Replace Professional-Cloud-Architect Latest Exam For Google Certified Professional - Cloud Architect (GCP) Certification

NEW QUESTION 1

Your agricultural division is experimenting with fully autonomous vehicles.
You want your architecture to promote strong security during vehicle operation. Which two architecture should you consider?
Choose 2 answers:

• A. Treat every micro service call between modules on the vehicle as untrusted.
• B. Require IPv6 for connectivity to ensure a secure address space.
• C. Use a trusted platform module (TPM) and verify firmware and binaries on boot.
• D. Use a functional programming language to isolate code execution cycles.
• E. Use multiple connectivity subsystems for redundancy.
• F. Enclose the vehicle's drive electronics in a Faraday cage to isolate chips.

Answer: AC

NEW QUESTION 2

A lead engineer wrote a custom tool that deploys virtual machines in the legacy data center. He wants to migrate the custom tool to the new cloud environment You want to advocate for the adoption of Google Cloud Deployment Manager What are two business risks of migrating to Cloud Deployment Manager? Choose 2 answers

• A. Cloud Deployment Manager uses Python.
• B. Cloud Deployment Manager APIs could be deprecated in the future.
• C. Cloud Deployment Manager is unfamiliar to the company's engineers.
• D. Cloud Deployment Manager requires a Google APIs service account to run.
• E. Cloud Deployment Manager can be used to permanently delete cloud resources.
• F. Cloud Deployment Manager only supports automation of Google Cloud resources.

Answer: CF

Explanation:
https://cloud.google.com/deployment-manager/docs/deployments/deleting-deployments

NEW QUESTION 3

You deploy your custom Java application to Google App Engine. It fails to deploy and gives you the following stack trace.

What should you do?

• A. Upload missing JAR files and redeploy your application.
• B. Digitally sign all of your JAR files and redeploy your application
• C. Recompile the CLoakedServlet class using and MD5 hash instead of SHA1

Answer: B

NEW QUESTION 4

Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires private address space communication. Which networking approach should you use?

• A. Google Cloud Dedicated Interconnect
• B. Google Cloud VPN connected to the data center network
• C. A NAT and TLS translation gateway installed on-premises
• D. A Google Compute Engine instance with a VPN server installed connected to the data center network

Answer: A

Explanation:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations
Google Cloud Dedicated Interconnect provides direct physical connections and RFC 1918 communication between your on-premises network and Google’s network. Dedicated Interconnect enables you to transfer large amounts of data between networks, which can be more cost effective than purchasing additional bandwidth over the public Internet or using VPN tunnels.
Benefits:
Traffic between your on-premises network and your VPC network doesn't traverse the public Internet.
Traffic traverses a dedicated connection with fewer hops, meaning there are less points of failure where traffic might get dropped or disrupted.
Your VPC network's internal (RFC 1918) IP addresses are directly accessible from your on-premises network. You don't need to use a NAT device or VPN tunnel to reach internal IP addresses. Currently, you can only reach internal IP addresses over a dedicated connection. To reach Google external IP addresses, you must use a separate connection.
You can scale your connection to Google based on your needs. Connection capacity is delivered over one or more 10 Gbps Ethernet connections, with a maximum of eight connections (80 Gbps total per interconnect).
The cost of egress traffic from your VPC network to your on-premises network is reduced. A dedicated connection is generally the least expensive method if you have a high-volume of traffic to and from Google’s network.
References: https://cloud.google.com/interconnect/docs/details/dedicated

NEW QUESTION 5

Your organization requires that metrics from all applications be retained for 5 years for future analysis in possible legal proceedings. Which approach should you use?

• A. Grant the security team access to the logs in each Project.
• B. Configure Stackdriver Monitoring for all Projects, and export to BigQuery.
• C. Configure Stackdriver Monitoring for all Projects with the default retention policies.
• D. Configure Stackdriver Monitoring for all Projects, and export to Google Cloud Storage.

