Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

ForME > ForMe1 > Flashcards

ForMe1 Flashcards

(101 cards)

Start Studying
1
Q

You work in a small company where everyone should be able to view all resources of a specific project. You want to grant them access following Google’s recommended practices. What should you do?

A

Create a new Google Group and add all users to the group. Use “gcloud projects add-iam-policy-binding” with the Project Viewer role and Group email address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your project manager accidentally created an auto mode VPC. He is now asking you to convert the same to custom mode VPC as the applications are already deployed and they rely on static internal IP addresses. Is it possible?

A

Auto mode VPC can be converted to manual but the vice versa is not possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A health care company that provides medical service to the users want to track their network forensics, real-time security analysis and optimize the expense. The manager would like to track the network sent from and received by VM instances. What do you suggest they do?

A

VPC Flow Logs

Flow Logs are used to track network related findings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have been assigned to a new health application project where the backend instances are deployed using Managed Instance Groups. There are 4 instances running. The MIG is not set to automatically scale and you are asked to resize a group to handle an expected increase in traffic. Which of the following statements about MIG is incorrect?

A

When updating a MIG, no more than 500 instances can be specified in a single request.

When updating a MIG, up to 1000 instances can be specified in a single request.

?????????

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the gcloud command to create a cluster named ch09-cluster-10 with four nodes?

A

gcloud container clusters create ch09-cluster-10 –num-nodes=4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A development team works with two Cloud Functions using node.js code. Each function corresponds to environments for development and production. The code is same except for the Cloud SQL database values used in each function. Team wants to maintain code in a clean and reusable fashion and decides to pass the database value during function execution. Which feature will allow you to do this?

A

Environment Variables

Environment variables for cloud functions enable you to dynamically pass settings to your function code and libraries, without making changes to your code

https://cloud.google.com/functions/docs/env-var

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the correct command to create an IAM user using Google Cloud CLI?

A

The gcloud command to create an IAM user is gcloud projects add-iam-policy-binding whizlabs-prj –member “user:bob@xyz.com” –role “roles/editor”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A developer has asked you to create a single nginx server for dev environment. Which service would allow you to launch VM using predefined images?

A

Marketplace

Marketplace provides you with pre-built images which can be launched with just a few clicks without doing any configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following export options are available with Google Cloud Billing?

A

BigQuery and File

Billing export at the time of writing supports only BigQuery and File export

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are working for a service company that has an automobile client. The client has developed an application for internal use with Erlang and has approached your company to help him to ease the application deployment process on Google Cloud. The company does not have highly trained people so, wants you to deploy the application in such a way that post-deployment, they will be able to manage it without worrying about the infrastructure. Which of the following service would you prefer?

A

Using App Engine Flexible environment, you can deploy an application written in any language without managing instances, load balancers, etc. manually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Using the principle of least privilege, your colleague Bob needs to be able to create new instances on Compute Engine in project ‘Project A’. How should you give him access without giving more permissions than is necessary?

A

Give Bob Compute Engine Instance Admin Role for Project A - The Compute Engine Instance Admin role only gives access to create/edit compute engine resources such as instances, disks, and snapshots.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have an application server running on Compute Engine in the europe-west1-d zone. You need to ensure high availability and replicate the server to the europe-west2-c zone using the fewest steps possible. What should you

A

Create a snapshot from the disk.

Create a disk from the snapshot in the europe-west2-c zone.

Create a new VM with that disk.

This makes sure the VM gets replicated in the new zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which command will let you enable Google Compute service using gcloud CLI?

A

gcloud services enable compute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company has purchased a threat detection service from a third party and have asked you to upload all network logs to the application. Which of the following service will meet your requirements?

A

Flow logs capture each and every packet flowing within your network. It will record details like source IP, destination IP, source port, destination port, timestamp, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have a Kubernetes cluster with 1 node-pool. The cluster receives a lot of traffic and needs to grow. You decide to add a node. What should you do?

A

Use “gcloud container clusters resize” with the desired number of nodes.

