• Home
  • Articles
  • Apr-2023 Pass Google Associate-Cloud-Engineer Exam in First Attempt Easily [Q126-Q141]

Apr-2023 Pass Google Associate-Cloud-Engineer Exam in First Attempt Easily [Q126-Q141]

Share

Apr-2023 Pass Google Associate-Cloud-Engineer Exam in First Attempt Easily

Free Associate-Cloud-Engineer Exam Files Downloaded Instantly 100% Dumps & Practice Exam


Deploying & Implementing Cloud Solutions

  • Deploy and implement data solutions: the applicants should be able to initialize data systems with Google products and load data;
  • Deploy and implement networking resources: this will measure your ability to launch Compute Engine instances using custom network configuration; create egress and ingress firewall rule or VPC; create VPNs between the external network and Google VPC with Cloud VPN; create the load balancer to allocate the application network traffic for apps;
  • Deploy and implement compute engine resources: the skills required for this area include launching compute instances with Cloud SDK and Cloud Console; creating auto-scaled managed instance groups with instance templates; uploading/generating custom SSH keys for instances; configuring virtual machines or Stackdriver logging and monitoring. It also requires that the students can assess compute quotas and request for increases; install a Stackdriver Agent for logging and monitoring;
  • Deploy solutions with Cloud Marketplace: the candidates must demonstrate the ability to browse the Cloud Marketplace catalog to check solution details; deploy Cloud Marketplace solutions;
  • Deploy and implement App Engine, Cloud Functions, and Cloud Run resources: the learners will be required to demonstrate their skills in the deployment of applications, traffic splitting, updating scaling configuration, as well as deployment of applications that accept Google Cloud events;
  • Deploy an application infrastructure with Cloud Deployment Manager with a focus on the development and launch of Deployment Manager templates.

 

NEW QUESTION 126
You have a workload running on Compute Engine that is critical to your business. You want to ensure that the data on the boot disk of this workload is backed up regularly. You need to be able to restore a backup as quickly as possible in case of disaster. You also want older backups to be cleaned automatically to save on cost. You want to follow Google-recommended practices. What should you do?

  • A. Create a Cloud Function to create an instance template.
  • B. Create a snapshot schedule for the disk using the desired interval.
  • C. Create a cron job to create a new disk from the disk using gcloud.
  • D. Create a Cloud Task to create an image and export it to Cloud Storage.

Answer: B

 

NEW QUESTION 127
You work for a retail company that has a busy online store. As you are approaching New Year, you find that your e-store is getting more and more traffic. You ensure that your web servers are behind a managed instance group. However, you notice that the web tier is frequently scaling, sometimes multiple times in an hour. You need to keep instance group from scaling up and down so rapidly. Which of the following options would help you to achieve this?

  • A. Change the auto scaling metric to use multiple metrics instead of just one metric.
  • B. Reduce the number of maximum instance count.
  • C. Associate a health check with instance group.
  • D. Increase the cool down period.

Answer: D

 

NEW QUESTION 128
You're deploying an application to a Compute Engine instance, and it's going to need to make calls to read from Cloud Storage and Bigtable. You want to make sure you're following the principle of least privilege. What's the easiest way to ensure the code can authenticate to the required Google Cloud APIs?

  • A. Create a new service account and key with the required limited permissions. Set the instance to use the new service account. Edit the code to use the service account key.
  • B. Create a new user account with the required roles. Store the credentials in Cloud Key Management Service and download them to the instance in code.
  • C. Register the application with the Binary Registration Service and apply the required roles.
  • D. Use the default Compute Engine service account and set its scopes. Let the code find the default service account using "Application Default Credentials".

Answer: D

 

NEW QUESTION 129
For analysis purposes, you need to send all the logs from all of your Compute Engine instances to a BigQuery dataset called platform-logs. You have already installed the Stackdriver Logging agent on all the instances. You want to minimize cost. What should you do?

  • A. 1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2. Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset.
  • B. 1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.
  • C. 1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances' metadata to add the following value: logs-destination: bq://platform-logs.
  • D. 1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform-logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day.

Answer: B

 

NEW QUESTION 130
You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?

  • A. 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.
    2. Create a Cloud Pub/Sub subscription for that topic.
    3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.
  • B. 1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.
    2. Call your application on Cloud Run from the Cloud Function for every message.
  • C. 1. Create a service account.
    2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.
    3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.
  • D. 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.
    2. Create a Cloud Pub/Sub subscription for that topic.
    3. Make your application pull messages from that subscription.

