Exam Flashcards

Question

You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

Answer 1

A. Enable the Node Auto-Repair feature for your GKE cluster. B. Enable the Node Auto-Upgrades feature for your GKE cluster. C. Select the latest available cluster version for your GKE cluster. D. Select “Container-Optimized OS (cos)” as a node image for your GKE cluster. Answer: B

Answer 2

A. Add the support team group to the roles/monitoring.viewer role B. Add the support team group to the roles/spanner.databaseUser role. C. Add the support team group to the roles/spanner.databaseReader role. D. Add the support team group to the roles/stackdriver.accounts.viewer role. Answer: B

Answer 3

A. Download and deploy the Jenkins Java WAR to App Engine Standard. B. Create a new Compute Engine instance and install Jenkins through the command line interface. C. Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image. D. Use GCP Marketplace to launch the Jenkins solution. Answer: D

Answer 4

A. Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage. B. Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy. C. Assign the auditor’s IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage. D. Assign the auditor’s IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy. Answer: C

Answer 5

A. Using the GCP Console, filter the Activity log to view the information. B. Using the GCP Console, filter the Stackdriver log to view the information. C. View the bucket in the Storage section of the GCP Console. D. Create a trace in Stackdriver to view the information. Answer: A

Answer 6

A. BigQuery B. Cloud SQL C. Cloud Spanner D. Cloud Datastore Answer: B

Answer 7

A. Cold Storage B. Nearline Storage C. Regional Storage D. Multi-Regional Storage Answer: B Explanation Nearline, Coldline, and Archive offer ultra low-cost, highly-durable, highly available archival storage. For data accessed less than once a year, Archive is a cost-effective storage option for long-term preservation of data. Coldline is also ideal for cold storage—data your business expects to touch less than once a quarter. For warmer storage, choose Nearline: data you expect to access less than once a month, but possibly multiple times throughout the year. All storage classes are available across all GCP regions and provide unparalleled sub-second access speeds with a consistent API.

Answer 8

A. Deployment Manager B. Cloud Composer C. Managed Instance Group D. Unmanaged Instance Group Answer: C

Answer 9

A. Deploy the new version in the same application and use the --migrate option. B. Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version. C. Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version. D. Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application. Answer: B

Answer 10

A. Use Binary Authorization and whitelist only the container images used by your customers’ Pods. B. Use the Container Analysis API to detect vulnerabilities in the containers used by your customers’ Pods. C. Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers’ Pods. D. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers’ Pods. Answer: C

Answer 11

A. 1. Verify that you ace assigned the Billing Administrator IAM role tor your organization's Google Cloud Project for the Marketing department 2. Link the new project to a Marketing Billing Account B. 1. Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud account 2. Create a new Google Cloud Project for the Marketing department 3. Set the default key-value project labels to department marketing for all services in this project C. 1. Verify that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account 2. Create a new Google Cloud Project for the Marketing department 3. Link the new project to a Marketing Billing Account. D. 1. Verity that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account 2. Create a new Google Cloud Project for the Marketing department 3. Set the default key value project labels to department marketing for all services in this protect Answer: A

Answer 12

A. Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero B. Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero. C. Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml D. Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml Answer: C

Answer 13

A. Enable the Identity Aware Proxy API on the project. B. Scan the bucker using the Data Loss Prevention API. C. Allow only a single Service Account access to read the data. D. Enable Data Access audit logs for the Cloud Storage API. Answer: D

Answer 14

A. Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval B. In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket C. Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage Schedule the script as a cron job D. Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub lope Answer: A

Answer 15

A. Run gcloud app restore. B. On the App Engine page of the GCP Console, select the application that needs to be reverted and click Revert. C. On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version. D. Deploy the original version as a separate application. Then go to App Engine settings and split traffic between applications so that the original version serves 100% of the requests. Answer: D

Answer 16

A. Upload the data to BigQuery using the bq command line tool. B. Upload the data to Cloud Storage using the gsutil command line tool. C. Upload the data into Cloud SQL using the import function in the console. D. Upload the data into Cloud Spanner using the import function in the console. Answer: A

Answer 17

A. Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet. B. Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition. C. With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet. D. In the cluster’s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value. Answer: C

Answer 18

A. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance. B. Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage C. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance D. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage. Answer: A

Answer 19

A. .00.0.0/0 B. 10.0.0.0/8 C. 172.16.0.0/12 D. 192.168.0.0/16 Answer: B

Answer 20

A. Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version B. Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service. C. Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version D. Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment. Answer: A

Answer 21

A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected. B. Select Cloud SQL (MySQL). Select the create failover replicas option. C. Select Cloud Spanner. Set up your instance with 2 nodes. D. Select Cloud Spanner. Set up your instance as multi-regional. Answer: A

Answer 22

A. Migrate the workload to a Compute Engine Preemptible VM. B. Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes. C. Migrate the workload to a Compute Engine VM. Start and stop the instance as needed. D. Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload. Answer: B