This resizes the cluster to the desired number of nodes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Your team has deployed a few windows web servers on a custom VPC network and the same is running properly. After a few hours of the app suddenly crashes, developers are trying to remote access web servers, but are failing to do so. While troubleshooting the issue you realize that the firewall rule is missing. Which command will help you solve the problem?

A

The correct command to allow developers to remote access windows is:

gcloud compute firewall-rules create “remote-access” –network “whizlab-network” –allow tcp:3389.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You are trying to fetch metadata of a VM using “curl metadata.google.internal/computeMetadata/v1/” command but are constantly receiving 403 Forbidden. What could be the possible reason?

A

While querying metadata of an instance you must provide header “Metadata-Flavor: Google”. This header indicates that the request was sent with the intention of retrieving metadata values, rather than unintentionally from an insecure source, and allows the metadata server to return the data you requested. If you do not provide this header, the metadata server denies your request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In VPC, which firewall rules are created by default while creating an automatic default VPC?

A

Allow SSH, RDP, ICMP, and internal traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

One of your team members had accidentally included service account private JSON key while pushing code to GitHub. What steps should you immediately perform?

A

Private keys are meant to be kept safe and if they are uploaded to repositories, you must immediately delete them from the source and repository as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You have been hired as a contractor by one of the travel technology company who is planning to containerize their existing applications in such a way that they can perform a lift and shift very easily in future if they plan to move away from Google Cloud. Which service will best suit this case?

A

Kubernetes Engine

Kubernetes is an open-source solution supported by major cloud platforms and will be very easy for company to move out at later stage if required because they can use the same config files with very minor changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Your client wants to develop a new cost effective web application that runs on serverless platform using Cloud Function, Cloud Storage, Pub/Sub and Cloud CDN. The expected data would be 20 GB. Which of the following database would be the most suitable schemaless option to support the serverless functionality?

A

Cloud Firestore

Cloud Firestore is a fast, fully managed, serverless, cloud-native NoSQL document database that simplifies storing, syncing, and querying data for your mobile, web, and IoT apps at global scale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You have recently joined a startup that is migrating its infrastructure from AWS to Google Cloud. A junior has been assigned the task of migrating one of their web servers with Amazon Linux OS from AWS to GCP in a public subnet of custom VPC. He is able to migrate the instance successfully, but not able to get SSH access of migrated instance. What are the possible steps to look for? (Multiple Answer)

A

1-Check if he has added SSH key to the instance while launching phase. 2-Make sure the firewall is attached to the instance with tcp port 22 open. SSH works on TCP port 22 and hence that has to be allowed at firewall level along with public SSH key configured on VM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You need to allow traffic from specific virtual machines in ‘subnet-a’ network access to machines in ‘subnet-b’ without giving the entirety of subnet-a access. How can you accomplish this?

A

Create a firewall rule to allow traffic from resources with specific network tags, then assign the machines in subnet-a the same tags.

