• Home
  • Articles
  • Verified Associate-Cloud-Engineer dumps Q&As - 2024 Latest Associate-Cloud-Engineer Download [Q10-Q27]

Verified Associate-Cloud-Engineer dumps Q&As - 2024 Latest Associate-Cloud-Engineer Download [Q10-Q27]

Share

Verified Associate-Cloud-Engineer  dumps Q&As - 2024 Latest Associate-Cloud-Engineer  Download

Updated 100% Cover Real Associate-Cloud-Engineer Exam Questions - 100% Pass Guarantee


Google Associate-Cloud-Engineer certification is an industry-recognized credential that demonstrates an individual's expertise in cloud engineering using GCP. Google Associate Cloud Engineer Exam certification is an excellent way to showcase your skills to potential employers and increase your chances of getting hired. It is also a valuable asset for individuals looking to advance their careers in cloud computing and work on complex cloud projects using GCP services.

 

NEW QUESTION # 10
You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?

  • A. Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing
  • B. Use an automatic mode VPC network, configure static routes, and use active/active routing
  • C. Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing
  • D. Use a custom mode VPC network, configure static routes, and use active/passive routing

Answer: A


NEW QUESTION # 11
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

  • A. 1. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow all
  • B. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow TCP: 8080
  • C. 1. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow TCP: 8080
  • D. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow all

Answer: B

Explanation:
1. Create an ingress firewall rule with the following settings: "* Targets: all instances with tier #2 service account "* Source filter: all instances with tier #1 service account "* Protocols: allow TCP:8080 2. Create an ingress firewall rule with the following settings:
"* Targets: all instances with tier #3 service account "* Source filter: all instances with tier #2 service account "* Protocols: allow TCP: 8080


NEW QUESTION # 12
You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google's recommended practices. Which method should you use?

  • A. Cloud Composer
  • B. Deployment Manager
  • C. Unmanaged Instance Group
  • D. Managed Instance Group

Answer: B

Explanation:
Explanation
https://cloud.google.com/deployment-manager/docs/configuration/create-basic-configuration


NEW QUESTION # 13
You are deploying an application to App Engine. You want the number of instances to scale based on request rate. You need at least 3 unoccupied instances at all times. Which scaling type should you use?

  • A. Automatic Scaling with min_idle_instancesset to 3.
  • B. Basic Scaling with max_instancesset to 3.
  • C. Basic Scaling with min_instancesset to 3.
  • D. Manual Scaling with 3 instances.

Answer: A

Explanation:
Explanation/Reference: https://cloud.google.com/appengine/docs/standard/python/how-instances-are-managed


NEW QUESTION # 14
You have an application that uses Cloud Spanner as a database backend to keep current state information about users. Cloud Bigtable logs all events triggered by users. You export Cloud Spanner data to Cloud Storage during daily backups. One of your analysts asks you to join data from Cloud Spanner and Cloud Bigtable for specific users. You want to complete this ad hoc request as efficiently as possible. What should you do?

  • A. Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific users.
  • B. Create two separate BigQuery external tables on Cloud Storage and Cloud Bigtable.
    Use the BigQuery console to join these tables through user fields, and apply appropriate filters.
  • C. Create a Cloud Dataproc cluster that runs a Spark job to extract data from Cloud Bigtable and Cloud Storage for specific users.
  • D. Create a dataflow job that copies data from Cloud Bigtable and Cloud Storage for specific users.

Answer: A


NEW QUESTION # 15
Your team has created 4 projects, one for each distinct application. You have a single budget for all of these projects. What is the best way to pay for all of these projects?

  • A. Use an invoiced account, which will pay for all projects inside a Google Cloud account.
  • B. Use a single Billing Account linked to all 4 projects.
  • C. Create a Billing Account for each project.
  • D. Use a single Billing Account linked to the Google Cloud account.

Answer: B


NEW QUESTION # 16
You have experimented with Google Cloud using your own credit card and expensed the costs to your company. Your company wants to streamline the billing process and charge the costs of your projects to their monthly invoice. What should you do?

  • A. Change the billing account of your projects to the billing account of your company.
  • B. Grant the financial team the IAM role of ג€Billing Account Userג€ on the billing account linked to your credit card.
  • C. Create a ticket with Google Billing Support to ask them to send the invoice to your company.
  • D. Set up BigQuery billing export and grant your financial department IAM access to query the data.

Answer: A


NEW QUESTION # 17
Your team is building a website that handles votes from a large user population. The incoming votes will arrive at various rates. You want to optimize the storage and processing of the votes. What should you do?

  • A. Save the incoming votes to Firestore. Use Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes.
  • B. Use a dedicated instance to process the incoming votes. Send the votes directly to this instance.
  • C. Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.
  • D. Save the incoming votes to a JSON file on Cloud Storage. Process the votes in a batch at the end of the day.

