[Q143-Q160] Latest Associate-Cloud-Engineer Exam with Accurate Google Associate Cloud Engineer Exam PDF Questions [Oct 16, 2021]

[Oct 16, 2021] Latest Associate-Cloud-Engineer Exam with Accurate Google Associate Cloud Engineer Exam PDF Questions

Practice To Associate-Cloud-Engineer - Exam4Free Remarkable Practice On your Google Associate Cloud Engineer Exam Exam

NEW QUESTION 143
Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.
What should you do?

• A. Configure the IP of the database as custom metadata for each instance,
• B. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.
• C. Create a private zone on Cloud DNS, and configure the applications with the DNS name.
• D. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Answer: B

 

NEW QUESTION 144
You've been tasked with getting all of your team's public SSH keys onto all of the instances of a particular project. You've collected them all. With the fewest steps possible, what is the simplest way to get the keys deployed?

• A. Add all of the keys into a file that's formatted according to the requirements. Use the gcloud compute project-info add-metadata command to upload the keys.
• B. Format all of the keys as needed and then, using the user interface, upload each key one at a time.
• C. Add all of the keys into a file that's formatted according to the requirements. Use the gcloud compute instances add-metadata command to upload the keys to each instance
• D. Use the gcloud compute ssh command to upload all the keys

Answer: A

 

NEW QUESTION 145
You are hosting an application on bare-metal servers in your own data center. The application needs access to Cloud Storage. However, security policies prevent the servers hosting the application from having public IP addresses or access to the internet. You want to follow Google- recommended practices to provide the application with access to Cloud Storage. What should you do?

• A. 1. Use nslookup to get the IP address for storage.googleapis.com.
  2. Negotiate with the security team to be able to give a public IP address to the servers.
  3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.
• B. 1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine.
  2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend.
  3. Configure your new instances to use this ILB as proxy.
• C. 1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform (GCP).
  2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance.
  3. Configure your servers to use that instance as a proxy to access Cloud Storage.
• D. 1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP.
  2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel.
  3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.

Answer: D

Explanation:
https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid

 

NEW QUESTION 146
Your developers have created an application that needs to be able to make calls to Cloud Storage and BigQuery. The code is going to run inside a container and will run on Kubernetes Engine and on-premises.
What's the best way for them to authenticate to the Google Cloud services?

• A. Create a service account, with editor permissions, generate and download a key. Use the key to authenticate inside the application.
• B. Create a service account, grant it the least viable privileges to the required services, generate and download a key. Use the key to authenticate inside the application.
• C. Use the default service account for App Engine which already has the required permissions.
• D. Use the default service account for Compute Engine which already has the required permissions.

Answer: B

 

NEW QUESTION 147
You are monitoring an application and receive user feedback that a specific error is spiking. You notice that the error is caused by a Service Account having insufficient permissions. You are able to solve the problem but want to be notified if the problem recurs. What should you do?

• A. In the Log Viewer, filter the logs on severity `Error' and the name of the Service Account.
• B. Create a sink to BigQuery to export all the logs.
  Create a Data Studio dashboard on the exported logs.
• C. Create a custom log-based metrics for the specific error to be used in an Alerting Policy.
• D. Grant Project Owner access to the Service Account.

Answer: A

Explanation:
https://cloud.google.com/logging/docs/view/advanced-queries8E6BA412E7DB6A14A62CC68E5EB6DAE3

 

NEW QUESTION 148
An application generates daily reports in a Compute Engine virtual machine (VM). The VM is in the project corp-iot-insights. Your team operates only in the project corp-aggregate-reports and needs a copy of the daily exports in the bucket corp-aggregate-reports-storage. You want to configure access so that the daily reports from the VM are available in the bucket corp-aggregate-reports-storage and use as few steps as possible while following Google-recommended practices. What should you do?

• A. Move both projects under the same folder.
• B. Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name.
  Share the folder with the IoT team.
• C. Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.
• D. Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.

Answer: A

Explanation:
Explanation/Reference: https://cloud.google.com/billing/docs/onboarding-checklist

 

NEW QUESTION 149
You are building an architecture for one of your client with a requirement of streaming millions of requests with high availability and durability along with HIPPA compliance. Which managed service will you prefer?

• A. Cloud DataProc
• B. RabbitMQ
• C. Cloud Pub/Sub
• D. Cloud Function

Answer: C

 

NEW QUESTION 150
You have a Dockerfile that you need to deploy on Kubernetes Engine. What should you do?

• A. Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.
• B. Use kubectl app deploy <dockerfilename>.
• C. Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.
• D. Use gcloud app deploy <dockerfilename>.

Answer: C

Explanation:
Reference https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app

 

NEW QUESTION 151
Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Google-recommended practices. What should you do?

• A. 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery jobUser role to the group.
• B. 1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery jobUser role to the group.
• C. 1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery dataViewer user role to the group.
• D. 1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery dataViewer user role to the group.

