Review the Answers

Filter By All Questions

Question 1Correct
Domain: Other

You have a system generated log files required to be later uploaded to Google Storage in the data lake. Since the data is only accessed couple of times in a year
by the development team for debugging and log analysis. You are looking for a cheaper storage option for log files than the standard class. Which of the
following is suitable?

A. Cloud Storage Nearline

B. Cloud Storage Coldlineright
C. BigQuery
D. Filestore

Explanation:

Correct Answer: B                                                 

Google Cloud Storage Nearline is a low-cost, highly durable storage service for storing infrequently accessed data. Nearline Storage is ideal for data you plan to
read or modify on average once a month or less.

Google Cloud Storage Coldline is a very-low-cost, highly durable storage service for data archiving, online backup, and disaster recovery. Coldline Storage is
the best choice for data that you plan to access at most once a quarter, due to its slightly lower availability, 90-day minimum storage duration, costs for data
access, and higher per operation costs.

Option A is incorrect: Scenario mentions the need to access the data few times a year. Hence, Nearline is not a suitable option because Nearline is used to plan
archive data accessed at most once a month.

Options C and D are incorrect: Both BigQuery and Filestore’s storage rate is two times higher than Cloud Storage Nearline.

Source(s):

Google Storage Classes:

https://cloud.google.com/storage/docs/storage-classes

Ask our Experts

View Queries
Did you like this Question?
Question 2Correct
Domain: Other

A system is expected to receive over 15,000 content delivery logs every minute from different web & mobile apps. Logs are received in JSON format. Due to
logs being generated by different apps, each developed by a different team, logs do not have a fixed structure and may hold different attributes. Which of the
following is a recommended storage option?

A. Cloud SQL
B. Cloud Spanner
C. BigTableright
D. Datastore

Explanation:

Correct Answer: C

Cloud BigTable is a petabyte-scale, fully managed NoSQL database service for large analytical and operational workloads. It provides flexible schema options.

Options A and B are incorrect: Cloud SQL & Spanner are relational database services. They are not recommended for JSON-format log data with a flexible
schema.

Option D is incorrect: Datastore can be a potential choice since it’s a NoSQL database. However, Datastore is not built for storing huge data volumes as
required in this scenario. Datastore is designed for web applications of small scale.

Source(s):

BigTable vs Datastore:

https://stackoverflow.com/questions/30085326/google-cloud-bigtable-vs- google-cloud-datastore

Ask our Experts

View Queries
Did you like this Question?

Question 3Correct
Domain: Other
A stock market company receives real-time updates from different stock prices in the USA. The company seeks a solution that can use stock price data for real-
time analysis. The solution should allow high throughput to allow queries to run and return the required results with minimum latency. The solution should also
be scaled out for more performance. Which of the following products is the best solution in this scenario?

A. BigTableright
B. BigQuery
C. Datastore
D. Cloud Spanner

Explanation:

Correct Answer: A

Cloud BigTable is a petabyte-scale, fully managed NoSQL database service for large analytical and operational workloads. Under a typical workload, Cloud
BigTable delivers highly predictable performance. When everything is running smoothly, a typical workload can achieve the following performance for each
node in the Cloud Bigtable cluster, depending on which type of storage the cluster uses:

                                                 

In general, a cluster's performance increases linearly as you add nodes to the cluster. For example, if you create an SSD cluster with 10 nodes, the cluster can
support up to 100,000 rows per second for a typical read-only or write-only workload, with 6 ms latency for each read or write operation.

Option B is incorrect: BigQuery doesn’t provide the high throughput and low latency competent to Bigtable. Moreover, you are unable to increase BigQuery’s
performance, opposed to Bigtable which you can add more nodes for linear performance return.

Option C is incorrect: Datastore is not built for storing and reading huge data volumes as required in this scenario. Datastore is designed for web applications
of small scale.

Option D is incorrect: Cloud Spanner does not guarantee the same performance and low latency as BigTable.

Source(s):

Understanding BigTable Performance:

https://cloud.google.com/bigtable/docs/performance

Ask our Experts

View Queries
Did you like this Question?
Question 4Correct
Domain: Other

You have an on-premise MySQL database that you have been asked to move to Google Cloud. Users should run SQL queries to fetch data from the database.
Your solution should be cost-effective and allow increasing read capacities in the future. Which of the following Google Cloud product is the best for this
scenario?

A. Cloud Storage
B. Cloud Spanner
C. Cloud SQLright
D. Cloud Datastore

Explanation:

Correct Answer: C

Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL
Server databases in the cloud.

Option A is incorrect: Google Storage is blob storage. It does not work as an RDMS.

Option B is incorrect: Cloud Spanner is a very sophisticated and expensive approach for this scenario. Cloud SQL is enough to cover the requirements.

Option D is incorrect: Datastore is a schemaless NoSQL database. Migration is from a structured SQL database so Datastore is not a viable choice.

Source(s):

Cloud SQL:

https://cloud.google.com/sql/

Ask our Experts

View Queries
Did you like this Question?

Question 5Correct
Domain: Other
You need to allow traffic from specific virtual machines in 'subnet-a' network access to machines in 'subnet-b', without giving the entirety of subnet-a access.
How can you accomplish this?

A. Create a firewall rule to allow traffic from resources with specific network tags, then assign the machines in subnet-a the same tags.right
B. Relocate the subnet-a machines to a different subnet and give the new subnet the needed access.
C. Create a rule to deny all traffic to the entire subnet, then create a second rule with higher priority giving access to tagged VM's in subnet-a.
D. You can only grant firewall access to an entire subnet and not individual VM's inside.

Explanation:

Correct Answer - A

A (Correct answer) - Create a firewall rule to allow traffic from resources with specific network tags, then assign the machines in subnet-a the same tags.

