Google Professional Cloud Architect Exam Practice Test Instant Access

Question 1

Your company has an application that is running on multiple instances of Compute Engine. It generates 1 TB per day of logs. For compliance reasons, the logs need to be kept for at least two years. The logs need to be available for active query for 30 days. After that, they just need to be retained for audit purposes. You want to implement a storage solution that is compliant, minimizes costs, and follows Google-recommended practices. What should you do?

A1. Install the Cloud Ops agent on all instances.
2. Create a sink to export logs into a partitioned BigQuery table.
3. Set a time_partitioning_expiration of 30 days.

B1. Install the Cloud Ops agent on all instances.
2. Create a sink to export logs into a regional Cloud Storage bucket.
3. Create an Object Lifecycle rule to move files into a Coldline Cloud Storage bucket after one month.
4. Configure a retention policy at the bucket level to create a lock.

C1. Create a daily cron job, running on all instances, that uploads logs into a partitioned BigQuery
table. 2. Set a time_partitioning_expiration of 30 days.

D1. Write a daily cron job, running on all instances, that uploads logs into a Cloud Storage bucket.
2. Create a sink to export logs into a regional Cloud Storage bucket.
3. Create an Object Lifecycle rule to move files into a Coldline Cloud Storage bucket after one month.

Answer : B

The practice for managing logs generated on Compute Engine on Google Cloud is to install the Cloud Logging agent and send them to Cloud Logging.

The sent logs will be aggregated into a Cloud Logging sink and exported to Cloud Storage.

The reason for using Cloud Storage as the destination for the logs is that the requirement in question requires setting up a lifecycle based on the storage period.

In this case, the log will be used for active queries for 30 days after it is saved, but after that, it needs to be stored for a longer period of time for auditing purposes.

If the data is to be used for active queries, we can use BigQuery's Cloud Storage data query feature and move the data past 30 days to Coldline to build a cost-optimal solution.

Therefore, the correct answer is as follows

1. Install the Cloud Logging agent on all instances.

Create a sync that exports the logs to the region's Cloud Storage bucket.

3. Create an Object Lifecycle rule to move the files to the Coldline Cloud Storage bucket after one month. 4.

4. set up a bucket-level retention policy using bucket locking.'

Question 2

Your organization has stored sensitive data in a Cloud Storage bucket. For regulatory reasons, your company must be able to rotate the encryption key used to encrypt the data in the bucket. The data will be processed in Dataproc. You want to follow Google-recommended practices for security What should you do?

ACreate a key with Cloud Key Management Service (KMS) Encrypt the data using the encrypt method of Cloud KMS.

BCreate a key with Cloud Key Management Service (KMS). Set the encryption key on the bucket to the Cloud KMS key.

CGenerate a GPG key pair. Encrypt the data using the GPG key. Upload the encrypted data to the bucket.

DGenerate an AES-256 encryption key. Encrypt the data in the bucket using the customer-supplied encryption keys feature.

Answer : B

https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys#add-object-key

https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys

Question 3

You are working at an institution that processes medical dat

a. You are migrating several workloads onto Google Cloud. Company policies require all workloads to run on physically separated hardware, and workloads from different clients must also be separated You created a sole-tenant node group and added a node for each client. You need to deploy the workloads on these dedicated hosts. What should you do?

AAdd the node group name as a network tag when creating Compute Engine instances in order to host each workload on the correct node group.

BAdd the node name as a network tag when creating Compute Engine instances in order to host each workload on the correct node.

CUse node affinity labels based on the node group name when creating Compute Engine instances in order to host each workload on the correct node group

DUse node affinity labels based on the node name when creating Compute Engine instances in order to host each workload on the correct node.

Answer : C

https://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms#provision_a_sole-tenant_vm

https://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms#gcloud_2

When you create a VM, you request sole-tenancy by specifying node affinity or anti-affinity, referencing one or more node affinity labels. You specify custom node affinity labels when you create a node template, and Compute Engine automatically includes some default affinity labels on each node. By specifying affinity when you create a VM, you can schedule VMs together on a specific node or nodes in a node group. By specifying anti-affinity when you create a VM, you can ensure that certain VMs are not scheduled together on the same node or nodes in a node group.

Question 4

An application development team has come to you for advice.They are planning to write and deploy an HTTP(S) API using Go 1.12. The API will have a very unpredictable workload and must remain reliable during peaks in traffic. They want to minimize operational overhead for this application. What approach should you recommend?

AUse a Managed Instance Group when deploying to Compute Engine

BDevelop an application with containers, and deploy to Google Kubernetes Engine (GKE)

CDevelop the application for App Engine standard environment

DDevelop the application for App Engine Flexible environment using a custom runtime

Answer : C

https://cloud.google.com/appengine/docs/the-appengine-environments

Question 5

Your team is developing a web application that will be deployed on Google Kubernetes Engine (GKE). Your CTO expects a successful launch and you need to ensure your application can handle the expected load of tens of thousands of users. You want to test the current deployment to ensure the latency of your application stays below a certain threshold. What should you do?

AUse a load testing tool to simulate the expected number of concurrent users and total requests to your application, and inspect the results.

BEnable autoscaling on the GKE cluster and enable horizontal pod autoscaling on your application deployments. Send curl requests to your application, and validate if the auto scaling works.

CReplicate the application over multiple GKE clusters in every Google Cloud region. Configure a global HTTP
(S) load balancer to expose the different clusters over a single global IP address.

DUse Cloud Debugger in the development environment to understand the latency between the different microservices.

Answer : B

Question 6

Your company is developing a new application that will allow globally distributed users to upload pictures and share them with other selected users. The application will support millions of concurrent users. You want to allow developers to focus on just building code without having to create and maintain the underlying infrastructure. Which service should you use to deploy the application?

AApp Engine

BCloud Endpoints

CCompute Engine

DGoogle Kubernetes Engine

Answer : A

https://cloud.google.com/appengine/docs/standard/go/how-requests-are-handled

Question 7

You are developing your microservices application on Google Kubernetes Engine. During testing, you want to validate the behavior of your application in case a specific microservice should suddenly crash. What should you do?

AAdd a taint to one of the nodes of the Kubernetes cluster. For the specific microservice, configure a pod anti-affinity label that has the name of the tainted node as a value.

BUse Istio's fault injection on the particular microservice whose faulty behavior you want to simulate.

CDestroy one of the nodes of the Kubernetes cluster to observe the behavior.

DConfigure Istio's traffic management features to steer the traffic away from a crashing microservice.

Answer : B

Microservice runs on all nodes. The Micro service runs on Pod, Pod runs on Nodes. Nodes is nothing but Virtual machines. Once deployed the application microservices will get deployed across all Nodes. Destroying one node may not mimic the behaviour of microservice crashing as it may be running in other nodes.

link: https://istio.io/latest/docs/tasks/traffic-management/fault-injection/

Google Professional Cloud Architect Google Cloud Architect Professional Exam Practice Test