Answer: C

Explanation:
Pub/Sub is a fully managed, real-time messaging service that allows you to send and receive messages between independent applications. Pub/Sub can handle fluctuating and high-volume data streams, such as votes from a large user population. You can use Pub/Sub to save the incoming votes to a topic, which is a named resource that represents the stream of messages. You can also use Pub/Sub to trigger a Cloud Functions instance to process the votes. Cloud Functions is a serverless platform that runs single-purpose functions in response to events. Cloud Functions can scale automatically based on the demand, and you only pay for the resources you use. You can use Cloud Functions to perform any logic or computation on the votes, such as counting, filtering, aggregating, or storing them.
This option is the best choice for optimizing the storage and processing of the votes, as it provides high scalability, low latency, and low cost. It also requires minimal operational and infrastructure management, as both Pub/Sub and Cloud Functions are fully managed services.
The other options are not correct because they either do not provide the required scalability, performance, or functionality. Option A is not correct because using a dedicated instance to process the incoming votes, and sending the votes directly to this instance, is not scalable, as the instance may not be able to handle the variable and high load of the votes. It is also not efficient, as the instance may be underutilized or overutilized at different times. Saving the incoming votes to a JSON file on Cloud Storage, and processing the votes in a batch at the end of the day, is not optimal, as it introduces latency and complexity in the processing. Option B is not correct because saving the incoming votes to Firestore, and using Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes, is not suitable for high-volume and real-time data streams, such as votes. Firestore is a serverless, NoSQL database that is designed for structured and hierarchical data, not for unstructured and flat data, such as votes. Cloud Scheduler is a fully managed cron job service that allows you to schedule tasks at fixed intervals, not in response to events. Using Cloud Scheduler to trigger Cloud Functions may introduce unnecessary delays and overhead in the processing.
Reference:
Pub/Sub documentation
Cloud Functions documentation
Choosing a storage option
Choosing an event-driven compute platform


NEW QUESTION # 18
You have an application that runs on Compute Engine VM instances in a custom Virtual Private Cloud (VPC).
Your company's security policies only allow the use to internal IP addresses on VM instances and do not let VM instances connect to the internet. You need to ensure that the application can access a file hosted in a Cloud Storage bucket within your project. What should you do?

  • A. Enable Private Google Access on the subnet within the custom VPC.
  • B. Enable Private Service Access on the Cloud Storage Bucket.
  • C. Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket.
  • D. Add slorage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list to protected projects.

Answer: A


NEW QUESTION # 19
You want to permanently delete a Pub/Sub topic managed by Config Connector in your Google Cloud project. What should you do?

  • A. Use gcloud CLI to update the topic label managed-by-cnrm to false.
  • B. Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.
  • C. Use gcloud CLI to delete the topic.
  • D. Use kubect1 to delete the topic resource.

Answer: D


NEW QUESTION # 20
Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure. You need to assign minimum permissions to these team members and you want to follow Google-recommended practices. What should you do?

  • A. Add the users to a group, and add this group to roles/browser role.
  • B. Add the users to roles/iam.roleViewer role.
  • C. Add the users to roles/browser role.
  • D. Add the users to a group, and add this group to roles/iam.roleViewer role.

Answer: D

Explanation:
We need to apply the GCP Best practices. roles/browser Browser Read access to browse the hierarchy for a project, including the folder, organization, and IAM policy. This role doesn't include permission to view resources in the project. https://cloud.google.com/iam/docs/understanding-roles


NEW QUESTION # 21
You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.
How should you configure the auditor's permissions?

  • A. Create a custom role with view-only service permissions. Add the user's account to the custom role.
  • B. Select the built-in IAM project Viewer role. Add the user's account to this role.
  • C. Create a custom role with view-only project permissions. Add the user's account to the custom role.
  • D. Select the built-in IAM service Viewer role. Add the user's account to this role.

Answer: B

Explanation:
Reference:
https://cloud.google.com/resource-manager/docs/access-control-proj


NEW QUESTION # 22
You have a virtual machine that is currently configured with 2 vCPUs and 4 GB of memory. It is running out of memory. You want to upgrade the virtual machine to have 8 GB of memory. What should you do?

  • A. Use gcloud to add metadata to the VM. Set the key to required-memory-size and the value to 8 GB.
  • B. Rely on live migration to move the workload to a machine with more memory.
  • C. Stop the VM, increase the memory to 8 GB, and start the VM.
  • D. Stop the VM, change the machine type to n1-standard-8, and start the VM.