Network tags allow more granular access based on individually tagged instances - Instances by target tags: The firewall rule is applicable only to VMs if they
have a matching network tag.

B - Relocate the subnet-a machines to a different subnet and give the new subnet the needed access.

This would give the entire subnet access which is against the requirements: allow traffic from specific virtual machines in 'subnet-a' network access to machines
in 'subnet-b' without giving the entirety of subnet-a access.

C - Create a rule to deny all traffic to the entire subnet, then create a second rule with higher priority giving access to tagged VM's in subnet-a.

Creating overlapping rules with higher priority might technically work, but since traffic defaults to denied if no rule is in place, this is unnecessary. Assigning
rules and instances by tags is the best answer.

D - You can only grant firewall access to an entire subnet and not individual VM's inside.

This is not true per answer A

Ask our Experts

View Queries
Did you like this Question?

Question 6Correct
Domain: Other
You are managing the GCP Account of a client, the client raises a request to attach 9 local SSDs and launch a VM instance in us-east1 Region, as a Cloud
Architect what would be your response to the above request?

A. You can always attach maximum of ten local SSD devices to a VM instance.
B. If a resource is not available, you won’t be able to create new resources of that type, even if you still have remaining quota in your region or project
and  you can attach up to 24 local SSD devices for 9 TB of total local SSD storage space per instance.right
C. Launch the instance first and add the local SSD drives later for optimal performance.
D. Request changes to quota from the Quotas  page in the GCP Console.

Explanation:

Answer: B 

Option B is CORRECT because, Each local SSD is 375 GB in size, but you can attach up to 24 local SSD devices for 9 TB of total local SSD storage space
per instance. If a resource is not available, you won’t be able to create new resources of that type, even if you still have the remaining quota in your region or
project.

Option A is INCORRECT because you can only attach up to 24 local SSDs devices to a VM instance also if the resource isn’t available you can’t create the
resource.

Option  C is INCORRECT because you can attach the local SSD devices to an Instance while launching a VM instance.

Option D is INCORRECT because you can only attach up to 24 local SSD devices to a VM instance that is the limit.

Read more about it here:

https://cloud.google.com/compute/docs/disks/local-ssd
https://cloud.google.com/compute/quotas     

Ask our Experts

View Queries
Did you like this Question?

Question 7Correct
Domain: Other

You have a Kubernetes cluster with 1 node-pool. The cluster receives a lot of traffic and needs to grow. You decide to add a node. What should you do?

A. Use "gcloud container clusters resize" with the desired number of nodes. right
 B. Use "kubectl container clusters resize" with the desired number of nodes.
C. Edit the managed instance group of the cluster and increase the number of VMs by 1.
D. Edit the managed instance group of the cluster and enable autoscaling.

Explanation:

Correct answer A

Feedback

A is correct because this resizes the cluster to the desired number of nodes.

B is not correct because you need to use gcloud, not kubectl.

C is not correct because you should not manually manage the MIG behind a cluster.

D is not correct because you should not manually manage the MIG behind a cluster.

Ask our Experts

View Queries
Did you like this Question?

Question 8Correct
Domain: Other

Using the principle of least privilege, your colleague Bob needs to be able to create new instances on Compute Engine in project 'Project A'. How should you
give him access without giving more permissions than is necessary?

A. Give Bob Compute Engine Instance Admin Role for Project A.right
B. Give Bob Compute Engine Admin Role for Project A.
C. Create a shared VPC that Bob can access Compute resources from.
D. Give Bob Project Editor IAM role for Project A.

Explanation:

Correct answer A
A (Correct answer) - Give Bob Compute Engine Instance Admin Role for Project A - The Compute Engine Instance Admin role only gives access to create/edit
compute engine resources such as instances, disks, and snapshots.

B - Give Bob Compute Engine Admin Role for Project A - The Compute Engine Admin role also gives admin access to network resources as well, which is too
much.

C - Create a shared VPC that Bob can access Compute resources from – shared VPC is not for granting user role. For example, even if you create shared VPC
between “Project A” and “Project B”, to meet the requirement, you still need to grant Bob Compute Engine Instance Admin Role for Project A.

D - Give Bob Project Editor IAM role for Project A – that’ll be too much for create new instances on Compute Engine in project 'Project A'
Ask our Experts
View Queries
Did you like this Question?

Question 9Correct
Domain: Other

You have an application server running on Compute Engine in the europe-west1-d zone. You need to ensure high availability and replicate the server to the
europe-west2-c zone using the fewest steps possible. What should you

A. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west2-c zone. Create a new VM with that disk.right
B. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west1-d zone and then move the disk to europe-west2-c. Create a new
VM with that disk.
C. Use "gcloud" to copy the disk to the europe-west2-c zone. Create a new VM with that disk.
D. Use "gcloud compute instances move" with parameter "--destination-zone europe-west2-c" to move the instance to the new zone.

Explanation:

Correct answer A

A is correct because this makes sure the VM gets replicated in the new zone.

B is not correct because this takes more steps than A.

C is not correct because this will generate an error, because gcloud cannot copy disks.

D is not correct because the original VM will be moved, not replicated.

 Ask our Experts
View Queries
Did you like this Question?

Question 10Correct
Domain: Planning and configuring a cloud solution

You are working for a fast growing startup which has user base in US and Europe. Until now the company had all servers in Oregon region and has now decided
to launch a replica of the entire infrastructure in EU region as well.

You started migration process with the least used server by creating snapshot of its disk and moving it to London region. Once the snapshot was copied you
launched a fresh VM using the snapshot but discovered that few of the files were corrupted. What can be the reason?

