Practice Free Associate Cloud Engineer Exam Online Questions
You created a Kubernetes deployment by running kubectl run nginx image=nginx replicas=1. After a few days, you decided you no longer want this deployment. You identified the pod and deleted it by running kubectl delete pod.
You noticed the pod got recreated. $ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-84748895c4-nqqmt 1/1 Running 0 9m41s
$ kubectl delete pod nginx-84748895c4-nqqmt
pod nginx-84748895c4-nqqmt deleted
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-84748895c4-k6bzl 1/1 Running 0 25s
What should you do to delete the deployment and avoid pod getting recreated?
- A . kubectl delete deployment nginx
- B . kubectl delete Cdeployment=nginx
- C . kubectl delete pod nginx-84748895c4-k6bzl Cno-restart 2
- D . kubectl delete inginx
A
Explanation:
This command correctly deletes the deployment. Pods are managed by kubernetes workloads (deployments). When a pod is deleted, the deployment detects the pod is unavailable and brings up another pod to maintain the replica count. The only way to delete the workload is by deleting the deployment itself using the kubectl delete deployment command. $ kubectl delete deployment nginx
deployment.apps nginx deleted
Ref: https://kubernetes.io/docs/reference/kubectl/cheatsheet/#deleting-resources
Your company’s infrastructure is on-premises, but all machines are running at maximum capacity. You want to burst to Google Cloud. The workloads on Google Cloud must be able to directly communicate to the workloads on-premises using a private IP range.
What should you do?
- A . In Google Cloud, configure the VPC as a host for Shared VPC.
- B . In Google Cloud, configure the VPC for VPC Network Peering.
- C . Create bastion hosts both in your on-premises environment and on Google Cloud. Configure both as proxy servers using their public IP addresses.
- D . Set up Cloud VPN between the infrastructure on-premises and Google Cloud.
D
Explanation:
"Google Cloud VPC Network Peering allows internal IP address connectivity across two Virtual Private Cloud (VPC) networks regardless of whether they belong to the same project or the same
organization."
https://cloud.google.com/vpc/docs/vpc-peering
while
"Cloud Interconnect provides low latency, high availability connections that enable you to reliably transfer data between your on-premises and Google Cloud Virtual Private Cloud (VPC) networks." https://cloud.google.com/network-connectivity/docs/interconnect/concepts/overview and "HA VPN is a high-availability (HA) Cloud VPN solution that lets you securely connect your on-premises network to your VPC network through an IPsec VPN connection in a single region." https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview
You recently received a new Google Cloud project with an attached billing account where you will work. You need to create instances, set firewalls, and store data in Cloud Storage. You want to follow Google-recommended practices.
What should you do?
- A . Use the gcloud CLI services enable cloudresourcemanager.googleapis.com command to enable all resources.
- B . Use the gcloud services enable compute.googleapis.com command to enable Compute Engine and the gcloud services enable storage-api.googleapis.com command to enable the Cloud Storage APIs.
- C . Open the Google Cloud console and enable all Google Cloud APIs from the API dashboard.
- D . Open the Google Cloud console and run gcloud init –project <project-id> in a Cloud Shell.
You are running a web application on Cloud Run for a few hundred users. Some of your users complain that the initial web page of the application takes much longer to load than the following pages. You want to follow Google’s recommendations to mitigate the issue.
What should you do?
- A . Update your web application to use the protocol HTTP/2 instead of HTTP/1.1
- B . Set the concurrency number to 1 for your Cloud Run service.
- C . Set the maximum number of instances for your Cloud Run service to 100.
- D . Set the minimum number of instances for your Cloud Run service to 3.
You are running a web application on Cloud Run for a few hundred users. Some of your users complain that the initial web page of the application takes much longer to load than the following pages. You want to follow Google’s recommendations to mitigate the issue.
What should you do?
- A . Update your web application to use the protocol HTTP/2 instead of HTTP/1.1
- B . Set the concurrency number to 1 for your Cloud Run service.
- C . Set the maximum number of instances for your Cloud Run service to 100.
- D . Set the minimum number of instances for your Cloud Run service to 3.
