Practice Free Associate Cloud Engineer Exam Online Questions
You received a JSON file that contained a private key of a Service Account in order to get access to several resources in a Google Cloud project. You downloaded and installed the Cloud SDK and want to use this private key for authentication and authorization when performing gcloud commands.
What should you do?
- A . Use the command gcloud auth login and point it to the private key
- B . Use the command gcloud auth activate-service-account and point it to the private key
- C . Place the private key file in the installation directory of the Cloud SDK and rename it to "credentials ison"
- D . Place the private key file in your home directory and rename it to ‘’GOOGLE_APPUCATION_CREDENTiALS".
B
Explanation:
Authorizing with a service account
gcloud auth activate-service-account authorizes access using a service account. As with gcloud init and gcloud auth login, this command saves the service account credentials to the local system on successful completion and sets the specified account as the active account in your Cloud SDK configuration.
https://cloud.google.com/sdk/docs/authorizing#authorizing_with_a_service_account
You have an application that looks for its licensing server on the IP 10.0.3.21. You need to deploy the licensing server on Compute Engine. You do not want to change the configuration of the application and want the application to be able to reach the licensing server.
What should you do?
- A . Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.
- B . Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server.
- C . Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server.
- D . Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address.
A
Explanation:
IP 10.0.3.21 is internal by default, and to ensure that it will be static non-changing it should be selected as static internal ip address.
You are managing an application deployed on Cloud Run. The development team has released a new version of the application. You want to deploy and redirect traffic to this new version of the application. To ensure traffic to the new version of the application is served with no startup time, you want to ensure that there are two idle instances available for incoming traffic before adjusting the traffic flow. You also want to minimize administrative overhead.
What should you do?
- A . Ensure the checkbox "Serve this revision immediately" is unchecked when deploying the new revision. Before changing the traffic rules, use a traffic simulation tool to send load to the new revision.
- B . Configure service autoscaling and set the minimum number of instances to 2.
- C . Configure revision autoscaling for the new revision and set the minimum number of instances to 2.
- D . Configure revision autoscaling for the existing revision and set the minimum number of instances to 2.
C
Explanation:
Let’s analyze each option to find the one that meets the requirements of no startup time for new traffic, two idle instances, and minimal administrative overhead:
You are managing an application deployed on Cloud Run. The development team has released a new version of the application. You want to deploy and redirect traffic to this new version of the application. To ensure traffic to the new version of the application is served with no startup time, you want to ensure that there are two idle instances available for incoming traffic before adjusting the traffic flow. You also want to minimize administrative overhead.
What should you do?
- A . Ensure the checkbox "Serve this revision immediately" is unchecked when deploying the new revision. Before changing the traffic rules, use a traffic simulation tool to send load to the new revision.
- B . Configure service autoscaling and set the minimum number of instances to 2.
- C . Configure revision autoscaling for the new revision and set the minimum number of instances to 2.
- D . Configure revision autoscaling for the existing revision and set the minimum number of instances to 2.
C
Explanation:
Let’s analyze each option to find the one that meets the requirements of no startup time for new traffic, two idle instances, and minimal administrative overhead:
You have been asked to migrate a docker application from datacenter to cloud. Your solution architect has suggested uploading docker images to GCR in one project and running an application in a GKE cluster in a separate project. You want to store images in the project img-278322 and run the application in the project prod-278986. You want to tag the image as acme_track_n_trace:v1. You want to follow Google-recommended practices.
What should you do?
- A . Run gcloud builds submit –tag gcr.io/img-278322/acme_track_n_trace
- B . Run gcloud builds submit –tag gcr.io/img-278322/acme_track_n_trace:v1
- C . Run gcloud builds submit –tag gcr.io/prod-278986/acme_track_n_trace
- D . Run gcloud builds submit –tag gcr.io/prod-278986/acme_track_n_trace:v1
B
Explanation:
Explanation
Run gcloud builds submit tag gcr.io/img-278322/acme_track_n_trace:v1. is the right answer.
This command correctly tags the image as acme_track_n_trace:v1 and uploads the image to the img-278322 project.
Ref: https://cloud.google.com/sdk/gcloud/reference/builds/submit
Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint.
Explanation:
Given that the new instance wants to access the application on the existing compute engine instance, these applications seem to be related so they should be within the same VPC. It is possible to have them in different VPCs and peer the VPCs but this is a lot of additional work and we can simplify this by choosing the option below (which is the answer)
Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint.
Explanation:
Given that the new instance wants to access the application on the existing compute engine instance, these applications seem to be related so they should be within the same VPC. It is possible to have them in different VPCs and peer the VPCs but this is a lot of additional work and we can simplify this by choosing the option below (which is the answer)
You need to enable traffic between multiple groups of Compute Engine instances that are currently running two different GCP projects. Each group of Compute Engine instances is running in its own VPC.
What should you do?
- A . Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.
- B . Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.
- C . Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.
- D . Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.
B
Explanation:
Shared VPC allows an organization to connect resources from multiple projects to a common Virtual Private Cloud (VPC) network, so that they can communicate with each other securely and efficiently using internal IPs from that network. When you use Shared VPC, you designate a project as a host project and attach one or more other service projects to it. The VPC networks in the host project are called Shared VPC networks. Eligible resources from service projects can use subnets in the Shared VPC network
https://cloud.google.com/vpc/docs/shared-vpc
"For example, an existing instance in a service project cannot be reconfigured to use a Shared VPC network, but a new instance can be created to use available subnets in a Shared VPC network."
Your organization uses G Suite for communication and collaboration. All users in your organization have a G Suite account. You want to grant some G Suite users access to your Cloud Platform project.
What should you do?
- A . Enable Cloud Identity in the GCP Console for your domain.
- B . Grant them the required IAM roles using their G Suite email address.
- C . Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.
- D . In the G Suite console, add the users to a special group called [email protected]. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.
B
Explanation:
Reference: https://cloud.google.com/resource-manager/docs/creating-managing-organization Default behavior does not grant access to the "your GCP Project" Default behavior allow only create billing account and project – When the organization is created, all users in your domain are automatically granted Project Creator and Billing Account Creator IAM roles at the organization level. This enables users in your domain to continue creating projects with no disruption.
You have a large 5-TB AVRO file stored in a Cloud Storage bucket. Your analysts are proficient only in SQL and need access to the data stored in this file. You want to find a cost-effective way to complete their request as soon as possible.
What should you do?
- A . Load data in Cloud Datastore and run a SQL query against it.
- B . Create a BigQuery table and load data in BigQuery. Run a SQL query on this table and drop this table after you complete your request.
- C . Create external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request.
- D . Create a Hadoop cluster and copy the AVRO file to NDFS by compressing it. Load the file in a hive table and provide access to your analysts so that they can run SQL queries.
C
Explanation:
https://cloud.google.com/bigquery/external-data-sources
An external data source is a data source that you can query directly from BigQuery, even though the data is not stored in BigQuery storage.
BigQuery supports the following external data sources:
Amazon S3
Azure Storage
Cloud Bigtable
Cloud Spanner
Cloud SQL
Cloud Storage
Drive