Google Associate Cloud Engineer Exam Questions 2024
Google Associate Cloud Engineer Exam Questions 2024
Visit Official SkillCertPro Website :-
For a full set of 800 questions. Go to
https://skillcertpro.com/product/google-cloud-certified-associate-cloud-engineer-practice-exam-set/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Multiple teams in your company are using Google Cloud for their applications. All teams use different billing accounts. Your leadership team has requested for a single dashboard where they can visualize the charges and make decisions. The dashboards should reflect new cost data as soon as possible. What can help you achieve this?
A.Populate all fields within the Pricing Calculator and generate an approximation of the monthly expenses using it.
B.Access the Reports section within the Cloud Billing Console to review the specific cost details you‘re interested in.
C.Navigate to the Cost Table page to obtain a CSV export, then employ Looker Studio to create visual representations.
D.Set up Billing Data Export to BigQuery and utilize Looker Studio to visualize the data accordingly.
Answer: D
Explanation:
A is incorrect because filling all resources in the Pricing Calculator will only give an estimate of the monthly cost and does not provide a single visual representation of all costs incurred.
B is incorrect because the Reports view in the Cloud Billing Console may provide cost information for individual projects, but it does not provide a single visual representation of all costs incurred across multiple projects.
C is incorrect because visiting the Cost Table page and exporting it as a CSV will only provide a static representation of the costs and does not provide a real-time or dynamic visual representation. Additionally, Looker Studio may not be the appropriate tool for visualizing the CSV data.
D is correct because configuring Billing Data Export to BigQuery allows for the automatic export of cost data from multiple projects to a single location. By visualizing the data in Looker Studio, you can have a real-time, dynamic representation of all costs incurred across multiple projects, giving a comprehensive overview for better estimating future charges.
Links:
https://cloud.google.com/billing/docs/how-to/export-data-bigquery
https://cloud.google.com/billing/docs/how-to/visualize-data
Question 2:
Your company has provided you with a blank Google Cloud Project with an attached Billing account. You are going to use that project to deploy an app that uses Compute Engine, Firewall, and Cloud Storage. What is the first step that you need to perform on this project?
A.Utilize the gcloud CLI command gcloud services enable cloudresourcemanager
B.Employ the gcloud CLI command gcloud services enable compute
C.Access the Google Cloud console and activate all of the available Google Cloud APIs via the API dashboard
D.Launch the Google Cloud console and execute gcloud init --project in a Cloud Shell session
Answer: B
Explanation:
A is incorrect because it enables all resources, not just the specific resources needed for creating instances, setting firewalls, and storing data in Cloud Storage. This could potentially lead to unnecessary resources being enabled and increased costs.
B is correct because it specifically enables the Compute Engine service and the Cloud Storage APIs, which are the resources needed for creating instances, setting firewalls, and storing data in Cloud Storage. This follows the Google-recommended practices of only enabling the necessary resources for a specific task.
C is incorrect because it suggests enabling all Google Cloud APIs from the API dashboard. This would enable all APIs, including ones that are not necessary for the specific task at hand. Again, this could lead to unnecessary resources being enabled and increased costs.
D is incorrect because it suggests using the gcloud init –project command in a Cloud Shell. While this command is used to initialize a Google Cloud project and set the active project, it does not enable the necessary resources for creating instances, setting firewalls, and storing data in Cloud Storage. Therefore, it does not follow the Google-recommended practices in this scenario.
Links:
https://cloud.google.com/sdk/gcloud/reference/services/enable
Question 3:
You are building a banking-related application on Google Kubernetes Engine. Your security team has given the following requirements for the cluster:
The cluster should have verifiable node identity and integrity
The nodes should not be accessible from the internet.
What should you do to honor these requirements while keeping operational costs to a minimum?
A.Deploy a private autopilot cluster
B.Deploy a public autopilot cluster
C.Deploy a standard public cluster and enable shielded nodes
D.Deploy a standard private cluster and enable shielded nodes
Answer: D
Explanation:
A is incorrect because deploying a private autopilot cluster would not meet the requirement of nodes not being accessible from the internet. Autopilot clusters are fully managed and do not have the option to restrict internet access.