Answer 23

A. Modify the existing subnet range to 172.16.20.0/24. B. Create a new Secondary IP Range in the VPC and configure the VMs to use that range. C. Create a new VPC network for the VMs. Enable VPC Peering between the VMs’ VPC network and the Dataproc cluster VPC network. D. Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC network. Configure a custom Route exchange. Answer: B

Answer 24

A. Add the group for the finance team to roles/billing user role. B. Add the group for the finance team to roles/billing admin role. C. Add the group for the finance team to roles/billing viewer role. D. Add the group for the finance team to roles/billing project/Manager role. Answer: A

Answer 25

A. Ask the other team to grant your default App Engine Service account the role of BigQuery Job User. B. Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer. C. In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer. D. In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project. Answer: C

Answer 26

A. Create a dataflow job that copies data from Cloud Bigtable and Cloud Storage for specific users. B. Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific users. C. Create a Cloud Dataproc cluster that runs a Spark job to extract data from Cloud Bigtable and Cloud Storage for specific users. D. Create two separate BigQuery external tables on Cloud Storage and Cloud Bigtable. Use the BigQuery console to join these tables through user fields, and apply appropriate filters. Answer: D

Answer 27

A. Navigate to Stackdriver Logging and select resource.labels.project_id="*" B. Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days. C. Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days. D. Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days. Answer: B

Answer 28

A. Using the Cloud SDK, create a new project, enable the Compute Engine API in that project, and then create the instance specifying your new project. B. Enable the Compute Engine API in the Cloud Console, use the Cloud SDK to create the instance, and then use the ––project flag to specify a new project. C. Using the Cloud SDK, create the new instance, and use the ––project flag to specify the new project. Answer yes when prompted by Cloud SDK to enable the Compute Engine API. D. Enable the Compute Engine API in the Cloud Console. Go to the Compute Engine section of the Console to create a new instance, and look for the Create In A New Project option in the creation form. Answer: A

Answer 29

A. Grant each individual external consultant the role of BigQuery Editor B. Grant each individual external consultant the role of BigQuery Viewer C. Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor D. Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer Answer: D

Answer 30

A. Configure an HTTP(S) load balancer. B. Configure an internal TCP load balancer. C. Configure an external SSL proxy load balancer. D. Configure an external TCP proxy load balancer. Answer: A

Answer 31

A. 1. Update your instances’ metadata to add the following value: snapshot–schedule: 0 1 * * * 2. Update your instances’ metadata to add the following value: snapshot–retention: 30 B. 1. In the Cloud Console, go to the Compute Engine Disks page and select your instance’s disk. 2. In the Snapshot Schedule section, select Create Schedule and configure the following parameters: –Schedule frequency: Daily –Start time: 1:00 AM – 2:00 AM –Autodelete snapshots after 30 days C. 1. Create a Cloud Function that creates a snapshot of your instance’s disk. 2.Create a Cloud Function that deletes snapshots that are older than 30 days. 3.Use Cloud Scheduler to trigger both Cloud Functions daily at 1:00 AM. D. 1. Create a bash script in the instance that copies the content of the disk to Cloud Storage. 2. Create a bash script in the instance that deletes data older than 30 days in the backup Cloud Storage bucket. 3. Configure the instance’s crontab to execute these scripts daily at 1:00 AM. Answer: B

Answer 32

A. Multi-Regional Storage B. Regional Storage C. Nearline Storage D. Coldline Storage Answer: D

Answer 33

A. Open the Cloud Spanner console to review configurations. B. Open the IAM & admin console to review IAM policies for Cloud Spanner roles. C. Go to the Stackdriver Monitoring console and review information for Cloud Spanner. D. Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles. Answer: B

Answer 34

A. 1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint. B. 1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint. C. 1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint. D. 1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint. Answer: B

Answer 35

A. Use the BigQuery interface to review the nightly Job and look for any errors B. Review the Error Reporting page in the Cloud Console to find any errors. C. In Cloud Logging create a filter for your Data Studio report D. Use Cloud Debugger to find out why the data was not refreshed correctly Answer: D

Answer 36

A. Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1. B. Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0. C. Create a new managed instance group with an updated instance template. Add the group to the backend service for the load balancer. When all instances in the new managed instance group are healthy, delete the old managed instance group. D. Create a new instance template with the new application version. Update the existing managed instance group with the new instance template. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template. Answer: B

Answer 37

A. Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment. B. Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources. C. Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC. D. Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project. Answer: A

Answer 38

A. Rely on live migration to move the workload to a machine with more memory. B. Use gcloud to add metadata to the VM. Set the key to required-memory-size and the value to 8 GB. C. Stop the VM, change the machine type to n1-standard-8, and start the VM. D. Stop the VM, increase the memory to 8 GB, and start the VM. Answer: D

Answer 39

A. Use labels to group resources that share common IAM policies B. Use folders to group resources that share common IAM policies C. Set up a proper billing account structure to group IAM policies D. Set up a proper project naming structure to group IAM policies Answer: B

