Google Associate-Cloud-Engineer Exam Practice Test Instant Access

Question 1

Your company is running a three-tier web application on virtual machines that use a MySQL database. You need to create an estimated total cost of cloud infrastructure to run this application on Google Cloud instances and Cloud SQL. What should you do?

AUse the Google Cloud Pricing Calculator to determine the cost of every Google Cloud resource you expect to use. Use similar size instances for the web server, and use your current on-premises machines as a comparison for Cloud SQL.

BImplement a similar architecture on Google Cloud, and run a reasonable load test on a smaller scale. Check the billing information, and calculate the estimated costs based on the real load your system usually handles.

CUse the Google Cloud Pricing Calculator and select the Cloud Operations template to define your web application with as much detail as possible.

DCreate a Google spreadsheet with multiple Google Cloud resource combinations. On a separate sheet, import the current Google Cloud prices and use these prices for the calculations within formulas.

Answer : C

Question 2

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20. and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

AChange the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

BChange the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

CAdd a secondary IP range 10.1.0.0/20 to the subnet.

DConvert the subnet IP range from IPv4 to IPv6

Answer : B

Question 3

You are a Google Cloud organization administrator. You need to configure organization policies and log sinks on Google Cloud projects that cannot be removed by project users to comply with your company's security policies. The security policies are different for each company department Each company department has a user with the Project Owner role assigned to their projects. What should you do?

AOrganize projects under folders for each department. Configure both organization policies and log sinks on the folders

BOrganize projects under folders for each department. Configure organization policies on the organization and log sinks on the folders.

CUse a standard naming convention for projects that includes the department name. Configure organization policies on the organization and log sinks on the projects.

DUse a standard naming convention for projects that includes the department name. Configure both organization policies and log sinks on the projects.

Answer : A

Question 4

Your application stores files on Cloud Storage by using the Standard Storage class. The application only requires access to files created in the last 30 days. You want to automatically save costs on files that are no longer accessed by the application. What should you do?

ACreate a retention policy on the storage bucket of 30 days, and lock the bucket by using a retention policy lock.

BEnable object versioning on the storage bucket and add lifecycle rules to expire non-current versions after 30 days

CCreate an object lifecycle on the storage bucket to change the storage class to Archive Storage for objects with an age over 30 days.

DCreate a cron job in Cloud Scheduler to call a Cloud Functions instance every day to delete files older than 30 days.

Answer : C

Question 5

You need to deploy a single stateless web application with a web interface and multiple endpoints. For security reasons, the web application must be reachable from an internal IP address from your company's private VPC and on-premises network. You also need to update the web application multiple times per day with minimal effort and want to manage a minimal amount of cloud infrastructure. What should you do?

ADeploy the web application on Google Kubernetes Engine standard edition with an internal ingress.

BDeploy the web application on Cloud Run with Private Google Access configured

CDeploy the web application to GKE Autopilot with Private Google Access configured

DDeploy the web application on Cloud Run with Private Service Connect configured.

Answer : A

Question 6

You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements:

* All service accounts that require a key should be created in a centralized project called pj-sa.

* Service account keys should only be valid for one day.

You need a Google-recommended solution that minimizes cost. What should you do?

AImplement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

BImplement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of
service accounts to resources in all projects with an exception to pj-sa.

CEnforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

DEnforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

Answer : A

According to the Google Cloud documentation, you can use organization policy constraints to control the creation and expiration of service account keys. The constraints are:

constraints/iam.allowServiceAccountKeyCreation: This constraint allows you to specify which projects or folders can create service account keys. You can set the value totrueorfalse, or use a condition to apply the constraint to specific service accounts. By setting this constraint tofalsefor the organization and adding an exception for the pj-sa project, you can prevent developers from creating service account keys in other projects.

constraints/iam.serviceAccountKeyMaxLifetime: This constraint allows you to specify the maximum lifetime of service account keys. You can set the value to a duration in seconds, such as86400for one day. By setting this constraint to86400for the organization, you can ensure that all service account keys expire after one day.

These constraints are recommended by Google Cloud as best practices to minimize the risk of service account key misuse or compromise. They also help you reduce the cost of managing service account keys, as you do not need to implement a custom solution to rotate or delete them.

1: Associate Cloud Engineer Certification Exam Guide | Learn - Google Cloud

5: Create and delete service account keys - Google Cloud

Organization policy constraints for service accounts

Question 7

You have an on-premises data analytics set of binaries that processes data files in memory for about 45 minutes every midnight. The sizes of those data files range from 1 gigabyte to 16 gigabytes. You want to migrate this application to Google Cloud with minimal effort and cost. What should you do?

AUpload the code to Cloud Functions. Use Cloud Scheduler to start the application.

BCreate a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.

CCreate a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.

DLift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.

Answer : B

Google Associate Cloud Engineer Exam Practice Test