B is incorrect because deploying a public autopilot cluster would not meet the requirement of nodes not being accessible from the internet. Autopilot clusters are fully managed and do not have the option to restrict internet access.
C is incorrect because deploying a standard public cluster and enabling shielded nodes would not meet the requirement of nodes not being accessible from the internet. Shielded nodes provide verifiable node identity and integrity but do not restrict internet access.
D is correct because deploying a standard private cluster and enabling shielded nodes would meet all the requirements. In a private cluster, nodes are not accessible from the internet by default. Enabling shielded nodes provides verifiable node identity and integrity. Additionally, following Google-recommended practices includes using standard clusters rather than autopilot clusters for more control and reducing operational costs.
Links:
https://cloud.google.com/kubernetes-engine
https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes
Question 4:
You are building a project management tool that is hosted on a single Compute Engine instance. You have received complaints from your users that they are facing some errors. Your application writes all logs to the disk. How can you diagnose the cause of the error?
A.View the application logs in Cloud Logging
B.Set a consecutive successes Healthy threshold value of 1 by configuring a health check on the instance
C.Read the application logs by connecting to the instances serial console
D.View the logs from Cloud Logging by installing and configuring the Ops agent
Answer: D
Explanation:
A is incorrect because navigating to Cloud Logging would allow you to view the logs, but it does not provide a solution for diagnosing the reported errors with the application. It is just a way to view the logs that have been written.
B is incorrect because configuring a health check and setting a “consecutive successes“ healthy threshold value would not directly address the issue of diagnosing the reported errors with the application. Health checks are typically used to monitor the overall health and availability of an instance, but they do not provide detailed information about application errors.
C is incorrect because connecting to the instance‘s serial console and reading the application logs would require manual intervention and may not provide a scalable or efficient way to diagnose the reported errors. It would also require direct access to the instance, which may not always be possible or convenient.
D is correct because installing and configuring the Ops agent and viewing the logs from Cloud Logging would provide a comprehensive and centralized solution for diagnosing the reported errors. The Ops agent allows for enhanced monitoring and logging capabilities, enabling you to easily access and analyze application logs. It provides a more scalable and efficient approach compared to manually reading logs or relying on health checks.
Links:
https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent
Question 5:
You have received some complaints from your users that they are experiencing high latency at random intervals in your app, hosted on Compute Engine. In order to check what is going on, your team needs to be monitoring the app at the time when the latency is high. What solution can you use on Google Cloud to notify your team if the latency is increased for 5 minutes?
A.Transmit Cloud Monitoring metrics into BigQuery and utilize a Looker Studio dashboard to track the latency of your web application
B.Develop an alert policy to trigger notifications when the HTTP response latency surpasses the predetermined threshold
C.Set up an App Engine service that interacts with the Cloud Monitoring API and sends notifications in instances of anomalies
D.Leverage the Cloud Monitoring dashboard to monitor latency and initiate appropriate measures upon detection of response latency surpassing the designated threshold
Answer: B
Explanation:
A is incorrect because exporting Cloud Monitoring metrics to BigQuery and using a Looker Studio dashboard would allow for monitoring of web application latency, but it does not provide an automated notification for the support team when high latency is detected. This solution would require additional development and configuration to implement the desired automated notification.
B is correct because creating an alert policy to send a notification when the HTTP response latency exceeds the specified threshold is a Google-recommended solution with no development cost. This solution directly addresses the requirement of automatically notifying the support team when high latency is experienced by users for at least 5 minutes.
C is incorrect because implementing an App Engine service to invoke the Cloud Monitoring API and send a notification in case of anomalies would also require additional development and configuration. This solution does not directly address the requirement of automatically notifying the support team when high latency is experienced by users.
D is incorrect because using the Cloud Monitoring dashboard to observe latency and taking the necessary actions when the response latency exceeds the specified threshold would require manual monitoring and intervention from the support team. This solution does not fulfill the requirement of automatically notifying the support team when high latency is experienced by users.