A. You cannot launch an instance from a snapshot.

B. Snapshot was taken on a running VM.right
C. As the region was changed all the files were not decrypted by properly which has resulted in data corruption.
D. None of the above.

Explanation:

Answer B

Option B is correct: It is never recommended by Google to create a snapshot of running because this might corrupt data. You must always stop the instance and
take a snapshot.

Option A is incorrect: You can definitely launch a VM from an existing snapshot.

Option C is incorrect: As the encryption was done using Google managed key, it is the responsibility of Google to decrypt and re-encrypt the files.

Option D is incorrect: As B is the correct option this is an invalid choice.

Link:

https://cloud.google.com/compute/docs/disks/create-snapshots

Ask our Experts

View Queries
Did you like this Question?
Question 11Correct
Domain: Planning and configuring a cloud solution

Being a Senior Cloud Engineer of the company, you are asked to launch a managed MySQL DB using custom VPC with network range of 172.17.0.0/16 on
Google Cloud keeping security at utmost priority allowing team members to access it only over private channel.

You completed the setup with all the requirements, but developers are unable to access DB over the private network via application hosted on VM. What can be
the reason?

A. You did not whitelist 172.17.0.0/16 in the firewall.

B. This is a reserved IP range hence cannot be used.right
C. You need to use proxy to connect over private IP.
D. None of the above.

Explanation:

Correct Answer - B

Option B is correct: The IP range 172.17.0.0/16 is reserved for the Docker bridge network. Any Cloud SQL instances created with an IP in that range will be
unreachable. Connections from any IP within that range to Cloud SQL instances using private IP will fail.

Option A is incorrect: Since 172.17.0.0/16 is reserved, whitelisting the IP in the firewall will not have any effect.

Option C is incorrect: You do not need proxy in this case because you are trying to access DB on the same network.

Option D is incorrect: As B is the correct option this is an invalid choice.

Link:

https://cloud.google.com/sql/docs/mysql/configure-private-ip

Ask our Experts

View Queries
Did you like this Question?

Question 12Correct
Domain: Planning and configuring a cloud solution

A new client has approached your company with a requirement that they want to host a serverless on Google Cloud, but before that want you to give them price
estimate of running serverless application using Cloud Function. Which all parameters will you consider while calculating price using Google Pricing
Calculator?

A. Type, Execution Time and Invocations.

B. Memory, CPU, Execution Time and Invocations.
C. Type, Bandwidth, Execution Time and Invocations.right
D. Memory, Execution Time and Bandwidth.

Explanation:

Answer C

Option C is correct: You will need four parameters to give your client an estimate of running Cloud Functions. These are: Type, Bandwidth, Execution Time
and Invocations per month.

Option A, B and D are incorrect because they are not complete set of parameters required to calculate estimate of running Cloud Functions on Google Cloud.

Link:

https://cloud.google.com/functions/pricing

cloud.google.com/products/calculator

Ask our Experts

View Queries
Did you like this Question?

Question 13Correct
Domain: Planning and configuring a cloud solution

Your managers want you to suggest a low-cost storage option that could be used to share read-only data across multiple instances with high performance and no
edge caching. Which storage option would you suggest?

A. Cloud Storageright
B. Persistent Disk
C. Cloud Filestore
 D. Firebase

Explanation:

Answer A

B is incorrect: Persistent disks are used for read/write data across single instance with high performance and no edge caching.

A is correct: Cloud Storage is reliable object storage with an Option for no edge-caching service.

C is incorrect: Cloud Filestore is fully managed file storage service with high cost

D is incorrect: Firebase is scalable storage used for mobile app

Link:

https://cloud.google.com/products/storage/

Ask our Experts

View Queries
Did you like this Question?

Question 14Correct
Domain: Setting up a cloud solution environment

Your teammate launched 3 instances using gcloud compute instances create command with all the required flags. After few mins, you checked the console and
found 0 instances in the GCE virtual machine section. How would you identify the project against which the command executed?

A. gcloud auth application-default

B. gcloud projects list
C. gcloud debug
D. gcloud config listright

Explanation:

Answer D

D is correct: This command would list the properties for the currently active configurations.
B in incorrect: The following command will list all the projects that are created in a particular GCP account

A,C are incorrect: The following commands doesn’t support the desired result.

Link:

https://cloud.google.com/sdk/gcloud/reference/config/list
Ask our Experts
View Queries
Did you like this Question?

Question 15Correct
Domain: Setting up a cloud solution environment

As a cloud engineer, you have been asked to upgrade the free trial of your account and rename it to a production-inventory-system. You are getting permission
denied error while making the changes. Which of the following permissions will solve the problem?

A. billing.accounts.updateright
B. Billing.account.upgrade
C. billing.account.update
D. billing.accounts.upgrade

Explanation:

Answer A

A is correct: The required permission is billing.accounts.update on Billing Account resource.

B, C and D are invalid choices or commands

Link:

https://cloud.google.com/billing/docs/how-to/custom-roles

Ask our Experts

View Queries
Did you like this Question?
Question 16Correct
Domain: Planning and configuring a cloud solution

Your client wants to migrate an application to Google Cloud which has 15 TB of relational data. The database is growing rapidly by 10 GB everyday. In
addition, to support the traffic, at least 10 read replicas are required. Which of the following service would you meet the requirements?

A. Cloud Storage
B. BigQuery
C. Cloud Spannerright
D. Cloud Bigtable

Explanation:

Answer C

C is correct: Cloud Spanner is globally scalable, fully managed, enterprise relational database with automatic replication.

A is incorrect: Cloud Storage is reliable object storage with global edge-caching service

B is incorrect: BigQuery is a serverless cloud data warehouse

D is incorrect: BigTable is a petabyte scale, fully managed NoSQL database

Link:

https://cloud.google.com/spanner

Ask our Experts

View Queries
Did you like this Question?

