Google Cloud Certified Real Exam Questions and Answers FREE Associate-Cloud-Engineer Updated on Oct 22, 2023 [Q48-Q68]

Google Cloud Certified Associate-Cloud-Engineer Real Exam Questions and Answers FREE Updated on Oct 22, 2023

Associate-Cloud-Engineer Ultimate Study Guide - DumpsKing

Google Associate-Cloud-Engineer (Google Associate Cloud Engineer) Certification Exam is designed for individuals who want to demonstrate their skills and knowledge in using Google Cloud Platform technologies. Google Associate Cloud Engineer Exam certification exam is ideal for those who are interested in working with cloud-based solutions and want to improve their career prospects. Associate-Cloud-Engineer exam is designed to test your ability to deploy and manage applications on Google Cloud Platform and your knowledge of the core GCP services.

Google Cloud Computing is one of the biggest and fastest-growing cloud computing platforms in the world. As organizations increasingly move towards the cloud, the demand for professionals skilled in managing and operating cloud-based solutions is on the rise. One way to demonstrate your proficiency in this field is by earning the Google Associate-Cloud-Engineer certification.

Google Associate-Cloud-Engineer Certification Exam is a valuable certification for IT professionals who want to demonstrate their knowledge and skills in managing cloud services. Associate-Cloud-Engineer exam is designed to validate the ability of candidates to deploy, monitor, and maintain applications on Google Cloud Platform. With this certification, you can enhance your career prospects and demonstrate your proficiency in cloud computing.

 

NEW QUESTION # 48
Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

• A. Create a route on the VPC to route all traffic to the instance over the VPN tunnel.
• B. Create the instance without a public IP address.
• C. Create the instance with Private Google Access enabled.
• D. Create a deny-all egress firewall rule on the VPC network.

Answer: B

Explanation:
Private Google Access allows access to the external IP addresses. which is against the requirements.

NEW QUESTION # 49
You're looking for the IP address of a specific instance that is running in your default zone. Which command and flag(s) could you use to return just the IP address?

• A. The gcloud compute instances list along with the o flag and jsonpath value.
• B. The gcloud compute list along with the o flag and jsonpath value.
• C. The gcloud compute list along with the filter and format flags.
• D. The gcloud compute instances list along with the filter and format flags.

Answer: D

NEW QUESTION # 50
Your team is using Linux instances on Google Cloud. You need to ensure that your team logs in to these instances in the most secure and cost efficient way. What should you do?

• A. Create a bastion host with public internet access. Create the SSH tunnel to the instance through the bastion host.
• B. Use a third party tool to provide remote access to the instances.
• C. Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.
• D. Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.

Answer: C

NEW QUESTION # 51
You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps. What should you do?

• A. Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.
• B. Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists.
  Click the RDP button in the GCP Console and supply the credentials to log in.
• C. Set a Windows username and password in the GCP Console. Verify that a firewall rule for port
  3389 exists.
  Click the RDP button in the GCP Console, and supply the credentials to log in.
• D. Install a RDP client in your desktop. Set a Windows username and password in the GCP Console.
  Use the credentials to log in to the instance.

Answer: D

NEW QUESTION # 52
You have a definition for an instance template that contains a web application. You are asked to deploy the application so that it can scale based on the HTTP traffic it receives. What should you do?

• A. Create a managed instance group based on the instance template. Configure autoscaling based on HTTP traffic and configure the instance group as the backend service of an HTTP load balancer.
• B. Create the necessary amount of instances required for peak user traffic based on the instance template. Create an unmanaged instance group and add the instances to that instance group.
  Configure the instance group as the Backend Service of an HTTP load balancer.
• C. Create a VM from the instance template. Create an App Engine application in Automatic Scaling mode that forwards all traffic to the VM.
• D. Create a VM from the instance template. Create a custom image from the VM's disk. Export the image to Cloud Storage. Create an HTTP load balancer and add the Cloud Storage bucket as its backend service.

Answer: A

Explanation:
A Is not correct because the Load Balancer will just load balance access to the uploaded image itself, and not create or autoscale VMs based on that image.
B Is not correct because while the App Engine can scale as a proxy, all requests will still end up on the same Compute Engine instance, which needs to scale itself.
C is correct because a managed instance group can use an instance template to scale based on HTTP traffic.
D is not correct because unmanaged instance groups do not offer autoscaling.
https://cloud.google.com/compute/docs/instance-
groups/#managed_instance_groups_and_autoscaling
https://cloud.google.com/compute/docs/images/export-image
https://cloud.google.com/compute/docs/load-balancing/http/adding-a-backend-bucket-to-content- based-load-balancing

NEW QUESTION # 53
You have a batch workload that runs every night and uses a large number of virtual machines (VMs). It is fault-tolerant and can tolerate some of the VMs being terminated. The current cost of VMs is too high.
What should you do?

