GCP ACE Notes 1
GCP ACE Notes 1
pls-academy-ace-student-slides-6-2303
Proprietary + Confidential
Thank you!
Proprietary + Confidential
01
Today’s
Exam registration
02 Practice questions
agenda
Proprietary + Confidential
Exam Registration,
01
Rescheduling
Proprietary + Confidential
https://cloud.google.com/certification/cloud-engineer
https://cloud.google.com/certification/cloud-architect
Proprietary + Confidential
https://webassessor.com/googlecloud
Kryterion support:
Website: https://kryterion.force.com/support/s/contactsupport
Email: support@kryteriononline.com
Kryterion Website - Create a new account
Proprietary + Confidential
e.g. john@gmail.com,
john@yourcompany.com
Click here
… or here
Proprietary + Confidential
Go to a
Kryterion testing
center
Proprietary + Confidential
Select a location
Click Select
Proprietary + Confidential
Scroll to
bo om Click Select
Proprietary + Confidential
Check Out
Proprietary + Confidential
Rescheduling
● Login to the webassessor site. Click “My Assessments” to see your current exam
registrations. Next to it, there will be a “Reschedule/Cancel”
● There’s a rescheduling/late fee if you update registrations in less than …
○ 72 hours for onsite exams scheduled at a testing center.
○ 24 hours for online proctored exams taken remotely.
Rescheduling:
https://support.google.com/cloud-certification/answer/9908049?hl=en
Exam Identification
Online:
● One photo ID
FAQs
● Can I change from remote proctored to onsite proctored?
○ Yes, contact Kryterion support.
● Can I take the exam in my office?
○ Yes, if it is a quiet place and you won’t have people coming and going.
● But my office has glass walls!
○ No - you can’t take your test there.
● But I can’t get a quiet room at home!
○ Choose onsite (test center) proctored.
● How many attempts are allowed with one voucher?
○ Only one.
Proprietary + Confidential
FAQs
● What is the passing score?
○ Google doesn’t publish this information.
● Will we get a subject based score of how many answers we got right/wrong?
○ No. Only a PASS/FAIL result.
● Can I install the exam software on company machine?
○ Try it.
○ It is not uncommon for companies to install policy software which blocks
unauthorized applications to be installed.
Proprietary + Confidential
Online proctoring
https://kryterion.force.com/support/s/topic/0TO1W000000I5h3WAC/online-proctoring?
language=en_US
Proprietary + Confidential
https://www.kryterion.com/systemcheck/
We recommend that you use a personal computer and network, as office devices
might have administrative restrictions that prohibit the installation and use of the
required software, or might block the use of a webcam.
Proprietary + Confidential
Question # Timer
and total
Click to mark
question for review
1 11 * 21 31
Marked questions
2 12 22 32
have an “*”
3* 13 23 33 *
4 14 24 34 *
5 15 * 25 35
6 16 26 36
7 17 27 37 *
8* 18 28 * 38
9 19 29 * 39
10 20 30 * 40
Submit
Proprietary + Confidential
Types of Questions
Single Multiple
answer answer
question question
Proprietary + Confidential
Post Exam
02 Practice Questions
Proprietary + Confidential
Question: Your company wants to try out the cloud with low risk. They
want to archive approximately 100 TB of their log data to the cloud and
test the serverless analytics features available to them there, while also
retaining that data as a long-term disaster recovery backup. Which two
steps should they take? (choose two)
Proprietary + Confidential
Question: Your company wants to try out the cloud with low risk. They
want to archive approximately 100 TB of their log data to the cloud and
test the serverless analytics features available to them there, while also
retaining that data as a long-term disaster recovery backup. Which two
steps should they take? (choose two)
Question: Your company wants to try out the cloud with low risk. They
want to archive approximately 100 TB of their log data to the cloud and
test the serverless analytics features available to them there, while also
retaining that data as a long-term disaster recovery backup. Which two
steps should they take? (choose two)
Think about these before you answer the question:
Which database is used for serverless analytics?
Which storage option is used for long term storage?
