Invoke Cloud Build to build container images for each microservice, and tag them using the code commit hash. Push the images to the Container Registry. B.Configure a trigger in Cloud Build for new source changes. The trigger invokes build jobs and build container images for the microservices. Tag the images with a version number, and push them to Cloud Storage. C.Create a Scheduler job to check the repo every minute. For any new change, invoke Cloud Build to build container images for the microservices. Tag the images using the current timestamp, and push them to the Container Registry. D.Configure a trigger in Cloud Build for new source changes. Invoke Cloud Build to build one container image, and tag the image with the label 'latest.' Push the image to the Container Registry.

For this question, refer to the TerramEarth case study. TerramEarth has about 1 petabyte (PB) of vehicle testing data in a private data center. You want to move the data to Cloud Storage for your machine learning team. Currently, a 1-Gbps interconnect link is available for you. The machine learning team wants to start using the data in a month. What should you do?. A.Request Transfer Appliances from Google Cloud, export the data to appliances, and return the appliances to Google Cloud. B.Configure the Storage Transfer service from Google Cloud to send the data from your data center to Cloud Storage. C.Make sure there are no other users consuming the 1Gbps link, and use multi-thread transfer to upload the data to Cloud Storage. D.Export files to an encrypted USB device, send the device to Google Cloud, and request an import of the data to Cloud Storage.

The Dress4Win security team has disabled external SSH access into production virtual machines (VMs) on Google Cloud Platform (GCP). The operations team needs to remotely manage the VMs, build and push Docker containers, and manage Google Cloud Storage objects. What can they do?. A.Grant the operations engineer access to use Google Cloud Shell. B.Configure a VPN connection to GCP to allow SSH access to the cloud VMs. C.Develop a new access request process that grants temporary SSH access to cloud VMs when an operations engineer needs to perform a task.\. D.Have the development team build an API service that allows the operations team to execute specific remote procedure calls to accomplish their tasks.

You want to ensure Dress4Win's sales and tax records remain available for infrequent viewing by auditors for at least 10 years. Cost optimization is your top priority. Which cloud services should you choose?. A.Google Cloud Storage Coldline to store the data, and gsutil to access the data. B.Google Cloud Storage Nearline to store the data, and gsutil to access the data. C.Google Bigtabte with US or EU as location to store the data, and gcloud to access the data. D.BigQuery to store the data, and a web server cluster in a managed instance group to access the data. Google Cloud SQL mirrored across two distinct regions to store the data, and a Redis cluster in a managed instance group to access the data.

The current Dress4Win system architecture has high latency to some customers because it is located in one data center. As of a future evaluation and optimizing for performance in the cloud, Dresss4Win wants to distribute its system architecture to multiple locations when Google cloud platform. Which approach should they use?. A.Use regional managed instance groups and a global load balancer to increase performance because the regional managed instance group can grow instances in each region separately based on traffic. B.Use a global load balancer with a set of virtual machines that forward the requests to a closer group of virtual machines managed by your operations team. C.Use regional managed instance groups and a global load balancer to increase reliability by providing automatic failover between zones in different regions. D.Use a global load balancer with a set of virtual machines that forward the requests to a closer group of virtual machines as part of a separate managed instance groups.

At Dress4Win, an operations engineer wants to create a tow-cost solution to remotely archive copies of database backup files. The database files are compressed tar files stored in their current data center. How should he proceed?. A.Create a cron script using gsutil to copy the files to a Coldline Storage bucket. B.Create a cron script using gsutil to copy the files to a Regional Storage bucket. C.Create a Cloud Storage Transfer Service Job to copy the files to a Coldline Storage bucket. D.Create a Cloud Storage Transfer Service job to copy the files to a Regional Storage bucket.

Report abuse