• Home
  • Articles
  • Google Associate-Cloud-Engineer Dumps - 100% Cover Real Exam Questions (Updated 245 Questions) [Q10-Q34]

Google Associate-Cloud-Engineer Dumps - 100% Cover Real Exam Questions (Updated 245 Questions) [Q10-Q34]

Share

Google Associate-Cloud-Engineer Dumps - 100% Cover Real Exam Questions (Updated 245 Questions)

Real Associate-Cloud-Engineer dumps - Real Google dumps PDF


How can you get ready for Associate Cloud Engineer Certification Exam

There is a study guide for Associate Cloud Engineer Certification Exam

Here is our instant guide if you don’t have time to read all the page

This exam is well recognized as Associate Cloud Engineer, like all examinations, Google has some freedom to examine a variety of topics. This means that most of the contents of Associate Cloud Engineer are necessary as they perform random tests on the many available topics. Also keep in mind that experience conditions often exist because they observed the average person and what is needed. You can always go further to succeed with the Associate Cloud Engineer, but it can take some extra effort. The exam objectives are strange for each exam and are usually provided by the certification provider. These normally indicate to the candidate which subjects are relevant, what he should know and why the exam tries to cover these subjects. It is necessary to find them out for your precise exam. This can be found on almost all provider websites and reports a lot like studies. Staying focused on studying can be difficult, but take it in mind that the best jobs in the world are only several tests away. Regardless of whether you enter cybersecurity or do a basic level technical job, certification is a clear, learning and rewarding path for careers that pay a LOT of money. They offer a better balance between professional and private life and can get in touch with some of the leaders in the business world. The Google Associate Cloud Engineer certification exam is of paramount importance both in professional life and in the Google certification process. With Google certification, you can easily get a good job in the market and move towards success. Specialists who have successfully finished the Google Associate Cloud Engineer exam preparation are the absolute favorites in the industry. You will pass the Google Associate Cloud Engineer certification exam and have career chances. In this advanced age, getting an excellent Google certification exam has become more necessary for Google specialists. If we examine the world of IT credentials, we will find many certified exams, but the truth is that Google Associate Cloud Engineer certification is above all the credentials available in the IT profession. The Google certification is one of the best ways to increase value in the IT world. You want to know why? The Associate Cloud Engineer exam module was recently presented by Google and has attracted the attention of many Google ACE professionals and aspiring people who wish to increase their credibility in the market.


Below is the cost of Associate Cloud Engineer Exam

The price of Associate Cloud Engineer exam is $125 USD (plus tax where appropriate)

 

NEW QUESTION 10
You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application.
You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce- , that has no overlapping IP ranges with the first VPC. This instance needs to connect to the network application on GKE. You want to minimize effort. What should you do?

  • A. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.
    2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.
    3. Configure the Compute Engine instance to use the address of the load balancer that has been created.
  • B. 1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.
    2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.
    3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.
    4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.
  • C. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.
    2. Set the service's externalTrafficPolicy to Cluster.
    3. Configure the Compute Engine instance to use the address of the load balancer that has been created.
  • D. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.
    2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal
    3. Peer the two VPCs together.
    4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

Answer: C

 

NEW QUESTION 11
Your organization uses Active Directory (AD) to manage user identities. Each user uses this identity for federated access to various on-premises systems. Your security team has adopted a policy that requires users to log into Google Cloud with their AD identity instead of their own login. You want to follow the Google-recommended practices to implement this policy. What should you do?

  • A. Sync identities with 3rd party LDAP sync, and then copy passwords to allow simplified login with (he same credentials
  • B. Sync identities with Cloud Directory Sync, and then copy passwords to allow simplified login with the same credentials.
  • C. Sync Identities in the Google Admin console, and then enable Oauth for single sign-on
  • D. Sync Identities with Cloud Directory Sync, and then enable SAML for single sign-on

Answer: D

 

NEW QUESTION 12
You need to deploy an application, which is packaged in a container image, in a new project. The application exposes an HTTP endpoint and receives very few requests per day. You want to minimize costs. What should you do?

  • A. Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled.
  • B. Deploy the container on App Engine Flexible.
  • C. Deploy the container on Cloud Run.
  • D. Deploy the container on Cloud Run on GKE.

Answer: C

 

NEW QUESTION 13
Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

  • A. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.
  • B. Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.
  • C. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.
  • D. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

Answer: B

Explanation:
Reference:
https://cloud.google.com/vpc/docs/firewalls

 

NEW QUESTION 14
An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination.
What should you do?

