What Virtual Associate-Cloud-Engineer Braindumps Is

NEW QUESTION 1
You deployed an application on a managed instance group in Compute Engine. The application accepts Transmission Control Protocol (TCP) traffic on port 389 and requires you to preserve the IP address of the client who is making a request. You want to expose the application to the internet by using a load balancer. What should you do?

• A. Expose the application by using an external TCP Network Load Balancer.
• B. Expose the application by using a TCP Proxy Load Balancer.
• C. Expose the application by using an SSL Proxy Load Balancer.
• D. Expose the application by using an internal TCP Network Load Balancer.

Answer: B

NEW QUESTION 2
You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

• A. Configure an HTTP(S) load balancer.
• B. Configure an internal TCP load balancer.
• C. Configure an external SSL proxy load balancer.
• D. Configure an external TCP proxy load balancer.

Answer: A

NEW QUESTION 3
Your company has an existing GCP organization with hundreds of projects and a billing account. Your company recently acquired another company that also has hundreds of projects and its own billing account. You would like to consolidate all GCP costs of both GCP organizations onto a single invoice. You would like to consolidate all costs as of tomorrow. What should you do?

• A. Link the acquired company’s projects to your company's billing account.
• B. Configure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset.
• C. Migrate the acquired company’s projects into your company’s GCP organizatio
• D. Link the migrated projects to your company's billing account.
• E. Create a new GCP organization and a new billing accoun
• F. Migrate the acquired company's projects and your company's projects into the new GCP organization and link the projects to the new billing account.

Answer: A

Explanation:
https://cloud.google.com/resource-manager/docs/project-migration#oauth_consent_screen https://cloud.google.com/resource-manager/docs/project-migration

NEW QUESTION 4
You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

• A. Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
• B. Create a Kubernetes Service of type ClusterIP for your applicatio
• C. Configure the public DNS name of your application using the IP of this Service.
• D. Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluste
• E. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
• F. Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application.Forward the public traffic to HAProxy with an iptable rul
• G. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Answer: A

NEW QUESTION 5
Your team is using Linux instances on Google Cloud. You need to ensure that your team logs in to these instances in the most secure and cost efficient way. What should you do?

• A. Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.
• B. Use a third party tool to provide remote access to the instances.
• C. Use the gcloud compute ssh command with the --tunnel-through-iap fla
• D. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.
• E. Create a bastion host with public internet acces
• F. Create the SSH tunnel to the instance through the bastion host.

Answer: D

NEW QUESTION 6
You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

• A. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.
• B. Set up a high-priority (1000) rule that pairs both ingress and egress ports.
• C. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.
• D. Set up a high-priority (1000) rule to allow the appropriate ports.

Answer: A

Explanation:
Implied rules Every VPC network has two implied firewall rules. These rules exist, but are not shown in the Cloud Console: Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by Google Cloud. A higher priority firewall rule may restrict outbound access. Internet access is allowed if no other firewall rules deny outbound traffic and if the instance has an external IP address or uses a Cloud NAT instance. For more information, see Internet access requirements. Implied deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming connections to them. A higher priority rule might allow incoming access. The default network includes some additional rules that override this one, allowing certain types of incoming connections. https://cloud.google.com/vpc/docs/firewalls#default_firewall_rules

NEW QUESTION 7
You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google’s recommended practices. Which method should you use?

• A. Deployment Manager
• B. Cloud Composer
• C. Managed Instance Group
• D. Unmanaged Instance Group

Answer: A

Explanation:
https://cloud.google.com/deployment-manager/docs/configuration/create-basic-configuration

NEW QUESTION 8
You are running multiple VPC-native Google Kubernetes Engine clusters in the same subnet. The IPs available for the nodes are exhausted, and you want to ensure that the clusters can grow in nodes when needed. What should you do?

• A. Create a new subnet in the same region as the subnet being used.
• B. Add an alias IP range to the subnet used by the GKE clusters.
• C. Create a new VPC, and set up VPC peering with the existing VPC.
• D. Expand the CIDR range of the relevant subnet for the cluster.

Answer: D

Explanation:
gcloud compute networks subnets expand-ip-range NAME gcloud compute networks subnets expand-ip-range
- expand the IP range of a Compute Engine subnetwork https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/expand-ip-range

NEW QUESTION 9
You have sensitive data stored in three Cloud Storage buckets and have enabled data access logging. You want to verify activities for a particular user for these buckets, using the fewest possible steps. You need to verify the addition of metadata labels and which files have been viewed from those buckets. What should you do?

• A. Using the GCP Console, filter the Activity log to view the information.
• B. Using the GCP Console, filter the Stackdriver log to view the information.
• C. View the bucket in the Storage section of the GCP Console.
• D. Create a trace in Stackdriver to view the information.

Answer: A

Explanation:
https://cloud.google.com/storage/docs/audit-logs https://cloud.google.com/compute/docs/logging/audit-logging#audited_operations

NEW QUESTION 10
You have a workload running on Compute Engine that is critical to your business. You want to ensure that the data on the boot disk of this workload is backed up regularly. You need to be able to restore a backup as quickly as possible in case of disaster. You also want older backups to be cleaned automatically to save on cost. You want to follow Google-recommended practices. What should you do?

• A. Create a Cloud Function to create an instance template.
• B. Create a snapshot schedule for the disk using the desired interval.
• C. Create a cron job to create a new disk from the disk using gcloud.
• D. Create a Cloud Task to create an image and export it to Cloud Storage.

Answer: B

Explanation:
Best practices for persistent disk snapshots
You can create persistent disk snapshots at any time, but you can create snapshots more quickly and with greater reliability if you use the following best practices.
Creating frequent snapshots efficiently
Use snapshots to manage your data efficiently.
Create a snapshot of your data on a regular schedule to minimize data loss due to unexpected failure. Improve performance by eliminating excessive snapshot downloads and by creating an image and reusing it. Set your snapshot schedule to off-peak hours to reduce snapshot time.
Snapshot frequency limits
Creating snapshots from persistent disks
You can snapshot your disks at most once every 10 minutes. If you want to issue a burst of requests to snapshot your disks, you can issue at most 6 requests in 60 minutes.
If the limit is exceeded, the operation fails and returns the following error: https://cloud.google.com/compute/docs/disks/snapshot-best-practices

NEW QUESTION 11
You are working for a hospital that stores Its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

• A. Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval
• B. In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket
• C. Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage Schedule the script as a cron job
• D. Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topi
• E. Create an application that sends all medical images to the Pub/Sub lope

Answer: C

Explanation:
they require cloud storage for archival and the want to automate the process to upload new medical image to cloud storage, hence we go for gsutil to copy on-prem images to cloud storage and automate the process via cron job. whereas Pub/Sub listens to the changes in the Cloud Storage bucket and triggers the pub/sub topic, which is not required.

NEW QUESTION 12
Your development team needs a new Jenkins server for their project. You need to deploy the server using the fewest steps possible. What should you do?

• A. Download and deploy the Jenkins Java WAR to App Engine Standard.
• B. Create a new Compute Engine instance and install Jenkins through the command line interface.
• C. Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.
• D. Use GCP Marketplace to launch the Jenkins solution.

Answer: D

NEW QUESTION 13
You need to deploy an application, which is packaged in a container image, in a new project. The application exposes an HTTP endpoint and receives very few requests per day. You want to minimize costs. What should you do?

• A. Deploy the container on Cloud Run.
• B. Deploy the container on Cloud Run on GKE.
• C. Deploy the container on App Engine Flexible.
• D. Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled.

Answer: A

Explanation:
Cloud Run takes any container images and pairs great with the container ecosystem: Cloud Build, Artifact Registry, Docker. ... No infrastructure to manage: once deployed, Cloud Run manages your services so you can sleep well. Fast autoscaling. Cloud Run automatically scales up or down from zero to N depending on traffic.
https://cloud.google.com/run

NEW QUESTION 14
You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do?

• A. Provision preemptible Compute Engine instances.
• B. Provision Compute Engine instances with GPUs attached.
• C. Provision Compute Engine instances with local SSDs attached.
• D. Provision Compute Engine instances with M1 machine type.