Answer 40

A. Give “project owner” for web-applications appropriate roles to crm-databases- proj B. Give “project owner” role to crm-databases-proj and the web-applications project. C. Give “project owner” role to crm-databases-proj and bigquery.dataViewer role to web-applications. D. Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications. Answer: D

Answer 41

A. Use service account credentials in your on-premises application. B. Use gcloud to create a key file for the service account that has appropriate permissions. C. Set up direct interconnect between your data center and Google Cloud Platform to enable authentication for your on-premises applications. D. Go to the IAM & admin console, grant a user account permissions similar to the service account permissions, and use this user account for authentication from your data center. Answer: B

Answer 42

A. Use the command gcloud config sot container/cluster dev B. Use the command gcloud container clusters update dev C. Create a file called gke. default in the -/ .gcloud folder that contains the cluster name D. Create a file called defaults. j son in the -/.gcioud folder that contains the cluster name Answer: B

Answer 43

A. 1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances’ metadata to add the following value: logs-destination: bq://platform-logs. B. 1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2. Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset. C. 1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination. D. 1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform-logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day. Answer: C

Answer 44

A. Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application. B. Create an instance template, and use the template in a managed instance group with autoscaling configured. C. Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day. D. Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring. Answer: A

Answer 45

A. Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance. B. Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance. C. Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect. D. Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect. Answer: D

Answer 46

A. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1. B. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1. C. Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2. D. Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2. Answer: A

Answer 47

A. Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic. B. Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic. C. Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps. D. Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly. Answer: A

Answer 48

A. Run a test using simulated maintenance events. If the test is successful, use preemptible N1 Standard VMs when running future jobs. B. Run a test using simulated maintenance events. If the test is successful, use N1 Standard VMs when running future jobs. C. Run a test using a managed instance group. If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs. D. Run a test using N1 standard VMs instead of N2. If the test is successful, use N1 Standard VMs when running future jobs. Answer: B

Answer 49

A. Sync Identities with Cloud Directory Sync, and then enable SAML for single sign-on B. Sync Identities in the Google Admin console, and then enable Oauth for single sign-on C. Sync identities with 3rd party LDAP sync, and then copy passwords to allow simplified login with (he same credentials D. Sync identities with Cloud Directory Sync, and then copy passwords to allow simplified login with the same credentials. Answer: A

Answer 50

A. Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years. B. Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years. C. Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years. D. Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years. Answer: A

Answer 51

A. 1. Build an instruction guide to install Cassandra on GCP. 2. Make the instruction guide accessible to your developers. B. 1. Advise your developers to go to Cloud Marketplace. 2. Ask the developers to launch a Cassandra image for their development work. C. 1. Build a Cassandra Compute Engine instance and take a snapshot of it. 2. Use the snapshot to create instances for your developers. D. 1. Build a Cassandra Compute Engine instance and take a snapshot of it. 2. Upload the snapshot to Cloud Storage and make it accessible to your developers. 3. Build instructions to create a Compute Engine instance from the snapshot so that developers can do it themselves. Answer: D

Answer 52

A. 1. Create a Cloud Monitoring Dashboard 2. Collect metrics and publish them into the Pub/Sub topics 3. Add CPU and network Charts (or each of (he three projects B. 1. Create a Cloud Monitoring Dashboard. 2. Select the CPU and Network metrics from the three projects. 3. Add CPU and network Charts lot each of the three protects. C. 1 Create a Service Account and apply roles/viewer on the three projects 2. Collect metrics and publish them lo the Cloud Monitoring API 3. Add CPU and network Charts for each of the three projects. D. 1. Create a fourth Google Cloud project 2 Create a Cloud Workspace from the fourth project and add the other three projects Answer: B

Answer 53

A. Create a bash script that contains all requirement steps as gcloud commands B. Develop templates for the environment using Cloud Deployment Manager C. Use curl in a terminal to send a REST request to the relevant Google API for each individual resource. D. Use the Cloud Console interface to provision and manage all related resources Answer: B

Answer 54

A. 1. Create a consumer Gmail account. 2. Write a script that monitors the CPU usage. 3. When the CPU usage exceeds the threshold, have that script send an email using the Gmail account and smtp.gmail.com on port 25 as SMTP server. B. 1. Create a Stackdriver Workspace, and associate your Google Cloud Platform (GCP) project with it. 2.Create an Alerting Policy in Stackdriver that uses the threshold as a trigger condition. 3.Configure your email address in the notification channel. C. 1. Create a Stackdriver Workspace, and associate your GCP project with it. 2.Write a script that monitors the CPU usage and sends it as a custom metric to Stackdriver. 3.Create an uptime check for the instance in Stackdriver. D. 1. In Stackdriver Logging, create a logs-based metric to extract the CPU usage by using this regular expression: CPU Usage: ([0-9] {1,3})% 2. In Stackdriver Monitoring, create an Alerting Policy based on this metric. 3. Configure your email address in the notification channel. Answer: D