You just installed the Google Cloud CLI on your new corporate laptop. You need to list the existing
instances of your company on Google Cloud.
What must you do before you run the gcloud compute instances list command? Choose 2 answers
- A . Run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.
- B . Create a Google Cloud service account, and download the service account key. Place the key file in a folder on your machine where gcloud CLI can find it.
- C . Download your Cloud Identity user account key. Place the key file in a folder on your machine where gcloud CLI can find it.
- D . Run gcloud config set compute/zone $my_zone to set the default zone for gcloud CLI.
- E . Run gcloud config set project $my_project to set the default project for gcloud CLI.
AE
Explanation:
Before you run the gcloud compute instances list command, you need to do two things: authenticate with your user account and set the default project for gcloud CLI.
To authenticate with your user account, you need to run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI. This will authorize the gcloud CLI to access Google Cloud resources on your behalf1.
To set the default project for gcloud CLI, you need to run gcloud config set project $my_project, where $my_project is the ID of the project that contains the instances you want to list. This will save you from having to specify the project flag for every gcloud command2.
Option B is not recommended, because using a service account key increases the risk of credential leakage and misuse. It is also not necessary, because you can use your user account to authenticate to the gcloud CLI3. Option C is not correct, because there is no such thing as a Cloud Identity user account key. Cloud Identity is a service that provides identity and access management for Google Cloud users and groups4. Option D is not required, because the gcloud compute instances list command does not depend on the default zone. You can list instances from all zones or filter by a specific zone using the –filter flag.
Reference:
1: https://cloud.google.com/sdk/docs/authorizing
2: https://cloud.google.com/sdk/gcloud/reference/config/set
3: https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys
4: https://cloud.google.com/identity/docs/overview
: https://cloud.google.com/sdk/gcloud/reference/compute/instances/list
Your auditor wants to view your organization’s use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need.
What should you do?
- A . Assign the appropriate permissions, and then use Cloud Monitoring to review metrics
- B . Use the export logs API to provide the Admin Activity Audit Logs in the format they want
- C . Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage
- D . Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs
C
Explanation:
Types of audit logs Cloud Audit Logs provides the following audit logs for each Cloud project, folder, and organization: Admin Activity audit logs Data Access audit logs System Event audit logs Policy Denied audit logs ***Data Access audit logs contain API calls that read the configuration or metadata of resources, as well as user-driven API calls that create, modify, or read user-provided resource data. https://cloud.google.com/logging/docs/audit#types https://cloud.google.com/logging/docs/audit#data-access Cloud Storage: When Cloud Storage usage logs are enabled, Cloud Storage writes usage data to the Cloud Storage bucket, which generates Data Access audit logs for the bucket. The generated Data Access audit log has its caller identity redacted.
All development (dev) teams in your organization are located in the United States. Each dev team has its own Google Cloud project. You want to restrict access so that each dev team can only create cloud resources in the United States (US).
What should you do?
- A . Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.
- B . Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.
- C . Create an Identity and Access Management <IAM) policy to restrict the resources locations in the US. Apply the policy to all dev projects.
- D . Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.
You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices.
What should you do?
- A . Configure an HTTP(S) load balancer.
- B . Configure an internal TCP load balancer.
- C . Configure an external SSL proxy load balancer.
- D . Configure an external TCP proxy load balancer.
A
Explanation:
Reference: https://cloud.google.com/load-balancing/docs/https/
According to this guide for setting up an HTTP (S) load balancer in GCP: The client SSL session terminates at the load balancer. Sessions between the load balancer and the instance can either be HTTPS (recommended) or HTTP.
https://cloud.google.com/load-balancing/docs/ssl
You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices.
What should you do?
- A . Configure an HTTP(S) load balancer.
- B . Configure an internal TCP load balancer.
- C . Configure an external SSL proxy load balancer.
- D . Configure an external TCP proxy load balancer.
A
Explanation:
Reference: https://cloud.google.com/load-balancing/docs/https/
According to this guide for setting up an HTTP (S) load balancer in GCP: The client SSL session terminates at the load balancer. Sessions between the load balancer and the instance can either be HTTPS (recommended) or HTTP.
https://cloud.google.com/load-balancing/docs/ssl