• A. Run a test using simulated maintenance events.
  If the test is successful, use preemptible N1 Standard VMs when running future jobs.
• B. Run a test using N1 standard VMs instead of N2.
  If the test is successful, use N1 Standard VMs when running future jobs.
• C. Run a test using a managed instance group.
  If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs.
• D. Run a test using simulated maintenance events.
  If the test is successful, use N1 Standard VMs when running future jobs.

Answer: D

Explanation:
https://cloud.google.com/compute/vm-instance-pricing

NEW QUESTION # 54
You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

• A. Enable API and then share charts from project A, B, and C.
• B. Enable API and then use default dashboards to view all projects in sequence.
• C. Enable API, create a workspace under project A, and then add project B and C.
• D. Enable API and then give the metrics.reader role to projects A, B, and C.

Answer: B

NEW QUESTION # 55
You are operating a Google Kubernetes Engine (GKE) cluster for your company where different teams can run non-production workloads. Your Machine Learning (ML) team needs access to Nvidia Tesla P100 GPUs to train their models. You want to minimize effort and cost. What should you do?

• A. Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelectorto their pod specification.
• B. Ask your ML team to add the "accelerator: gpu" annotation to their pod specification.
• C. Recreate all the nodes of the GKE cluster to enable GPUs on all of them.
• D. Create your own Kubernetes cluster on top of Compute Engine with nodes that have GPUs.
  Dedicate this cluster to your ML team.

Answer: A

Explanation:
Before using GPUs on GKE, keep in mind the following limitations:
You cannot add GPUs to existing node pools.
GPU nodes cannot be live migrated during maintenance events.
https://cloud.google.com/kubernetes-engine/docs/how-to/gpus

NEW QUESTION # 56
You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named dev that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster. What should you do?

• A. Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.
• B. Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.
• C. Use the command gcloud container clusters update dev.
• D. Use the command gcloud config set container/cluster dev.

Answer: D

Explanation:
To set a default cluster for gcloud commands, run the following command: gcloud config set container/cluster CLUSTER_NAME https://cloud.google.com/kubernetes-engine/docs/how-to/managing-clusters?hl=en

NEW QUESTION # 57
While working on a project, an application administrator has been given the responsibility of managing all resources. He wants to delegate the responsibility of managing the existing service accounts to another administrator. He will also be responsible to manage the other service accounts that will be created. Which of the following is the best way to delegate the privileges required to manage all the service accounts?

• A. Granting iam.serviceProjectAccountUser to the administrator at the service account level
• B. Granting iam.serviceProjectAccountUser to the administrator at the project level
• C. Granting iam.serviceAccountUser to the administrator at the service account level
• D. Granting iam.serviceAccountUser to the administrator at the project level

Answer: D

NEW QUESTION # 58
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

• A. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to BETA while testing the role permissions.
• B. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to BETA while testing the role permissions.
• C. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
• D. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Answer: D

NEW QUESTION # 59
You deployed an application on a managed instance group in Compute Engine. The application accepts Transmission Control Protocol (TCP) traffic on port 389 and requires you to preserve the IP address of the client who is making a request. You want to expose the application to the internet by using a load balancer.
What should you do?

• A. Expose the application by using an SSL Proxy Load Balancer.
• B. Expose the application by using an internal TCP Network Load Balancer.
• C. Expose the application by using a TCP Proxy Load Balancer.
• D. Expose the application by using an external TCP Network Load Balancer.

Answer: C

NEW QUESTION # 60
You have an application on a general-purpose Compute Engine instance that is experiencing excessive disk read throttling on its Zonal SSD Persistent Disk. The application primarily reads large files from disk. The disk size is currently 350 GB. You want to provide the maximum amount of throughput while minimizing costs. What should you do?

• A. Migrate to use a Regional SSD on the instance.
• B. Increase the size of the disk to 1 TB.
• C. Migrate to use a Local SSD on the instance.
• D. Increase the allocated CPU to the instance.

Answer: C

Explanation:
Reference:
https://cloud.google.com/compute/docs/disks/performance

NEW QUESTION # 61
You are running an application on multiple virtual machines within a managed instance group and have autoscaling enabled. The autoscaling policy is configured so that additional instances are added to the group if the CPU utilization of instances goes above 80%. VMs are added until the instance group reaches its maximum limit of five VMs or until CPU utilization of instances lowers to 80%. The initial delay for HTTP health checks against the instances is set to 30 seconds. The virtual machine instances take around three minutes to become available for users. You observe that when the instance group autoscales, it adds more instances then necessary to support the levels of end-user traffic. You want to properly maintain instance group sizes when autoscaling. What should you do?

• A. Set the maximum number of instances to 1.
• B. Use a TCP health check instead of an HTTP health check.
• C. Decrease the maximum number of instances to 3.
• D. Increase the initial delay of the HTTP health check to 200 seconds.

Answer: D

Explanation:
Explanation
The reason is that when you do health check, you want the VM to be working. Do the first check after initial setup time of 3 mins = 180 s < 200 s is reasonable.
The reason why our autoscaling is adding more instances than needed is that it checks 30 seconds after launching the instance and at this point, the instance isnt up and isnt ready to serve traffic. So our autoscaling policy starts another instance again checks this after 30 seconds and the cycle repeats until it gets to the maximum instances or the instances launched earlier are healthy and start processing traffic which happens after 180 seconds (3 minutes). This can be easily rectified by adjusting the initial delay to be higher than the time it takes for the instance to become available for processing traffic.So setting this to 200 ensures that it waits until the instance is up (around 180-second mark) and then starts forwarding traffic to this instance. Even after a cool out period, if the CPU utilization is still high, the autoscaler can again scale up but this scale-up is genuine and is based on the actual load.
Initial Delay Seconds This setting delays autohealing from potentially prematurely recreating the instance if the instance is in the process of starting up. The initial delay timer starts when the currentAction of the instance is VERIFYING.Ref: https://cloud.google.com/compute/docs/instance-groups/autohealing-instances-in-migs

NEW QUESTION # 62
Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The DevOps team needs access to all of the production services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Google- recommended practices. What should you do?

• A. Grant all members of the DevOps team the role of Project Editor on the organization level.
• B. Create a custom role that combines the required permissions.
  Grant the DevOps team the custom role on the organization level.
• C. Grant all members of the DevOps team the role of Project Editor on the production project.
• D. Create a custom role that combines the required permissions.
  Grant the DevOps team the custom role on the production project.

Answer: D

Explanation:
Understanding IAM custom roles
Key Point: Custom roles enable you to enforce the principle of least privilege, ensuring that the user and service accounts in your organization have only the permissions essential to performing their intended functions.
Basic concepts
Custom roles are user-defined, and allow you to bundle one or more supported permissions to meet your specific needs. Custom roles are not maintained by Google; when new permissions, features, or services are added to Google Cloud, your custom roles will not be updated automatically.
When you create a custom role, you must choose an organization or project to create it in. You can then grant the custom role on the organization or project, as well as any resources within that organization or project.
https://cloud.google.com/iam/docs/understanding-custom-roles#basic_concepts

NEW QUESTION # 63
You are building a new version of an application hosted in an App Engine environment. You want to test the new version with 1% of users before you completely switch your application over to the new version.
What should you do?

• A. Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.
• B. Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.
• C. Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.
• D. Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.

Answer: B

Explanation:
https://cloud.google.com/appengine/docs/standard/python/splitting-traffic

NEW QUESTION # 64
You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.

You check the status of the deployed pods and notice that one of them is still in PENDING status:

You want to find out why the pod is stuck in pending status. What should you do?

• A. View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
• B. Review details of the myapp-service Service object and check for error messages.
• C. Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
• D. Review details of the myapp-deployment Deployment object and check for error messages.

Answer: C

NEW QUESTION # 65
You are the project owner of a GCP project and want to delegate control to colleagues to manage buckets and files in Cloud Storage. You want to follow Google-recommended practices. Which IAM roles should you grant your colleagues?

• A. Storage Object Creator
• B. Storage Admin
• C. Project Editor
• D. Storage Object Admin

Answer: B

Explanation:
Storage Admin (roles/storage.admin) Grants full control of buckets and objects.
When applied to an individual bucket, control applies only to the specified bucket and objects within the bucket.
firebase.projects.get
resourcemanager.projects.get
resourcemanager.projects.list
storage.buckets.*
storage.objects.*

NEW QUESTION # 66
You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm. What should you do?

• A. Download the private key from the service account, and add the private key to each VM's SSH keys.
• B. When creating the VMs, set the service account's API scope for Compute Engine to read/write.
• C. Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
• D. Download the private key from the service account, and add it to each VMs custom metadata.

Answer: C

Explanation:
Explanation
https://gtseres.medium.com/using-service-accounts-across-projects-in-gcp-cf9473fef8f0 You create the service account in proj-sa and take note of the service account email, then you go to proj-vm in IAM > ADD and add the service account's email as new member and give it the Compute Storage Admin role.
https://cloud.google.com/compute/docs/access/iam#compute.storageAdmin

NEW QUESTION # 67
Your manager needs you to test out the latest version of MS-SQL on a Windows instance. You've created the VM and need to connect into the instance. What steps should you follow to connect to the instance?

• A. From the console click the SSH button to automatically connect.
• B. Generate a Windows password in the console, then use a client capable of communicating via RDP and provide the credentials.
• C. Generate a Windows password in the console, then use the RDP button to connect in through the console.
• D. Connect in with your own RDP client using your Google Cloud username and password.

Answer: A,B

NEW QUESTION # 68
......

Ultimate Guide to Prepare Associate-Cloud-Engineer Certification Exam for Google Cloud Certified: https://dumpstorrent.dumpsking.com/Associate-Cloud-Engineer-testking-dumps.html