Easily To Pass New Associate-Cloud-Engineer Verified & Correct Answers [Jan 13, 2024
Free Associate-Cloud-Engineer Exam Files Downloaded Instantly
Google Associate-Cloud-Engineer certification is an excellent opportunity for individuals who are looking to establish themselves as experts in the Google Cloud platform. With the right preparation and dedication, candidates can demonstrate their knowledge and expertise in using this platform to create innovative solutions for their clients.
Google Associate-Cloud-Engineer Certification Exam is a valuable credential for IT professionals who want to demonstrate their expertise in cloud computing and GCP technologies. Google Associate Cloud Engineer Exam certification can help you stand out in a competitive job market and increase your earning potential. By passing the exam, you will become a certified Google Associate Cloud Engineer, demonstrating to potential employers that you have the skills and knowledge needed to deploy and manage cloud-based solutions on Google Cloud Platform.
NEW QUESTION # 52
You've deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below:
You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?
- A. Store the database password inside the Docker image of the container, not in the YAML file.
- B. Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.
- C. Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.
- D. Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.
Answer: B
NEW QUESTION # 53
You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?
- A. Change the region property setting in the existing App Engine application from us-central to asia-northeast1.
- B. Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.
- C. Change the default region property setting in the existing GCP project to asia-northeast1.
- D. Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.
Answer: D
NEW QUESTION # 54
You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment.
What should you do?
- A. Use gcloud to create the new project and to copy the deployed application to the new project.
- B. Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.
- C. Use gcloud to create the new project, and then deploy your application to the new project.
- D. Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.
Answer: D
NEW QUESTION # 55
You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using UDP.
You want to make sure it is reachable by clients over that port. What should you do?
- A. Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.
- B. Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.
- C. Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port
636 for that network tag. - D. Add the network tag allow-udp-636 to the VM instance running the LDAP server.
Answer: C
Explanation:
Explanation
A tag is simply a character string added to a tags field in a resource, such as Compute Engine virtual machine (VM) instances or instance templates. A tag is not a separate resource, so you cannot create it separately. All resources with that string are considered to have that tag. Tags enable you to make firewall rules and routes applicable to specific VM instances.
NEW QUESTION # 56
You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google-recommended practices to obtain the combined logs for all projects. What should you do?
- A. Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery.
Configure the table expiration to 60 days. - B. Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset.
Configure the table expiration to 60 days. - C. Navigate to Stackdriver Logging and select resource.labels.project_id="*"
- D. Create a Stackdriver Logging Export with a Sink destination to Cloud Storage.
Create a lifecycle rule to delete objects after 60 days.
Answer: B
Explanation:
Since we only care about the logs within 60 days, we can set the expiration time to 60 to retain only the logs within that time frame. Once data is beyond 60 days old, it wouldn't be included in future analyzations.
https://cloud.google.com/bigquery/docs/managing-tables#updating_a_tables_expiration_time
NEW QUESTION # 57
Your company is using Google Workspace to manage employee accounts. Anticipated growth will increase the number of personnel from 100 employees to 1.000 employees within 2 years. Most employees will need access to your company's Google Cloud account. The systems and processes will need to support 10x growth without performance degradation, unnecessary complexity, or security issues. What should you do?
- A. Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation.
- B. Organize the users in Cloud Identity into groups. Enforce multi-factor authentication in Cloud Identity.
- C. Migrate the users to Active Directory. Connect the Human Resources system to Active Directory. Turn on Google Cloud Directory Sync (GCDS) for Cloud Identity. Turn on Identity Federation from Cloud Identity to Active Directory.
- D. Use a third-party identity provider service through federation. Synchronize the users from Google Workplace to the third-party provider in real time.
Answer: B
NEW QUESTION # 58
You need to create a new Kubernetes Cluster on Google Cloud Platform that can autoscale the number of worker nodes. What should you do?
- A. Create a cluster on Kubernetes Engine and enable autoscaling on the instance group of the cluster.
- B. Create Compute Engine instances for the workers and the master, and install Kubernetes. Rely on Kubernetes to create additional Compute Engine instances when needed.
