Pass the Google Cloud Certified Associate-Cloud-Engineer Questions and answers with ValidTests

Exam Associate-Cloud-Engineer All Questions

Exam Associate-Cloud-Engineer Premium Access

View all detail and faqs for the Associate-Cloud-Engineer exam

Go to Exam

Viewing page 10 out of 10 pages

Viewing questions 91-100 out of questions

Questions # 91:

Your VMs are running in a subnet that has a subnet mask of 255.255.255.240. The current subnet has no more free IP addresses and you require an additional 10 IP addresses for new VMs. The existing and new VMs should all be able to reach each other without additional routes. What should you do?

Options:

Use gcloud to expand the IP range of the current subnet.

Delete the subnet, and recreate it using a wider range of IP addresses.

Create a new project. Use Shared VPC to share the current network with the new project.

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

Questions # 92:

You are deploying an application to Google Kubernetes Engine (GKE) that needs to call an external third-party API. You need to provide the external API vendor with a list of IP addresses for their firewall to allow traffic from your application. You want to follow Google-recommended practices and avoid any risk of interrupting traffic to the API due to IP address changes. What should you do?

Options:

Configure your GKE cluster with one node, and set the node to have a static external IP address. Ensure that the GKE cluster autoscaler is off. Send the external IP address of the node to the vendor to be added to the allowlist.

Configure your GKE cluster with private nodes. Configure a Cloud NAT instance with static IP addresses. Provide these IP addresses to the vendor to be added to the allowlist.

Configure your GKE cluster with public nodes. Write a Cloud Function that pulls the public IP addresses of each node in the cluster. Trigger the function to run every day with Cloud Scheduler. Send the list to the vendor by email every day.

Configure your GKE cluster with private nodes. Configure a Cloud NAT instance with dynamic IP addresses. Provide these IP addresses to the vendor to be added to the allowlist.

Answer

Explanation

The requirement is for a stable set of egress IP addresses from a GKE cluster for allowlisting by a third party, following best practices.

Option A is not recommended: Using a single node lacks scalability and high availability. Relying on a single node's static IP creates a single point of failure and doesn't align with GKE's design principles. Disabling autoscaling hinders elasticity.

Option C is complex and unreliable: Public nodes typically have ephemeral external IPs (unless manually configured per node, which is difficult to manage with autoscaling). Dynamically tracking and emailing IPs daily is operationally burdensome and prone to race conditions where the allowlist might lag behind IP changes.

Option D uses Cloud NAT but with dynamic IPs. Dynamic IPs change over time, making them unsuitable for stable firewall allowlists.

Option B is the Google-recommended practice: Configuring the GKE cluster with private nodes enhances security as nodes don't have direct external IPs. Cloud NAT provides managed network address translation for these private nodes to access the internet. By configuring Cloud NAT with a static allocation of external IP addresses, all egress traffic from the private GKE nodes will appear to originate from this stable, predictable set of IPs. This set can be given to the vendor for allowlisting without worrying about node IP changes due to scaling or maintenance.

This approach decouples the application's egress IP from the individual nodes, providing stability and adhering to the principle of least privilege (private nodes).

[References:, , Cloud NAT Overview: "Cloud NAT lets certain resources without external IP addresses create outbound connections to the internet." - https://cloud.google.com/nat/docs/overview, Cloud NAT IP Addresses: "When you configure a NAT gateway... You can configure the NAT gateway to automatically allocate regional external IP addresses... Alternatively, you can manually assign a fixed number of static external IP addresses to the gateway." - https://cloud.google.com/nat/docs/overview#ip-addresses, GKE and Cloud NAT: "Configure Cloud NAT with GKE... Use Case: You want a GKE pod to deterministically egress traffic from a static set of IP addresses that you control." - https://cloud.google.com/nat/docs/gke-example, Private Clusters: "Private nodes do not have endpoint-accessible external IP addresses." - https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters , , , ]

Questions # 93:

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company's security policy also restricts developer permissions to Compute Engine. Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

Options:

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.• Copy the role across all projects created within the organization with the gcloud iam roles copy command.• Assign the role to developers in those projects.

• Add all developers to a Google group in Google Groups for Workspace.• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

• Add all developers to a Google group in Cloud Identity.• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

• Add all developers to a Google group in Cloud Identity.• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.• Assign the custom role to the Google group.

Questions # 94:

You want to deploy a new containerized application into Google Cloud by using a Kubernetes manifest. You want to have full control over the Kubernetes deployment, and at the same time, you want to minimize configuring infrastructure. What should you do?

Options:

Deploy the application on GKE Autopilot.

Deploy the application on GKE Standard.

Deploy the application on Cloud Functions.

Deploy the application on Cloud Run.

Questions # 95:

You are managing a Data Warehouse on BigQuery. An external auditor will review your company's processes, and multiple external consultants will need view access to the data. You need to provide them with view access while following Google-recommended practices. What should you do?

Options:

Grant each individual external consultant the role of BigQuery Editor

Grant each individual external consultant the role of BigQuery Viewer

Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

Questions # 96:

The core business of your company is to rent out construction equipment at a large scale. All the equipment that is being rented out has been equipped with multiple sensors that send event information every few seconds. These signals can vary from engine status, distance traveled, fuel level, and more. Customers are billed based on the consumption monitored by these sensors. You expect high throughput – up to thousands of events per hour per device – and need to retrieve consistent databased on the time of the event. Storing and retrieving individual signals should be atomic. What should you do?

Options:

Create a file in Cloud Storage per device and append new data to that file.

Create a file in Cloud Filestore per device and append new data to that file.

Ingest the data into Datastore. Store data in an entity group based on the device.

Ingest the data into Cloud Bigtable. Create a row key based on the event timestamp.

Questions # 97:

You need to create a custom VPC with a single subnet. The subnet’s range must be as large as possible. Which range should you use?

Options:

.00.0.0/0

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

Questions # 98:

You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site. Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly, without prompting the user to save the file locally. What should you do?

Options:

Enable Cloud CDN on the website frontend.

Enable ‘Share publicly’ on the PDF file objects.

Set Content-Type metadata to application/pdf on the PDF file objects.

Add a label to the storage bucket with a key of Content-Type and value of application/pdf.

Questions # 99:

You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

Options:

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

Grant all engineer’s permission to create their own billing accounts for each new project.

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

Questions # 100:

You need to deploy a third-party software application onto a single Compute Engine VM instance. The application requires the highest speed read and write disk access for the internal database. You need to ensure the instance will recover on failure. What should you do?

Options:

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateful managed instance group.

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateless managed instance group.

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateful managed instance group.

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateless managed instance group.

Viewing page 10 out of 10 pages

Viewing questions 91-100 out of questions

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Pass the Google Cloud Certified Associate-Cloud-Engineer Questions and answers with ValidTests

Exam Associate-Cloud-Engineer Premium Access

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options: