Professional-Cloud-Architect Practice Exam Questions and Answers

A.  

Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.

B.  

Revoke the compute.networkAdmin role from all users in the project with front end instances.

C.  

Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.

D.  

Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.

A.  

Add a new Dedicated Interconnect connection

B.  

Upgrade the bandwidth on the Dedicated Interconnect connection to 100 G

C.  

Add three new Cloud VPN connections

D.  

Add a new Carrier Peering connection

A.  

Configure two Partner Interconnect connections in one metro (City), and make sure the Interconnect connections are placed in different metro zones.

B.  

Configure two VPN connections from on-premises to Google Cloud, and make sure the VPN devices on-premises are in separate racks.

C.  

Configure Direct Peering between EHR Healthcare and Google Cloud, and make sure you are peering at least two Google locations.

D.  

Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.

A.  

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.

B.  

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Enable default storage encryption before storing files in Cloud Storage.

C.  

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements.

Utilize Google’s default encryption at rest when storing files in Cloud Storage.

D.  

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.

A.  

Migrate the web application layer to App Engine, and MySQL to Cloud Datastore, and NAS to Cloud Storage. Deploy RabbitMQ, and deploy Hadoop servers using Deployment Manager.

B.  

Migrate RabbitMQ to Cloud Pub/Sub, Hadoop to BigQuery, and NAS to Compute Engine with Persistent Disk storage. Deploy Tomcat, and deploy Nginx using Deployment Manager.

C.  

Implement managed instance groups for Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Compute Engine with Persistent Disk storage.

D.  

Implement managed instance groups for the Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Cloud Storage.

A.  

Use Stackdriver Trace to create a trace list analysis.

B.  

Use Stackdriver Monitoring to create a dashboard on the project’s activity.

C.  

Enable Cloud Identity-Aware Proxy in all projects, and add the group of Administrators as a member.

D.  

Use the Activity page in the GCP Console and Stackdriver Logging to provide the required insight.

A.  

Web applications deployed using App Engine standard environment

B.  

RabbitMQ deployed using an unmanaged instance group

C.  

Hadoop/Spark deployed using Cloud Dataproc Regional in High Availability mode

D.  

Jenkins, monitoring, bastion hosts, security scanners services deployed on custom machine types

A.  

Have the vehicle’ computer compress the data in hourly snapshots, and store it in a Google Cloud storage (GCS) Nearline bucket.

B.  

Push the telemetry data in Real-time to a streaming dataflow job that compresses the data, and store it in Google BigQuery.

C.  

Push the telemetry data in real-time to a streaming dataflow job that compresses the data, and store it in Cloud Bigtable.

D.  

Have the vehicle's computer compress the data in hourly snapshots, a Store it in a GCS Coldline bucket.

A.  

Use one Google Container Engine cluster of FTP servers. Save the data to a Multi-Regional bucket. Run the ETL process using data in the bucket.

B.  

Use multiple Google Container Engine clusters running FTP servers located in different regions. Save the data to Multi-Regional buckets in us, eu, and asia. Run the ETL process using the data in the bucket.

C.  

Directly transfer the files to different Google Cloud Multi-Regional Storage bucket locations in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process using the data in the bucket.

D.  

Directly transfer the files to a different Google Cloud Regional Storage bucket location in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process to retrieve the data from each Regional bucket.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.

B.  

Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.

C.  

Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.

D.  

Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.

A.  

Vehicles write data directly to GCS.

B.  

Vehicles write data directly to Google Cloud Pub/Sub.

C.  

Vehicles stream data directly to Google BigQuery.

D.  

Vehicles continue to write data using the existing system (FTP).

A.  

Use Firestore for its scalable and flexible document-based database. Use collections to aggregate race data

by season and event.

B.  

Use Cloud Spanner for its scalability and ability to version schemas with zero downtime. Split race data

using season as a primary key.

C.  

Use BigQuery for its scalability and ability to add columns to a schema. Partition race data based on

season.

D.  

Use Cloud SQL for its ability to automatically manage storage increases and compatibility with MySQL. Use

separate database instances for each season.

A.  

glouc compute firewall rules update hlr-policy \

--priority 1000 \

target tags-sourceiplist fastly \

--allow tcp:443

B.  

gcloud compute security policies rules update 1000 \

--security-policy hlr-policy \

--expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \

--action " allow"

C.  

gcloud compute firewall rules update

sourceiplist-fastly \

priority 1000 \

allow tcp: 443

D.  

gcloud compute priority-policies rules update

1000 \

security policy from fastly

--src- ip-ranges"

-- action " allow"

A.  