  • A. View Data Access audit logs in Stackdriver. Search for the user's email as the principal.
  • B. View System Event Logs in Stackdriver. Search for the user's email as the principal.
  • C. View the Admin Activity log in Stackdriver. Search for the service account associated with the user.
  • D. View System Event Logs in Stackdriver. Search for the service account associated with the user.

Answer: D

 

NEW QUESTION 15
You have a simple web application that you're trying to deploy in a secure and inexpensive way. The application is running inside a Docker container on port 8080. Once the application is initially deployed, the developers are going to take ownership of future deployments.
What is the best option for running the application?

  • A. Use an App Engine Standard Environment.
  • B. Use Kubernetes Engine.
  • C. Use an on-premises Kubernetes cluster.
  • D. Use an App Engine Flexible Environment.

Answer: D

 

NEW QUESTION 16
Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

  • A. Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
  • B. Ask the auditor for their Google account, and give them the Viewer role on the project.
  • C. Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.
  • D. Ask the auditor for their Google account, and give them the Security Reviewer role on the project.

Answer: B

 

NEW QUESTION 17
You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images. The microservice responsible for the image rendering requires a large amount of CPU time compared to the memory it requires. The other microservices are workloads that are optimized for n1-standard machine types. You need to optimize your cluster so that all workloads are using resources as efficiently as possible.
What should you do?

  • A. Create a node pool with compute-optimized machine type nodes for the image rendering microservice.
    Use the node pool with general-purpose machine type nodes for the other microservices
  • B. Assign the pods of the image rendering microservice a higher pod priority than the older microservices
  • C. Configure the required amount of CPU and memory in the resource requests specification of the image rendering microservice deployment.
    Keep the resource requests for the other microservices at the default
  • D. Use the node pool with general-purpose machine type nodes for lite mage rendering microservice .
    Create a nodepool with compute-optimized machine type nodes for the other microservices

Answer: A

 

NEW QUESTION 18
You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

  • A. Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.
  • B. In the Instance Template, add the label 'health-check'.
  • C. Create a health check on port 443 and use that when creating the Managed Instance Group.
  • D. In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

Answer: B

Explanation:
Reference:
https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances

 

NEW QUESTION 19
A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product displays. A Solutions Architect needs to implement a system for processing those sensor messages; the results must be available for the Data Analysis team.
Which architecture should be used to meet these requirements?

  • A. Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written directly to a DynamoDB table where it can be accessed by the Data Analysis team.
  • B. Use Amazon Route 53 to direct incoming sensor messages to a Lambda function to process the message and save the results to a Amazon DynamoDB table.
  • C. Implement an Amazon API Gateway to server as the HTTP endpoint. Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table.
  • D. Create an Amazon EC2 instance to server as the HTTP endpoint and to process the messages. Save the results to Amazon S3 for the Data Analysis team to download.

Answer: C

 

NEW QUESTION 20
Your company uses Cloud Storage to store application backup files for disaster recovery purposes. You want to follow Google's recommended practices. Which storage option should you use?

  • A. Regional Storage
  • B. Nearline Storage
  • C. Coldline Storage
  • D. Multi-Regional Storage

Answer: C

 

NEW QUESTION 21
You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using UDP. You want to make sure it is reachable by clients over that port. What should you do?

  • A. Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.
  • B. Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.
  • C. Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.
  • D. Add the network tag allow-udp-636 to the VM instance running the LDAP server.

Answer: B

 

NEW QUESTION 22
A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

  • A. Use the command gcloud projects get-iam-policy to view the current role assignments.
  • B. Enable Audit Logs on the IAM & admin page for all resources, and validate the results.
  • C. In the console, validate which SSH keys have been stored as project-wide keys.
  • D. Navigate to Identity-Aware Proxy and check the permissions for these resources.

Answer: C

Explanation:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys

 

NEW QUESTION 23
You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google's recommended practices. Which method should you use?

  • A. Deployment Manager
  • B. Unmanaged Instance Group
  • C. Managed Instance Group
  • D. Cloud Composer

Answer: C

Explanation:
Reference:
https://cloud.google.com/compute/docs/instances/

 

NEW QUESTION 24
You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?