Answer: C

 

NEW QUESTION 131
You are using Container Registry to centrally store your company's container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

  • A. In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
  • B. When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under
    `Access scopes'.
  • C. Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
  • D. Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Answer: A

Explanation:
IAM permissions
IAM permissions determine who can access resources. All users, service accounts, and other identities that interact with Container Registry must have the appropriate Cloud Storage permissions.
By default, Google Cloud use default service accounts to interact with resources within the same project. For example, the Cloud Build service account can both push and pull images when Container Registry is in the same project.
You must configure or modify permissions yourself if:
You are using a service account in one project to access Container Registry in a different project You are using a default service account with read-only access to storage, but you want to both pull and push images You are using a custom service account to interact with Container Registry
https://cloud.google.com/container-registry/docs/access-control

 

NEW QUESTION 132
You deployed an App Engine application using gcloud app deploy, but it did not deploy to the intended project. You want to find out why this happened and where the application deployed. What should you do?

  • A. Go to Deployment Manager and review settings for deployment of applications.
  • B. Check the web-application.xml file for your application and check project settings.
  • C. Check the app.yaml file for your application and check project settings.
  • D. Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

Answer: C

Explanation:
Reference:
https://cloud.google.com/endpoints/docs/openapi/troubleshoot-aeflex-deployment

 

NEW QUESTION 133
You want to find out who in your organization has Owner access to a project called "my- project".What should you do?

  • A. In the Google Cloud Platform Console, go to the IAM page for your organization and apply the filter "Role:Owner".
  • B. In the Google Cloud Platform Console, go to the IAM page for your project and apply the filter
    "Role:Owner".
  • C. Use "gcloud iam list-grantable-role --project my-project" from your Terminal.
  • D. Use "gcloud iam list-grantable-role" from Cloud Shell on the project page.

Answer: B

Explanation:
A is not correct because it will give the org-wide owners, but you are interested in the project owners, which could be different.
B is correct because this shows you the Owners of the project.
C is not correct because this command is to list grantable roles for a resource, but does not return who has a specific role.
D is not correct because this command is to list grantable roles for a resource, but does not return who has a specific role.

 

NEW QUESTION 134
You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

  • A. Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.
  • B. Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.
  • C. Change the default region property setting in the existing GCP project to asia-northeast1.
  • D. Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

Answer: B

 

NEW QUESTION 135
You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below:

You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

  • A. Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.
  • B. Store the database password inside the Docker image of the container, not in the YAML file.
  • C. Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.
  • D. Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

Answer: C

 

NEW QUESTION 136
An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination.
What should you do?

  • A. View System Event Logs in Stackdriver. Search for the user's email as the principal.
  • B. View the Admin Activity log in Stackdriver. Search for the service account associated with the user.
  • C. View System Event Logs in Stackdriver. Search for the service account associated with the user.
  • D. View Data Access audit logs in Stackdriver. Search for the user's email as the principal.

Answer: C

 

NEW QUESTION 137
You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same Deployment Manager deployment, you also want to create a DaemonSet in the kube-systemnamespace of the cluster. You want a solution that uses the fewest possible services. What should you do?

  • A. In the cluster's definition in Deployment Manager, add a metadata that has kube-systemas key and the DaemonSet manifest as value.
  • B. Add the cluster's API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.
  • C. Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.
  • D. With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectlto create the DaemonSet.

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl

 

NEW QUESTION 138
You need to set up a policy so that videos stored in a specific Cloud Storage Regional bucket are moved to Coldline after 90 days, and then deleted after one year from their creation.
How should you set up the policy?

  • A. Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions.
    Set the SetStorageClass action to 90 days and the Delete action to 275 days (365-90)
  • B. Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions.
    Set the SetStorageClass action to 90 days and the Delete action to 365 days.
  • C. Use gsutil rewrite and set the Delete action to 365 days.
  • D. Use gsutil rewrite and set the Delete action to 275 days (365-90).

Answer: A

 

NEW QUESTION 139
A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address.
Which tool or service should a Solutions Architect recommend to block the IP address?

  • A. AWS Shield
  • B. Network ACL
  • C. Security groups
  • D. AWS WAF

Answer: D

 

NEW QUESTION 140
You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?

  • A. Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.
  • B. When creating the VM via the web console, specify the service account under the 'Identity and API Access' section.
  • C. Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.
  • D. Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.

Answer: B

 

NEW QUESTION 141
......

Free Exam Updates Associate-Cloud-Engineer dumps with test Engine Practice: https://www.preppdf.com/Google/Associate-Cloud-Engineer-prepaway-exam-dumps.html

Updated Verified Associate-Cloud-Engineer dumps Q&As - 100% Pass Guaranteed: https://drive.google.com/open?id=1K4YSID56-jzI3UU8py57Tk0wOmY670PB

Related Articles

more
Google Associate-Cloud-Engineer Certification Practice Exam