Which storage option would be good for storing backup files - e.g. zip
files?
Question: Your company wants to try out the cloud with low risk. They
want to archive approximately 100 TB of their log data to the cloud and
test the serverless analytics features available to them there, while also
retaining that data as a long-term disaster recovery backup. Which two
steps should they take? (choose two)
A. Load logs into BigQuery.
Recall
B. Load logs into Cloud SQL. 1. Low risk = minimal effort
C. Import logs into Cloud Logging. 2. Serverless
D. Insert logs into Cloud Bigtable. 3. Analytics
4. 100 TB
E. Upload log files into Cloud Storage. 5. Long term disaster
recovery
Question: Your company wants to try out the cloud with low risk. They
want to archive approximately 100 TB of their log data to the cloud and
test the serverless analytics features available to them there, while also
retaining that data as a long-term disaster recovery backup. Which two
steps should they take? (choose two)
A. Load logs into BigQuery. Analytics keyword
Recall
B. Load logs into Cloud SQL. Not serverless 1. Low risk = minimal effort
C. Import logs into Cloud Logging. Not long term storage 2. Serverless
3. Analytics
D. Insert logs into Cloud Bigtable. Not best
4. 100 TB
E. Upload log files into Cloud Storage. Long term storage 5. Long term disaster
recovery
A. BigQuery
B. Cloud SQL
C. Cloud Spanner
D. Cloud Bigtable
E. Cloud Datastore
Proprietary + Confidential
If purchasing a book, get the most recent edition. A book that more than 2 years old
is like 10 years old in cloud years.
Proprietary + Confidential
A. Only Spanner and Cloud SQL databases support transactions and have a SQL
interface. Firestore has transactions but does not support fully compliant SQL; it has a
SQL-like query language. Cloud Storage does not support transactions or SQL.
Proprietary + Confidential
A. Only Spanner and Cloud SQL databases support transactions and have a SQL
interface. Datastore has transactions but does not support fully compliant SQL; it has
a SQL-like query language. Cloud Storage does not support transactions or SQL.
Proprietary + Confidential
You have been hired as a consultant to a startup in the Internet of Things (IoT)
space. The startup will stream large volumes of data into GC. The data needs to
be filtered, transformed, and analyzed before being stored in Firestore. A good
option for the stream processing component is:
A. Cloud Dataproc
B. Cloud Dataflow
C. Cloud Endpoints
D. Cloud Interconnect
You have been hired as a consultant to a startup in the Internet of Things (IoT) space.
The startup will stream large volumes of data into GCP. The data needs to be filtered,
trans- formed, and analyzed before being stored in GCP Datastore. A good option for
the stream processing component is:
A. Dataproc
B. Cloud Dataflow
C. Cloud Endpoints
D. Cloud Interconnect
B. Cloud Dataflow allows for stream and batch processing of data and is well suited
for this kind of ETL work. Dataproc is a managed Hadoop and Spark service that is
used for big data analytics. Cloud Endpoints is an API service, and Cloud
Interconnect is a network service.
Proprietary + Confidential
You have been hired as a consultant to a startup in the Internet of Things (IoT)
space. The startup will stream large volumes of data into GC. The data needs to
be filtered, transformed, and analyzed before being stored in Firestore. A good
option for the stream processing component is:
A. Cloud Dataproc
B. Cloud Dataflow
C. Cloud Endpoints
D. Cloud Interconnect
You have been hired as a consultant to a startup in the Internet of Things (IoT) space.
The startup will stream large volumes of data into GCP. The data needs to be filtered,
trans- formed, and analyzed before being stored in Firestore. A good option for the
stream processing component is:
A. Dataproc
B. Cloud Dataflow
C. Cloud Endpoints
D. Cloud Interconnect
B. Cloud Dataflow allows for stream and batch processing of data and is well suited
for this kind of ETL work. Dataproc is a managed Hadoop and Spark service that is
used for big data analytics. Cloud Endpoints is an API service, and Cloud
Interconnect is a network service.