Use Explainable AI.

B.  

Use Vision AI.

C.  

Use Google Cloud’s operations suite.

D.  

Use Jupyter Notebooks.

A.  

Error rates for requests from Asia

B.  

Latency difference between US and Asia

C.  

Total visits, error rates, and latency from Asia

D.  

Total visits and average latency for users in Asia

E.  

The number of character sets present in the database

A.  

Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application.

B.  

Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications.

C.  

Create a single G Suite account to manage users with each stage of each application in its own project.

D.  

Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment.

A.  

Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs).

B.  

Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs.

C.  

Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs

D.  

Deploy a custom authentication service on GCE/Google Container Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs.

A.  

A single VPN tunnel, which limits throughput

B.  

A tier of Google Cloud Storage that is not suited for this task

C.  

A copy command that is not suited to operate over long distances

D.  

Fewer virtual machines (VMs) in GCP than on-premises machines

E.  

A separate storage layer outside the VMs, which is not suited for this task

F.  

Complicated internet connectivity between the on-premises infrastructure and GCP

A.  

Deploy the application on two Compute Engine instances in the same project but in a different region. Use the first instance to serve traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster.

B.  

Deploy the application on a Compute Engine instance. Use the instance to serve traffic, and use the HTTP load balancing service to fail over to an instance on your premises in case of a disaster.

C.  

Deploy the application on two Compute Engine instance groups, each in the same project but in a different region. Use the first instance group to serve traffic, and use the HTTP load balancing service to fail over to the standby instance group in case of a disaster.

D.  

Deploy the application on two Compute Engine instance groups, each in separate project and a different region. Use the first instance group to server traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster.

A.  

Use a persistent disk for each instance.

B.  

Use a regional persistent disk for each instance.

C.  

Create a Cloud Filestore instance and mount it in each instance.

D.  

Create a Cloud Storage bucket and mount it in each instance using gcsfuse.

A.  

Change the autoscaling metric to agent.googleapis.com/memory/percent_used.

B.  

Restart the affected instances on a staggered schedule.

C.  

SSH to each instance and restart the application process.

D.  

Increase the maximum number of instances in the autoscaling group.

A.  

Google Container Engine, Jenkins, and Helm

B.  

Google Container Engine and Cloud Load Balancing

C.  

Google Compute Engine and Cloud Deployment Manager

D.  

Google Compute Engine, Jenkins, and Cloud Load Balancing

A.  

Create a service account (SA) in the legacy game's Google Cloud project, add this SA in the new game's IAM page, and then give it the Firebase Admin role in both projects

B.  

Create a service account (SA) in the legacy game's Google Cloud project, add a second SA in the new game's IAM page, and then give the Organization Admin role to both SAs

C.  

Create a service account (SA) in the legacy game's Google Cloud project, give it the Firebase Admin role, and then migrate the new game to the legacy game's project.

D.  

Create a service account (SA) in the lgacy game's Google Cloud project, give the SA the Organization Admin rule and then give it the Firebase Admin role in both projects

A.  

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L4 load balancer.

B.  

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L4 load balancer.

C.  

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L7 load balancer.

D.  

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L7 load balancer.

A.  

Deploy failure injection software to the game analytics platform that can inject additional latency to mobile client analytics traffic.

B.  

Build a test client that can be run from a mobile phone emulator on a Compute Engine virtual machine, and run multiple copies in Google Cloud Platform regions all over the world to generate realistic traffic.

C.  

Add the ability to introduce a random amount of delay before beginning to process analytics files uploaded from mobile devices.

D.  

Create an opt-in beta of the game that runs on players' mobile devices and collects response times from analytics endpoints running in Google Cloud Platform regions all over the world.

A.  

Evaluate the impact of migrating their current batch ETL code to Cloud Dataflow.

B.  

Write a schema migration plan to denormalize data for better performance in BigQuery.

C.  

Draw an architecture diagram that shows how to move from a single MySQL database to a MySQL cluster.

D.  

Load 10 TB of analytics data from a previous game into a Cloud SQL instance, and run test queries against the full dataset to confirm that they complete successfully.

E.  

Integrate Cloud Armor to defend against possible SQL injection attacks in analytics files uploaded to Cloud Storage.

A.  

Use regional managed instance groups and a global load balancer to increase performance because the

regional managed instance group can grow instances in each region separately based on traffic.

B.  

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines managed by your operations team.

C.  

Use regional managed instance groups and a global load balancer to increase reliability by providing

automatic failover between zones in different regions.