Answer 55

A. Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/devstorage.write_only’. B. Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/cloud-platform’. C. Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket. D. Create a service account and add it to the IAM role ‘storage.objectAdmin’ for that bucket. Answer: B

Answer 56

A. Use gcloud container clusters upgrade. Deploy the new services. B. Create a new Node Pool and specify machine type n2–highmem–16. Deploy the new pods. C. Create a new cluster with n2–highmem–16 nodes. Redeploy the pods and delete the old cluster. D. Create a new cluster with both n1–standard–2 and n2–highmem–16 nodes. Redeploy the pods and delete the old cluster. Answer: B

Answer 57

A. Upload the image to Cloud Storage and create a Kubernetes Service referencing the image B. Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image C. Upload the image to Container Registry and create a Kubernetes Service referencing the image. D. Upload the image to Container Registry and create a Kubernetes Deployment referencing the mage Answer: C

Answer 58

A. Verify that both projects are in a GCP Organization. Create a new VPC and add all instances. B. Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC. C. Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances. D. Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances. Answer: B

Answer 59

A. Enable API and then share charts from project A, B, and C. B. Enable API and then give the metrics.reader role to projects A, B, and C. C. Enable API and then use default dashboards to view all projects in sequence. D. Enable API, create a workspace under project A, and then add project B and C. Answer: D

Answer 60

A. Create a Cloud Memorystore for Redis instance with 32-GB capacity. B. Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory. C. Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes. D. Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB. Answer: B

Answer 61

A. Change the default region property setting in the existing GCP project to asia-northeast1. B. Change the region property setting in the existing App Engine application from us-central to asia-northeast1. C. Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application. D. Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application. Answer: C

Answer 62

A. Use a custom mode VPC network, configure static routes, and use active/passive routing B. Use an automatic mode VPC network, configure static routes, and use active/active routing C. Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing D. Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing Answer: D

Answer 63

A. Create a signed URL with a four-hour expiration and share the URL with the company. B. Set object access to ‘public’ and use object lifecycle management to remove the object after four hours. C. Configure the storage bucket as a static website and furnish the object’s URL to the company. Delete the object from the storage bucket after four hours. D. Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed. Answer: A

Answer 64

A. Use a Shielded VM. B. Use a Preemptible VM. C. Use a sole-tenant node. D. Enable deletion protection on the instance. Answer: D

Answer 65

A. Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range. B. Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range. C. Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range. D. Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range. Answer: A

Answer 66

A. Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists. B. Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance. C. Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in. D. Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in. Answer: B

Answer 67

A. Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to the role. B. Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new group. Add the group to the role. C. Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to the role. D. Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to a new group. Add the group to the role. Answer: A

Answer 68

A. Fill in local SSD. Fill in persistent disk storage and snapshot storage. B. Fill in local SSD. Add estimated cost for cluster management. C. Select Add GPUs. Fill in persistent disk storage and snapshot storage. D. Select Add GPUs. Add estimated cost for cluster management. Answer: C

Answer 69

A. Create a custom role with view-only project permissions. Add the user's account to the custom role. B. Create a custom role with view-only service permissions. Add the user's account to the custom role. C. Select the built-in IAM project Viewer role. Add the user's account to this role. D. Select the built-in IAM service Viewer role. Add the user's account to this role. Answer: C

Answer 70

A. Use the GCP Console to transfer the file instead of gsutil. B. Enable parallel composite uploads using gsutil on the file transfer. C. Decrease the TCP window size on the machine initiating the transfer. D. Change the storage class of the bucket from Nearline to Multi-Regional. Answer: B

Answer 71

A. Run gcloud iam roles list. Review the output section. B. Run gcloud iam service-accounts list. Review the output section. C. Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles. D. Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status. Answer: D

Answer 72

A. Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub. B. Use Cloud Functions and configure the bucket as a trigger resource. C. Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub. D. Use Dataflow as a batch job, and configure the bucket as a data source. Answer: A

Answer 73

A. Create two configurations using gcloud config. Write a script that sets configurations as active, individually. For each configuration, use gcloud compute instances list to get a list of compute resources. B. Create two configurations using gsutil config. Write a script that sets configurations as active, individually. For each configuration, use gsutil compute instances list to get a list of compute resources. C. Go to Cloud Shell and export this information to Cloud Storage on a daily basis. D. Go to GCP Console and export this information to Cloud SQL on a daily basis. Answer: A

Answer 74

A. Add the network tag allow-udp-636 to the VM instance running the LDAP server. B. Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server. C. Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag. D. Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag. Answer: C

Answer 75

A. In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps. B. In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider. C. Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps. D. Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications. Answer: C

Answer 76

A. Use kubectl app deploy . B. Use gcloud app deploy . C. Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file. D. Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file. Answer: C

Answer 77

A. Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names. B. Create an instance template that contains valid syntax that will be used by the instance group. Verify that the instance name and persistent disk name values are not the same in the template. C. Verify that the instance template being used by the instance group contains valid syntax. Delete any persistent disks with the same name as instance names. Set the disks.autoDelete property to true in the instance template. D. Delete the current instance template and replace it with a new instance template. Verify that the instance name and persistent disk name values are not the same in the template. Set the disks.autoDelete property to true in the instance template. Answer: C