Answer: D

 

NEW QUESTION 152
Your company runs one batch process in an on-premises server that takes around 30 hours to complete. The task runs monthly, can be performed offline, and must be restarted if interrupted.
You want to migrate this workload to the cloud while minimizing cost. What should you do?

• A. Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.
• B. Migrate the workload to a Compute Engine Preemptible VM.
• C. Migrate the workload to a Compute Engine VM.
  Start and stop the instance as needed.
• D. Create an Instance Template with Preemptible VMs On.
  Create a Managed Instance Group from the template and adjust Target CPU Utilization.
  Migrate the workload.

Answer: A

Explanation:
https://cloud.google.com/kubernetes-engine/docs/tutorials/migrating-node-pool

 

NEW QUESTION 153
You are using Google Kubernetes Engine with autoscaling enabled to host a new application.
You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

• A. Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
• B. Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.
• C. Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application.
  Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.
• D. Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

Answer: D

Explanation:
https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer

 

NEW QUESTION 154
Your company uses Cloud Storage to store application backup files for disaster recovery purposes. You want to follow Google's recommended practices.
Which storage option should you use?

• A. Regional Storage
• B. Multi-Regional Storage
• C. Coldline Storage
• D. Nearline Storage

Answer: C

Explanation:
https://cloud.google.com/blog/products/gcp/introducing-coldline-and-a-unified-platform-for-data- storage Coldline is a new Cloud Storage class designed for long-term archival and disaster recovery.

 

NEW QUESTION 155
You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.
How should you configure the auditor's permissions?

• A. Create a custom role with view-only project permissions. Add the user's account to the custom role.
• B. Select the built-in IAM service Viewer role. Add the user's account to this role.
• C. Create a custom role with view-only service permissions. Add the user's account to the custom role.
• D. Select the built-in IAM project Viewer role. Add the user's account to this role.

Answer: D

Explanation:
Reference:
https://cloud.google.com/resource-manager/docs/access-control-proj

 

NEW QUESTION 156
You need to create a copy of a custom Compute Engine virtual machine (VM) to facilitate an expected increase in application traffic due to a business acquisition. What should you do?

• A. Create a Compute Engine snapshot of your base VM.
  Create your images from that snapshot.
• B. Create a Compute Engine snapshot of your base VM.
  Create your instances from that snapshot.
• C. Create a custom Compute Engine image from a snapshot.
  Create your images from that image.
• D. Create a custom Compute Engine image from a snapshot.
  Create your instances from that image.

Answer: D

Explanation:
A custom image belongs only to your project. To create an instance with a custom image, you must first have a custom image.
Reference: https://cloud.google.com/compute/docs/instances/create-start-instance

 

NEW QUESTION 157
You have an application that uses Cloud Spanner as a backend database. The application has a very predictable traffic pattern. You want to automatically scale up or down the number of Spanner nodes depending on traffic. What should you do?

• A. Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.
• B. Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.
• C. Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.
• D. Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

Answer: A

 

NEW QUESTION 158
You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

• A. Enable API and then use default dashboards to view all projects in sequence.
• B. Enable API and then give the metrics.reader role to projects A, B, and C.
• C. Enable API, create a workspace under project A, and then add project B and C.
• D. Enable API and then share charts from project A, B, and C.

Answer: C

 

NEW QUESTION 159
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

• A. Use permissions in your role that use the `supported' support level for role permissions.
  Set the role stage to ALPHA while testing the role permissions.
• B. Use permissions in your role that use the `supported' support level for role permissions.
  Set the role stage to BETA while testing the role permissions.
• C. Use permissions in your role that use the `testing' support level for role permissions.
  Set the role stage to ALPHA while testing the role permissions.
• D. Use permissions in your role that use the `testing' support level for role permissions.
  Set the role stage to BETA while testing the role permissions.

Answer: A

Explanation:
You need a custom role with permissions supported in prod and you want to publish the status of the role.
https://cloud.google.com/iam/docs/custom-roles-permissions-support
SUPPORTED The permission is fully supported in custom roles.
TESTING The permission is being tested to check its compatibility with custom roles. You can include the permission in custom roles, but you might see unexpected behavior. Not recommended for production use.
NOT_SUPPORTED The permission is not supported in custom roles.
You can't use TESTING as it is not good for prod. And you need first version which should be ALPHA.

 

NEW QUESTION 160
......

Exam Questions and Answers for  Associate-Cloud-Engineer Study Guide Questions and Answers!: https://www.exam4free.com/Associate-Cloud-Engineer-valid-dumps.html

Practice To Associate-Cloud-Engineer - Exam4Free Remarkable Practice On your Google Associate Cloud Engineer Exam Exam: https://drive.google.com/open?id=14iHfe187qKFJyDrBRvTijZeG7kVteV0v