Answer: D

Explanation:
M1 machine series Medium in-memory databases such as SAP HANA Tasks that require intensive use of memory with higher memory-to-vCPU ratios than the general-purpose high-memory machine types.
In-memory databases and in-memory analytics, business warehousing (BW) workloads, genomics analysis, SQL analysis services. Microsoft SQL Server and similar databases.
https://cloud.google.com/compute/docs/machine-types
https://cloud.google.com/compute/docs/machine-types#:~:text=databases%20such%20as-,SAP%20HANA,-In% https://www.sap.com/india/products/hana.html#:~:text=is%20SAP%20HANA-,in%2Dmemory,-database%3F

NEW QUESTION 15
The sales team has a project named Sales Data Digest that has the ID acme-data-digest You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?

• A. Grant the Project Editor role to the Marketing learn for acme data digest
• B. Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team
• C. Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there
• D. Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team.

Answer: C

NEW QUESTION 16
You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

• A. Assign appropriate access for Google services to the service account used by the Compute Engine VM.
• B. Create a service account with appropriate access for Google services, and configure the application to use this account.
• C. Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.
• D. Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Answer: B

Explanation:
In general, Google recommends that each instance that needs to call a Google API should run as a service account with the minimum permissions necessary for that instance to do its job. In practice, this means you should configure service accounts for your instances with the following process: Create a new service account rather than using the Compute Engine default service account. Grant IAM roles to that service account for only the resources that it needs. Configure the instance to run as that service account. Grant the instance the https://www.googleapis.com/auth/cloud-platform scope to allow full access to all Google Cloud APIs, so that the IAM permissions of the instance are completely determined by the IAM roles of the service account. Avoid granting more access than necessary and regularly check your service account permissions to make sure they are up-to-date.
https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices

NEW QUESTION 17
You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do?

• A. When creating the instances, specify a Service Account for each instance
• B. When creating the instances, assign the name of each Service Account as instance metadata
• C. After starting the instances, use gcloud compute instances update to specify a Service Account for each instance
• D. After starting the instances, use gcloud compute instances update to assign the name of the relevantService Account as instance metadata

Answer: A

Explanation:
https://cloud.google.com/compute/docs/access/service-accounts#associating_a_service_account_to_an_instance

NEW QUESTION 18
Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

• A. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.
• B. Tag all the instances with the same network ta
• C. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.
• D. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.
• E. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Answer: D

Explanation:
IAP controls access to your App Engine apps and Compute Engine VMs running on Google Cloud. It leverages user identity and the context of a request to determine if a user should be allowed access. IAP is a building block toward BeyondCorp, an enterprise security model that enables employees to work from untrusted networks without using a VPN.
By default, IAP uses Google identities and IAM. By leveraging Identity Platform instead, you can authenticate users with a wide range of external identity providers, such as:
Email/password
OAuth (Google, Facebook, Twitter, GitHub, Microsoft, etc.) SAML
OIDC
Phone number Custom Anonymous
This is useful if your application is already using an external authentication system, and migrating your users to Google accounts is impractical.
https://cloud.google.com/iap/docs/using-tcp-forwarding#grant-permission

NEW QUESTION 19
You installed the Google Cloud CLI on your workstation and set the proxy configuration. However, you are worried that your proxy credentials will be recorded in the gcloud CLI logs. You want to prevent your proxy credentials from being logged What should you do?

• A. Configure username and password by using gcloud configure set proxy/username and gcloud configure set proxy/ proxy/password commands.
• B. Encode username and password in sha256 encoding, and save it to a text fil
• C. Use filename as a value in the gcloud configure set core/custom_ca_certs_file command.
• D. Provide values for CLOUDSDK_USERNAME and CLOUDSDK_PASSWORD in the gcloud CLI tool configure file.
• E. Set the CLOUDSDK_PROXY_USERNAME and CLOUDSDK_PROXY PASSWORD properties by using environment variables in your command line tool.

Answer: D

NEW QUESTION 20
You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?

• A. Use granular logging statements within a Deployment Manager template authored in Python.
• B. Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
• C. Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.
• D. Execute the Deployment Manager template using the –-preview option in the same project, and observe the state of interdependent resources.

Answer: D

NEW QUESTION 21
......