Answer: C

Explanation:
In Google compute engine, if predefined machine types don't meet your needs, you can create an instance with custom virtualized hardware settings. Specifically, you can create an instance with a custom number of vCPUs and custom memory, effectively using a custom machine type. Custom machine types are ideal for the following scenarios: 1. Workloads that aren't a good fit for the predefined machine types that are available to you. 2. Workloads that require more processing power or more memory but don't need all of the upgrades that are provided by the next machine type level.In our scenario, we only need a memory upgrade. Moving to a bigger instance would also bump up the CPU which we don't need so we have to use a custom machine type.
It is not possible to change memory while the instance is running so you need to first stop the instance, change the memory and then start it again. See below a screenshot that shows how CPU/Memory can be customized for an instance that has been stopped.Ref: https://cloud.google.com/compute/docs/instances/creating-instance-with-custom-machine-type


NEW QUESTION # 23
You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

  • A. Deploy the monitoring pod in a StatefulSet object.
  • B. Reference the monitoring pod in a Deployment object.
  • C. Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.
  • D. Deploy the monitoring pod in a DaemonSet object.

Answer: D

Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/daemonset
https://cloud.google.com/kubernetes-engine/docs/concepts/daemonset#usage_patterns DaemonSets attempt to adhere to a one-Pod-per-node model, either across the entire cluster or a subset of nodes. As you add nodes to a node pool, DaemonSets automatically add Pods to the new nodes as needed.
In GKE, DaemonSets manage groups of replicated Pods and adhere to a one-Pod-per-node model, either across the entire cluster or a subset of nodes. As you add nodes to a node pool, DaemonSets automatically add Pods to the new nodes as needed. So, this is a perfect fit for our monitoring pod.
Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/daemonset DaemonSets are useful for deploying ongoing background tasks that you need to run on all or certain nodes, and which do not require user intervention. Examples of such tasks include storage daemons like ceph, log collection daemons like fluentd, and node monitoring daemons like collectd. For example, you could have DaemonSets for each type of daemon run on all of your nodes. Alternatively, you could run multiple DaemonSets for a single type of daemon, but have them use different configurations for different hardware types and resource needs.


NEW QUESTION # 24
You created an instance of SQL Server 2017 on Compute Engine to test features in the new version. You want to connect to this instance using the fewest number of steps.
What should you do?

  • A. Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists.
    Click the RDP button in the GCP Console and supply the credentials to log in.
  • B. Set a Windows username and password in the GCP Console. Verify that a firewall rule for port
    3389 exists.
    Click the RDP button in the GCP Console, and supply the credentials to log in.
  • C. Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.
  • D. Install a RDP client in your desktop. Set a Windows username and password in the GCP Console.
    Use the credentials to log in to the instance.

Answer: D

Explanation:
Option D is not correct. When you click the RDP button, you are asked to install a client or use the Windows RDP client if you are running Windows. There is no option to enter credentials or get an RDP session through the web interface.
Option B is correct. Using the internal IP address is always preferred to going through the Internet using the Public one.
Through Internal IP option:
- Chrome Remote Desktop is a service that lets you remotely access another computer by using a web browser.
- Chrome Remote Desktop works on Windows, macOS, and Linux and does not require the VM instance to have a public IP address.
Before you connect by using Chrome Remote Desktop, make sure that the following prerequisites are met:
- You've created a Windows account and password on the VM instance.
- You've installed the Chrome Remote Desktop service on the VM instance.
https://cloud.google.com/compute/docs/instances/connecting-to-windows#chrome-remote- desktop


NEW QUESTION # 25
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google- recommended practices. What should you do?

  • A. Add the auditor user accounts to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
  • B. Add the auditors group to the 'logging.viewer' and 'bigQuery.dataViewer' predefined IAM roles.
  • C. Add the auditors group to two new custom IAM roles.
  • D. Add the auditor user accounts to two new custom IAM roles.

Answer: A

Explanation:
Explanation/Reference: https://cloud.google.com/iam/docs/roles-audit-logging


NEW QUESTION # 26
Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure.
You need to assign minimum permissions to these team members and you want to follow Google-recommended practices. What should you do?

  • A. Add the users to a group, and add this group to roles/iam.roleViewer role.
  • B. Add the users to roles/iam.roleViewer role.
  • C. Add the users to a group, and add this group to roles/browser role.
  • D. Add the users to roles/browser role.

Answer: C

Explanation:
We need to apply the GCP Best practices. roles/browser Browser Read access to browse the hierarchy for a project, including the folder, organization, and IAM policy. This role doesn't include permission to view resources in the project.https://cloud.google.com/iam/docs/understanding-roles


NEW QUESTION # 27
......

Use Real Dumps - 100% Free Associate-Cloud-Engineer Exam Dumps: https://dumpstorrent.dumpsking.com/Associate-Cloud-Engineer-testking-dumps.html

Related Articles

more
Google Associate-Cloud-Engineer Certification Practice Exam

Our reliable dumps VCE materials guarantee you 100% clear exam in a short time certainly. If you are still looking for valid certification king, stop hesitating, our latest exam dumps are the best choice for you.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpsKing NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy