Google Professional Cloud Architect Exam Practice Test Instant Access

Question 1

Your architecture calls for the centralized collection of all admin activity and VM system logs within your

project.

How should you collect these logs from both VMs and services?

AAll admin and VM system logs are automatically collected by Stackdriver.

BStackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent
must be installed on each instance to collect system logs.

CLaunch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it.

DInstall the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.

Answer : B

https://cloud.google.com/logging/docs/agent/default-logs

Question 2

You want to automate the creation of a managed instance group and a startup script to install the OS package dependencies. You want to minimize the startup time for VMs in the instance group.

What should you do?

AUse Terraform to create the managed instance group and a startup script to install the OS package
dependencies.

BCreate a custom VM image with all OS package dependencies. Use Deployment Manager to create the managed instance group with the VM image.

CUse Puppet to create the managed instance group and install the OS package dependencies.

DUse Deployment Manager to create the managed instance group and Ansible to install the OS package dependencies.

Answer : B

'Custom images are more deterministic and start more quickly than instances with startup scripts. However, startup scripts are more flexible and let you update the apps and settings in your instances more easily.' https://cloud.google.com/compute/docs/instance-templates/create-instance-templates#using_custom_or_public_images_in_your_instance_templates

Question 3

For this question, refer to the Dress4Win case study. To be legally compliant during an audit, Dress4Win must be able to give insights in all administrative actions that modify the configuration or metadata of resources on Google Cloud.

What should you do?

AUse Stackdriver Trace to create a trace list analysis.

BUse Stackdriver Monitoring to create a dashboard on the project's activity.

CEnable Cloud Identity-Aware Proxy in all projects, and add the group of Administrators as a member.

DUse the Activity page in the GCP Console and Stackdriver Logging to provide the required insight.

Answer : A

https://cloud.google.com/logging/docs/audit/

Question 4

For this question, refer to the TerramEarth case study.

You start to build a new application that uses a few Cloud Functions for the backend. One use case requires a Cloud Function func_display to invoke another Cloud Function func_query. You want func_query only to accept invocations from func_display. You also want to follow Google's recommended best practices. What should you do?

ACreate a token and pass it in as an environment variable to func_display. When invoking func_query, include the token in the request Pass the same token to func _query and reject the invocation if the tokens are different.

BMake func_query 'Require authentication.' Create a unique service account and associate it to func_display. Grant the service account invoker role for func_query. Create an id token in func_display and include the token to the request when invoking func_query.

CMake func _query 'Require authentication' and only accept internal traffic. Create those two functions in the same VPC. Create an ingress firewall rule for func_query to only allow traffic from func_display.

DCreate those two functions in the same project and VPC. Make func_query only accept internal traffic. Create an ingress firewall for func_query to only allow traffic from func_display. Also, make sure both functions use the same service account.

Answer : B

https://cloud.google.com/functions/docs/securing/authenticating#authenticating_function_to_function_calls

Question 5

You need to set up Microsoft SQL Server on GCP. Management requires that there's no downtime in case of a data center outage in any of the zones within a GCP region. What should you do?

AConfigure a Cloud SQL instance with high availability enabled.

BConfigure a Cloud Spanner instance with a regional instance configuration.

CSet up SQL Server on Compute Engine, using Always On Availability Groups using Windows Failover
Clustering. Place nodes in different subnets.

DSet up SQL Server Always On Availability Groups using Windows Failover Clustering. Place nodes in different zones.

Answer : D

https://cloud.google.com/sql/docs/sqlserver/configure-ha

Question 6

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?

AThe effective policy is determined only by the policy set at the node

BThe effective policy is the policy set at the node and restricted by the policies of its ancestors

CThe effective policy is the union of the policy set at the node and policies inherited from its ancestors

DThe effective policy is the intersection of the policy set at the node and policies inherited from its ancestors

Answer : B

Question 7

For this question, refer to the Mountkirk Games case study.

Mountkirk Games has deployed their new backend on Google Cloud Platform (GCP). You want to create a thorough testing process for new versions of the backend before they are released to the public. You want the testing environment to scale in an economical way. How should you design the process?

ACreate a scalable environment in GCP for simulating production load.

BUse the existing infrastructure to test the GCP-based backend at scale.

CBuild stress tests into each component of your application using resources internal to GCP to simulate load.

DCreate a set of static environments in GCP to test different levels of load --- for example, high, medium, and low.

Answer : A

From scenario: Requirements for Game Backend Platform

Dynamically scale up or down based on game activity

Connect to a managed NoSQL database service

Run customize Linux distro

Google Professional Cloud Architect Google Cloud Architect Professional Exam Practice Test