Google Professional Cloud Architect Exam Practice Test Instant Access

Question 1

Your development teams release new versions of games running on Google Kubernetes Engine (GKE) daily.

You want to create service level indicators (SLIs) to evaluate the quality of the new versions from the user's

perspective. What should you do?

ACreate CPU Utilization and Request Latency as service level indicators.

BCreate GKE CPU Utilization and Memory Utilization as service level indicators.

CCreate Request Latency and Error Rate as service level indicators.

DCreate Server Uptime and Error Rate as service level indicators.

Answer : C

Question 2

Your company just finished a rapid lift and shift to Google Compute Engine for your compute needs. You have another 9 months to design and deploy a more cloud-native solution. Specifically, you want a system that is no-ops and auto-scaling. Which two compute products should you choose? Choose 2 answers

ACompute Engine with containers

BGoogle Kubernetes Engine with containers

CGoogle App Engine Standard Environment

DCompute Engine with custom instance types

ECompute Engine with managed instance groups

Answer : B, C

B: With Container Engine, Google will automatically deploy your cluster for you, update, patch, secure the nodes.

Kubernetes Engine's cluster autoscaler automatically resizes clusters based on the demands of the workloads you want to run.

C: Solutions like Datastore, BigQuery, AppEngine, etc are truly NoOps.

App Engine by default scales the number of instances running up and down to match the load, thus providing consistent performance for your app at all times while minimizing idle instances and thus reducing cost.

Note: At a high level, NoOps means that there is no infrastructure to build out and manage during usage of the platform. Typically, the compromise you make with NoOps is that you lose control of the underlying infrastructure.

Question 3

All compute Engine instances in your VPC should be able to connect to an Active Directory server on specific ports. Any other traffic emerging from your instances is not allowed. You want to enforce this using VPC firewall rules.

How should you configure the firewall rules?

ACreate an egress rule with priority 1000 to deny all traffic for all instances. Create another egress rule with priority 100 to allow the Active Directory traffic for all instances.

BCreate an egress rule with priority 100 to deny all traffic for all instances. Create another egress rule with priority 1000 to allow the Active Directory traffic for all instances.

CCreate an egress rule with priority 1000 to allow the Active Directory traffic. Rely on the implied deny
egress rule with priority 100 to block all traffic for all instances.

DCreate an egress rule with priority 100 to allow the Active Directory traffic. Rely on the implied deny egress rule with priority 1000 to block all traffic for all instances.

Answer : B

https://cloud.google.com/vpc/docs/firewalls

Question 4

Your architecture calls for the centralized collection of all admin activity and VM system logs within your

project.

How should you collect these logs from both VMs and services?

AAll admin and VM system logs are automatically collected by Stackdriver.

BStackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent
must be installed on each instance to collect system logs.

CLaunch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it.

DInstall the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.

Answer : B

https://cloud.google.com/logging/docs/agent/default-logs

Question 5

You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?

AInstall the latest BigQuery API client library for Python

BRun your script on a new virtual machine with the BigQuery access scope enabled

CCreate a new service account with BigQuery access and execute your script with that user

DInstall the bq component for gccloud with the command gcloud components install bq.

Answer : B

The error is most like caused by the access scope issue. When create new instance, you have the default Compute engine default service account but most serves access including BigQuery is not enable. Create an instance Most access are not enabled by default You have default service account but don't have the permission (scope) you can stop the instance, edit, change scope and restart it to enable the scope access. Of course, if you Run your script on a new virtual machine with the BigQuery access scope enabled, it also works

https://cloud.google.com/compute/docs/access/service-accounts

Question 6

Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation, 50% of web application deployed in the same

nightly batch run. You want to collect details on the failure to pass back to the development team. Which three actions should you take? Choose 3 answers

AUse Stackdriver Logging to search for the module log entries.

BRead the debug GCE Activity log using the API or Cloud Console.

CUse gcloud or Cloud Console to connect to the serial console and observe the logs.

DIdentify whether a live migration event of the failed server occurred, using in the activity log.

EAdjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics.

FExport a debug VM into an image, and run the image on a local server where kernel log messages will be displayed on the native screen.

Answer : A, C, E

https://www.flexera.com/blog/cloud/2013/12/google-compute-engine-live-migration-passes-the-test/

'With live migration, the virtual machines are moved without any downtime or noticeable service degradation'

Question 7

Your application needs to process credit card transactions. You want the smallest scope of Payment Card Industry (PCI) compliance without compromising the ability to analyze transactional data and trends relating to which payment methods are used. How should you design your architecture?

ACreate a tokenizer service and store only tokenized data.

BCreate separate projects that only process credit card data.

CCreate separate subnetworks and isolate the components that process credit card data.

DStreamline the audit discovery phase by labeling all of the virtual machines (VMs) that process PCI data.

EEnable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor.

Answer : A

https://cloud.google.com/solutions/pci-dss-compliance-in-gcp

Google Professional Cloud Architect Google Cloud Architect Professional Exam Practice Test