Network tags allow more granular access based on individually tagged instances - Instances by target tags: The firewall rule is applicable only to VMs if they have a matching network tag.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
You have set a firewall rule that will permit inbound connections to a VM instance named whizserver-2. You want to apply this rule only if there is not another rule that would deny that traffic. What priority would you give to this rule?
65535 is the largest number that is allowed in the range of value for priorities.
26
You have a system generated log files required to be later uploaded to Google Storage in the data lake. Since the data is only accessed couple of times in a year by the development team for debugging and log analysis. You are looking for a cheaper storage option for log files than the standard class. Which of the following is suitable?
Cloud Storage Coldline
27
You want your application hosted on a VM to fetch metadata of that instance. Which command will help you to fetch it?
curl metadata.google.internal/computeMetadata/v1/
28
Which of the following command could be used to change the storage class of an object in Cloud Storage?
gsutil rewrite -s [STORAGE\_CLASS] gs://Reports-PDF/[OBJECT\_NAME] The gsutil rewrite command rewrites cloud objects, applying the specified transformations to them. The transformation(s) are atomic and applied based on the input transformation flags (-s). Object metadata values are preserved unless altered by a transformation.
29
Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all projects in the organization. You provision the Google Cloud Resource Manager and set up yourself as the org admin. Which Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team?
Org viewer, project viewer Gives the security team read only access to everything your company produces, anything else gives them the ability to, accidentally or otherwise, change things, a violation to the principle of least privilege.
30
Engineering team is building an application which routes request on TCP layer. They need a load balancer with support of SSL termination on load balancer. Which of the following is the best available option?
SSL Proxy Load Balancer SSL Proxy is a Layer 3 load balancer with support of SSL termination
31
A GKE cluster was created with 4 nodes initially and after looking at the few months of monitoring report you realized that cluster is underutilized. You plan to reduce the number of nodes to 3 to save the cost. Which gcloud command will help you to do that?
The right way to update the number of nodes within a GKE cluster is via gcloud container clusters resize whizlabs-cluster --num-nodes=3
32
Among the list of permissions attached below, which of the following permissions are required to manage SSH keys on the project while setting project-wide metadata to access the instance if the OS Login is not working? Select 2.
The following 2 permissions are required on the project if setting project-wide metadata: compute. project.setCommonInstanceMetadata iam. serviceAccounts.actAs
33
You are a Google Cloud Engineer and assigned to set up a project for the team of four members. You need to grant only general permissions for all the resources of the project. You decided to grant a primitive role to each person for different levels of access on the basis of their responsibilities in the project. What is not considered as a primitive role in the Google Cloud Platform console?
Publisher is not a primitive role in Google Cloud Platform, but a predefined role.
34
Your client has prepared a new company policy in which each developer must sign a Contributor License Agreement (CLA) before code changes are committed to any version control repository. You have been asked to check each commit in a repository that includes the policy and your manager has also provided you with node.js code. Which of the following services can help you implement this solution?
Cloud Function Cloud Function can be used to retrieve commits, analyze code, committers and perform creative tasks such as checking a CLA.
35
You are managing the GCP Account of a client, the client raises a request to attach 9 local SSDs and launch a VM instance in us-east1 Region, as a Cloud Architect what would be your response to the above request?
Each local SSD is 375 GB in size, but you can attach up to 24 local SSD devices for 9 TB of total local SSD storage space per instance. If a resource is not available, you won’t be able to create new resources of that type, even if you still have remaining quota in your region or project. ## Footnote Read more about it here: https://cloud.google.com/compute/docs/disks/local-ssd https://cloud.google.com/compute/quotas
36
You need to deploy an update to an application in Google App Engine. The update is risky, but it can only be tested in a live environment. What is the best way to introduce the update to minimize risk?
Deploy a new version of the application but use traffic splitting to only direct a small number of users to the new version. Deploying a new version without assigning it as the default version will not create downtime for the application. Using traffic splitting allows for easily redirecting a small amount of traffic to the new version and can also be quickly reverted without application downtime
37
Your company has an application that is deployed using serverless architecture by making use of Cloud Function as backend code, Pub/Sub, Endpoints and serve the static content via Cloud Storage. Your application is used heavily and you were informed about an issue with respect to the Cloud Function. You realised that the issue is because of invocation limit per second. What is the default limit set by GCP to invoke a function per second?