Answer 78

A. Ask the auditor for their Google account, and give them the Viewer role on the project. B. Ask the auditor for their Google account, and give them the Security Reviewer role on the project. C. Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project. D. Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project. Answer: A

Answer 79

A. Enable Cloud Identity in the GCP Console for your domain. B. Grant them the required IAM roles using their G Suite email address. C. Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts. D. In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group. Answer: B

Answer 80

A. Assign the finance team only the Billing Account User role on the billing account. B. Assign the engineering team only the Billing Account User role on the billing account. C. Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization. D. Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization. Answer: D

Answer 81

A. Use gcloud config configurations describe to review the output. B. Use gcloud config configurations activate and gcloud config list to review the output. C. Use kubectl config get-contexts to review the output. D. Use kubectl config use-context and kubectl config view to review the output. Answer: D

Answer 82

A. Create an HTTP load balancer with a backend configuration that references an existing instance group. Set the health check to healthy (HTTP). B. Create an HTTP load balancer with a backend configuration that references an existing instance group. Define a balancing mode and set the maximum RPS to 10. C. Create a managed instance group. Set the Autohealing health check to healthy (HTTP). D. Create a managed instance group. Verify that the autoscaling setting is on. Answer: A

Answer 83

A. Invite the user to transfer their existing account B. Invite the user to use an email alias to resolve the conflict C. Tell the user that they must delete their existing account D. Tell the user to remove all personal email from the existing account Answer: B

Answer 84

A. Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand. B. Use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing Calculator. C. Use the command line to run a dry run query to estimate the number of bytes returned. Then convert that bytes estimate to dollars using the Pricing Calculator. D. Run a select count (*) to get an idea of how many records your query will look through. Then convert that number of rows to dollars using the Pricing Calculator. Answer: B

Answer 85

A. HTTPS Load Balancer B. Network Load Balancer C. SSL Proxy Load Balancer D. Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances. Answer: C

Answer 86

A. Move both projects under the same folder. B. Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage. C. Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights. D. Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team. Answer: D

Answer 87

A. Project Editor B. Storage Admin C. Storage Object Admin D. Storage Object Creator Answer: B

Answer 88

A. 1. Verify that you are assigned the Project Owners IAM role for this project. 2. Locate the project in the GCP console, click Shut down and then enter the project ID. B. 1. Verify that you are assigned the Project Owners IAM role for this project. 2. Switch to the project in the GCP console, locate the resources and delete them. C. 1. Verify that you are assigned the Organizational Administrator IAM role for this project. 2. Locate the project in the GCP console, enter the project ID and then click Shut down. D. 1. Verify that you are assigned the Organizational Administrators IAM role for this project. 2. Switch to the project in the GCP console, locate the resources and delete them. Answer: C

Answer 89

A. Create a Compute Engine snapshot of your base VM. Create your images from that snapshot. B. Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot. C. Create a custom Compute Engine image from a snapshot. Create your images from that image. D. Create a custom Compute Engine image from a snapshot. Create your instances from that image. Answer: D

Answer 90

A. Use gcloud iam roles copy and specify the production project as the destination project. B. Use gcloud iam roles copy and specify your organization as the destination organization. C. In the Google Cloud Platform Console, use the ‘create role from role’ functionality. D. In the Google Cloud Platform Console, use the ‘create role’ functionality and select all applicable permissions. Answer: B

Answer 91

A. Verify that you are the project billing administrator. Select the associated billing account and create a budget and alert for the appropriate project. B. Verify that you are the project billing administrator. Select the associated billing account and create a budget and a custom alert. C. Verify that you are the project administrator. Select the associated billing account and create a budget for the appropriate project. D. Verify that you are project administrator. Select the associated billing account and create a budget and a custom alert. Answer: B

Answer 92

A. Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles. B. Add the auditors group to two new custom IAM roles. C. Add the auditor user accounts to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles. D. Add the auditor user accounts to two new custom IAM roles. Answer: C

Answer 93

A. Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 275 days (365 – 90) B. Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days. C. Use gsutil rewrite and set the Delete action to 275 days (365-90). D. Use gsutil rewrite and set the Delete action to 365 days. Answer: A

Answer 94

A. Review the Compute Engine activity logs Select and review the Admin Event logs B. Review the Compute Engine activity logs Select and review the System Event logs C. Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs D. Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs Answer: A

Answer 95

A. Build a lifecycle policy to delete Cloud Storage objects after 45 days. B. Use signed URLs to allow suppliers limited time access to store their objects. C. Set up an SFTP server for your application, and create a separate user for each supplier. D. Build a Cloud function that triggers a timer of 45 days to delete objects that have expired. E. Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days. Answer: A E