Proprietary + Confidential
You have been asked to set up network security in a virtual private cloud. Your
company wants to have multiple subnetworks and limit traffic between the
subnetworks. Which network security control would you use to control the flow of
traffic between subnets?
You have been asked to set up network security in a virtual private cloud. Your
company wants to have multiple subnetworks and limit traffic between the
subnetworks. Which network security control would you use to control the flow of
traffic between subnets?
A. Identity access management
B. Router
C. Firewall rules
D. IP address table
Ans: C. Firewall rules in Google Cloud Platform (GCP) are software-defined network
controls that limit the flow of traffic into and out of a network or subnetwork, so option
C is the correct answer. Routers are used to move traffic to appropriate destinations
on the network. Identity access management is used for authenticating and
authorizing users; it is not relevant to network controls between subnetworks. IP
address tables are not a security control.
Proprietary + Confidential
You have been asked to set up network security in a virtual private cloud. Your
company wants to have multiple subnetworks and limit traffic between the
subnetworks. Which network security control would you use to control the flow of
traffic between subnets?
You have been asked to set up network security in a virtual private cloud. Your
company wants to have multiple subnetworks and limit traffic between the
subnetworks. Which network security control would you use to control the flow of
traffic between subnets?
A. Identity access management
B. Router
C. Firewall rules
D. IP address table
Ans: C. Firewall rules in Google Cloud Platform (GCP) are software-defined network
controls that limit the flow of traffic into and out of a network or subnetwork, so option
C is the correct answer. Routers are used to move traffic to appropriate destinations
on the network. Identity access management is used for authenticating and
authorizing users; it is not relevant to network controls between subnetworks. IP
address tables are not a security control.
Proprietary + Confidential
You have an application that uses a Pub/Sub message queue to maintain a list of
tasks that are to be processed by another application. The application that
consumes messages from the Pub/Sub queue removes the message only after
completing the task. It takes approximately 10 seconds to complete a task. It is
not a problem if two or more VMs perform the same task. What is a cost-effective
configuration for processing this workload?
You have an application that uses a Pub/Sub message queue to maintain a list of
tasks that are to be processed by another application. The application that consumes
messages from the Pub/Sub queue removes the message only after completing the
task. It takes approximately 10 seconds to complete a task. It is not a problem if two
or more VMs perform the same task. What is a cost-effective configuration for
processing this workload?
A. Use preemptible/spot VMs
B. Use standard VMs
C. Use DataProc
D. Use Spanner
Ans: A. This is a good use case for preemptible/spot VMs because they could reduce
the cost of running the second application without the risk of losing work. Since tasks
are deleted from the queue only after they are completed if a preemptible/spot VM is
shut down before completing the task, another VM can perform the task. Also, there is
no harm in running a task more than once, so if two VMs do the same task, it will not
adversely affect the output of the application. DataProc and Spanner are not
appropriate products for this task.
Proprietary + Confidential
You have an application that uses a Pub/Sub message queue to maintain a list of
tasks that are to be processed by another application. The application that
consumes messages from the Pub/Sub queue removes the message only after
completing the task. It takes approximately 10 seconds to complete a task. It is
not a problem if two or more VMs perform the same task. What is a cost-effective
configuration for processing this workload?
You have an application that uses a Pub/Sub message queue to maintain a list of
tasks that are to be processed by another application. The application that consumes
messages from the Pub/Sub queue removes the message only after completing the
task. It takes approximately 10 seconds to complete a task. It is not a problem if two
or more VMs perform the same task. What is a cost-effective configuration for
processing this workload?
A. Use preemptible/spot VMs
B. Use standard VMs
C. Use DataProc
D. Use Spanner
Ans: A. This is a good use case for preemptible/spot VMs because they could reduce
the cost of running the second application without the risk of losing work. Since tasks
are deleted from the queue only after they are completed if a preemptible/spot VM is
shut down before completing the task, another VM can perform the task. Also, there is
no harm in running a task more than once, so if two VMs do the same task, it will not
adversely affect the output of the application. DataProc and Spanner are not
appropriate products for this task.
