Feb 06, 2024 Reliable Study Materials for Associate-Cloud-Engineer Exam Success For Sure [Q147-Q164]

Feb 06, 2024 Reliable Study Materials for Associate-Cloud-Engineer Exam Success For Sure

100% Latest Most updated Associate-Cloud-Engineer Questions and Answers

Google Associate Cloud Engineer exam consists of 50 multiple-choice questions that must be completed within two hours. Associate-Cloud-Engineer exam tests a candidate's ability to use the Google Cloud Platform to solve real-world problems. The topics covered in the exam include deploying and managing applications, computing, networking, storage, and security. Candidates who pass the exam receive a certification that is valid for two years.

Google Associate-Cloud-Engineer Certification Exam is an excellent way for professionals to demonstrate their skills and knowledge in deploying and managing applications on the GCP. Google Associate Cloud Engineer Exam certification provides individuals with the opportunity to enhance their cloud computing career and open up new opportunities for themselves in this field.

Google Associate-Cloud-Engineer (Google Associate Cloud Engineer) Certification Exam is a credential that validates an individual's proficiency in deploying applications, monitoring operations, and managing cloud solutions on the Google Cloud platform. Google Associate Cloud Engineer Exam certification exam is ideal for individuals who want to demonstrate their skills in cloud computing and gain recognition for their expertise in Google Cloud technologies.

NEW QUESTION # 147
You need to host an application on a Compute Engine instance in a project shared with other teams. You want to prevent the other teams from accidentally causing downtime on that application. Which feature should you use?

A. Use a Preemptible VM.
B. Enable deletion protection on the instance.
C. Use a sole-tenant node.
D. Use a Shielded VM.

Answer: B

NEW QUESTION # 148
Your team is running an on-premises ecommerce application. The application contains a complex set of microservices written in Python, and each microservice is running on Docker containers. Configurations are injected by using environment variables. You need to deploy your current application to a serverless Google Cloud cloud solution. What should you do?

A. Use the existing codebase and deploy each service as a separate Cloud Function Update the configurations and the required endpoints.
B. Use your existing continuous integration and delivery (CI/CD) pipeline. Use the generated Docker images and deploy them to Cloud Function. Use the same configuration as on-premises.
C. Use your existing codebase and deploy each service as a separate Cloud Run Use the same configurations as on-premises.
D. Use your existing CI/CD pipeline Use the generated Docker images and deploy them to Cloud Run. Update the configurations and the required endpoints.

Answer: D

NEW QUESTION # 149
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google- recommended practices. What should you do?

A. Add the auditors group to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
B. Add the auditor user accounts to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
C. Add the auditors group to two new custom IAM roles.
D. Add the auditor user accounts to two new custom IAM roles.

Answer: B

Explanation:
Explanation/Reference: https://cloud.google.com/iam/docs/roles-audit-logging

NEW QUESTION # 150
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?

A. Create a custom Compute Engine image from a snapshot. Create your images from that image.
B. Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.
C. Create a custom Compute Engine image from a snapshot. Create your instances from that image.
:
A custom image belongs only to your project. To create an instance with a custom image, you must first have a custom image.
D. Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

Answer: C

Explanation:
Reference:
https://cloud.google.com/compute/docs/instances/create-start-instance

NEW QUESTION # 151
Which is the correct command to bind an IAM policy to a service account at an organisation or folder level?

A. gcloud projects add-iam-policy-binding amazon-prj --member serviceAccount:amazonamazon- prj.iam.gserviceaccount.com --role roles/viewer
B. gcloud iam service-accounts keys create amazon-prj --iam-account amazon@amazon- prj.iam.gserviceaccount.com
C. gcloud organizations add-iam-policy-binding --member serviceAccount:whizlab@amazon- prj.iam.gserviceaccount.com --role roles/viewer
D. gcloud organizations add-iam-policy-binding org_id --member serviceAccount:whizlab@amazon- prj.iam.gserviceaccount.com --role roles/viewer

Answer: D

NEW QUESTION # 152
You are working for a hospital that stores Its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

A. Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval
B. Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub lope
C. Create a script that uses the gsutil command line interface to synchronize the on- premises storage with Cloud Storage Schedule the script as a cron job
D. In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket

Answer: A

NEW QUESTION # 153
You have a developer laptop with the Cloud SDK installed on Ubuntu. The Cloud SDK was installed from the Google Cloud Ubuntu package repository. You want to test your application locally on your laptop with Cloud Datastore. What should you do?

A. Create a Cloud Datastore index using gcloud datastore indexes create.
B. Export Cloud Datastore data using gcloud datastore export.
C. Install the cloud-datastore-emulator component using the gcloud components install command.
D. Install the google-cloud-sdk-datastore-emulator component using the apt get install command.

Answer: C

Explanation:
The Datastore emulator provides local emulation of the production Datastore environment. You can use the emulator to develop and test your application locally Ref: https://cloud.google.com/datastore/docs/tools/datastore-emulator

NEW QUESTION # 154
Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

A. Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment.
B. Create a separate node pool for each application, and deploy each application to its dedicated node pool.
C. Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.
D. Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.

