[Q18-Q43] Real Exam Questions Associate-Cloud-Engineer Dumps Exam Questions in here [Sep-2021]

Share

Real Exam Questions Associate-Cloud-Engineer Dumps Exam Questions in here [Sep-2021]

Get Latest Sep-2021 Conduct effective penetration tests using  Associate-Cloud-Engineer

NEW QUESTION 18
You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do?

  • A. Deploy MongoDB Alias from the Google Cloud Marketplace
  • B. Download a MongoDB installation package, and run it on a Managed Instance Group
  • C. Download a MongoDB installation package and run it on Compute Engine instances
  • D. Create a Cloud Bigtable cluster and use the HBase API

Answer: B

 

NEW QUESTION 19
You have created a code snippet that should be triggered whenever a new file is uploaded to a Cloud Storage bucket. You want to deploy this code snippet. What should you do?

  • A. Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.
  • B. Use Cloud Functions and configure the bucket as a trigger resource.
  • C. Use Dataflow as a batch job, and configure the bucket as a data source.
  • D. Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.

Answer: A

 

NEW QUESTION 20
You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

  • A. Set metadata to enable-oslogin=truefor the instance. Set the service account to no service accountfor that instance. Direct them to use the Cloud Shell to ssh to that instance.
  • B. Set metadata to enable-oslogin=truefor the instance. Grant the dev1 group the compute.osLoginrole. Direct them to use the Cloud Shell to ssh to that instance.
  • C. Enable block project wide keysfor the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.
  • D. Enable block project wide keysfor the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.

Answer: B

 

NEW QUESTION 21
You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google- recommended practices to obtain the combined logs for all projects. What should you do?

  • A. Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.
  • B. Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.
  • C. Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.
  • D. Navigate to Stackdriver Logging and select resource.labels.project_id="*"

Answer: B

Explanation:
Explanation/Reference: https://cloud.google.com/blog/products/gcp/best-practices-for-working-with-google-cloud-audit- logging

 

NEW QUESTION 22
You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

  • A. Create a health check on port 443 and use that when creating the Managed Instance Group.
  • B. In the Instance Template, add the label 'health-check'.
  • C. In the Instance Template, add a startup script that sends a heartbeat to the metadata server.
  • D. Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

Answer: B

 

NEW QUESTION 23
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

  • A. 1. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow all
  • B. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow TCP: 8080
  • C. 1. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to
    10.0.1.0/24)* Protocols: allow TCP: 8080
  • D. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow all

Answer: B

 

NEW QUESTION 24
Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

  • A. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.
  • B. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.
  • C. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
  • D. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.

Answer: A

Explanation:
Explanation
https://cloud.google.com/compute/docs/instances/managing-instance-access

 

NEW QUESTION 25
You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The files are used in a mission-critical analytics pipeline that is used continually. The users are in Boston, MA (United States). What should you do?

  • A. Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class
  • B. Configure regional storage for the region closest to the users Configure a Nearline storage class
  • C. Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class
  • D. Configure regional storage for the region closest to the users Configure a Standard storage class

Answer: D

 

NEW QUESTION 26
You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

  • A. Cold Storage
  • B. Regional Storage
  • C. Multi-Regional Storage
  • D. Nearline Storage

Answer: D

Explanation:
Nearline, Coldline, and Archive offer ultra low-cost, highly-durable, highly available archival storage. For data accessed less than once a year, Archive is a cost-effective storage option for long-term preservation of data.
Coldline is also ideal for cold storage-data your business expects to touch less than once a quarter. For warmer storage, choose Nearline: data you expect to access less than once a month, but possibly multiple times throughout the year. All storage classes are available across all GCP regions and provide unparalleled sub-second access speeds with a consistent API.
Reference:
https://cloud.google.com/storage/archival

 

NEW QUESTION 27
Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

  • A. Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.
  • B. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.
  • C. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.
  • D. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

Answer: A

 

NEW QUESTION 28
You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

  • A. Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
  • B. Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.
  • C. Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application.
    Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.
  • D. Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

Answer: D

 

NEW QUESTION 29
You have a simple web application that you're trying to deploy in a secure and inexpensive way. The application is running inside a Docker container on port 8080. Once the application is initially deployed, the developers are going to take ownership of future deployments.
What is the best option for running the application?

  • A. Use an on-premises Kubernetes cluster.
  • B. Use Kubernetes Engine.
  • C. Use an App Engine Standard Environment.
  • D. Use an App Engine Flexible Environment.

Answer: D

 

NEW QUESTION 30
You built an application on Google Cloud Platform that uses Cloud Spanner. Your support team needs to monitor the environment but should not have access to table data. You need a streamlined solution to grant the correct permissions to your support team, and you want to follow Google-recommended practices. What should you do?

  • A. Add the support team group to the roles/stackdriver.accounts.viewer role.
  • B. Add the support team group to the roles/spanner.databaseReader role.
  • C. Add the support team group to the roles/monitoring.viewer role
  • D. Add the support team group to the roles/spanner.databaseUser role.

Answer: D

 

NEW QUESTION 31
You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

  • A. Run gcloud projects describe <project ID> to verify the project value, and then run gcloud services list --available.
  • B. Run gcloud init to set the current project to my-project, and then run gcloud services list --available.
  • C. Run gcloud info to view the account value, and then run gcloud services list --account <Account>.
  • D. Run gcloud projects list to get the project ID, and then run gcloud services list --project <project ID>.

Answer: D

 

NEW QUESTION 32
Your organization uses G Suite for communication and collaboration. All users in your organization have a G Suite account. You want to grant some G Suite users access to your Cloud Platform project. What should you do?

  • A. Grant them the required IAM roles using their G Suite email address.
  • B. In the G Suite console, add the users to a special group called cloud-console- [email protected]. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.
  • C. Enable Cloud Identity in the GCP Console for your domain.
  • D. Create a CSV sheet with all users' email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

Answer: A

Explanation:
Explanation/Reference: https://cloud.google.com/resource-manager/docs/creating-managing-organization

 

NEW QUESTION 33
You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web-applications project. What should you do?

  • A. Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
  • B. Give "project owner" role to crm-databases-proj and the web-applications project.
  • C. Give "project owner" role to crm-databases-proj and bigquery.dataViewer role to web-applications.
  • D. Give "project owner" for web-applications appropriate roles to crm-databases- proj

Answer: A

Explanation:
Reference:
https://cloud.google.com/blog/products/gcp/best-practices-for-working-with-google-cloud-audit- logging

 

NEW QUESTION 34
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:

What is the most likely cause?

  • A. The pending Pod's resource requests are too large to fit on a single node of the cluster.
  • B. Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.
  • C. The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.
  • D. The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods' status. It is currently being rescheduled on a new node.

Answer: B

 

NEW QUESTION 35
You have an application server running on Compute Engine in the europe-west1-d zone. You need to ensure high availability and replicate the server to the europe-west2-c zone using the fewest steps possible. What should you do?

  • A. Use "gcloud" to copy the disk to the europe-west2-c zone. Create a new VM with that disk.
  • B. Use "gcloud compute instances move" with parameter "--destination-zone europe-west2-c" to move the instance to the new zone.
  • C. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west1-d zone and then move the disk to europe-west2-c. Create a new VM with that disk.
  • D. Create a snapshot from the disk. Create a disk from the snapshot in the europe-west2-c zone.
    Create a new VM with that disk.

Answer: D

Explanation:
A is correct because this makes sure the VM gets replicated in the new zone.
B is not correct because this takes more steps than A.
C is not correct because this will generate an error, because gcloud cannot copy disks.
D is not correct because the original VM will be moved, not replicated.

 

NEW QUESTION 36
You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?

  • A. Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.
  • B. Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.
  • C. Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.
  • D. Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

Answer: A

 

NEW QUESTION 37
You are building an application that stores relational data from users. Users across the globe will use this application. Your CTO is concerned about the scaling requirements because the size of the user base is unknown. You need to implement a database solution that can scale with your user growth with minimum configuration changes. Which storage solution should you use?

  • A. Cloud Datastore
  • B. Cloud Firestore
  • C. Cloud Spanner
  • D. Cloud SQL

Answer: C

 

NEW QUESTION 38
You are building a pipeline to process time-series dat
a. Which Google Cloud Platform services should you put in boxes 1,2,3, and 4?

  • A. Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
  • B. Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery
  • C. Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
  • D. Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

Answer: D

 

NEW QUESTION 39
Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

  • A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.
  • B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
  • C. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
  • D. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.

Answer: A

 

NEW QUESTION 40
Your team is developing a product catalog that allows end users to search and filter. The full catalog of products consists of about 500 products. The team doesn't have any experience with SQL, or schema migrations, so they're considering a NoSQL option.
Which database service would work best?

  • A. Bigtable
  • B. Cloud Memorystore
  • C. Cloud Datastore
  • D. Cloud SQL

Answer: C

 

NEW QUESTION 41
Your manager needs you to test out the latest version of MS-SQL on a Windows instance. You've created the VM and need to connect into the instance. What steps should you follow to connect to the instance?

  • A. Generate a Windows password in the console, then use the RDP button to connect in through the console.
  • B. Connect in with your own RDP client using your Google Cloud username and password.
  • C. From the console click the SSH button to automatically connect.
  • D. Generate a Windows password in the console, then use a client capable of communicating via RDP and provide the credentials.

Answer: C,D

 

NEW QUESTION 42
You have a single binary application that you want to run on Google Cloud Platform. You decided to automatically scale the application based on underlying infrastructure CPU usage. Your organizational policies require you to use virtual machines directly. You need to ensure that the application scaling is operationally efficient and completed as quickly as possible. What should you do?

  • A. Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application.
  • B. Create an instance template, and use the template in a managed instance group with autoscaling configured.
  • C. Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring.
  • D. Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day.

Answer: A

 

NEW QUESTION 43
......

Authentic Best resources for Associate-Cloud-Engineer Online Practice Exam: https://www.fast2test.com/Associate-Cloud-Engineer-premium-file.html

Get the superior quality Associate-Cloud-Engineer Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1b6DauOGSi-hEyblXDVZVb0vbI2mpdlrk

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어