Answer: D

Explanation:
Overview of storage classes, price, and use cases https://cloud.google.com/storage/docs/storage-classes Why export logs? https://cloud.google.com/logging/docs/export/
StackDriver Quotas and Limits for Monitoring https://cloud.google.com/monitoring/quotas The BigQuery pricing. https://cloud.google.com/bigquery/pricing

NEW QUESTION 6

One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify authenticity of your logs?

• A. Write the log concurrently in the cloud and on premises.
• B. Use a SQL database and limit who can modify the log table.
• C. Digitally sign each timestamp and log entry and store the signature.
• D. Create a JSON dump of each log entry and store it in Google Cloud Storage.

Answer: C

Explanation:
https://cloud.google.com/storage/docs/access-logs
References: https://cloud.google.com/logging/docs/reference/tools/gcloud-logging

NEW QUESTION 7

Your company wants to try out the cloud with low risk. They want to archive approximately 100 TB of their log data to the cloud and test the analytics features available to them there, while also retaining that data as a long-term disaster recovery backup. Which two steps should they take? Choose 2 answers

• A. Load logs into Google BigQuery.
• B. Load logs into Google Cloud SQL.
• C. Import logs into Google Stackdriver.
• D. Insert logs into Google Cloud Bigtable.
• E. Upload log files into Google Cloud Storage.

Answer: AE

NEW QUESTION 8

You are building a continuous deployment pipeline for a project stored in a Git source repository and want to ensure that code changes can be verified deploying to production. What should you do?

• A. Use Spinnaker to deploy builds to production using the red/black deployment strategy so that changes can easily be rolled back.
• B. Use Spinnaker to deploy builds to production and run tests on production deployments.
• C. Use Jenkins to build the staging branches and the master branc
• D. Build and deploy changes to production for 10% of users before doing a complete rollout.
• E. Use Jenkins to monitor tags in the repositor
• F. Deploy staging tags to a staging environment for testing.After testing, tag the repository for production and deploy that to the production environment.

Answer: D

Explanation:
Reference: https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes/blob/master/ README.md

NEW QUESTION 9

You need to upload files from your on-premises environment to Cloud Storage. You want the files to be encrypted on Cloud Storage using customer-supplied encryption keys. What should you do?

• A. Supply the encryption key in a .boto configuration fil
• B. Use gsutil to upload the files.
• C. Supply the encryption key using gcloud confi
• D. Use gsutil to upload the files to that bucket.
• E. Use gsutil to upload the files, and use the flag --encryption-key to supply the encryption key.
• F. Use gsutil to create a bucket, and use the flag --encryption-key to supply the encryption ke
• G. Use gsutil to upload the files to that bucket.

Answer: A

Explanation:
https://cloud.google.com/storage/docs/encryption/customer-supplied-keys#gsutil

NEW QUESTION 10

Your company is using BigQuery as its enterprise data warehouse. Data is distributed over several Google Cloud projects. All queries on BigQuery need to be billed on a single project. You want to make sure that no query costs are incurred on the projects that contain the data. Users should be able to query the datasets, but not edit them.
How should you configure users’ access roles?

• A. Add all users to a grou
• B. Grant the group the role of BigQuery user on the billing project and BigQuery dataViewer on the projects that contain the data.
• C. Add all users to a grou
• D. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery user on the projects that contain the data.
• E. Add all users to a grou
• F. Grant the group the roles of BigQuery jobUser on the billing project and BigQuery dataViewer on the projects that contain the data.
• G. Add all users to a grou
• H. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery jobUser on the projects that contain the data.

Answer: A

Explanation:
Reference: https://cloud.google.com/bigquery/docs/running-queries

NEW QUESTION 11

You are tasked with building an online analytical processing (OLAP) marketing analytics and reporting tool. This requires a relational database that can operate on hundreds of terabytes of data. What is the Google
recommended tool for such applications?

• A. Cloud Spanner, because it is globally distributed
• B. Cloud SQL, because it is a fully managed relational database
• C. Cloud Firestore, because it offers real-time synchronization across devices
• D. BigQuery, because it is designed for large-scale processing of tabular data

Answer: A

Explanation:
Reference: https://cloud.google.com/files/BigQueryTechnicalWP.pdf

NEW QUESTION 12

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?

• A. The effective policy is determined only by the policy set at the node
• B. The effective policy is the policy set at the node and restricted by the policies of its ancestors
• C. The effective policy is the union of the policy set at the node and policies inherited from its ancestors
• D. The effective policy is the intersection of the policy set at the node and policies inherited from its ancestors

Answer: B

Explanation:
Reference: https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy

NEW QUESTION 13

You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must not be accessible through the public Internet. What should you do?

• A. Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database.
• B. Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the onpremises database.
• C. Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database.
• D. Deploy your application on App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.

Answer: D

Explanation:
https://cloud.google.com/appengine/docs/flexible/python/using-third-party-databases

NEW QUESTION 14

You have been asked to select the storage system for the click-data of your company's large portfolio of websites. This data is streamed in from a custom website analytics package at a typical rate of 6,000 clicks per minute, with bursts of up to 8,500 clicks per second. It must been stored for future analysis by your data science and user experience teams. Which storage infrastructure should you choose?

• A. Google Cloud SQL
• B. Google Cloud Bigtable
• C. Google Cloud Storage
• D. Google cloud Datastore

Answer: C

Explanation:
https://cloud.google.com/bigquery/docs/loading-data-cloud-storage

NEW QUESTION 15

Your customer support tool logs all email and chat conversations to Cloud Bigtable for retention and analysis. What is the recommended approach for sanitizing this data of personally identifiable information or payment card information before initial storage?

• A. Hash all data using SHA256
• B. Encrypt all data using elliptic curve cryptography
• C. De-identify the data with the Cloud Data Loss Prevention API
• D. Use regular expressions to find and redact phone numbers, email addresses, and credit card numbers

Answer: A

Explanation:
Reference: https://cloud.google.com/solutions/pci-dss-compliance-ingcp#

NEW QUESTION 16

Your company creates rendering software which users can download from the company website. Your company has customers all over the world. You want to minimize latency for all your customers. You want to follow Google-recommended practices.
How should you store the files?

• A. Save the files in a Multi-Regional Cloud Storage bucket.
• B. Save the files in a Regional Cloud Storage bucket, one bucket per zone of the region.
• C. Save the files in multiple Regional Cloud Storage buckets, one bucket per zone per region.
• D. Save the files in multiple Multi-Regional Cloud Storage buckets, one bucket per multi-region.

Answer: A

Explanation:
https://cloud.google.com/storage/docs/locations#location-mr

NEW QUESTION 17

Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all projects in the organization. You provision the Google Cloud Resource Manager and set up yourself as the org admin. What Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team'?

• A. Org viewer, project owner
• B. Org viewer, project viewer
• C. Org admin, project browser
• D. Project owner, network admin

Answer: B

Explanation:
https://cloud.google.com/iam/docs/using-iam-securely

NEW QUESTION 18

Your company is forecasting a sharp increase in the number and size of Apache Spark and Hadoop jobs being run on your local datacenter You want to utilize the cloud to help you scale this upcoming demand with the least amount of operations work and code change. Which product should you use?

• A. Google Cloud Dataflow
• B. Google Cloud Dataproc
• C. Google Compute Engine
• D. Google Container Engine

Answer: B

Explanation:
Google Cloud Dataproc is a fast, easy-to-use, low-cost and fully managed service that lets you run the Apache Spark and Apache Hadoop ecosystem on Google Cloud Platform. Cloud Dataproc provisions big or small clusters rapidly, supports many popular job types, and is integrated with other Google Cloud Platform services, such as Google Cloud Storage and Stackdriver Logging, thus helping you reduce TCO.
References: https://cloud.google.com/dataproc/docs/resources/faq

NEW QUESTION 19
......