- C. Create a cluster on Kubernetes Engine and enable autoscaling on Kubernetes Engine.
- D. Configure a Compute Engine instance as a worker and add it to an unmanaged instance group.
Add a load balancer to the instance group and rely on the load balancer to create additional Compute Engine instances when needed.
Answer: C
Explanation:
A is correct because this is the way to set up an autoscaling Kubernetes cluster.
B is not correct because you should not manage the scaling of Kubernetes through the MIG.
C is not correct because an UMIG cannot scale based on a load balancer and this is not the correct way to set up Kubernetes.
D is not correct because Kubernetes will not create additional instances when deployed on Compute Engine.
https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler
NEW QUESTION # 59
You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?
- A. Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.
- B. Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant.
Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key. - C. Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant.Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.
- D. Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity-Aware Proxy to access the instance.
Answer: B
Explanation:
The best option is to instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Then, add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key. This way, you can grant the consultant access to the instance without requiring a Google account or exposing the instance's public IP address. This option also follows the best practice of using user-managed SSH keys instead of service account keys for SSH access1.
Option A is not feasible because the external consultant does not have a Google account, and therefore cannot use Identity-Aware Proxy (IAP) to access the instance. IAP requires the user to authenticate with a Google account and have the appropriate IAM permissions to access the instance2. Option B is not secure because it exposes the instance's public IP address, which can increase the risk of unauthorized access or attacks. Option D is not correct because it reverses the roles of the public and private keys. The public key should be added to the instance, and the private key should be kept by the consultant. Sharing the private key with anyone else can compromise the security of the SSH connection3.
Reference:
1: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
2: https://cloud.google.com/iap/docs/using-tcp-forwarding
3: https://cloud.google.com/compute/docs/instances/connecting-advanced#sshbetweeninstances
NEW QUESTION # 60
Your company uses Cloud Storage to store application backup files for disaster recovery purposes. You want to follow Google's recommended practices. Which storage option should you use?
- A. Coldline Storage
- B. Regional Storage
- C. Multi-Regional Storage
- D. Nearline Storage
Answer: A
Explanation:
Explanation/Reference: https://cloud.google.com/storage/docs/storage-classes#nearline
NEW QUESTION # 61
Your organization has user identities in Active Directory. Your organization wants to use Active Directory as their source of truth for identities. Your organization wants to have full control over the Google accounts used by employees for all Google services, including your Google Cloud Platform (GCP) organization. What should you do?
- A. Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.
- B. Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.
- C. Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.
- D. Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.
Answer: A
Explanation:
Explanation/Reference: https://cloud.google.com/solutions/federating-gcp-with-active-directory-introduction
NEW QUESTION # 62
Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?
- A. Add the group for the finance team to roles/billing user role.
- B. Add the group for the finance team to roles/billing project/Manager role.
- C. Add the group for the finance team to roles/billing viewer role.
- D. Add the group for the finance team to roles/billing admin role.
Answer: C
Explanation:
Billing Account Viewer access would usually be granted to finance teams, it provides access to spend information, but does not confer the right to link or unlink projects or otherwise manage the properties of the billing account.
https://cloud.google.com/billing/docs/how-to/billing-access
NEW QUESTION # 63
Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate an updated version of the application with a specific percentage of your production users (canary deployment). What should you do?
- A. Create a new service with the new version of the application. Split traffic between this version and the version that is currently running.
- B. Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.
- C. Create a new revision with the new version of the application. Add an HTTP Load Balancer in front of both revisions.
- D. Create a new service with the new version of the application. Add an HTTP Load Balancer in front of both services.
Answer: B
Explanation:
https://cloud.google.com/kuberun/docs/rollouts-rollbacks-traffic-migration
NEW QUESTION # 64
Regarding audit logs, which of the following is a Google recommended best practice?
- A. Flush your audit logs monthly so you can more easily notice security events.
- B. Export your audit logs to App Engine
- C. Export your audit logs to Pub/Sub.
- D. Export your audit logs to Cloud Storage and store them for a long period of time.
