Practice Free Associate Cloud Engineer Exam Online Questions
You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site. Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly, without prompting the user to save the file locally.
What should you do?
- A . Enable Cloud CDN on the website frontend.
- B . Enable ‘Share publicly’ on the PDF file objects.
- C . Set Content-Type metadata to application/pdf on the PDF file objects.
- D . Add a label to the storage bucket with a key of Content-Type and value of application/pdf.
C
Explanation:
https://developer.mozilla.org/en-
US/docs/Web/HTTP/Basics_of_HTTP/MIME_Types#importance_of_setting_the_correct_mime_type
You want to permanently delete a Pub/Sub topic managed by Config Connector in your Google Cloud project.
What should you do?
- A . Use kubect1 to delete the topic resource.
- B . Use gcloud CLI to delete the topic.
- C . Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic
resource. - D . Use gcloud CLI to update the topic label managed-by-cnrm to false.
You have a virtual machine that is currently configured with 2 vCPUs and 4 GB of memory. It is running out of memory. You want to upgrade the virtual machine to have 8 GB of memory.
What should you do?
- A . Rely on live migration to move the workload to a machine with more memory.
- B . Use gcloud to add metadata to the VM. Set the key to required-memory-size and the value to 8 GB.
- C . Stop the VM, change the machine type to n1-standard-8, and start the VM.
- D . Stop the VM, increase the memory to 8 GB, and start the VM.
D
Explanation:
In Google compute engine, if predefined machine types don’t meet your needs, you can create an instance with custom virtualized hardware settings. Specifically, you can create an instance with a custom number of vCPUs and custom memory, effectively using a custom machine type. Custom machine types are ideal for the following scenarios:
You need to set a budget alert for use of Compute Engineer services on one of the three Google Cloud Platform projects that you manage. All three projects are linked to a single billing account.
What should you do?
- A . Verify that you are the project billing administrator. Select the associated billing account and create a budget and alert for the appropriate project.
- B . Verify that you are the project billing administrator. Select the associated billing account and create a budget and a custom alert.
- C . Verify that you are the project administrator. Select the associated billing account and create a budget for the appropriate project.
- D . Verify that you are project administrator. Select the associated billing account and create a budget and a custom alert.
A
Explanation:
https://cloud.google.com/iam/docs/understanding-roles#billing-roles
Your company has an existing GCP organization with hundreds of projects and a billing account. Your company recently acquired another company that also has hundreds of projects and its own billing account. You would like to consolidate all GCP costs of both GCP organizations onto a single invoice. You would like to consolidate all costs as of tomorrow.
What should you do?
- A . Link the acquired company’s projects to your company’s billing account.
- B . Configure the acquired company’s billing account and your company’s billing account to export the billing data into the same BigQuery dataset.
- C . Migrate the acquired company’s projects into your company’s GCP organization. Link the migrated projects to your company’s billing account.
- D . Create a new GCP organization and a new billing account. Migrate the acquired company’s projects and your company’s projects into the new GCP organization and link the projects to the new billing account.
A
Explanation:
https://cloud.google.com/resource-manager/docs/project-migration#oauth_consent_screen
https://cloud.google.com/resource-manager/docs/project-migration
You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20. and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines.
What should you do?
- A . Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.
- B . Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.
- C . Add a secondary IP range 10.1.0.0/20 to the subnet.
- D . Convert the subnet IP range from IPv4 to IPv6
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices.
What should you do?
- A . Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.
- B . Add the auditors group to two new custom IAM roles.
- C . Add the auditor user accounts to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.
- D . Add the auditor user accounts to two new custom IAM roles.
A
Explanation:
https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors
Because if you directly add users to the IAM roles, then if any users left the organization then you have to remove the users from multiple places and need to revoke his/her access from multiple places. But, if you put a user into a group then its very easy to manage these type of situations. Now, if any user left then you just need to remove the user from the group and all the access got revoked
The organization creates a Google group for these external auditors and adds the current auditor to the group. This group is monitored and is typically granted access to the dashboard application. During normal access, the auditors’ Google group is only granted access to view the historic logs stored in BigQuery. If any anomalies are discovered, the group is granted permission to view the actual Cloud Logging Admin Activity logs via the dashboard’s elevated access mode. At the end of each audit period, the group’s access is then revoked. Data is redacted using Cloud DLP before being made accessible for viewing via the dashboard application. The table below explains IAM logging roles that an Organization Administrator can grant to the service account used by the dashboard, as well as the resource level at which the role is granted.
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices.
What should you do?
- A . Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.
- B . Add the auditors group to two new custom IAM roles.
- C . Add the auditor user accounts to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.
- D . Add the auditor user accounts to two new custom IAM roles.
A
Explanation:
https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors
Because if you directly add users to the IAM roles, then if any users left the organization then you have to remove the users from multiple places and need to revoke his/her access from multiple places. But, if you put a user into a group then its very easy to manage these type of situations. Now, if any user left then you just need to remove the user from the group and all the access got revoked
The organization creates a Google group for these external auditors and adds the current auditor to the group. This group is monitored and is typically granted access to the dashboard application. During normal access, the auditors’ Google group is only granted access to view the historic logs stored in BigQuery. If any anomalies are discovered, the group is granted permission to view the actual Cloud Logging Admin Activity logs via the dashboard’s elevated access mode. At the end of each audit period, the group’s access is then revoked. Data is redacted using Cloud DLP before being made accessible for viewing via the dashboard application. The table below explains IAM logging roles that an Organization Administrator can grant to the service account used by the dashboard, as well as the resource level at which the role is granted.
Your company is migrating its workloads to Google Cloud due to an expiring data center contract. The on-premises environment and Google Cloud are not connected. You have decided to follow a lift-and-shift approach, and you plan to modernize the workloads in a future project. Several old applications connect to each other through hard-coded internal IP addresses. You want to migrate these workloads quickly without modifying the application code. You also want to maintain all functionality.
What should you do?
- A . Create a VPC with non-overlapping CIDR ranges compared to your on-premises network. When migrating individual workloads, assign each workload a new static internal IP address.
- B . Migrate your DNS server first. Configure Cloud DNS with a forwarding zone to your migrated DNS server. Then migrate all other workloads with ephemeral internal IP addresses.
- C . Migrate all workloads to a single VPC subnet. Configure Cloud NAT for the subnet and manually assign a static IP address to the Cloud NAT gateway.
- D . Create a VPC with the same CIDR ranges as your on-premises network. When migrating individual workloads, assign each workload the same static internal IP address.
D
Explanation:
The key requirement is to migrate applications that rely on hard-coded internal IP addresses without modifying the application code. To achieve this, the migrated VMs in Google Cloud need to retain their original internal IP addresses.
You need to add a group of new users to Cloud Identity. Some of the users already have existing Google accounts. You want to follow one of Google’s recommended practices and avoid conflicting accounts.
What should you do?
- A . Invite the user to transfer their existing account
- B . Invite the user to use an email alias to resolve the conflict
- C . Tell the user that they must delete their existing account
- D . Tell the user to remove all personal email from the existing account
A
Explanation:
https://cloud.google.com/architecture/identity/migrating-consumer-accounts