The default invocation limit set by GCP is ## Footnote **1000 per seconds**
38
As per your manager’s instruction, you created a custom VPC with a subnet mask of 24 which provides 256 IP addresses but are only able to use 252 addresses out of it. You manager is trying to figure out what’s going wrong and approaches you for the answer. What will you answer to your manager?
GCP reserves four IP addresses in each primary subnet range, because of which the usable IP count is 252.
39
One of your clients has asked you to create an SFTP server on Google Cloud. Which storage service of Google Cloud will be the most reliable and durable option?
For file storage purpose, **Filestore** is the best option. Cloud Filestore is a managed file storage service for applications that require a filesystem interface and a shared filesystem for data. Filestore gives users a simple, native experience for standing up managed Network Attached Storage (NAS) with their Google Compute Engine and Kubernetes Engine instances.
40
You have an on-premise MySQL database that you have been asked to move to Google Cloud. Users should run SQL queries to fetch data from the database. Your solution should be cost-effective and allow increasing read capacities in the future. Which of the following Google Cloud product is the best for this scenario?
Cloud SQL Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.
41
You deployed 10 micro services using Google Kubernetes Engine. The command kubectl run deployed the micro services in different pods, 2 week later your manager asked you to delete the pods as the services were no longer needed. Which of the following options is the best way to delete the pods?
kubectl delete pod The best way is to delete the deployment is deleting the pod
42
Being a Senior Cloud Engineer of the company, you are asked to launch a managed MySQL DB using custom VPC with network range of 172.17.0.0/16 on Google Cloud keeping security at utmost priority allowing team members to access it only over private channel. You completed the setup with all the requirements, but developers are unable to access DB over the private network via application hosted on VM. What can be the reason?
You did not whitelist 172.17.0.0/16 in the firewall.
43
Your team has deployed a GKE cluster having 3 nodes for High Availability. The cluster was tested multiple times before moving to production, but it suddenly stopped working after deploying it to production environment. A team member approached you that he will need shell access to the container for a while to resolve the issue. Which command will give him access to the container?
kubectl exec -i -t whizlabs-web-server -- /bin/bash
44
ASM Info has deployed an application using Google App Engine flexible environment and you have been asked to ssh the VM instance in flexible environment, update the app configuration and if required, enable and disable the App Engine application, which of the following predefined role has access to perform these tasks?
App Engine Admin As per google docs, App Engine Admin has access to perform these tasks
45
When working on billing dashboard, which of the following option would lead you to cost details for a specific invoice month? Report Cost Breakdown Cost Table Billing Export
Cost Table The cost table gives a detailed tabular view of monthly costs for a given invoice
46
You have created a Kubernetes engine cluster named 'mycluster'. You've realized that you need to change the machine type for the cluster from n1-standard-1 to n1-standard-4. What is the command to make this change?
You must create a new node pool in the same cluster and migrate the workload to the new pool. You cannot change the machine type for an individual node pool after creation. You need to create a new pool and migrate your workload over. Here are the steps for “Migrating workloads to different machine types”
47
A system is expected to receive over 15,000 content delivery logs every minute from different web & mobile apps. Logs are received in JSON format. Due to logs being generated by different apps, each developed by a different team, logs do not have a fixed structure and may hold different attributes. Which of the following is a recommended storage option?
Cloud BigTable is a petabyte-scale, fully managed NoSQL database service for large analytical and operational workloads. It provides flexible schema options.
48
Your engineering team has developed an application which will be deployed using GKE. The application needs a monitoring agent running on each node without fail and any change in the number of nodes should also update the count of the monitoring agent. Which API resource would you use to achieve the desired result?
**DaemonSet** is responsible for making sure that one pod is always running on each node and scales automatically depending on the count of nodes.
49
Your client wants to migrate an application to Google Cloud which has 15 TB of relational data. The database is growing rapidly by 10 GB everyday. In addition, to support the traffic, at least 10 read replicas are required. Which of the following service would you meet the requirements?
Cloud Spanner Cloud Spanner is globally scalable, fully managed, enterprise relational database with automatic replication.
50
Your company’s data center has a CIDR of 10.20.0.0/10 and your remote office has 172.50.0.0/16. You have been asked to plan a migration of the workloads from your company’s data center to GCP. Which of the following CIDR range would you select for your VPC in GCP?
172.40.4.0/18 ## Footnote The company’s data center CIDR 10.20.0.0/10 will have the following IP range: 10. 0.0.1 - 10.63.255.254 https: //cloud.google.com/vpc/docs/configure-alias-ip-ranges
51
Your company has decided to build an in-house application for payroll processing, and you have been assigned task to create a VM, Cloud SQL DB and bucket for the same. While testing the application, developers found that they couldn’t upload files to bucket. How would you fix it?
Create a custom service account with write permission for Storage service and attach it to instance. -OR- While launching the instance under Identity and API access section stick to default service account, click on “Set access for API” and select either Write Only or Read Write scope for your instance.
52
Someone from a different team has approached you that he is working on a web application hosted on Google Cloud VM which needs view access to Google Cloud Storage service. Which of the following is the best approach?
Each VM has a default service account attached which gives VM read access to Storage service
53
A bug has been identified within your Python application which is hosted using App Engine and you are about to rollout a new version of the application to resolve the bug, but do not want the traffic to automatically shift to new version just to make sure the new version does not break anything. How would you achieve it?
Using --no-promote flag while deploying new version of the app will not automatically send traffic to new version.
54
You company has uploaded some business critical documents to Cloud Storage and your project manager wants you to restrict access to the objects by using ACLs. Which of the following permission would allow you to update the object ACLs?
storage.objects.update As per google docs, storage.objects.setIamPolicy allows user to update object ACL
55
Your application servers are deployed in private subnet and you connect to an application instance using a bastion host, you connect to the bastion host using Console Shell and then ssh to the respective application instance. Unfortunately, Cloud Shell is taking a lot of time to respond and you manager wants you to ssh to the instance to fix an application specific configuration. What command would you use to SSH into the server from public end?
gcloud compute ssh username@bastion-host The correct syntax is gcloud compute ssh + [USERNAME]+@[SERVERNAME]. From public end, you can only connect to bastion host, hence you need to connect to bastion host first and then connect to application instance.
56
You are launching VMs for your company’s internal application via CLI and you are not able to recollect one of the flags. Using which command you can help yourself?
The correct command to get help on any command is **gcloud help compute instances create**.
57
What does the CIDR 10.0.2.0/26 correspond to?
10.0.2.0 - 10.0.2.63 /26 means 64 IPs (=2^(32-26) = 2^6), means only the last digit can change https://cloud.google.com/vpc/docs/vpc
58
Your teammate launched 3 instances using gcloud compute instances create command with all the required flags. After few mins, you checked the console and found 0 instances in the GCE virtual machine section. How would you identify the project against which the command executed?
gcloud config list ## Footnote This command would list the properties for the currently active configurations.
59
You created an update for your application on App Engine. You want to deploy the update without impacting your users. You want to be able to roll back as quickly as possible if it fails. What should you do?
Deploy the update as a new version. Migrate traffic from the current version to the new version. Because this makes sure there is no downtime and you can roll back the fastest.
60
You created a VPC with a CIDR block of 10.40.0.0/16 with 2 subnets of CIDR range 10.40.1.0/24 and 10.40.2.0/24. What would be the default routes within this virtual private connection having the broadest CIDR range?
0.0.0.0/0 The system generated default route is 0.0.0.0/0 as it is the broadest possible range
61
You are working for a fast growing startup which has user base in US and Europe. Until now the company had all servers in Oregon region and has now decided to launch a replica of the entire infrastructure in EU region as well. You started migration process with the least used server by creating snapshot of its disk and moving it to London region. Once the snapshot was copied you launched a fresh VM using the snapshot but discovered that few of the files were corrupted. What can be the reason?
Snapshot was taken on a running VM. It is never recommended by Google to create a snapshot of running because this might corrupt data. You must always stop the instance and take a snapshot.
62
Your inventory application has 2 backend api servers launched using Auto Scaling Groups, you have been asked to load balance UDP, TCP and SSL traffic on ports that are not supported by the TCP proxy and SSL proxy load balancer. Which of the following Load Balancer would you use?
Network Load Balancer You can use Network Load Balancing to load balance UDP, TCP, and SSL traffic on ports that are not supported by the TCP proxy and SSL proxy load balancers.
63