Answer: D
NEW QUESTION # 65
You need to manage multiple Google Cloud Platform (GCP) projects in the fewest steps possible. You want to configure the Google Cloud SDK command line interface (CLI) so that you can easily manage multiple GCP projects. What should you?
- A. 1. Create a configuration for each project you need to manage.
2. Use gcloud init to update the configuration values when you need to work with a non-default project - B. 1. Create a configuration for each project you need to manage.
2. Activate the appropriate configuration when you work with each of your assigned GCP projects. - C. 1. Use the default configuration for one project you need to manage.
2. Activate the appropriate configuration when you work with each of your assigned GCP projects. - D. 1. Use the default configuration for one project you need to manage.
2. Use gcloud init to update the configuration values when you need to work with a non-default project.
Answer: D
NEW QUESTION # 66
You create a Deployment with 2 replicas in a Google Kubernetes Engine cluster that has a single preemptible node pool. After a few minutes, you use kubectl to examine the status of your Pod and observe that one of them is still in Pending status:
What is the most likely cause?
- A. Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.
- B. The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods' status. It is currently being rescheduled on a new node.
- C. The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.
- D. The pending Pod's resource requests are too large to fit on a single node of the cluster.
Answer: A
NEW QUESTION # 67
You are hosting an application from Compute Engine virtual machines (VMs) in us-central1-a. You want to adjust your design to support the failure of a single Compute Engine zone, eliminate downtime, and minimize cost. What should you do?
- A. - Create Compute Engine resources in us-central1-b.
-Balance the load across both us-central1-a and us-central1-b. - B. - Create a Managed Instance Group and specify us-central1-a as the zone.
-Configure the Health Check with a short Health Interval. - C. - Perform regular backups of your application.
-Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.
-Restore from backups when notified. - D. - Create an HTTP(S) Load Balancer.
-Create one or more global forwarding rules to direct traffic to your VMs.
Answer: A
Explanation:
Explanation
Choosing a region and zone You choose which region or zone hosts your resources, which controls where your data is stored and used. Choosing a region and zone is important for several reasons:
Handling failures
Distribute your resources across multiple zones and regions to tolerate outages. Google designs zones to be independent from each other: a zone usually has power, cooling, networking, and control planes that are isolated from other zones, and most single failure events will affect only a single zone. Thus, if a zone becomes unavailable, you can transfer traffic to another zone in the same region to keep your services running.
Similarly, if a region experiences any disturbances, you should have backup services running in a different region. For more information about distributing your resources and designing a robust system, see Designing Robust Systems. Decreased network latency To decrease network latency, you might want to choose a region or zone that is close to your point of service.
https://cloud.google.com/compute/docs/regions-zones#choosing_a_region_and_zone
NEW QUESTION # 68
You are a project owner and need your co-worker to deploy a new version of your application to App Engine. You want to follow Google's recommended practices. Which IAM roles should you grant your co-worker?
- A. App Engine Code Viewer
- B. Project Editor
- C. App Engine Deployer
- D. App Engine Service Admin
Answer: C
Explanation:
A is not correct because this access is too wide, and Google recommends least-privilege. Also Google recommends predefined roles instead of primitive roles like Project Editor.
B is not correct because although it gives write access to module-level and version-level settings, users cannot deploy a new version.
C is correct because this gives write access only to create a new version.
D is not correct because this is read-only access.
https://cloud.google.com/iam/docs/understanding-roles
NEW QUESTION # 69
You have a workload running on Compute Engine that is critical to your business. You want to ensure that the data on the boot disk of this workload is backed up regularly. You need to be able to restore a backup as quickly as possible in case of disaster. You also want older backups to be cleaned automatically to save on cost. You want to follow Google-recommended practices. What should you do?
- A. Create a snapshot schedule for the disk using the desired interval.
- B. Create a Cloud Task to create an image and export it to Cloud Storage.
- C. Create a Cloud Function to create an instance template.
- D. Create a cron job to create a new disk from the disk using gcloud.
Answer: A
Explanation:
Best practices for persistent disk snapshots
You can create persistent disk snapshots at any time, but you can create snapshots more quickly and with greater reliability if you use the following best practices.