Answer: C

Explanation:
Explanation
https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-autoscaler#adding_a_node_pool_with_autoscal

NEW QUESTION # 155
You've been tasked with getting all of your team's public SSH keys onto all of the instances of a particular project. You've collected them all. With the fewest steps possible, what is the simplest way to get the keys deployed?

A. Format all of the keys as needed and then, using the user interface, upload each key one at a time.
B. Add all of the keys into a file that's formatted according to the requirements. Use the gcloud compute project-info add-metadata command to upload the keys.
C. Add all of the keys into a file that's formatted according to the requirements. Use the gcloud compute instances add-metadata command to upload the keys to each instance
D. Use the gcloud compute ssh command to upload all the keys

Answer: B

NEW QUESTION # 156
Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.
What should you do?

A. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.
B. Create a private zone on Cloud DNS, and configure the applications with the DNS name.
C. Configure the IP of the database as custom metadata for each instance,
D. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

Answer: D

NEW QUESTION # 157
You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do?

A. Create a Cloud Bigtable cluster and use the HBase API
B. Download a MongoDB installation package, and run it on a Managed Instance Group
C. Download a MongoDB installation package and run it on Compute Engine instances
D. Deploy MongoDB Alias from the Google Cloud Marketplace

Answer: D

Explanation:
https://console.cloud.google.com/marketplace/details/gc-launcher-for-mongodb-atlas/mongodb-atlas

NEW QUESTION # 158
Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to design the networking infrastructure on Google Cloud to match these requirements. What should you do?

A. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN.
2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.
B. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN.
2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.
C. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN.
2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.
D. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN.
2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

Answer: B

Explanation:
By default traffic between subnets on a VPC network is not allowed (except on the "default" network).
(This blocks traffic between all instances, not just traffic between subnets => FW rules must be defined to allow communications between all instances, regardless the subnets)
2 VPC will not work without peering.

NEW QUESTION # 159
You need to select and configure compute resources for a set of batch processing jobs. These jobs take around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?

A. Select Compute Engine. Use VM instance types that support micro bursting.
B. Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.
C. Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.
D. Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

Answer: B

Explanation:
If your apps are fault-tolerant and can withstand possible instance preemptions, then preemptible instances can reduce your Compute Engine costs significantly. For example, batch processing jobs can run on preemptible instances. If some of those instances stop during processing, the job slows but does not completely stop. Preemptible instances complete your batch processing tasks without placing additional workload on your existing instances and without requiring you to pay full price for additional normal instances.
https://cloud.google.com/compute/docs/instances/preemptible

NEW QUESTION # 160
You have one GCP account running in your default region and zone and another account running in a non-default region and zone. You want to start a new Compute Engine instance in these two Google Cloud Platform accounts using the command line interface. What should you do?

A. Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.
B. Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.
C. Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.
D. Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.

Answer: B

Explanation:
Explanation
"Run gcloud configurations list to start the Compute Engine instances". How the heck are you expecting to
"start" GCE instances doing "configuration list".
Each gcloud configuration has a 1 to 1 relationship with the region (if a region is defined). Since we have two different regions, we would need to create two separate configurations using gcloud config configurations createRef: https://cloud.google.com/sdk/gcloud/reference/config/configurations/create Secondly, you can activate each configuration independently by running gcloud config configurations activate
[NAME]Ref: https://cloud.google.com/sdk/gcloud/reference/config/configurations/activate Finally, while each configuration is active, you can run the gcloud compute instances start [NAME] command to start the instance in the configurations region.https://cloud.google.com/sdk/gcloud/reference/compute/instances/start

NEW QUESTION # 161
You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.

You check the status of the deployed pods and notice that one of them is still in PENDING status:

You want to find out why the pod is stuck in pending status. What should you do?

A. Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
B. View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
C. Review details of the myapp-service Service object and check for error messages.
D. Review details of the myapp-deployment Deployment object and check for error messages.

Answer: A

Explanation:
Explanation
https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/#debugging-pods

NEW QUESTION # 162
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

A. Use permissions in your role that use the `supported' support level for role permissions.
Set the role stage to ALPHA while testing the role permissions.
B. Use permissions in your role that use the `supported' support level for role permissions.
Set the role stage to BETA while testing the role permissions.
C. Use permissions in your role that use the `testing' support level for role permissions.
Set the role stage to BETA while testing the role permissions.
D. Use permissions in your role that use the `testing' support level for role permissions.
Set the role stage to ALPHA while testing the role permissions.

Answer: A

Explanation:
You need a custom role with permissions supported in prod and you want to publish the status of the role.
https://cloud.google.com/iam/docs/custom-roles-permissions-support
SUPPORTED The permission is fully supported in custom roles.
TESTING The permission is being tested to check its compatibility with custom roles. You can include the permission in custom roles, but you might see unexpected behavior. Not recommended for production use.
NOT_SUPPORTED The permission is not supported in custom roles.
You can't use TESTING as it is not good for prod. And you need first version which should be ALPHA.

NEW QUESTION # 163
You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes.
Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?