You created an application for a large hospital which stores around 1GB of files every day on GCS. Most of these files are accessed very rarely after six months from the day of the first upload but are important and cannot be deleted. Which storage class would you prefer to save money after 6 months?
Coldline Coldline is the ideal place to store the type of data which is accessed very rarely. It is also the cheapest option for storage.
64
Which of the following IP address would you specify to define a CIDR range that will apply to all the destination addresses?
0.0.0.0/0
65
A cloud engineer wants to create a VM named whiz-server-1 with four CPUs. Which of the following commands would he use to create the VM whiz-server-1?
gcloud compute instances create --machine-type=n1-standard-4 whiz-server-1
66
There are 5 VPC networks in your staging project created for 5 different applications. Each network has its own CIDR range and firewall rules. You are asked to list the firewall rules of network 3 to perform an update. Select the appropriate response.
gcloud compute firewall-rules list --filter network=network 3 The firewall-rules are defined under VPC but when using gcloud, they can only be accessed by calling compute api and this the following command lists the firewall-rules for the given network.
67
You have 100TB of non-relational data and want to run analytics on it to see previous year net sales. Which tool suits best to your requirement?
BigTable BigTable is a managed NoSQL DB service designed for handling and processing large amounts of data.
68
Your client hosts a static website on Cloud Storage written in HTML, CSS, JavaScript. The site targets users in North America, the usage of website has grown worldwide and hundreds of thousands of visitors access it monthly. Visitors from different parts of the world are experiencing slow performance due to latency while users in the United States experience normal response times. What service can mitigate this issue?
Cloud CDN Google Cloud CDN leverages Google's globally distributed edge points of presence to accelerate content delivery for websites and applications served out of Google Compute Engine and Google Cloud Storage.
69
Your colleague has asked for help in creating an IAM role using Google Cloud CLI. Which of the following is the correct command to create an IAM role?
The gcloud command to create an IAM user is gcloud iam roles create viewer-role --project whizlabs-prj --file=role-definition.yaml.
70
While migrating traffic gradually between the 2 versions of your Flexible App Engine environment, you have encountered a spike in latency for loading request. Which of the following statement could be a cause of this issue?
Gradual traffic migration between the versions running in flexible environment is not supported. Gradual traffic migration is not supported in flexible environment.
71
John & co has deployed an application using Google App Engine standard environment. You have been asked to update the cron schedules and default cookie expiration time, which of the following predefined role has access to update default cookie expiration but no access to update cron schedules?
App Engine Admin As per google docs, App Engine Admin has access to update default cookie expiration but no access to update cron schedules
72
Your company has been working on an application for the last three months and is now ready to roll out the same to the UAT environment for beta testing. Your manager has asked you to create a replica of dev project. Which is the best way to clone/replicate the existing project?
There is no inbuilt option provided by GCP to clone/replicate the project
73
A developer accidentally deleted some of the files from a bucket. Luckily, the files were not critical and were re-created soon. Because of this, your team lead has asked you to enable versioning on bucket. Which command would help you enable the same?
gsutil versioning set on gs://whizlabs-bucket
74
As a cloud engineer, you have been asked to upgrade the free trial of your account and rename it to a production-inventory-system. You are getting permission denied error while making the changes. Which of the following permissions will solve the problem?
billing.accounts.update The required permission is billing.accounts.update on Billing Account resource.
75
You created a bucket in cloud storage and uploaded some files and then enabled object versioning on it. The files you have already added will have which of the following version?
Null By default, the object will have null version as versioning was enabled after uploading the files.
76
A web application is hosted on VM and its resources are stored in a bucket. You have been asked to let any authenticated user access the very high level blueprint of company’s product. This blueprint does not contain any confidential data or IP data so can be made available to the public as well. What changes are required to make it work?
**allAuthenticatedUsers** will allow any Gmail or Cloud Identity supported authenticated user to access the file.
77
You updated the metadata of an object stored in Reports-PDF bucket using google cloud SDK. You want to ensure that the metadata has been updated for that object before you confirm the changes to the development team. Which of the following google cloud SDK command would you use?
gsutil stat gs://Reports-PDF/[OBJECT\_NAME] The stat command will output details about the specified object URLs.
78
Your client wants to serve content using Cloud Storage that allow similar performance advantage as regions, but also wants higher availability that comes with being geo-redundant. You plan to use dual region to meet his requirement. Choose the regions that does not fall under dual region compatibility. A- nam4 B- us C- eur4 D- eu