Creating frequent snapshots efficiently
Use snapshots to manage your data efficiently.
Create a snapshot of your data on a regular schedule to minimize data loss due to unexpected failure.
Improve performance by eliminating excessive snapshot downloads and by creating an image and reusing it.
Set your snapshot schedule to off-peak hours to reduce snapshot time.
Snapshot frequency limits
Creating snapshots from persistent disks
You can snapshot your disks at most once every 10 minutes. If you want to issue a burst of requests to snapshot your disks, you can issue at most 6 requests in 60 minutes.
If the limit is exceeded, the operation fails and returns the following error:
https://cloud.google.com/compute/docs/disks/snapshot-best-practices
NEW QUESTION # 70
You are analyzing Google Cloud Platform service costs from three separate projects. You want to use this information to create service cost estimates by service type, daily and monthly, for the next six months using standard query syntax. What should you do?
- A. Export your bill to a Cloud Storage bucket, and then import into Cloud Bigtable for analysis.
- B. Export your bill to a BigQuery dataset, and then write time window-based SQL queries for analysis.
- C. Export your bill to a Cloud Storage bucket, and then import into Google Sheets for analysis.
- D. Export your transactions to a local file, and perform analysis with a desktop tool.
Answer: B
Explanation:
"...we recommend that you enable Cloud Billing data export to BigQuery at the same time that you create a Cloud Billing account. " https://cloud.google.com/billing/docs/how-to/export-data-bigquery
https://medium.com/google-cloud/analyzing-google-cloud-billing-data-with-big-query-30bae1c2aae4
NEW QUESTION # 71
You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google's recommended practices. Which method should you use?
- A. Cloud Composer
- B. Deployment Manager
- C. Managed Instance Group
- D. Unmanaged Instance Group
Answer: C
Explanation:
Reference:
https://cloud.google.com/compute/docs/instances/
NEW QUESTION # 72
You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be able to record all requests that read any of the stored data. You want to make sure you comply with these requirements. What should you do?
- A. Enable Data Access audit logs for the Cloud Storage API.
- B. Allow only a single Service Account access to read the data.
- C. Scan the bucker using the Data Loss Prevention API.
- D. Enable the Identity Aware Proxy API on the project.
Answer: A
Explanation:
Reference:
https://cloud.google.com/storage/docs/audit-logs
NEW QUESTION # 73
You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google- recommended practices to obtain the combined logs for all projects. What should you do?
- A. Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.
- B. Navigate to Stackdriver Logging and select resource.labels.project_id="*"
- C. Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.
- D. Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.
Answer: C
NEW QUESTION # 74
You have deployed multiple Linux instances on Compute Engine. You plan on adding more instances in the coming weeks. You want to be able to access all of these instances through your SSH client over me Internet without having to configure specific access on the existing and new instances. You do not want the Compute Engine instances to have a public IP. What should you do?
- A. Create an SSH keypair and store the public key as a project-wide SSH Key
- B. Configure Cloud Identity-Aware Proxy (or HTTPS resources
- C. Configure Cloud Identity-Aware Proxy for SSH and TCP resources.
- D. Create an SSH keypair and store the private key as a project-wide SSH Key
Answer: C
Explanation:
https://cloud.google.com/iap/docs/using-tcp-forwarding
NEW QUESTION # 75
You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible. Which range should you use?
- A. .00.0.0/0
- B. 172.16.0.0/12
- C. 10.0.0.0/8
- D. 192.168.0.0/16
Answer: C
Explanation:
https://cloud.google.com/vpc/docs/vpc#manually_created_subnet_ip_ranges
NEW QUESTION # 76
......
100% Pass Guaranteed Free Associate-Cloud-Engineer Exam Dumps: https://www.realvce.com/Associate-Cloud-Engineer_free-dumps.html
Verified & Latest Associate-Cloud-Engineer Dump Q&As with Correct Answers: https://drive.google.com/open?id=1O_ljQiOM-d-mNjXSgFjoaAEwzhEGUjne