Question 17Correct
Domain: Planning and configuring a cloud solution

Your client wants to develop a new cost effective web application that runs on serverless platform using Cloud Function, Cloud Storage, Pub/Sub and Cloud
CDN. The expected data would be 20 GB. Which of the following NoSQL database would be the most suitable schemaless option to support the queries to
retrieve data and serverless functionality?
 A. Cloud BigTable
B. BigQuery
C. Cloud Spanner
D. Cloud Firestoreright

Explanation:

Answer D

D is correct: Cloud Firestore is a fast, fully managed, serverless, cloud-native NoSQL document database that simplifies storing, syncing, and querying data for
your mobile, web, and IoT apps at global scale

A is incorrect: BigTable is a petabyte-scale, fully managed NoSQL database.

B is incorrect: BigQuery is serverless, highly scalable, cost effective data warehouse.

C is incorrect: Spanner is a fully managed relational database.

Link:

https://cloud.google.com/firestore

Ask our Experts

View Queries
Did you like this Question?

Question 18Correct
Domain: Deploying and implementing a cloud solution

You have created a pre-populated PersistentVolume disk as ReadOnlyMany, when you try to mount the volume to a POD, you get failed to mount error, what
could be the most likely reason for this failure?

A. You created a PersistentVolume but did not create a PersistentVolumeClaimright

B. You have not specified the correct mount point in your pod.yaml file
C. You entered an incorrect PersistentVolume name in the pod.yaml file 
D. The pod.yaml file doesn’t have permission to mount the volume as it is created with ReadOnlyMany access.

Explanation:
Answer A

A is correct: In order to mount a persistent disk, you need to create a PersistentVolumeClaim after creating a PersistentVolume and then attach the
PersistentVolumeClaim to the pod.

B is incorrect: A mount point is a user defined attribute and could be anything

C is incorrect: You cannot give a PersistentVolume name in pod.yaml, it should always be PersistentVolumeClaim

D is incorrect: ReadOnlyMany permissions does not derive the pod.yaml

Link:

https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/readonlymany-disks
Ask our Experts
View Queries
Did you like this Question?

Question 19Correct
Domain: Deploying and implementing a cloud solution

Which of the following command could be used to autoscale a replication controller “foo” with the number of pods between 1 to 10 having target CPU
utilization at 80%?

A. kubectl autoscale deployment foo --min=1 --max--10 --cpu-percent=80

B. kubectl rc --autoscale foo --min=1 --max=10 --cpu-percentage=80
C. kubectl deployment --autoscale foo --min=1 --max--10 --cpu-percent=80
D. kubectl autoscale rc foo --max=10 --cpu-percent=80right

Explanation:

Correct Answer: D

Option D is correct: This command is used to autoscale a replication controller with a max of 10 pods. It is important to specify the --max flag as it defines the
target pods that could be launched when the CPU reaches 80%.

Options A, B and C is incorrect: Both the commands are incorrect.

References:
 https://cloud.google.com/kubernetes-engine/docs/how-to/scaling-apps
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands
Ask our Experts
View Queries
Did you like this Question?

Question 20Correct
Domain: Ensuring successful operation of a cloud solution

Your client has a web application that is currently using a single GCE to read the messages from a pub/sub topic, process them and store them in Cloud Bigtable
by its unique order id. When a user uploads an order to Cloud Storage, it triggers a Cloud Function that inserts a message to pub/subtopic. The traffic is expected
to increase next week and as a cloud engineer, you are expected to resolve any possible auto scaling problem.

Which service is not likely to auto scale when the traffic is increased?

A. Cloud Storage
B. Cloud Bigtable
C. GCEright
D. Pub/Sub

Explanation:

Answer C

B. GCE is not a managed service and hence auto scaling is set up manually by using Managed Instance Group while architecting the infrastructure.

A, B and D are incorrect: These are the managed services and hence auto scaling is managed by GCP

Link:

https://cloud.google.com/compute/docs/autoscaler

Ask our Experts

View Queries
Did you like this Question?

Question 21Correct
Domain: Ensuring successful operation of a cloud solution

You as a Senior Cloud Engineer doing POC on a business-critical application having database deployed on a GCE virtual machine. The requirement is to have a
disk that supports up to 35,000 Read IOPS per instance. Which of the following disks is suitable to meet the requirement?

A. Standard Persistent Disk

B. SSD Persistent Diskright
C. Local SSD (SCSI)
D. Local SSD (NVMe)

Explanation:

Answer B

B is correct: SSD Persistent Disk supports up to 15000-60000 IOPS per instance

A is incorrect: Standard Persistent Disk supports up to 3000 IOPS

C is incorrect: SCSI supports up to 400000 IOPS

D is incorrect: NVMe supports up to 680000 IOPS

Link:

https://cloud.google.com/compute/docs/disks

Ask our Experts

View Queries
Did you like this Question?

Question 22Correct
Domain: Configure access and security

John & co has deployed an application using Google App Engine standard environment. You have been asked to update the cron schedules and default cookie
expiration time, which of the following predefined role has access to update default cookie expiration but no access to update cron schedules?

A. App Engine Service Admin

B. App Engine Adminright
C. App Engine Deployer
 D. App Engine Code Viewer

Explanation:

Answer B

B is correct: As per google docs, App Engine Admin has access to update default cookie expiration but no access to update cron schedules

A, C & D are incorrect: None of the other predefined roles have permission to perform either of the operations

Link:

https://cloud.google.com/appengine/docs/standard/python/roles

Ask our Experts

View Queries
Did you like this Question?

Question 23Correct
Domain: Configure access and security

You company has uploaded some business critical documents to Cloud Storage and your project manager wants you to restrict access to the objects by using
ACLs. Which of the following permission would allow you to update the object ACLs?

A. storage.objects.update
B. storage.objects.setIamPolicyright
C. storage.objects.create
D. storage.objects.getIamPolicy

Explanation:

Answer B

B is correct: As per google docs, storage.objects.setIamPolicy allowss user to update object ACLs.

A is incorrect: Update object metadata, excluding ACLs

C is incorrect: Add new objects to the bucket

D is incorrect: Read object ACLs, returned as IAM policies

Link:

https://cloud.google.com/storage/docs/access-control/iam-permissions
Ask our Experts
View Queries
Did you like this Question?

Question 24Correct
Domain: Setting up a cloud solution environment

Which of the following role provide granular access for a specific service and is managed by GCP?

A. Custom
B. Predefinedright
C. Admin
D. Primitive

Explanation:

Answer B

B is correct: Predefined roles are managed roles and provide service specific access.

A is incorrect: Provide granular access for a specific service but managed by users

C is incorrect: Invalid role type

D is incorrect: Concrete roles, existed prior to IAM

Link:

https://cloud.google.com/iam/docs/understanding-roles

Ask our Experts

View Queries
Did you like this Question?
Question 25Correct
Domain: Setting up a cloud solution environment

When working on billing dashboard, which of the following option would lead you to cost details for a specific invoice month?

A. Report
B. Cost Breakdown
C. Cost Tableright
D. Billing Export

Explanation:

Answer C

C is correct: The cost table gives a detailed tabular view of monthly costs for a given invoice.

A is incorrect: Lets you view your costs at a glance to discover and analyze trends.

B is incorrect: Gives you a waterfall view of your costs

D is incorrect: Billing exports is used for monitoring, analyzing and optimizing costs.

Link:

https://cloud.google.com/billing/docs/how-to/cost-table

Ask our Experts

View Queries
Did you like this Question?

Question 26Correct
Domain: Planning and configuring a cloud solution

Your client wants to serve content using Cloud Storage that allow similar performance advantage as regions, but also wants higher availability that comes with
being geo-redundant. You plan to use dual region to meet his requirement. Choose the regions that does not fall under dual region compatibility. (Select 2)
 A. nam4
B. usright
C. eur4
D. euright

Explanation:

Answer B and D

B and D correct: us and eu are supported under multi-region and not in dual region

A and C are incorrect: The following 2 regions are currently supported in dual region.

Link:

https://cloud.google.com/storage/docs/locations

Ask our Experts

View Queries
Did you like this Question?

Question 27Correct
Domain: Planning and configuring a cloud solution

How many maximum instance-hours are supported by an App Engine as free daily usage quota when scaling an instance using Automatic Scaling type? 

A. 28right
B. 8
C. 35
D. 10

Explanation:

Answer A

A is correct: As per google documentation, automatic scaling has a free daily usage quota of 28 instance hours

B is incorrect: Free usage quota of 8 instance-hours is supported by Manual and Basic scaling
C and D are incorrect: Invalid choices

Link: https://cloud.google.com/appengine/quotas#Instances

 
Ask our Experts
View Queries
Did you like this Question?

Question 28Correct
Domain: Deploying and implementing a cloud solution

You created a VPC with a CIDR block of 10.40.0.0/16 with 2 subnets of CIDR range 10.40.1.0/24 and 10.40.2.0/24. What would be the default routes within
this virtual private connection having the broadest CIDR range?

A. 10.40.0.0/0
B. 10.40.3.0/24
C. 0.0.0.0/0right
D. 0.0.0.0/16

Explanation:

Answer C

C is correct: The system generated default route is 0.0.0.0/0 as it is the broadest possible range.

A, B and D are incorrect routes

Link:

https://cloud.google.com/vpc/docs/routes

Ask our Experts

View Queries
Did you like this Question?

Question 29Correct
Domain: Deploying and implementing a cloud solution

There are 5 VPC networks in your staging project created for 5 different applications. Each network has its own CIDR range and firewall rules. You are asked to
list the firewall rules of network 3 to perform an update. Select the appropriate response.

A. gcloud compute firewall-rules list --filter network=network 3right

B. gcloud vpc network=network 3 --list firewall-rules
C. gcloud compute network=network 3 --list firewall-rules
D. gcloud vpc firewall-rules list --filter network=network 3

Explanation:

Answer A

A is correct: The firewall-rules are defined under VPC but when using gcloud, they can only be accessed by calling compute api and this the following
command lists the firewall-rules for the given network.

B, C & D is incorrect: These commands are invalid.

Link:

https://cloud.google.com/vpc/docs/using-firewalls

Ask our Experts

View Queries
Did you like this Question?

Question 30Correct
Domain: Ensuring successful operation of a cloud solution

Your application servers are deployed in private subnet and you connect to an application instance using a bastion host, you connect to the bastion host using
Console Shell and then ssh to the respective application instance. Unfortunately, Cloud Shell is taking a lot of time to respond and you manager wants you to ssh
to the instance to fix an application specific configuration. What command would you use to SSH into the server from public end?

A. gcloud connect ssh username@application-instance

B. gcloud compute ssh username@bastion-hostright
C. gsutil connect ssh username@bastion-host
D. gsutil compute ssh username@application-server
Explanation:

Answer B

B is correct. The correct syntax is gcloud compute ssh + [USERNAME]+@[SERVERNAME]. From public end, you can only connect to bastion host, hence
you need to connect to bastion host first and then connect to application instance.

A, C and D are incorrect: Incorrect commands

Link:

https://cloud.google.com/compute/docs/instances/connecting-to-instance

Ask our Experts

View Queries
Did you like this Question?