Select 2: eu and us
79
Your department head has asked you to create a new custom manual VPC with three subnets having 20 usable IP addresses individually. Which subnet mask suits your requirement?
27 ## Footnote IPv4 consists of 4 octets which sum up to 32 bit. The formula to calculate the number of hosts is 2 power of n where n is the difference between 32 and subnet mask to be used. In this case, it will be 2 power of 5 = 32 hosts. In each CIDR block, two IPs are reserved: one for the network address and another one for broadcast which leaves us with 30 usable IP addresses. 32 - 27 = 5 2 power of 5 = 32 total IP addresses 32 - 2 = 30 usable IP addresses
80
A new client has approached your company with a requirement that they want to host a serverless on Google Cloud, but before that want you to give them price estimate of running serverless application using Cloud Function. Which all parameters will you consider while calculating price using Google Pricing Calculator?
You will need four parameters to give your client an estimate of running Cloud Functions. These are: Type, Bandwidth, Execution Time and Invocations per month.
81
Which of the following role provide granular access for a specific service and is managed by GCP? Custom Predefined Admin Primitive
Predefined roles are managed roles and provide service specific access
82
You have created a pre-populated PersistentVolume disk as ReadOnlyMany, when you try to mount the volume to a POD, you get failed to mount error, what could be the most likely reason for this failure?
You created a PersistentVolume but did not create a PersistentVolumeClaim
83
While working on a project, an application administrator has been given the responsibility of managing all resources. He wants to delegate the responsibility of managing the existing service accounts to another administrator. He will also be responsible to manage the other service accounts that will be created. Which of the following is the best way to delegate the privileges required to manage all the service accounts?
Granting iam.serviceAccountUser to the administrator at the project level. A user can manage all the service accounts in the project if service account user role iam.serviceAccountUser is granted to him at the project level. Also, whenever a new service account will be created, the administrator will be granted iam.serviceAccountUser automatically for that new service account.
84
You as a Senior Cloud Engineer doing POC on a business-critical application having database deployed on a GCE virtual machine. The requirement is to have a disk that supports up to 35,000 IOPS per instance. Which of the following disks is suitable to meet the requirement?
SSD Persistent Disk SSD Persistent Disk supports up to 15000-60000 IOPS per instance
85
A new junior engineer is joining your team. Your manager asks you to create an IAM user for him because he is out of the office today and has very limited access to the internet. You are trying to create an IAM user for the new joiner, but you receive an error saying: “Email addresses and domains must be associated with an active Google Account or Google Apps Account”. What is the possible reason for this?
As the error says you need to first create a user for the new joiner in GSuite or invalid Identity Platform.
86
Your team is building a media collection and analysis application for one of your clients. They have asked you to enable Google Photos API and YouTube API. Moreover, they want to test the API without integrating it within the application. Which service would help your development team test the API without integration?
API Explorer lets you make API calls to the service without actually integrating it within your application.
87
You have been asked to create VPC for a two-tier architecture for the frontend and backend of the application. Additionally, you need to make sure that backend instances are only reachable via frontend instances. What is the best approach to achieve this?
Just provide the service account attached to your frontend instance as a source filter for backend firewall and every instance launched in the future will be able to access it without additional changes.
88
Your managers want you to suggest a low-cost storage option that could be used to share read-only data across multiple instances with high performance and no edge caching. Which storage option would you suggest?
Cloud Storage is reliable object storage with an Option for no edge-caching service
89
You are currently working on a freelance project where you have to deploy a WordPress website on VM. You decided to use startup script to install WordPress and other libraries instead of manual install. While launching you forgot to use startup script and are wondering how to do it now?
Stop the instance, add a metadata with startup-script as key, and script content as value, and start the instance.
90
You work for a retail company that has a busy online store. As you are approaching New Year, you find that your e-store is getting more and more traffic. You ensure that your web servers are behind a managed instance group. However, you notice that the web tier is frequently scaling, sometimes multiple times in an hour. You need to prevent the instance group from scaling up and down so rapidly. Which of the following options would help you to achieve this?
Increase the cool down period.
91
You are distributing the traffic between a fleet of VMs with in your VPC using Internal TCP/UDP Load Balancer. Which of the following specification does not support the selected Load Balancing Type?
Global Availability Internal TCP/UDP Load Balancer are available within a Region and not Globally
92
Which of the following command could be used to autoscale a replication controller “foo” with number of pods between 1 to 10 having target cpu utilization at 80%?
**kubectl autoscale rc foo --max=10 --cpu-percent=80** ## Footnote This command is used to autoscale a replication controller with max 10 pods. It is important to specify --max flag as it defines the target pods that could be launched when cpu reaches 80%.
93
Your client has a web application that is currently using a single GCE to read the messages from a pub/sub topic, process them and store them in Cloud Bigtable by its unique order id. When a user uploads an order to Cloud Storage, it triggers a Cloud Function that inserts a message to pub/subtopic. The traffic is expected to increase next week and as a cloud engineer, you are expected to resolve any possible auto scaling problem. Which service is not likely to auto scale when the traffic is increased?
GCE
94
You were inspecting the containers running on a VM and found out that a pod is running which is no more required. You try to delete it but every time a new pod is created. What do you need to delete now for removing that pod?
**ReplicaSet** is responsible for maintain the desired number of pods hence, deleting it will delete the pod as well.
95
You are working with a healthcare startup as Google Cloud Consultant on a new project which they are about to launch next week as a beta version. All the static files are stored on GCS and you have been asked to make one of the PDF named whizlabs-bucket publicly available for the customers to download. You only have access to CLI to achieve the same. Which of the following command would you use to do it?
gsutil acl ch -u allUsers:r gs://whizlabs-bucket/file.pdf
96
Your company hired a Big Data consultant for creating real-time reporting application using roles/bigquery.dataOwner role provides permission to read, update, and delete the dataset. can create table but not new datasetGoogle Cloud service like BigQuery and PowerBI reporting tool. Your manager asked you to create an IAM user which gives him access to read, update, and delete the dataset but not to create one. Which role would you assign to him?
roles/bigquery.dataOwner role provides permission to read, update, and delete the dataset. can create table but not new dataset
97
A stock market company receives real-time updates from different stock prices in the USA. The company seeks a solution that can use stock price data for real-time analysis. The solution should allow high throughput to allow queries to run and return the required results with minimum latency. The solution should also be scaled out for more performance. Which of the following products is the best solution in this scenario?
Cloud BigTable is a petabyte-scale, fully managed NoSQL database service for large analytical and operational workloads. Under a typical workload, Cloud BigTable delivers highly predictable performance. When everything is running smoothly, a typical workload can achieve the following performance for each node in the Cloud Bigtable cluster, depending on which type of storage the cluster uses: In general, a cluster's performance increases linearly as you add nodes to the cluster. For example, if you create an SSD cluster with 10 nodes, the cluster can support up to 100,000 rows per second for a typical read-only or write-only workload, with 6 ms latency for each read or write operation.
98
Your company has 5 TB of testing data stored in the production database of a testing tool name Quality Center. The data is being used to create a real time analytics system which is causing slow response to the tester while using the tool. What should you do the improve the load on the database?
Set up a read replica Read replica can be used to run all the queries related to Analytics system
99
How many maximum instance-hours are supported by an App Engine as free daily usage quota when scaling an instance using Automatic Scaling type?
28 Instance Hours As per google documentation, automatic scaling has a free daily usage quota of 28 instance hours
100
You company has developed an application to accelerate the efficiency in making sales calls about the product of your client. Everytime a recipient is called, log sink is used to export the record to a destination. Which of the following destinations are supported? Choose any 2.
BigQuery - Pub/Sub Log sinks can be exported to Cloud Storage, Pub/Sub and BigQuery only
101
What is the command for creating a storage bucket that has once per month access and is named 'archive\_bucket'?
mb is to make the bucket. Nearline buckets are for once per month access. Coldline buckets require only accessing once per 90 days and would incur additional charges for greater access. Further Explanation Synopsis gsutil mb [-c class] [-l location] [-p proj\_id] url... If you don't specify a -c option, the bucket is created with the default storage class Standard Storage, which is equivalent to Multi-Regional Storage or Regional Storage, depending on whether the bucket was created in a multi-regional location or regional location, respectively. If you don't specify a -l option, the bucket is created in the default location (US). -l option can be any multi-regional or regional location.

ForME (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions