ASSOCIATE-CLOUD-ENGINEER Online Practice Questions and Answers

Your engineers have asked you to set up a subnet with the largest IP address range possible. Which of the following ranges would work best?

A. 0.0.0.0/0

B. 10.0.0.0/32

C. 192.168.0.0/16

D. 10.0.0.0/8

You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

A. Use gcloud config configurations describe to review the output.

B. Use gcloud config configurations activate and gcloud config list to review the output.

C. Use kubectl config get-contexts to review the output.

D. Use kubectl config use-context and kubectl config view to review the output.

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

A. Deploy the monitoring pod in a StatefulSet object.

B. Deploy the monitoring pod in a DaemonSet object.

C. Reference the monitoring pod in a Deployment object.

D. Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

Your organization has three existing Google Cloud projects. You need to bill the Marketing department for only their Google Cloud services for a new initiative within their group. What should you do?

A. 1. Verify that you ace assigned the Billing Administrator IAM role tor your organization's Google Cloud Project for the Marketing department

2. Link the new project to a Marketing Billing Account

B. 1. Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud account

2.

Create a new Google Cloud Project for the Marketing department

3.

Set the default key-value project labels to department marketing for all services in this project

C. 1. Verify that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account

2.

Create a new Google Cloud Project for the Marketing department

3.

Link the new project to a Marketing Billing Account.

D. 1. Verity that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account

2.

Create a new Google Cloud Project for the Marketing department

3.

Set the default key value project labels to department marketing for all services in this protect

You have two subnets (subnet-a and subnet-b) in the default VPC. Your database servers are running in subnet-a. Your application servers and web servers are running in subnet-b. You want to configure a firewall rule that only allows database traffic from the application servers to the database servers. What should you do?

A. Create service accounts sa-app and sa-db. Associate service account: sa-app with the application servers and the service account sa-db with the database servers. Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.

B. Create network tags app-server and db-server. Add the app-server lag lo the application servers and the db-server lag to the database servers. Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.

C. Create a service account sa-app and a network tag db-server. Associate the service account sa-app with the application servers and the network tag db- server with the database servers. Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.

D. Create a network lag app-server and service account sa-db. Add the tag to the application servers and associate the service account with the database servers. Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.

You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

A. Open the Cloud Spanner console to review configurations.

B. Open the IAM and admin console to review IAM policies for Cloud Spanner roles.

C. Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

D. Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Your company has a single sign-on (SSO) identity provider that supports Security Assertion Markup Language (SAML) integration with service providers. Your company has users in Cloud Identity. You would like users to authenticate using your company's SSO provider. What should you do?

A. In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.

B. In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.

C. Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile and Desktop Apps.

D. Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.

You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web-applications project. What should you do?

A. Give "project owner" for web-applications appropriate roles to crm-databases- proj

B. Give "project owner" role to crm-databases-proj and the web-applications project.

C. Give "project owner" role to crm-databases-proj and bigquery.dataViewer role to web-applications.

D. Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.

You have an application that uses Cloud Spanner as a backend database. The application has a very predictable traffic pattern. You want to automatically scale up or down the number of Spanner nodes depending on traffic. What should you do?

A. Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.

B. Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.

C. Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

D. Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.

You have developed a containerized web application that will serve internal colleagues during business hours. You want to ensure that no costs are incurred outside of the hours the application is used. You have just created a new Google Cloud project and want to deploy the application. What should you do?

A. Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero.

B. Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.

C. Deploy the container on App Engine flexible environment with autoscaling, and set the value min_instances to zero in the app.yaml.

D. Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app.yaml.