Answer 96

A. Create a Cloud Function to create an instance template. B. Create a snapshot schedule for the disk using the desired interval. C. Create a cron job to create a new disk from the disk using gcloud. D. Create a Cloud Task to create an image and export it to Cloud Storage. Answer: B

Answer 97

A. Run gcloud projects list to get the project ID, and then run gcloud services list --project . B. Run gcloud init to set the current project to my-project, and then run gcloud services list --available. C. Run gcloud info to view the account value, and then run gcloud services list --account . D. Run gcloud projects describe to verify the project value, and then run gcloud services list --available. Answer: A

Answer 98

A. Export your bill to a Cloud Storage bucket, and then import into Cloud Bigtable for analysis. B. Export your bill to a Cloud Storage bucket, and then import into Google Sheets for analysis. C. Export your transactions to a local file, and perform analysis with a desktop tool. D. Export your bill to a BigQuery dataset, and then write time window-based SQL queries for analysis. Answer: D

Answer 99

A. Configure Cloud Identity-Aware Proxy (or HTTPS resources B. Configure Cloud Identity-Aware Proxy for SSH and TCP resources. C. Create an SSH keypair and store the public key as a project-wide SSH Key D. Create an SSH keypair and store the private key as a project-wide SSH Key Answer: C

Answer 100

A. Enable node auto-provisioning on the GKE cluster. B. Create a VerticalPodAutscaler for those workloads. C. Create a node pool with preemptible VMs and GPUs attached to those VMs. D. Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a minimum size of 1. Answer: C

Answer 101

A. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created. B. 1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint. C. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created. D. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created. Answer: A

Answer 102

A. Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner. B. Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner. C. Create a custom role by removing delete permissions, and add users to that role only. D. Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role. Answer: B

Answer 103

A. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource. B. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource. C. 1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging. D. 1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring. Answer: A

Answer 104

A. Create the instance without a public IP address. B. Create the instance with Private Google Access enabled. C. Create a deny-all egress firewall rule on the VPC network. D. Create a route on the VPC to route all traffic to the instance over the VPN tunnel. Answer: B

Answer 105

A. Verify that you are Project Billing Manager for the GCP project. Update the existing project to link it to the existing billing account. B. Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project. C. Verify that you are Billing Administrator for the billing account. Create a new project and link the new project to the existing billing account. D. Verify that you are Billing Administrator for the billing account. Update the existing project to link it to the existing billing account. Answer: C

Answer 106

A. Review details of the myapp-service Service object and check for error messages. B. Review details of the myapp-deployment Deployment object and check for error messages. C. Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages. D. View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages. Answer: C

Answer 107

A. Contact cloud-billing@google.com with your bank account details and request a corporate billing account for your company. B. Create a ticket with Google Support and wait for their call to share your credit card details over the phone. C. In the Google Platform Console, go to the Resource Manage and move all projects to the root Organization. D. In the Google Cloud Platform Console, create a new billing account and set up a payment method. Answer: D

Answer 108

A. After the VM has been created, use your Google Account credentials to log in into the VM. B. After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM. C. When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value. D. After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM. Answer: D

Answer 109

A. Create a single budget for all projects and configure budget alerts on this budget. B. Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account. C. Create a budget per project and configure budget alerts on all of these budgets. D. Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project. Answer: C

Answer 110

A. Split the users from business units to multiple projects. B. Apply a user- or project-level custom query quota for BigQuery data warehouse. C. Create separate copies of your BigQuery data warehouse for each business unit. D. Split your BigQuery data warehouse into multiple data warehouses for each business unit. E. Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project. Answer: B E

Answer 111

A. Create an export to the sink that saves logs from Cloud Audit to BigQuery. B. Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket. C. Write a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery. D. Export these logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL. Answer: A

Answer 112

A. Deploy the container on Cloud Run. B. Deploy the container on Cloud Run on GKE. C. Deploy the container on App Engine Flexible. D. Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled. Answer: A

Answer 113

A. Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account. B. Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project. C. Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account. D. Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project. Answer: D

Answer 114

A. When creating the instances, specify a Service Account for each instance B. When creating the instances, assign the name of each Service Account as instance metadata C. After starting the instances, use gcloud compute instances update to specify a Service Account for each instance D. After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata Answer: C

Answer 115

A. View System Event Logs in Stackdriver. Search for the user’s email as the principal. B. View System Event Logs in Stackdriver. Search for the service account associated with the user. C. View Data Access audit logs in Stackdriver. Search for the user’s email as the principal. D. View the Admin Activity log in Stackdriver. Search for the service account associated with the user. Answer: B

Answer 116

A. 1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery jobUser role to the group. B. 1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery dataViewer user role to the group. C. 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery jobUser role to the group. D. 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery dataViewer user role to the group. Answer: D

Answer 117

A. Create a Cloud Bigtable cluster and use the HBase API B. Deploy MongoDB Alias from the Google Cloud Marketplace C. Download a MongoDB installation package and run it on Compute Engine instances D. Download a MongoDB installation package, and run it on a Managed Instance Group Answer: D

Answer 118

A. Disable the flag “Delete boot disk when instance is deleted.” B. Enable delete protection on the instance. C. Disable Automatic restart on the instance. D. Enable Preemptibility on the instance. Answer: A

Answer 119

A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance. B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance. C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the “compute.osAdminLogin” role to the Google group corresponding to this team. D. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance. Answer: C

Answer 120

A. Ask your ML team to add the “accelerator: gpu” annotation to their pod specification. B. Recreate all the nodes of the GKE cluster to enable GPUs on all of them. C. Create your own Kubernetes cluster on top of Compute Engine with nodes that have GPUs. Dedicate this cluster to your ML team. D. Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelector to their pod specification. Answer: B

Answer 121

A. Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly. B. Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly. C. Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly. D. Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly. Answer: D

Answer 122

A. Navigate to Cloud Logging and view the application logs. B. Connect to the instance’s serial console and read the application logs. C. Configure a Health Check on the instance and set a Low Healthy Threshold value. D. Install and configure the Cloud Logging Agent and view the logs from Cloud Logging. Answer: D

Answer 123

A. Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage. B. Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage. C. Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage. D. Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage. Answer: C

Answer 124

A. Grant the Project Editor role to the Marketing learn for acme data digest B. Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team C. Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there D. Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team. Answer: C

Answer 125

A. 1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message. B. 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription. C. 1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint. D. 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application. Answer: D

Answer 126

A. Select Google Kubernetes Engine. Use a single-node cluster with a small instance type. B. Select Google Kubernetes Engine. Use a three-node cluster with micro instance types. C. Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type. D. Select Compute Engine. Use VM instance types that support micro bursting. Answer: C

Answer 127

A. Use granular logging statements within a Deployment Manager template authored in Python. B. Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console. C. Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures. D. Execute the Deployment Manager template using the –-preview option in the same project, and observe the state of interdependent resources. Answer: D

Answer 128

A. Use gcloud to create the new project, and then deploy your application to the new project. B. Use gcloud to create the new project and to copy the deployed application to the new project. C. Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project. D. Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project. Answer: C

Answer 129

A. Create a file in Cloud Storage per device and append new data to that file. B. Create a file in Cloud Filestore per device and append new data to that file. C. Ingest the data into Datastore. Store data in an entity group based on the device. D. Ingest the data into Cloud Bigtable. Create a row key based on the event timestamp. Answer: D

Answer 130

A. Grant all members of the DevOps team the role of Project Editor on the organization level. B. Grant all members of the DevOps team the role of Project Editor on the production project. C. Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project. D. Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level. Answer: A

Answer 131

A. Create a new subnet in the same region as the subnet being used. B. Add an alias IP range to the subnet used by the GKE clusters. C. Create a new VPC, and set up VPC peering with the existing VPC. D. Expand the CIDR range of the relevant subnet for the cluster. Answer: C

Answer 132

A. Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of “email.” B. Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.” C. Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly. D. Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly. Answer: D

Answer 133

A. Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity. B. Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity. C. Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console. D. Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password. Answer: A

Answer 134

``` A. Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket B. Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket C. Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket D. Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket ``` Answer: A

Answer 135

A. Assign appropriate access for Google services to the service account used by the Compute Engine VM. B. Create a service account with appropriate access for Google services, and configure the application to use this account. C. Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application. D. Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application. Answer: B

Answer 136

A. Use gcloud to expand the IP range of the current subnet. B. Delete the subnet, and recreate it using a wider range of IP addresses. C. Create a new project. Use Shared VPC to share the current network with the new project. D. Create a new subnet with the same starting IP but a wider range to overwrite the current subnet. Answer: C

Answer 137

A. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User. B. Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag. C. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner. D. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances. Answer: B

Answer 138

A. Enable Cloud CDN on the website frontend. B. Enable ‘Share publicly’ on the PDF file objects. C. Set Content-Type metadata to application/pdf on the PDF file objects. D. Add a label to the storage bucket with a key of Content-Type and value of application/pdf. Answer: C

Answer 139

A. Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server. B. Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server. C. Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server. D. Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address. Answer: A

Answer 140

A. When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section. B. Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account. C. Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account. D. Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json. Answer: A

Answer 141

A. In the console, validate which SSH keys have been stored as project-wide keys. B. Navigate to Identity-Aware Proxy and check the permissions for these resources. C. Enable Audit Logs on the IAM & admin page for all resources, and validate the results. D. Use the command gcloud projects get–iam–policy to view the current role assignments. Answer: B

Answer 142

A. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage. B. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage. C. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage. D. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage. Answer: B

Answer 143

A. Load data in Cloud Datastore and run a SQL query against it. B. Create a BigQuery table and load data in BigQuery. Run a SQL query on this table and drop this table after you complete your request. C. Create external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request. D. Create a Hadoop cluster and copy the AVRO file to NDFS by compressing it. Load the file in a hive table and provide access to your analysts so that they can run SQL queries. Answer: C

Answer 144

A. Increase the size of the disk to 1 TB. B. Increase the allocated CPU to the instance. C. Migrate to use a Local SSD on the instance. D. Migrate to use a Regional SSD on the instance. Answer: C

Answer 145

