Enhance your career with Associate-Cloud-Engineer PDF Dumps - True Google Exam Questions [Q51-Q74]

5 Feb, 2023 By admin Associate-Cloud-Engineer, Google 0 Comments

Enhance your career with Associate-Cloud-Engineer PDF Dumps – True Google Exam Questions [Q51-Q74]

Rate this post

Enhance your career with Associate-Cloud-Engineer PDF Dumps – True Google Exam Questions

New (2023) Download free Associate-Cloud-Engineer PDF for Google Practice Tests

Below are the requirements of Associate Cloud Engineer Exam

There is no prerequisite for Oracle Associate Cloud Engineer certification.

Conclusion

Taking the Google Associate Cloud Engineer exam is the perfect way to assess your abilities as well as enable and boost the skills you need to further your career. Besides, gaining a Google Cloud certification can help you stand out to hiring managers and unlock a variety of benefits from building a network with other professionals in the Google Cloud Certified community.

So, now that you know how the exam goes, all you have to do is make a decision and register. And after responsible preparation using the most current and proven materials, you’ll have every chance to write the test with flying colors and get the desired certification.

NEW QUESTION 51
You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

Assign appropriate access for Google services to the service account used by the Compute Engine VM.

Create a service account with appropriate access for Google services, and configure the application to use this account.

Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

NEW QUESTION 52
You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?

When creating the VM, use machine type n1-standard-96.

When creating the VM, use Intel Skylake as the CPU platform.

Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have
96 vCPUs.

Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

NEW QUESTION 53
You need to create a custom VPC with a single subnet. The subnet’s range must be as large as possible. Which range should you use?

.00.0.0/0

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

NEW QUESTION 54
You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named dev that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster. What should you do?

Use the command gcloud config sot container/cluster dev

Use the command gcloud container clusters update dev

Create a file called gke. default in the -/ .gcloud folder that contains the cluster name

Create a file called defaults. j son in the -/.gcioud folder that contains the cluster name

NEW QUESTION 55
You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group.
This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

Set metadata to enable-oslogin=truefor the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.

Set metadata to enable-oslogin=truefor the instance. Set the service account to no service accountfor that instance. Direct them to use the Cloud Shell to ssh to that instance.

Enable block project wide keysfor the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.

Enable block project wide keysfor the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

NEW QUESTION 56
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

1. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow all

1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow TCP: 8080

1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow all

1. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow TCP: 8080

NEW QUESTION 57
You have been asked to deploy a highly available Kubernetes cluster using Google Kubernetes Engine by your manager. While spinning up the cluster you realize you do not see option of creating master. What can be the reason?

GKE does not use master node to control child nodes.

You need to spin up a compute instance and set it up as master node.

Master node is created automatically by GKE.

None of the above.

NEW QUESTION 58
You created a Google Cloud Platform project with an App Engine application inside the project.
You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

Change the default region property setting in the existing GCP project to asia-northeast1.

Change the region property setting in the existing App Engine application from us-central to asia- northeast1.

Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.

Create a new GCP project and create an App Engine application inside this new project.
Specify asia-northeast1 as the region to serve your application.

NEW QUESTION 59
You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The object should be kept for three years, and you need to minimize cost. What should you do?

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

NEW QUESTION 60
You need to grant access for three users so that they can view and edit table data on a Cloud Spanner instance. What should you do?

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to the role.

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new group. Add the group to the role.

Run gcloud iam roles describe roles/spanner.viewer – -project my-project. Add the users to the role.

Run gcloud iam roles describe roles/spanner.viewer – -project my-project. Add the users to a new group. Add the group to the role.

NEW QUESTION 61
Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The DevOps team needs access to all of the production services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Google- recommended practices. What should you do?

Grant all members of the DevOps team the role of Project Editor on the organization level.

Grant all members of the DevOps team the role of Project Editor on the production project.

Create a custom role that combines the required permissions.
Grant the DevOps team the custom role on the production project.

Create a custom role that combines the required permissions.
Grant the DevOps team the custom role on the organization level.

NEW QUESTION 62
A Solutions Architect is designing a high-performance computing job that runs on Amazon EC2 instances in private subnets. To allow the application to download patches, the infrastructure must be altered to allow the instances to access external endpoints. Any changes to the infrastructure must involve minimal ongoing systems management effort.
What will allow the EC2 instances to access the endpoint while meeting these requirements?

NAT gateway

Elastic IP address

AWS Direct Connect

Virtual private gateway

NEW QUESTION 63
Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running on four GKE n1-standard-2 nodes. You need to deploy additional pods requiring n2- highmem-16 nodes without any downtime. What should you do?

Use gcloud container clusters upgrade.
Deploy the new services.

Create a new Node Pool and specify machine type n2-highmem-16.
Deploy the new pods.

Create a new cluster with n2-highmem-16 nodes.
Redeploy the pods and delete the old cluster.

Create a new cluster with both n1-standard-2 and n2-highmem-16 nodes.
Redeploy the pods and delete the old cluster.

NEW QUESTION 64
Your development team needs a new Jenkins server for their project. You need to deploy the server using the fewest steps possible. What should you do?

Download and deploy the Jenkins Java WAR to App Engine Standard.

Create a new Compute Engine instance and install Jenkins through the command line interface.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

Use GCP Marketplace to launch the Jenkins solution.

NEW QUESTION 65
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

1. Create an ingress firewall rule with the following settings:
* Targets: all instances
* Source filter: IP ranges (with the range set to 10.0.2.0/24)
* Protocols: allow all
2. Create an ingress firewall rule with the following settings:
* Targets: all instances
* Source filter: IP ranges (with the range set to 10.0.1.0/24)
* Protocols: allow all

1. Create an ingress firewall rule with the following settings:
* Targets: all instances with tier #2 service account
* Source filter: all instances with tier #1 service account
* Protocols: allow TCP:8080
2. Create an ingress firewall rule with the following settings:
* Targets: all instances with tier #3 service account
* Source filter: all instances with tier #2 service account
* Protocols: allow TCP: 8080

1. Create an ingress firewall rule with the following settings:
* Targets: all instances with tier #2 service account
* Source filter: all instances with tier #1 service account
* Protocols: allow all
2. Create an ingress firewall rule with the following settings:
* Targets: all instances with tier #3 service account
* Source filter: all instances with tier #2 service account
* Protocols: allow all

1. Create an egress firewall rule with the following settings:
* Targets: all instances
* Source filter: IP ranges (with the range set to 10.0.2.0/24)
* Protocols: allow TCP: 8080
2. Create an egress firewall rule with the following settings:
* Targets: all instances
* Source filter: IP ranges (with the range set to 10.0.1.0/24)
* Protocols: allow TCP: 8080

NEW QUESTION 66
You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/devstorage.write_only’.

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/cloud-platform’.

Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket.

Create a service account and add it to the IAM role ‘storage.objectAdmin’ for that bucket.

NEW QUESTION 67
You are building an application that processes data files uploaded from thousands of suppliers.
Your primary goals for the application are data security and the expiration of aged data. You need to design the application to:
– Restrict access so that suppliers can access only their own data.
– Give suppliers write access to data only for 30 minutes.
– Delete data that is over 45 days old.
You have a very short development cycle, and you need to make sure that the application requires minimal maintenance. Which two strategies should you use? (Choose two.)

Build a lifecycle policy to delete Cloud Storage objects after 45 days.

Use signed URLs to allow suppliers limited time access to store their objects.

Set up an SFTP server for your application, and create a separate user for each supplier.

Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.

Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

NEW QUESTION 68
You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?

When creating the VM, use machine type n1-standard-96.

When creating the VM, use Intel Skylake as the CPU platform.

Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have
96 vCPUs.

Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

NEW QUESTION 69
You have 3 Cloud Storage buckets that all store sensitive dat
a. Which grantees should you audit to ensure that these buckets are not public?

allUsers

allAuthenticatedUsers

publicUsers

allUsers and allAuthenticatedUsers

NEW QUESTION 70
A VM instance is trying to read from a Cloud Storage bucket. IAM roles assigned to the VM service account allows the VM instance to read from the bucket. But the scopes assigned to the VM deny the reading bucket. What will happen when VM tries to read from the bucket?

The application performing the read will drop the read operation

The read will not execute as IAM roles and scopes both determine what operations will be performed

The read will succeed because the most permissive permission is allowed

The read operation will execute, but a message will be sent to the Stackdriver Logging

NEW QUESTION 71
You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named dev that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster. What should you do?

Use the command gcloud config sot container/cluster dev

Use the command gcloud container clusters update dev

Create a file called gke. default in the -/ .gcloud folder that contains the cluster name

Create a file called defaults. j son in the -/.gcioud folder that contains the cluster name

NEW QUESTION 72
You are managing a Data Warehouse on BigQuery. An external auditor will review your company’s processes, and multiple external consultants will need view access to the data. You need to provide them with view access while following Google-recommended practices. What should you do?

Grant each individual external consultant the role of BigQuery Editor

Grant each individual external consultant the role of BigQuery Viewer

Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

NEW QUESTION 73
You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.

Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application.
Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

NEW QUESTION 74
Your engineers need to pass database credentials to a Kubernetes Pod. The YAML they’re using looks similar to the following:
apiVersion: “extensions/v1beta1”
kind: “Deployment”
metadata:
name: “products-service”
namespace: “default”
labels:
app: “products-service”
spec:
replicas: 3
selector:
matchLabels:
app: “products-service”
template:
metadata:
labels:
app: “products-service”
spec:
containers:
– name: “products”
image: “gcr.io/find-seller-app-dev/products:latest”
env:
– name: “database_user”
value: “admin”
– name: “database_password”
value: “TheB3stP@ssW0rd”
What is Google’s recommended best practice for working with sensitive information inside of Kubernetes?