Proprietary + Confidential
Ans: B. A computationally intensive application obviously requires high CPUs, but the
fact that there are many mathematical calculations indicates that a GPU should be
used. You might consider running this in a cluster, but the work is not easily
distributed over multiple servers, so you will need to have a single server capable of
handling the load. Immediate access to large amounts of data indicates that a
high-memory machine should be recommended.
Proprietary + Confidential
Ans: B. A computationally intensive application obviously requires high CPUs, but the
fact that there are many mathematical calculations indicates that a GPU should be
used. You might consider running this in a cluster, but the work is not easily
distributed over multiple servers, so you will need to have a single server capable of
handling the load. Immediate access to large amounts of data indicates that a
high-memory machine should be recommended.
Proprietary + Confidential
An app for a finance company needs access to a database and a Cloud Storage
bucket. There is no predefined role that grants all the needed permissions
without granting some permissions that are not needed. You decide to create a
custom role. When defining custom roles, you should follow which of the following
principles?
A. Rotation of duties
B. Separation of duties
C. Defense in depth
D. Least privilege
An app for a finance company needs access to a database and a Cloud Storage
bucket. There is no predefined role that grants all the needed permissions without
granting some permissions that are not needed. You decide to create a custom role.
When defining custom roles, you should follow which of the following principles?
A. Rotation of duties
B. Least principle
C. Defense in depth
D. Least privilege
Ans: D. Users should have only the privileges that are needed to carry out their
duties. This is the principle of least privilege. Rotation of duties is another security
principle related to having different people perform a task at a different times. Defense
in depth is the practice of using multiple security controls to protect the same asset.
Option B is not a real security principal.
Proprietary + Confidential
An app for a finance company needs access to a database and a Cloud Storage
bucket. There is no predefined role that grants all the needed permissions
without granting some permissions that are not needed. You decide to create a
custom role. When defining custom roles, you should follow which of the following
principles?
A. Rotation of duties
B. Separation of duties
C. Defense in depth
D. Least privilege
An app for a finance company needs access to a database and a Cloud Storage
bucket. There is no predefined role that grants all the needed permissions without
granting some permissions that are not needed. You decide to create a custom role.
When defining custom roles, you should follow which of the following principles?
A. Rotation of duties
B. Least principle
C. Defense in depth
D. Least privilege
Ans: D. Users should have only the privileges that are needed to carry out their
duties. This is the principle of least privilege. Rotation of duties is another security
principle related to having different people perform a task at a different times. Defense
in depth is the practice of using multiple security controls to protect the same asset.
Option B is not a real security principal.
Proprietary + Confidential
Your client needs to store log files for an extended period of time for disaster recovery
purposes. At most, the files will be accessed once per year and will all have the same access
controls. What storage/access solution would you recommend?
Your client needs to store log files for an extended period of time for disaster recovery
purposes. At most, the files will be accessed once per year and will all have the same access
controls. What storage/access solution would you recommend?
To save money, your customer wants to shutdown all developer VMs after hours. What is the
best way to do this?
A. Always deploy preemptible VMs for developers, as they provide the largest discount
B. Assign labels to developer VMs and use Cloud Scheduler to run a Cloud Function to
shut them down.
C. Use Cloud Monitoring and create an alert to shut down VMs when no metrics are
received within a given time frame.
D. Create a cron job on each VM that starts at a specified time and shuts it down
Proprietary + Confidential
To save money, your customer wants to shutdown all developer VMs after hours. What is the
best way to do this?
A. Always deploy preemptible VMs for developers, as they provide the largest discount
B. Assign labels to developer VMs and use Cloud Scheduler to run a Cloud Function
to shut them down.
C. Use Cloud Monitoring and create an alert to shut down VMs when no metrics are
received within a given time frame.
D. Create a cron job on each VM that starts at a specified time and shuts it down
Proprietary + Confidential
Your client is going to do a “lift and shift” of several user-facing applications running on
VMs. They have several years of experience running the application and know its resource
needs. What do you recommend to optimize costs?