Links:
https://cloud.google.com/monitoring/alerts
For a full set of 800 questions. Go to
https://skillcertpro.com/product/google-cloud-certified-associate-cloud-engineer-practice-exam-set/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
Your team is modernizing a legacy application by leveraging Docker. What should you choose to deploy this application on Google Cloud such that the team does not need to manage infrastructure and the app can scale well if it gains popularity?
A.Create an instance template using the container image, then set up a Managed Instance Group that employs Autoscaling
B.Transfer Docker images to Artifact Registry, and proceed to deploy the application on Google Kubernetes Engine using the Standard mode
C.Store Docker images in Cloud Storage, and proceed to deploy the application on Google Kubernetes Engine using the Standard mode
D.Move Docker images to Artifact Registry, and carry out the deployment of the application on Cloud Run
Answer: D
Explanation:
A is incorrect because it suggests creating an instance template and deploying a Managed Instance Group with Autoscaling. This approach is more suitable for managing virtual machine instances, not containers.
B is incorrect because it suggests uploading Docker images to Artifact Registry and deploying the application on Google Kubernetes Engine using Standard mode. While this option involves using containers and Kubernetes for orchestration, it does not mention anything about automatic scaling based on popularity.
C is incorrect because it suggests uploading Docker images to Cloud Storage and deploying the application on Google Kubernetes Engine using Standard mode. Similar to option B, this option does not mention anything about automatic scaling based on popularity.
D is correct because it suggests uploading Docker images to Artifact Registry and deploying the application on Cloud Run. Cloud Run is a managed compute platform that automatically scales your containers based on incoming requests or events. This ensures that your application can scale automatically as it gains popularity, without the need to manage the underlying infrastructure.
Links:
https://cloud.google.com/artifact-registry
Question 7:
Your E-commerce website is made up of 30 microservices. Each microservice has its own dedicated database backend. How should you store the credentials securely?
A.Store the credentials in the source code
B.Store the credentials in an environment variable
C.Store the credentials in a secret management system
D.Store the credentials in a config file that has restricted access through ACLs
Answer: C
Explanation:
A is incorrect because storing credentials in source code and source control is discoverable, in plain text, by anyone with access to the source code. This also introduces the requirement to update code and do a deployment each time the credentials are rotated.
B is incorrect because consistently populating environment variables would require the credentials to be available, in plain text, when the session is started.
C is correct because key management systems generate, use, rotate, encrypt, and destroy cryptographic keys and manage permissions to those keys. Sensitive credentials like database passwords should be handled with care.
D is incorrect because instead of managing access to the config file and updating manually as keys are rotated, it would be better to leverage a key management system. Additionally, there is an increased risk if the config file contains the credentials in plain text.
Links:
https://cloud.google.com/secret-manager
https://cloud.google.com/secret-manager/docs
Question 8:
You are maintaining a Google Cloud Project that is used for development purposes by your team. Your company has a dedicated Devops team that manages all Compute Engine instances in your company. How can you provide permissions to the Devops group in your company such that they have all administrative permissions to Compute Engine in your project but not have access to any other resources in the project?
A.Provide the DevOps team with the roles/viewer basic role and assign them the predefined roles/compute.admin role.
B. Develop an IAM policy that bestows the complete range of compute.instanceAdmin.* permissions. Associate this policy with the DevOps group.
C. Generate a unique role at the folder level, conferring all compute.instanceAdmin.* permissions upon it. Then, extend this custom role to the DevOps group.
D. Grant the DevOps group with the roles/editor basic role.
Answer: C
Explanation:
A is incorrect because it grants the DevOps group more permissions than necessary. The roles/viewer role provides read-only access, which is not required for the group. Additionally, roles/compute.admin gives the ability to create or update any Compute Engine resources, which goes against the requirement of not having permission to create or update other resources in the project.
B is incorrect because it grants the DevOps group all compute.instanceAdmin.* permissions, which again include more permissions than necessary. The group should only have full control of Compute Engine resources, not all compute-related permissions.
C is correct because it creates a custom role that specifically grants all compute.instanceAdmin.* permissions. This allows the DevOps group to have full control over Compute Engine resources without giving them excessive permissions for other resources in the project. Granting the custom role to the DevOps group ensures they have the necessary privileges.
