The Replace Guide To Associate-Cloud-Engineer Dump

NEW QUESTION 1
You recently deployed a new version of an application to App Engine and then discovered a bug in the release. You need to immediately revert to the prior version of the application. What should you do?

• A. Run gcloud app restore.
• B. On the App Engine page of the GCP Console, select the application that needs to be reverted and click Revert.
• C. On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version.
• D. Deploy the original version as a separate applicatio
• E. Then go to App Engine settings and split traffic between applications so that the original version serves 100% of the requests.

Answer: C

NEW QUESTION 2
You need to immediately change the storage class of an existing Google Cloud bucket. You need to reduce service cost for infrequently accessed files stored in that bucket and for all files that will be added to that bucket in the future. What should you do?

• A. Use the gsutil to rewrite the storage class for the bucket Change the default storage class for the bucket
• B. Use the gsutil to rewrite the storage class for the bucket Set up Object Lifecycle management on the bucket
• C. Create a new bucket and change the default storage class for the bucket Set up Object Lifecycle management on lite bucket
• D. Create a new bucket and change the default storage class for the bucket import the files from the previous bucket into the new bucket

Answer: B

NEW QUESTION 3
You need to create a new billing account and then link it with an existing Google Cloud Platform project. What should you do?

• A. Verify that you are Project Billing Manager for the GCP projec
• B. Update the existing project to link it to the existing billing account.
• C. Verify that you are Project Billing Manager for the GCP projec
• D. Create a new billing account and link the new billing account to the existing project.
• E. Verify that you are Billing Administrator for the billing accoun
• F. Create a new project and link the new project to the existing billing account.
• G. Verify that you are Billing Administrator for the billing accoun
• H. Update the existing project to link it to the existing billing account.

Answer: B

Explanation:
Billing Administrators can not create a new billing account, and the project is presumably already created. Project Billing Manager allows you to link the created billing account to the project. It is vague on how the billing account gets created but by process of elimination

NEW QUESTION 4
You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

• A. Open the Cloud Spanner console to review configurations.
• B. Open the IAM & admin console to review IAM policies for Cloud Spanner roles.
• C. Go to the Stackdriver Monitoring console and review information for Cloud Spanner.
• D. Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Answer: D

Explanation:
https://cloud.google.com/monitoring/audit-logging

NEW QUESTION 5
All development (dev) teams in your organization are located in the United States. Each dev team has its own Google Cloud project. You want to restrict access so that each dev team can only create cloud resources in the United States (US). What should you do?

• A. Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.
• B. Create an organization to contain all the dev project
• C. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.
• D. Create an Identity and Access Management <IAM) policy to restrict the resources locations in the U
• E. Apply the policy to all dev projects.
• F. Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev project
• G. Apply the policy to all dev roles.

Answer: C

NEW QUESTION 6
Your auditor wants to view your organization's use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need. What should you do?

• A. Assign the appropriate permissions, and then use Cloud Monitoring to review metrics
• B. Use the export logs API to provide the Admin Activity Audit Logs in the format they want
• C. Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage
• D. Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

Answer: C

Explanation:
Types of audit logs Cloud Audit Logs provides the following audit logs for each Cloud project, folder, and organization: Admin Activity audit logs Data Access audit logs System Event audit logs Policy Denied audit logs ***Data Access audit logs contain API calls that read the configuration or metadata of resources, as well as user-driven API calls that create, modify, or read user-provided resource data. https://cloud.google.com/logging/docs/audit#types
https://cloud.google.com/logging/docs/audit#data-access Cloud Storage: When Cloud Storage usage logs are enabled, Cloud Storage writes usage data to the Cloud Storage bucket, which generates Data Access audit logs for the bucket. The generated Data Access audit log has its caller identity redacted.

NEW QUESTION 7
You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?

• A. Run gcloud iam roles lis
• B. Review the output section.
• C. Run gcloud iam service-accounts lis
• D. Review the output section.
• E. Navigate to the project and then to the IAM section in the GCP Consol
• F. Review the members and roles.
• G. Navigate to the project and then to the Roles section in the GCP Consol
• H. Review the roles and status.