Your client is going to do a “lift and shift” of several user-facing applications running on
VMs. They have several years of experience running the application and know its resource
needs. What do you recommend to optimize costs?
You customer has deployed a web application using managed instance groups and load
balancing. The web app uses several microservices on the backend. The best option for
measuring reliability SLIs is:
You customer has deployed a web application using managed instance groups and load
balancing. The web app uses several microservices on the backend. The best option for
measuring reliability SLIs is:
Your client wants a connection between the on-premise data center and a Google Cloud
VPC. The estimated bandwidth needed is 100 Mbps. What do you recommend?
A. Carrier Peering
B. Direct Peering
C. Direct Interconnect
D. Partner Interconnect
Proprietary + Confidential
Your client want a connection between the on-premise data center and a Google Cloud VPC.
The estimated bandwidth needed is 100 Mbps. What do you recommend?
A. Carrier Peering
B. Direct Peering
C. Direct Interconnect
D. Partner Interconnect
Proprietary + Confidential
A music streaming service has outgrown its current implementation and needs to scale in
order to handle an estimated 700,000 events per second. Events include a user creating a
playlist, stating a song, ending a song, etc. They would like to do advanced analytics and
use machine learning to analyze user behavior and increase market share. They use Apache
Beam on-premise and would like something similar in the cloud. Developers would like to
query ML models using SQL.
A music streaming service has outgrown its current implementation and needs to scale in
order to handle an estimated 700,000 events per second. Events include a user creating a
playlist, stating a song, ending a song, etc. They would like to do advanced analytics and
use machine learning to analyze user behavior and increase market share. They use Apache
Beam on-premise and would like something similar in the cloud. Developers would like to
query ML models using SQL.
What would you do to achieve high availability for a company’s internal website running in in
Google Cloud, keeping costs in mind?
What would you do to achieve high availability for a company’s internal website running in in
Google Cloud?
For auditing purposes, your client want to analyze certain log records on a daily basis. They
want to automatically delete log files over 7 days old. What’s the best storage class to use,
how do you get the log records into Cloud Storage and how do you setup the auto-deletion?
A. Standard storage. Transfer the log records directly to Cloud Storage via a log sink.
Setup a retention policy to delete files >7 days old.
B. Standard storage. Export the log records to a csv file, then use gsutil to upload them
into Cloud Storage. Setup a retention policy to delete files >7 days old.
C. Nearline storage. Export the log records to a csv file, then use gsutil to upload them
into Cloud Storage. Setup a lifecycle policy to delete files >7 days old.
D. Standard storage. Transfer the log records directly to Cloud Storage via a log sink.
Setup a lifecycle policy to delete files >7 days old.
Proprietary + Confidential
For auditing purposes, your client want to analyze certain log records on a daily basis. They
want to automatically delete log files over 7 days old. What’s the best storage class to use,
how do you get the log records into Cloud Storage and how do you setup the auto-deletion?
A. Standard storage. Transfer the log records directly to Cloud Storage via a log sink.
Setup a retention policy to delete files >7 days old.
B. Standard storage. Export the log records to a csv file, then use gsutil to upload them
into Cloud Storage. Setup a retention policy to delete files >7 days old.
C. Nearline storage. Export the log records to a csv file, then use gsutil to upload them
into Cloud Storage. Setup a lifecycle policy to delete files >7 days old.
D. Standard storage. Transfer the log records directly to Cloud Storage via a log
sink. Setup a lifecycle policy to delete files >7 days old.
Proprietary + Confidential
A client wants to create a group of web servers fronted by a load balancer for use by
employees around the world. They are not concerned about network latency. They want
high availability at the lowest cost possible.
A. Create the web servers in multiple zones in a region closest to where most employees
are located. Have the load balancer use the Premium service tier.
B. Create the web servers in multiple regions, close to where employees are located. Have
the load balancer use the Standard service tier.
C. Create the web servers in a single zone in a region closest to where most employees
are located. Have the load balancer use the Standard service tier.
D. Create the web servers in multiple zones in a region closest to where most employees
are located. Have the load balancer use the Standard service tier.