D is incorrect because the roles/editor role provides excessive permissions that are not required for the DevOps group. It gives them the ability to manage all resources in the project, including Compute Engine, which goes against the requirement of not having permission to create or update other resources.
Links:
https://cloud.google.com/iam/docs/creating-custom-roles
Question 9:
Your company’s Data Science team is building a Dataflow job on Google Cloud to process large quantities of unstructured data in multiple file formats using the ETL process. What should you do to make the data accessible to the Dataflow job?
A.Transfer the data to BigQuery utilizing the bq command line utility
B.Store the data in Cloud Storage through the employment of the gcloud storage command
C.Load the data into Cloud SQL utilizing the import feature available in the Google Cloud console
D.Ingest the data into Cloud Spanner via the import capability accessible in the Google Cloud console
Answer: B
Explanation:
A is incorrect because the bq command line tool is used for uploading data directly into BigQuery, which may not be the most efficient option for handling large quantities of unstructured data in different file formats. Additionally, the question specifically asks for the data to be made accessible on Google Cloud so it can be processed by a Dataflow job, which suggests that uploading the data directly into BigQuery may not be the best solution for this scenario.
B is correct because uploading the data to Cloud Storage using the gcloud storage command allows for efficient handling of large quantities of unstructured data in different file formats. Cloud Storage is designed to store and manage objects, such as files, and provides high scalability, durability, and accessibility. By uploading the data to Cloud Storage, it can then be easily processed by a Dataflow job.
C is incorrect because uploading the data into Cloud SQL using the import function is not the optimal solution for handling large quantities of unstructured data. Cloud SQL is a fully-managed relational database service, designed for structured data, and may not be suitable for the file formats and unstructured nature of the data mentioned in the question.
D is incorrect because uploading the data into Cloud Spanner using the import function is also not the optimal solution for handling large quantities of unstructured data. Cloud Spanner is a globally distributed, horizontally scalable, and strongly consistent relational database service, which may not be the best fit for unstructured data.
Links:
https://cloud.google.com/sdk/gcloud/reference/storage
Question 10:
You are the devops engineer for your team. You have deployed a custom-mode VPC in one of your GCP projects. Your team is running out of primary internal IP addresses in one of the subnets. Virtual machines in the project use IP addresses from the subnet which has an IP range 10.0.1.0/20. How can you provide more IP addresses to your team?
A.Add a secondary IP range 10.1.1.0/20 to the subnet.
B.Change the subnet IP range from 10.0.1.0/20 to 10.0.1.0/18.
C.Change the subnet IP range from 10.0.1.0/20 to 10.0.1.0/22.
D.Convert the subnet IP range from IPv4 to IPv6.
Answer: A
Explanation:
A is correct because adding a secondary IP range 10.1.0.0/20 to the subnet will effectively provide more IP addresses for the virtual machines without modifying the primary IP range.
B is incorrect because changing the subnet IP range from 10.0.0.0/20 to 10.0.0.0/18 would drastically increase the subnet size, potentially leading to IP address waste and causing subnet boundary changes.
C is incorrect because changing the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22 would decrease the subnet size, which is not the desired outcome when trying to provide more IP addresses.
D is incorrect because converting the subnet IP range from IPv4 to IPv6 is a significant infrastructure change and not directly related to the goal of providing more IP addresses for the virtual machines in the custom mode VPC subnet.
Links:
https://cloud.google.com/vpc/docs/vpc
Random concept (optional read)
– Cloud Run for Anthos provides a flexible serverless development platform and allows you to deploy your workloads to Anthos clusters, all with the same consistent experience. Cloud Run for Anthos is Google‘s managed and fully supported Knative offering, an open-source project that supports serverless workloads on Kubernetes.
– Anthos Multicloud API enables you to provision and manage GKE clusters running on AWS and Azure infrastructure through a centralized Google Cloud-backed control plane. This means that your team can have a consistent experience to create, manage, and update GKE clusters, regardless of which public cloud you‘re using.
For a full set of 800 questions. Go to
https://skillcertpro.com/product/google-cloud-certified-associate-cloud-engineer-practice-exam-set/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.