Question 31Correct
Domain: Configure access and security

You deployed 10 micro services using Google Kubernetes Engine. The command kubectl run deployed the micro services in different pods, 2 week later your
manager asked you to delete the pods as the services were no longer needed. Which of the following options is the best way to delete the pods?

A. gcloud container clusters delete

B. gcloud container clusters delete pod
C. kubectl delete pods <pod>right
D. kubectl remove pods

Explanation:

Answer C

C is correct: The best way is to delete the pods.

A is incorrect: This will delete the entire cluster and all the deployments within it

B and D are incorrect: Incorrect Commands

Link:
https://cloud.google.com/kubernetes-engine/docs/quickstart
Ask our Experts
View Queries
Did you like this Question?

Question 32Correct
Domain: Configure access and security

ASM Info has deployed an application using Google App Engine flexible environment and you have been asked to ssh the VM instance in flexible environment,
update the app configuration and if required, enable and disable the App Engine application, which of the following predefined role has access to perform these
tasks?

A. App Engine Adminright

B. App Engine Service Admin
C. App Engine Deployer
D. App Engine Code Viewer

Explanation:

Answer A

A is correct: As per google docs, App Engine Admin has access to perform these tasks

B, C & D are incorrect: None of the other predefined roles have permission to perform either of the operations

Link:

https://cloud.google.com/appengine/docs/standard/python/roles

Ask our Experts

View Queries
Did you like this Question?

Question 33Correct
Domain: Configure access and security
You company has developed an application to accelerate the efficiency in making sales calls about the product of your client. Everytime a recipient is called, log
sink is used to export the record to a destination. Which of the following destinations are supported? Choose any 2.

A. BigQueryright
B. Cloud Spanner
C. Pub/Subright
D. Cloud Bigtable

Explanation:

Answer A and C

A and C are correct: Log sinks can be exported to Cloud Storage, Pub/Sub and BigQuery only.

B and D are incorrect: Log sinks cannot be exported to either of the two

Link:

https://cloud.google.com/logging/docs/export/

Ask our Experts

View Queries
Did you like this Question?

Question 34Correct
Domain: Setting up a cloud solution environment

You created a bucket in cloud storage and uploaded some files and then enabled object versioning on it. The files you have already added will have which of the
following metageneration number?

A. 1right
B. Null
C. 0
D. -1

Explanation:

Answer - A
B is incorrect: By default, every object will have a metageneration number irrespective of versioning was enabled or not after uploading the files.

A is correct: The new object uploaded will have metageneration number 1 and receives generation and metageneration numbers even though Object Versioning
is not enabled..

C and D are incorrect: They are just the distractors, Invalid choices

Link:

https://cloud.google.com/storage/docs/object-versioning
Ask our Experts
View Queries
Did you like this Question?

Question 35Correct
Domain: Setting up a cloud solution environment

Your company has 5 TB of testing data stored in the production database of a testing tool name Quality Center. The data is being used to create a real time
analytics system which is causing slow response to the tester while using the tool. What should you do the improve the load on the database?

A. Set up Multi AZ
B. Set up a read replicaright
C. Scale the database instance
D. Run the analytics query only weekends

Explanation:

Answer: B

B is correct: Read replica can be used to run all the queries related to Analytics system.

A is incorrect: Mutli AZ would improve the availablility of the data

C is incorrect: This will not add any value

D is incorrect: The analytics will not be realtime.

Link:
https://cloud.google.com/sql/docs/mysql/replication/
Ask our Experts
View Queries
Did you like this Question?

Question 36Correct
Domain: Planning and configuring a cloud solution

Your inventory application has 2 backend api servers launched using Auto Scaling Groups, you have been asked to load balance UDP, TCP and SSL traffic on
ports that are not supported by the TCP proxy and SSL proxy load balancer. Which of the following Load Balancer would you use?

A. HTTP(S) Load Balancer

B. SSL Proxy Load Balancer
C. TCP Proxy Load Balancer
D. Network Load Balancerright

Explanation:

Answer: D

D correct: You can use Network Load Balancing to load balance UDP, TCP, and SSL traffic on ports that are not supported by the TCP proxy and SSL proxy
load balancers.

A is incorrect: An HTTPS load balancer uses a target HTTPS proxy instead of a target HTTP proxy

B is incorrect: With SSL Proxy Load Balancing, SSL connections are terminated at the load balancing layer then proxied to the closest available instance
group.

C is incorrect: Cloud TCP Proxy Load Balancing is intended for non-HTTP traffic

Link:

https://cloud.google.com/load-balancing/docs/network/

Ask our Experts

View Queries
Did you like this Question?
Question 37Correct
Domain: Planning and configuring a cloud solution

You are distributing the traffic between a fleet of VMs with in your VPC using Internal TCP/UDP Load Balancer. Which of the following specification does not
support the selected Load Balancing Type?

A. Preserved Client IP
B. Global Availabilityright
C. Internal Load Balancing
D. Any Destination Ports

Explanation:

Answer: B

B is correct: Internal TCP/UDP Load Balancer are available within a Region and not Globally

A is incorrect: Internal TCP/UDP Load Balancer preserves client IP address

C is incorrect: Internal TCP/UDP Load Balancer are internally faced

D is incorrect: Internal TCP/UDP Load Balancer allow access to any destination port

Link:                                                                                                 

https://cloud.google.com/load-balancing/docs/choosing-load-balancer

Ask our Experts

View Queries
Did you like this Question?

Question 38Correct
Domain: Planning and configuring a cloud solution

You updated the metadata of an object stored in Reports-PDF bucket using google cloud SDK. You want to ensure that the metadata has been updated for that
object before you confirm the changes to the development team. Which of the following google cloud SDK command would you use?