Answer: C

Explanation:
Logged onto console and followed the steps and was able to see all the assigned users and roles.

NEW QUESTION 8
You need to track and verity modifications to a set of Google Compute Engine instances in your Google Cloud project. In particular, you want to verify OS system patching events on your virtual machines (VMs). What should you do?

• A. Review the Compute Engine activity logs Select and review the Admin Event logs
• B. Review the Compute Engine activity logs Select and review the System Event logs
• C. Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs
• D. Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs

Answer: A

NEW QUESTION 9
You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

• A. In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.
• B. When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.
• C. Create a service account, and give it access to Cloud Storag
• D. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.
• E. Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Answer: A

Explanation:
Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account. is not right.As mentioned above, Container Registry ignores permissions set on individual objects within the storage bucket so this isnt going to work.
Ref: https://cloud.google.com/container-registry/docs/access-control

NEW QUESTION 10
You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google- recommended practices to obtain the combined logs for all projects. What should you do?

• A. Navigate to Stackdriver Logging and select resource.labels.project_id="*"
• B. Create a Stackdriver Logging Export with a Sink destination to a BigQuery datase
• C. Configure the table expiration to 60 days.
• D. Create a Stackdriver Logging Export with a Sink destination to Cloud Storag
• E. Create a lifecycle rule to delete objects after 60 days.
• F. Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuer
• G. Configure the table expiration to 60 days.

Answer: B

Explanation:
Navigate to Stackdriver Logging and select resource.labels.project_id=*. is not right.
Log entries are held in Stackdriver Logging for a limited time known as the retention period which is 30 days (default configuration). After that, the entries are deleted. To keep log entries longer, you need to export them outside of Stackdriver Logging by configuring log sinks.
Ref: https://cloud.google.com/blog/products/gcp/best-practices-for-working-with-google-cloud-audit-logging Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days. is not right.
While this works, it makes no sense to use Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery when Google provides a feature (export sinks) that does exactly the same thing and works out of the box.Ref: https://cloud.google.com/logging/docs/export/configure_export_v2
Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days. is not right.
You can export logs by creating one or more sinks that include a logs query and an export destination. Supported destinations for exported log entries are Cloud Storage, BigQuery, and
Pub/Sub.Ref: https://cloud.google.com/logging/docs/export/configure_export_v2
Sinks are limited to exporting log entries from the exact resource in which the sink was created: a Google Cloud project, organization, folder, or billing account. If it makes it easier to exporting from all projects of an organication, you can create an aggregated sink that can export log entries from all the projects, folders, and billing accounts of a Google Cloud
organization.Ref: https://cloud.google.com/logging/docs/export/aggregated_sinks
Either way, we now have the data in Cloud Storage, but querying logs information from Cloud Storage is harder than Querying information from BigQuery dataset. For this reason, we should prefer Big Query over Cloud Storage.
Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days. is the right answer.
You can export logs by creating one or more sinks that include a logs query and an export destination. Supported destinations for exported log entries are Cloud Storage, BigQuery, and
Pub/Sub.Ref: https://cloud.google.com/logging/docs/export/configure_export_v2
Sinks are limited to exporting log entries from the exact resource in which the sink was created: a Google Cloud project, organization, folder, or billing account. If it makes it easier to exporting from all projects of an organication, you can create an aggregated sink that can export log entries from all the projects, folders, and billing accounts of a Google Cloud
organization.Ref: https://cloud.google.com/logging/docs/export/aggregated_sinks
Either way, we now have the data in a BigQuery Dataset. Querying information from a Big Query dataset is easier and quicker than analyzing contents in Cloud Storage bucket. As our requirement is to Quickly analyze the log contents, we should prefer Big Query over Cloud Storage.
Also, You can control storage costs and optimize storage usage by setting the default table expiration for newly created tables in a dataset. If you set the property when the dataset is created, any table created in the dataset is deleted after the expiration period. If you set the property after the dataset is created, only new tables are deleted after the expiration period.For example, if you set the default table expiration to 7 days, older data is automatically deleted after 1 week.Ref: https://cloud.google.com/bigquery/docs/best-practices-storage

NEW QUESTION 11
You created a cluster.YAML file containing
resources:
name: cluster
type: container.v1.cluster
properties:
zone: europe-west1-b
cluster:
description: My GCP ACE cluster
initialNodeCount: 2
You want to use Cloud Deployment Manager to create this cluster in GKE. What should you do?

• A. gcloud deployment-manager deployments create my-gcp-ace-cluster --config cluster.yaml
• B. gcloud deployment-manager deployments create my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml
• C. gcloud deployment-manager deployments apply my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml
• D. gcloud deployment-manager deployments apply my-gcp-ace-cluster --config cluster.yaml

Answer: D

Explanation:
gcloud deployment-manager deployments create creates deployments based on the configuration file. (Infrastructure as code). All the configuration related to the artifacts is in the configuration file. This command correctly creates a cluster based on the provided cluster.yaml configuration file.
Ref: https://cloud.google.com/sdk/gcloud/reference/deployment-manager/deployments/create

NEW QUESTION 12
You need to select and configure compute resources for a set of batch processing jobs. These jobs take around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?

• A. Select Google Kubernetes Engin
• B. Use a single-node cluster with a small instance type.
• C. Select Google Kubernetes Engin
• D. Use a three-node cluster with micro instance types.
• E. Select Compute Engin
• F. Use preemptible VM instances of the appropriate standard machine type.
• G. Select Compute Engin
• H. Use VM instance types that support micro bursting.

Answer: C

Explanation:
If your apps are fault-tolerant and can withstand possible instance preemptions, then preemptible instances can reduce your Compute Engine costs significantly. For example, batch processing jobs can run on preemptible instances. If some of those instances stop during processing, the job slows but does not completely stop. Preemptible instances complete your batch processing tasks without placing additional workload on your existing instances and without requiring you to pay full price for additional normal instances.
https://cloud.google.com/compute/docs/instances/preemptible

NEW QUESTION 13
You are building an application that processes data files uploaded from thousands of suppliers. Your primary goals for the application are data security and the expiration of aged data. You need to design the application to:
•Restrict access so that suppliers can access only their own data.
•Give suppliers write access to data only for 30 minutes.
•Delete data that is over 45 days old.
You have a very short development cycle, and you need to make sure that the application requires minimal maintenance. Which two strategies should you use? (Choose two.)

• A. Build a lifecycle policy to delete Cloud Storage objects after 45 days.
• B. Use signed URLs to allow suppliers limited time access to store their objects.
• C. Set up an SFTP server for your application, and create a separate user for each supplier.
• D. Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.
• E. Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

Answer: AB

Explanation:
(A) Object Lifecycle Management Delete
The Delete action deletes an object when the object meets all conditions specified in the lifecycle rule.
Exception: In buckets with Object Versioning enabled, deleting the live version of an object causes it to become a noncurrent version, while deleting a noncurrent version deletes that version permanently.
https://cloud.google.com/storage/docs/lifecycle#delete
(B) Signed URLs
This page provides an overview of signed URLs, which you use to give time-limited resource access to anyone in possession of the URL, regardless of whether they have a Google account
https://cloud.google.com/storage/docs/access-control/signed-urls

NEW QUESTION 14
You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The files are used in a mission-critical analytics pipeline that is used continually. The users are in Boston, MA (United States). What should you do?

• A. Configure regional storage for the region closest to the users Configure a Nearline storage class
• B. Configure regional storage for the region closest to the users Configure a Standard storage class
• C. Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class
• D. Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class

Answer: B

Explanation:
Keywords: - continually -> Standard - mission-critical analytics -> dual-regional

NEW QUESTION 15
You have a single binary application that you want to run on Google Cloud Platform. You decided to automatically scale the application based on underlying infrastructure CPU usage. Your organizational policies require you to use virtual machines directly. You need to ensure that the application scaling is operationally efficient and completed as quickly as possible. What should you do?

• A. Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application.
• B. Create an instance template, and use the template in a managed instance group with autoscaling configured.
• C. Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day.
• D. Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring.

Answer: B

Explanation:
Managed instance groups offer autoscaling capabilities that let you automatically add or delete instances from a managed instance group based on increases or decreases in load (CPU Utilization in this case). Autoscaling helps your apps gracefully handle increases in traffic and reduce costs when the need for resources is lower. You define the autoscaling policy and the autoscaler performs automatic scaling based on the measured load (CPU Utilization in this case). Autoscaling works by adding more instances to your instance group when there is more load (upscaling), and deleting instances when the need for instances is lowered (downscaling). Ref: https://cloud.google.com/compute/docs/autoscaler

NEW QUESTION 16
You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same Deployment Manager deployment, you also want to create a DaemonSet in the kube-system namespace of the cluster. You want a solution that uses the fewest possible services. What should you do?

• A. Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.
• B. Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.
• C. With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.
• D. In the cluster’s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.

Answer: A

Explanation:
Adding an API as a type provider
This page describes how to add an API to Google Cloud Deployment Manager as a type provider. To learn more about types and type providers, read the Types overview documentation.
A type provider exposes all of the resources of a third-party API to Deployment Manager as base types that you can use in your configurations. These types must be directly served by a RESTful API that supports Create, Read, Update, and Delete (CRUD).
If you want to use an API that is not automatically provided by Google with Deployment Manager, you must add the API as a type provider.
https://cloud.google.com/deployment-manager/docs/configuration/type-providers/creating-type-provider

NEW QUESTION 17
You want to select and configure a solution for storing and archiving data on Google Cloud Platform. You need to support compliance objectives for data from one geographic location. This data is archived after 30 days and needs to be accessed annually. What should you do?

• A. Select Multi-Regional Storag
• B. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.
• C. Select Multi-Regional Storag
• D. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.
• E. Select Regional Storag
• F. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.
• G. Select Regional Storag
• H. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

Answer: D

Explanation:
Google Cloud Coldline is a new cold-tier storage for archival data with access frequency of less than once per year. Unlike other cold storage options, Nearline has no delays prior to data access, so now it is the leading solution among competitors.
The Real description is about Coldline storage Class: Coldline Storage
Coldline Storage is a very-low-cost, highly durable storage service for storing infrequently accessed data. Coldline Storage is a better choice than Standard Storage or Nearline Storage in scenarios where slightly lower availability, a 90-day minimum storage duration, and higher costs for data access are acceptable trade-offs for lowered at-rest storage costs.
Coldline Storage is ideal for data you plan to read or modify at most once a quarter. Note, however, that for data being kept entirely for backup or archiving purposes, Archive Storage is more cost-effective, as it offers the lowest storage costs.
https://cloud.google.com/storage/docs/storage-classes#coldline

NEW QUESTION 18
You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images. The microservice responsible for the image rendering requires a large amount of CPU time compared to the memory it requires. The other microservices are workloads that are optimized for n1-standard machine types. You need to optimize your cluster so that all workloads are using resources as efficiently as possible. What should you do?

• A. Assign the pods of the image rendering microservice a higher pod priority than the older microservices
• B. Create a node pool with compute-optimized machine type nodes for the image rendering microservice Use the node pool with general-purposemachine type nodes for the other microservices
• C. Use the node pool with general-purpose machine type nodes for lite mage rendering microservice Create a nodepool with compute-optimized machine type nodes for the other microservices
• D. Configure the required amount of CPU and memory in the resource requests specification of the imagerendering microservice deployment Keep the resource requests for the other microservices at the default

Answer: B

NEW QUESTION 19
You are using Data Studio to visualize a table from your data warehouse that is built on top of BigQuery. Data is appended to the data warehouse during the day. At night, the daily summary is recalculated by overwriting the table. You just noticed that the charts in Data Studio are broken, and you want to analyze the problem. What should you do?

• A. Use the BigQuery interface to review the nightly Job and look for any errors
• B. Review the Error Reporting page in the Cloud Console to find any errors.
• C. In Cloud Logging create a filter for your Data Studio report
• D. Use the open source CLI too
• E. Snapshot Debugger, to find out why the data was not refreshed correctly.

Answer: D

Explanation:
Cloud Debugger helps inspect the state of an application, at any code location, without stopping or slowing down the running app // https://cloud.google.com/debugger/docs

NEW QUESTION 20
......