``` A. Use the gsutil to rewrite the storage class for the bucket Change the default storage class for the bucket B. Use the gsutil to rewrite the storage class for the bucket Set up Object Lifecycle management on the bucket C. Create a new bucket and change the default storage class for the bucket Set up Object Lifecycle management on lite bucket D. Create a new bucket and change the default storage class for the bucket import the files from the previous bucket into the new bucket ``` Answer: B

Answer 146

A. 1. Create a configuration for each project you need to manage. 2. Activate the appropriate configuration when you work with each of your assigned GCP projects. B. 1. Create a configuration for each project you need to manage. 2. Use gcloud init to update the configuration values when you need to work with a non-default project C. 1. Use the default configuration for one project you need to manage. 2. Activate the appropriate configuration when you work with each of your assigned GCP projects. D. 1. Use the default configuration for one project you need to manage. 2. Use gcloud init to update the configuration values when you need to work with a non-default project. Answer: D

Answer 147

A. Use Shared VPC to connect all projects, and link Stackdriver to one of the projects. B. For each project, create a Stackdriver account. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects. C. Configure a single Stackdriver account, and link all projects to the same account. D. Configure a single Stackdriver account for one of the projects. In Stackdriver, create a Group and add the other project names as criteria for that Group. Answer: D

Answer 148

A. Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer. B. Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service. C. Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing. D. Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on. Answer: A

Answer 149

A. Manual Scaling with 3 instances. B. Basic Scaling with min_instances set to 3. C. Basic Scaling with max_instances set to 3. D. Automatic Scaling with min_idle_instances set to 3. Answer: D

Answer 150

A. Add the users to roles/browser role. B. Add the users to roles/iam.roleViewer role. C. Add the users to a group, and add this group to roles/browser role. D. Add the users to a group, and add this group to roles/iam.roleViewer role. Answer: C

Answer 151

A. Store the database password inside the Docker image of the container, not in the YAML file. B. Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret. C. Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap. D. Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container. Answer: C

Answer 152

A. The pending Pod's resource requests are too large to fit on a single node of the cluster. B. Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod. C. The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod. D. The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods’ status. It is currently being rescheduled on a new node. Answer: B

Answer 153

A. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports. B. Set up a high-priority (1000) rule that pairs both ingress and egress ports. C. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports. D. Set up a high-priority (1000) rule to allow the appropriate ports. Answer: C

Answer 154

A. Set the maximum number of instances to 1. B. Decrease the maximum number of instances to 3. C. Use a TCP health check instead of an HTTP health check. D. Increase the initial delay of the HTTP health check to 200 seconds. Answer: D

Answer 155

A. Deploy Jenkins through the Google Cloud Marketplace. B. Create a new Compute Engine instance. Run the Jenkins executable. C. Create a new Kubernetes Engine cluster. Create a deployment for the Jenkins image. D. Create an instance template with the Jenkins executable. Create a managed instance group with this template. Answer: A

Answer 156

A. Add your SREs to roles/iam.roleAdmin role. B. Add your SREs to roles/accessapproval approver role. C. Add your SREs to a group and then add this group to roles/iam roleAdmin role. D. Add your SREs to a group and then add this group to roles/accessapproval approver role. Answer: A

Answer 157

``` A. Configure regional storage for the region closest to the users Configure a Nearline storage class B. Configure regional storage for the region closest to the users Configure a Standard storage class C. Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class D. Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class ``` Answer: B

Answer 158

A. In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes. B. When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’. C. Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes. D. Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account. Answer: B

Answer 159

A. Check the app.yaml file for your application and check project settings. B. Check the web-application.xml file for your application and check project settings. C. Go to Deployment Manager and review settings for deployment of applications. D. Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment. Answer: A

Answer 160

A. Link the acquired company’s projects to your company's billing account. B. Configure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset. C. Migrate the acquired company’s projects into your company’s GCP organization. Link the migrated projects to your company's billing account. D. Create a new GCP organization and a new billing account. Migrate the acquired company's projects and your company's projects into the new GCP organization and link the projects to the new billing account. Answer: D

Answer 161

A. Use Deployment Manager templates to describe the proposed changes and store them in a Cloud Storage bucket. B. Use Deployment Manager templates to describe the proposed changes and store them in Cloud Source Repositories. C. Apply the change in a development environment, run gcloud compute instances list, and then save the output in a shared Storage bucket. D. Apply the change in a development environment, run gcloud compute instances list, and then save the output in Cloud Source Repositories. Answer: B

Answer 162

A. Download the private key from the service account, and add it to each VMs custom metadata. B. Download the private key from the service account, and add the private key to each VM’s SSH keys. C. Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm. D. When creating the VMs, set the service account’s API scope for Compute Engine to read/write. Answer: C

Exam Flashcards

(187 cards)