A. gsutil stat gs://Reports-PDF/[OBJECT_NAME]right

 B. gsutil getmeta gs://Reports-PDF/[OBJECT_NAME]
C. gsutil setmeta gs://Reports-PDF/[OBJECT_NAME]
D. gsutil meta gs://Reports-PDF/[OBJECT_NAME]

Explanation:

Answer: A

A is correct: The stat command will output details about the specified object URLs.

B is incorrect: getmeta is not a valid GCP command

C is incorrect: setmeta is used to update the metadata of an object with additional flags

D is incorrect: meta is not a valid GCP command

Link:

https://cloud.google.com/storage/docs/viewing-editing-metadata

Ask our Experts

View Queries
Did you like this Question?

Question 39Correct
Domain: Planning and configuring a cloud solution

Which of the following command could be used to change the storage class of an object in Cloud Storage?

A. gsutil rewrite -c [STORAGE_CLASS] gs://Reports-PDF/[OBJECT_NAME]

B. gsutil rewrite -s [STORAGE_CLASS] gs://Reports-PDF/[OBJECT_NAME]right
C. gsutil rewrite -I  [STORAGE_CLASS] gs://Reports-PDF/[OBJECT_NAME]
D. gsutil rewrite -k [STORAGE_CLASS] gs://Reports-PDF/[OBJECT_NAME]

Explanation:

Answer: B
B is correct: The gsutil rewrite command rewrites cloud objects, applying the specified transformations to them. The transformation(s) are atomic and applied
based on the input transformation flags (-s). Object metadata values are preserved unless altered by a transformation.

A is incorrect: Invalid flag and command.

C is incorrect: Causes gsutil to read the list of objects to rewrite from stdin.

D is incorrect: Rewrite objects with the current encryption key specified in your boto configuration file

Link:

https://cloud.google.com/storage/docs/gsutil/commands/rewrite
Ask our Experts
View Queries
Did you like this Question?

Question 40Correct
Domain: Deploying and implementing a cloud solution

Among the list of permissions attached below, which of the following permissions are required to manage SSH keys on the project while setting project-wide
metadata to access the instance if the OS Login is not working? Select 2.

A. compute.instance.setMetadata
B. compute.projects.setCommonInstanceMetadataright
C. iam.serviceAccounts.actAsright
D. iam.setsshMetadata.allInstances

Explanation:

Answer: B and C

B and C are correct: The following 2 permissions are required on the project if setting project-wide metadata.

A is incorrect: Permission is required on the instance if setting metadata on the instance.

D is incorrect permission.

Link:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
Ask our Experts
View Queries
Did you like this Question?

Question 41Correct
Domain: Deploying and implementing a cloud solution

You have been assigned to a new health application project where the backend instances are deployed using Managed Instance Groups. There are 4 instances
running. The MIG is not set to automatically scale and you are asked to resize a group to handle an expected increase in traffic. Which of the following
statements about MIG is incorrect?

A. If you increase the size, the managed instance group uses the current instance template to add new instances.
B. The group deletes instances with a current action of DELETING, CREATING, and RECREATING before it deletes instances that are running with no
scheduled actions.
C. If the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has
elapsed before the VM instance is removed or deleted.
D. When updating a MIG, no more than 500 instances can be specified in a single request.right

Explanation:

Answer: D

D is correct: When updating a MIG, up to 1000 instances can be specified in a single request.

A, B & C is incorrect: These statements are correct with respect to MIG but incorrect w.r.t to the question.

Link:

https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances#resize_managed_group

Ask our Experts

View Queries
Did you like this Question?

Question 42Correct
Domain: Deploying and implementing a cloud solution
Your company has an application that is deployed using serverless architecture by making use of Cloud Function as backend code, Pub/Sub, Endpoints and
serve the static content via Cloud Storage. Your application is used heavily and you were informed about an issue with respect to the Cloud Function. You
realised that the issue is because of invocation limit per second. What is the default limit set by GCP to invoke a function per second?

A. 65
B. 1000right
C. 80
D. 70

Explanation:

Answer: B

B is correct: The default invocation limit set by GCP is 1000 per seconds

A, C and D are incorrect: Invalid Limit options

Link: https://cloud.google.com/functions/quotas#additional_quotas_for_background_functions

Ask our Experts

View Queries
Did you like this Question?

Question 43Correct
Domain: Deploying and implementing a cloud solution

While migrating traffic gradually between the 2 versions of your Flexible App Engine environment, you have encountered a spike in latency for loading request.
Which of the following statement could be a cause of this issue?

A. The warm up requests are disabled, hence the traffic migration is not working as expected
B. Gradual traffic migration between the versions running in flexible environment is not supported.right
C. Deploying a new version with the same name as an existing version is causing the spike in latency.
D. You can migrate the traffic gradually only for the versions that are deployed in different flexible environments.

Explanation:
Answer: B

B is correct: Gradual traffic migration is not supported in flexible environment.

A, C and D are incorrect: Choices are valid only for immediate traffic migration.

Link:

https://cloud.google.com/appengine/docs/standard/python/migrating-traffic#migrating_traffic_to_a_new_version
Ask our Experts
View Queries
Did you like this Question?

Question 44Correct
Domain: Ensuring successful operation of a cloud solution

A health care company that provides medical service to the users want to track their network forensics, real-time security analysis and optimize the expense. The
manager would like to track the network sent from and received by VM instances. What do you suggest they do?

A. Pub/Sub
B. VPC Flow Logsright
C. VPC Monitoring
D. Cloud Storage

Explanation:

Answer: B

B is correct. Flow Logs are used to track network related findings.

A is incorrect: Pub/Sub is used to stream log data to other services

B is incorrect: VPC Monitoring is an invalid option

D is incorrect: Cloud Storage is used to push/storage objects.

Link:

https://cloud.google.com/vpc/docs/using-flow-logs
 Ask our Experts
View Queries
Did you like this Question?

Question 45Correct
Domain: Ensuring successful operation of a cloud solution

Your client has prepared a new company policy in which each developer must sign a Contributor License Agreement (CLA) before code changes are committed
to any version control repository. You have been asked to check each commit in a repository that includes the policy and your manager has also provided you
with node.js code. Which of the following services can help you implement this solution?

A. Task Scheduler
B. Cloud Functionright
C. Pub/Sub
D. GKE

Explanation:

Answer: B

B is correct: Cloud Function can be used to retrieve commits, analyze code, committers and perform creative tasks such as checking a CLA.

A is incorrect: Task Scheduler is the scheduled task itself. Beneficial to perform repeatitive tasks.

C is incorrect: It is used only to publish and subscribe messages

D is incorrect: Container services are microservices that require additional configuration efforts.

Link:

https://cloud.google.com/functions/

Ask our Experts

View Queries
Did you like this Question?

Question 46Correct
Domain: Ensuring successful operation of a cloud solution

A development team works with two Cloud Functions using node.js code. Each function corresponds to environments for development and production. The
code is same except for the Cloud SQL database values used in each function. Team wants to maintain code in a clean and reusable fashion and decides to pass
the database value during function execution. Which feature will allow you to do this?

A. Timeouts
B. Service Accounts
C. Environment Variablesright
D. Metadata

Explanation:

Answer: C

C is correct: Environment variables for cloud functions enable you to dynamically pass settings to your function code and libraries, without making changes to
your code

A is incorrect: Is the duration for which the function will execute.

B is incorrect: Allows you to configure appropriate permissions

D is incorrect: Metadata is an invalid option wrt to Cloud Function

Link:

https://cloud.google.com/functions/docs/env-var

Ask our Experts

View Queries
Did you like this Question?

Question 47Correct
Domain: Ensuring successful operation of a cloud solution

What does the CIDR 10.0.2.0/26 correspond to?

A. 10.0.2.0 - 10.0.2.26
B. 10.0.2.0 - 10.0.2.63right
 C. 10.0.0.0 - 10.0.63.0
D. 10.0.2.0 - 10.0.0.26

Explanation:

Answer: B

B is correct: /26 means 64 IPs (=2^(32-26) = 2^6), means only the last digit can change.

A, C and D are incorrect CIDR choices.

Link:

https://cloud.google.com/vpc/docs/vpc

Ask our Experts

View Queries
Did you like this Question?

Question 48Correct
Domain: Configure access and security

Your client hosts a static website on Cloud Storage written in HTML, CSS, JavaScript. The site targets users in North America, the usage of website has grown
worldwide and hundreds of thousands of visitors access it monthly. Visitors from different parts of the world are experiencing slow performance due to latency
while users in the United States experience normal response times. What service can mitigate this issue?

A. Load Balancer
B. Cloud DNS
C. Cloud CDNright
D. Storage Caching

Explanation:

Answer: C

C is correct: Google Cloud CDN leverages Google's globally distributed edge points of presence to accelerate content delivery for websites and applications
served out of Google Compute Engine and Google Cloud Storage.
A is incorrect: Distributed loads between 2 or more instances

B is incorrect: Google Cloud DNS is a scalable, reliable, and managed authoritative Domain Name System (DNS) service running on the same infrastructure as
Google.

D is incorrect: The service doesn’t offer Caching.

Link:

https://cloud.google.com/storage/docs/hosting-static-website
Ask our Experts
View Queries
Did you like this Question?

Question 49Correct
Domain: Configure access and security

Your company’s data center has a CIDR of 10.20.0.0/10 and your remote office has 172.50.0.0/16. You have been asked to plan a migration of the workloads
from your company’s data center to GCP. Which of the following CIDR range would you select for your VPC in GCP?

A. 172.50.0.0/12
B. 10.20.0.0/16
C. 10.40.0.0/16
D. 172.40.4.0/18right

Explanation:

Answer: D

The company’s data center CIDR 10.20.0.0/10 will have the following IP range:

10.0.0.1 - 10.63.255.254

And the above would overlap the subnet in letter C: 10.40.0.0/16, which has the following IP range:

10.40.0.1 - 10.40.255.254
 

Hence, the correct answer should be D: 172.40.4.0/18, which has the following IP range:

170.40.0.1 - 170.40.63.254

Link:

https://cloud.google.com/vpc/docs/configure-alias-ip-ranges
Ask our Experts
View Queries
Did you like this Question?

Question 50Correct
Domain: Planning and configuring a cloud solution

You have been hired as a contractor by one of the travel technology company who is planning to containerize their existing applications in such a way that they
can perform a lift and shift very easily in future if they plan to move away from Google Cloud. Which service will best suit this case?

A. Cloud Function
B. App Engine Standard
C. Kubernetes Engineright
D. CloudRun

Explanation:

Answer C

Option C is correct: Kubernetes is an open-source solution supported by major cloud platforms and will be very easy for company to move out at later stage if
required because they can use the same config files with very minor changes.

Option A is incorrect: With Cloud Function you will have to make changes to your function as per the requirement of vendor.

Option B is incorrect: Moving out of App Engine Standard will require you to use either Docker Swarm or Kubernetes for managing your containers.

Option D is incorrect: CloudRun is a service used to run stateless and serverless kube containers at scale. This could have been the option but as this service
does not require you to write config files and when you plan to move out of GCP you will have to create them hence, consuming more time and efforts to
migrate.
Link:

https://cloud.google.com/kubernetes-engine/
Ask our Experts
View Queries
Did you like this Question?