Google Associate-Cloud-Engineer Exam Practice Test Instant Access

Question 1

You are deploying a web application using Compute Engine. You created a managed instance group (MIG) to host the application. You want to follow Google-recommended practices to implement a secure and highly available solution. What should you do?

AUse SSL proxy load balancing for the MIG and an A record in your DNS private zone with the load balancer's IP address.

BUse SSL proxy load balancing for the MIG and a CNAME record in your DNS public zone with the load balancer's IP address.

CUse HTTP(S) load balancing for the MIG and a CNAME record in your DNS private zone with the load balancer's IP address.

DUse HTTP(S) load balancing for the MIG and an A record in your DNS public zone with the load balancer's IP address.

Answer : D

HTTP(S) load balancing is a Google-recommended practice for distributing web traffic across multiple regions and zones, and providing high availability, scalability, and security for web applications. It supports both IPv4 and IPv6 addresses, and can handle SSL/TLS termination and encryption. It also integrates with Cloud CDN, Cloud Armor, and Cloud Identity-Aware Proxy for enhanced performance and protection. A MIG can be used as a backend service for HTTP(S) load balancing, and can automatically scale and heal the VM instances that host the web application.

To configure DNS for HTTP(S) load balancing, you need to create an A record in your DNS public zone with the load balancer's IP address. This will map your domain name to the load balancer's IP address, and allow users to access your web application using the domain name. A CNAME record is not recommended, as it can cause latency and DNS resolution issues. A private zone is not suitable, as it is only visible within your VPC network, and not to the public internet.

HTTP(S) Load Balancing documentation

Setting up DNS records for HTTP(S) load balancing

Choosing a load balancer

Question 2

A colleague handed over a Google Cloud project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

AIn the Google Cloud console, validate which SSH keys have been stored as project-wide keys.

BNavigate to Identity-Aware Proxy and check the permissions for these resources.

CEnable Audit logs on the 1AM & admin page for all resources, and validate the results.

DUse the gcloud projects get-iam-policy command to view the current role assignments.

Answer : D

The gcloud projects get-iam-policy command displays the IAM policy for a project, which includes the roles and members assigned to those roles. The Project Owner role grants full access to all resources and actions in the project. By using this command, you can review who has been granted this role and make any necessary changes.Reference:

1: Associate Cloud Engineer Certification Exam Guide | Learn - Google Cloud

2: gcloud projects get-iam-policy | Cloud SDK Documentation | Google Cloud

3: Understanding roles | Cloud IAM Documentation | Google Cloud

Question 3

You are responsible for a web application on Compute Engine. You want your support team to be notified automatically if users experience high latency for at least 5 minutes. You need a Google-recommended solution with no development cost. What should you do?

ACreate an alert policy to send a notification when the HTTP response latency exceeds the specified threshold.

BImplement an App Engine service which invokes the Cloud Monitoring API and sends a notification in case of anomalies.

CUse the Cloud Monitoring dashboard to observe latency and take the necessary actions when the response latency exceeds the specified threshold.

DExport Cloud Monitoring metrics to BigQuery and use a Looker Studio dashboard to monitor your web applications latency.

Answer : A

https://cloud.google.com/monitoring/alerts#alerting-example

Question 4

You just installed the Google Cloud CLI on your new corporate laptop. You need to list the existing instances of your company on Google Cloud. What must you do before you run the gcloud compute instances list command?

Choose 2 answers

ARun gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.

BCreate a Google Cloud service account, and download the service account key. Place the key file in a folder on your machine where gcloud CLI can find it.

CDownload your Cloud Identity user account key. Place the key file in a folder on your machine where gcloud CLI can find it.

DRun gcloud config set compute/zone $my_zone to set the default zone for gcloud CLI.

ERun gcloud config set project $my_project to set the default project for gcloud CLI.

Answer : A, E

Before you run the gcloud compute instances list command, you need to do two things: authenticate with your user account and set the default project for gcloud CLI.

To authenticate with your user account, you need to run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.This will authorize the gcloud CLI to access Google Cloud resources on your behalf1.

To set the default project for gcloud CLI, you need to run gcloud config set project $my_project, where $my_project is the ID of the project that contains the instances you want to list.This will save you from having to specify the project flag for every gcloud command2.

Option B is not recommended, because using a service account key increases the risk of credential leakage and misuse.It is also not necessary, because you can use your user account to authenticate to the gcloud CLI3. Option C is not correct, because there is no such thing as a Cloud Identity user account key.Cloud Identity is a service that provides identity and access management for Google Cloud users and groups4. Option D is not required, because the gcloud compute instances list command does not depend on the default zone. You can list instances from all zones or filter by a specific zone using the --filter flag.

1: https://cloud.google.com/sdk/docs/authorizing

2: https://cloud.google.com/sdk/gcloud/reference/config/set

3: https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys

4: https://cloud.google.com/identity/docs/overview

: https://cloud.google.com/sdk/gcloud/reference/compute/instances/list

Question 5

You are in charge of provisioning access for all Google Cloud users in your organization. Your company recently acquired a startup company that has their own Google Cloud organization. You need to ensure that your Site Reliability Engineers (SREs) have the same project permissions in the startup company's organization as in your own organization. What should you do?

AIn the Google Cloud console for your organization, select Create role from selection, and choose destination as the startup company's organization

BIn the Google Cloud console for the startup company, select Create role from selection and choose source as the startup company's Google Cloud organization.

CUse the gcloud iam roles copy command, and provide the Organization ID of the startup company's
Google Cloud Organization as the destination.

DUse the gcloud iam roles copy command, and provide the project IDs of all projects in the startup company s organization as the destination.

Answer : D

https://cloud.google.com/architecture/best-practices-vpc-design#shared-service Cloud VPN is another alternative. Because Cloud VPN establishes reachability through managed IPsec tunnels, it doesn't have the aggregate limits of VPC Network Peering. Cloud VPN uses a VPN Gateway for connectivity and doesn't consider the aggregate resource use of the IPsec peer. The drawbacks of Cloud VPN include increased costs (VPN tunnels and traffic egress), management overhead required to maintain tunnels, and the performance overhead of IPsec.

Question 6

You need to deploy an application in Google Cloud using savorless technology. You want to test a new version of the application with a small percentage of production traffic. What should you do?

ADeploy the application lo Cloud. Run. Use gradual rollouts for traffic spelling.

BDeploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.

CDeploy the application to Cloud functions. Saucily the version number in the functions name.

DDeploy the application to App Engine. For each new version, create a new service.

Answer : A

Question 7

Your company developed an application to deploy on Google Kubernetes Engine. Certain parts of the application are not fault-tolerant and are allowed to have downtime Other parts of the application are critical and must always be available. You need to configure a Goorj e Kubernfl:es Engine duster while optimizing for cost. What should you do?

ACreate a cluster with a single node-pool by using standard VMs. Label the fault-tolerant Deployments as spot-true.

BCreate a cluster with a single node-pool by using Spot VMs. Label the critical Deployments as spot-false.

CCreate a cluster with both a Spot W node pool and a rode pool by using standard VMs Deploy the critical.
deployments on the Spot VM node pool and the fault; tolerant deployments on the node pool by using standard VMs.

DCreate a cluster with both a Spot VM node pool and by using standard VMs. Deploy the critical deployments on the mode pool by using standard VMs and the fault-tolerant deployments on the Spot VM node pool.

Answer : C

Google Associate Cloud Engineer Exam Practice Test