  • A. Create an instance template for the instances. Set 'Automatic Restart' to off. Set 'On-host maintenance' to Terminate VM instances. Add the instance template to an instance group.
  • B. Create an instance template for the instances. Set the 'Automatic Restart' to on. Set the 'On-host maintenance' to Migrate VM instance. Add the instance template to an instance group.
  • C. Create an instance group for the instance. Verify that the 'Advanced creation options' setting for 'do not retry machine creation' is set to off.
  • D. Create an instance group for the instances. Set the 'Autohealing' health check to healthy (HTTP).

Answer: A

 

NEW QUESTION 25
You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web- applications project. What should you do?

  • A. Give "project owner" role to crm-databases-proj and the web-applications project.
  • B. Give "project owner" for web-applications appropriate roles to crm-databases- proj
  • C. Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
  • D. Give "project owner" role to crm-databases-proj and bigquery.dataViewer role to web- applications.

Answer: C

Explanation:
You just need read access for DB at the project.

 

NEW QUESTION 26
You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application are located all over the world. You want to minimize latency for the clients. Which load balancing option should you use?

  • A. Network Load Balancer
  • B. Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.
  • C. SSL Proxy Load Balancer
  • D. HTTPS Load Balancer

Answer: C

Explanation:
Reference:
https://cloud.google.com/load-balancing/docs/ssl

 

NEW QUESTION 27
You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

  • A. Select the latest available cluster version for your GKE cluster.
  • B. Enable the Node Auto-Upgrades feature for your GKE cluster.
  • C. Select "Container-Optimized OS (cos)" as a node image for your GKE cluster.
  • D. Enable the Node Auto-Repair feature for your GKE cluster.

Answer: B

Explanation:
https://cloud.google.com/kubernetes-engine/versioning-and-upgrades

 

NEW QUESTION 28
You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive data. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?

  • A. Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.
  • B. Configure the storage bucket as a static website and furnish the object's URL to the company. Delete the object from the storage bucket after four hours.
  • C. Create a signed URL with a four-hour expiration and share the URL with the company.
  • D. Set object access to 'public' and use object lifecycle management to remove the object after four hours.

Answer: C

Explanation:
Explanation

 

NEW QUESTION 29
You've created a new firewall rule to allow incoming traffic on port 22, using a target tag of "dev-ssh". You tried to connect to one of your instances, and you're still unable to connect. What steps do you need to take to resolve the problem?

  • A. Run the gcloud firewall-rules refresh command.
  • B. Reboot the instances for the firewall rule to take effect.
  • C. Apply a network tag of "dev-ssh" to the instance you're trying to connect into and test again.
  • D. Use source tags in place of the target tags.

Answer: C

 

NEW QUESTION 30
A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

  • A. Navigate to Identity-Aware Proxy and check the permissions for these resources.
  • B. In the console, validate which SSH keys have been stored as project-wide keys.
  • C. Use the command gcloud projects get-iam-policy to view the current role assignments.
  • D. Enable Audit Logs on the IAM & admin page for all resources, and validate the results.

Answer: A

Explanation:
Reference:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys

 

NEW QUESTION 31
Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup Language (SAML) integration with service providers. Your company has users in Cloud Identity. You would like users to authenticate using your company's SSO provider. What should you do?

  • A. Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps.
  • B. In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.
  • C. In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.
  • D. Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.

Answer: B

 

NEW QUESTION 32
You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same Deployment Manager deployment, you also want to create a DaemonSet in the kube-system namespace of the cluster. You want a solution that uses the fewest possible services. What should you do?

  • A. In the cluster's definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.
  • B. Add the cluster's API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.
  • C. With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.
  • D. Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.

Answer: C

 

NEW QUESTION 33
You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

  • A. Manual Scaling with 3 instances.
  • B. Basic Scaling with max_instances set to 3.
  • C. Automatic Scaling with min_idle_instances set to 3.
  • D. Basic Scaling with min_instances set to 3.

Answer: C

 

NEW QUESTION 34
......

Realistic PrepPDF Associate-Cloud-Engineer Dumps PDF - 100% Passing Guarantee: https://www.preppdf.com/Google/Associate-Cloud-Engineer-prepaway-exam-dumps.html

Free Google Associate-Cloud-Engineer Exam Questions & Answer: https://drive.google.com/open?id=1YF-Z7txo4cjgykjKghUJe8GQHUbQQ8Ca 

Related Articles

more
Google Associate-Cloud-Engineer Certification Practice Exam