D.  

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines as part of a separate managed instance groups.

A.  

Store image files in a Google Cloud Storage bucket. Use Google Cloud Datastore to maintain metadata that maps each customer's ID and their image files.

B.  

Store image files in a Google Cloud Storage bucket. Add custom metadata to the uploaded images in Cloud Storage that contains the customer's unique I

D.  

C.  

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Assign each customer a unique ID, which sets each file's owner attribute, ensuring privacy of images.

D.  

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Use a Google Cloud SQL database to maintain metadata that maps each customer's ID to their image files.

A.  

They should enable Google Stackdriver Debugger on the application code to show errors in the code.

B.  

They should add additional unit tests and production scale load tests on their cloud staging environment.

C.  

They should run the end-to-end tests in the cloud staging environment to determine if the code is working as intended.

D.  

They should add canary tests so developers can measure how much of an impact the new release causes to latency.

A.  

They should run the end to end tests in the cloud staging environment to determine if the code is working as

intended.

B.  

They should enable google stack driver debugger on the application code to show errors in the code

C.  

They should add additional unit tests and production scale load tests on their cloud staging environment.

D.  

They should add canary tests so developers can measure how much of an impact the new release causes to latency

A.  

Deploy Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTIP(S) Load Balancing instance and attach the Cloud Endpoints to its backend.

B.  

Deploy Cloud Run services to multiple regions Create serverless network endpoint groups pointing to the services. Add the serverless NE Gs to a backend service that is used by a global HTIP(S) Load Balancing instance.

C.  

Cloud Run services to multiple regions. In Cloud DNS, create a latency-based DNS name that points to the services.

D.  

Deploy Cloud Run services to multiple availability zones. Create a TCP/IP global load balancer. Add the Cloud Run Endpoints to its backend service.

A.  

Google Kubernetes Engine with an SSL Ingress

B.  

Cloud IoT Core with public/private key pairs

C.  

Compute Engine with project-wide SSH keys

D.  

Compute Engine with specific SSH keys

A.  

Open a support case regarding the CVE and chat with the support engineer.

B.  

Read the CVEs from the Google Cloud Status Dashboard to understand the impact.

C.  

Read the CVEs from the Google Cloud Platform Security Bulletins to understand the impact

D.  

Post a question regarding the CVE in Stack Overflow to get an explanation

E.  

Post a question regarding the CVE in a Google Cloud discussion group to get an explanation

A.  

Create a BigQuery table for the European data, and set the table retention period to 36 months. For Cloud Storage, use gsutil to enable lifecycle management using a DELETE action with an Age condition of 36 months.

B.  

Create a BigQuery table for the European data, and set the table retention period to 36 months. For Cloud Storage, use gsutil to create a SetStorageClass to NONE action when with an Age condition of 36 months.

C.  

Create a BigQuery time-partitioned table for the European data, and set the partition expiration period to 36 months. For Cloud Storage, use gsutil to enable lifecycle management using a DELETE action with an Age condition of 36 months.

D.  

Create a BigQuery time-partitioned table for the European data, and set the partition period to 36 months. For Cloud Storage, use gsutil to create a SetStorageClass to NONE action with an Age condition of 36 months.

A.  

Verify that the database is online.

B.  

Verify that the project quota hasn't been exceeded.

C.  

Verify that the new feature code did not introduce any performance bugs.

D.  

Verify that the load-testing team is not running their tool against production.

A.  

Tests should scale well beyond the prior approaches.

B.  

Unit tests are no longer required, only end-to-end tests.

C.  

Tests should be applied after the release is in the production environment.

D.  

Tests should include directly testing the Google Cloud Platform (GCP) infrastructure.

A.  

Use a private cluster with a private endpoint with master authorized networks configured.

B.  

Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.

C.  

Use a private cluster with a public endpoint with master authorized networks configured.

D.  

Use a public cluster with master authorized networks enabled and firewall rules.

A.  

Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine

B.  

Google Cloud Storage, Google App Engine, Google Network Load Balancer

C.  

Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer

D.  

Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager

A.  

Container Engine, Cloud Pub/Sub, and Cloud SQL

B.  

Cloud Dataflow, Cloud Storage, Cloud Pub/Sub, and BigQuery

C.  

Cloud SQL, Cloud Storage, Cloud Pub/Sub, and Cloud Dataflow

D.  

Cloud Dataproc, Cloud Pub/Sub, Cloud SQL, and Cloud Dataflow

E.  

Cloud Pub/Sub, Compute Engine, Cloud Storage, and Cloud Dataproc