Proprietary + Confidential
A client wants to create a group of web servers fronted by a load balancer for use by
employees around the world. They are not concerned about network latency. They want
high availability at the lowest cost possible.
A. Create the web servers in multiple zones in a region closest to where most employees
are located. Have the load balancer use the Premium service tier.
B. Create the web servers in multiple regions, close to where employees are located. Have
the load balancer use the Standard service tier.
C. Create the web servers in a single zone in a region closest to where most employees
are located. Have the load balancer use the Standard service tier.
D. Create the web servers in multiple zones in a region closest to where most
employees are located. Have the load balancer use the Standard service tier.
Your client needs to create several Compute Engine VMs which will house various MySQL
instances currently being used on-prem. Your customer will be making database backups nightly
and will use these to restore if a failure occurs. They want to do the move for the lowest possible
cost. You know you need to add a data disk to each VM. What else do you need to do?
A. Look at the size of the disks being used on-prem and make it 1.5 times bigger in order to
store the backups on the VM. Use regional disks for redundancy.
B. Look at the size of the databases being used on-prem and create a disk of the appropriate
size. Use regional disks for redundancy. Copy database backups to a Cloud Storage bucket.
C. Look at the size of the disks being used on-prem and create a zonal disk of the same size.
Copy database backups to a Cloud Storage bucket.
D. Look at the size of the databases being used on-prem and create a zonal disk of the
appropriate size. Copy database backups to a Cloud Storage bucket.
Proprietary + Confidential
Your client needs to create several Compute Engine VMs which will house various MySQL
instances currently being used on-prem. Your customer will be making database backups nightly
and will use these to restore if a failure occurs. They want to do the move for the lowest possible
cost. You know you need to add a data disk to each VM. What else do you need to do?
A. Look at the size of the disks being used on-prem and make it 1.5 times bigger in order to
store the backups locally. Use regional disks for redundancy.
B. Look at the size of the databases being used on-prem and create a disk of the appropriate
size. Use regional disks for redundancy. Copy database backups to a Cloud Storage bucket.
C. Look at the size of the disks being used on-prem and create a zonal disk of the same size.
Copy database backups to a Cloud Storage bucket.
D. Look at the size of the databases being used on-prem and create a zonal disk of the
appropriate size. Copy database backups to a Cloud Storage bucket.
Your client is going to implement a web based application using Managed Instance Groups that will
consist of 3 tiers: the frontend tier, a middle tier and a backend tier. Your client is very security
conscious and wants to be sure that nothing has access to the backend tier except for the middle
tier. What do you recommend?
A. Use VPC Service Controls. Put the backend tier on one project, and the other two tiers in
another project. Set up a perimeter around both projects
B. Use Firewall Rules based on service accounts. Attach one service account to the middle tier
systems and attach another one to the backend tier systems. Create an ingress firewall rule that
allows communications among systems using these service accounts.
C. Use Private Google Access to allow communication between the middle tier and the backend
tier, and nothing else.
D. Use Firewall Rules based on tags. Give the middle tier systems a tag of “mt” and the backend
tier systems a tag of “be”. Create an ingress firewall rule that allows access to systems with the
“be” tag from systems with the “mt” tag.
Proprietary + Confidential
Your client is going to implement a web based application using Managed Instance Groups that will
consist of 3 tiers: the frontend tier, a middle tier and a backend tier. Your client is very security
conscious and wants to be sure that nothing has access to the backend tier except for the middle
tier. What do you recommend?
A. Use VPC Service Controls. Put the backend tier on one project, and the other two tiers in
another project. Set up a perimeter around both projects
B. Use Firewall Rules based on service accounts. Attach one service account to the middle
tier systems and attach another one to the backend tier systems. Create an ingress
firewall rule that allows communications among systems using these service accounts.
C. Use Private Google Access to allow communication between the middle tier and the backend
tier, and nothing else.
D. Use Firewall Rules based on tags. Give the middle tier systems a tag of “mt” and the backend
tier systems a tag of “be”. Create an ingress firewall rule that allows access to systems with the
“be” tag from systems with the “mt” tag.
Only certain people can assign service accounts to systems. Anyone who has
permission to create a VM can assign a tag to the VM.
Proprietary + Confidential
Your client wants a way to create repeatable deployments where configuration files could be
supplied for different environments, e.g., development, ops and production. They would like
to store the deployment files in a code repository, and have the deployment file
automatically applied when pushed to a certain branch in the repository. They want the
deployment files to work for both on-premise and GC deployments. What do you
recommend?
Your client wants a way to create repeatable deployments where configuration files could be
supplied for different environments, e.g., development, ops and production. They would like
to store the deployment files in a code repository, and have the deployment file
automatically applied when pushed to a certain branch in the repository. They want the
deployment files to work for both on-premise and GC deployments. What do you
recommend?
Your customer is converting an on-premises application to Google App Engine. They are
willing to make minor changes to the app. You will use Cloud Identity to synchronize users
and groups from their Active Directory. Users are required to login to the app. What
authentication strategy should they use?
Your customer is converting an on-premises application to Google App Engine. They are
willing to make minor changes to the app. You will use Cloud Identity to synchronize users
and groups from their Active Directory. Users are required to login to the app. What
authentication strategy should they use?
Your client is required to have a yearly audit of all the IAM changes that occurred over the
past year. What is the easiest (and least expensive) way to manage this process?
A. Create a alert on Log records that contain “setIamPolicy” and send an email to a
mailbox that is monitored by the auditing company.
B. Export Log records that contain “setIamPolicy” to BigQuery, and run a nightly job that
processes the information and appends the results to a BigQuery dataset. Give
auditors “view” access to this data.
C. Filter the log results that contain “setIamPolicy and send them to Cloud Storage via a
sink. Create a signed URL that auditors can used to access this data for a limited time.
D. Export Log records that contain “setIamPolicy” to Bigtable. Use Dataproc jobs to
process the data and store the result into Cloud Storage. Give auditors “view” access
to this data.
Proprietary + Confidential
Your client is required to have a yearly audit of all the IAM changes that occurred over the
past year. What is the easiest (and least expensive) way to manage this process?
A. Create a alert on Log records that contain “setIamPolicy” and send an email to a
mailbox that is monitored by the auditing company.
B. Export Log records that contain “setIamPolicy” to BigQuery, and run a nightly job that
processes the information and appends the results to a BigQuery dataset. Give
auditors “view” access to this data.
C. Filter the log results that contain “setIamPolicy” and send them to Cloud Storage
via a sink. Create a signed URL that auditors can used to access this data for a
limited time.
D. Export Log records that contain “setIamPolicy” to Bigtable. Use Dataproc jobs to
process the data and store the result into Cloud Storage. Give auditors “view” access
to this data.
Proprietary + Confidential
Your customer is creating a database application. The database will be hosted in Cloud SQL
and will be protected by a password. The application that will use the database is located in
Compute Engine. How do you store the password securely, while also allowing access to it
by the application?
Your customer is creating a database application. The database will be hosted in Cloud SQL
and will be protected by a password. The application that will use the database is located in
Compute Engine. How do you store the password securely, while also allowing access to it
by the application?
A customer has a monolithic application which has not been designed to allow incremental
rollout of new code. They have made updates to some of the code. They need to keep the
production environment on-line while updates are tested. What deployment strategy should
they use?
A. Blue/Green deployment
B. Canary deployment
C. Multivariate deployment
D. A/B deployment
Proprietary + Confidential
A customer has a monolithic application which has not been designed to allow incremental
rollout of new code. They have made updates to some of the code. They need to keep the
production environment on-line while updates are tested. What deployment strategy should
they use?
A. Blue/Green deployment
B. Canary deployment
C. Multivariate deployment
D. A/B deployment
Correct answer is A
Blue/Green deployment is the kind of deployment that allows developers to deploy
new code to an entire environment before switching traffic to it. Option D and Option B
are incorrect because they are incremental deployment strategies. Option C is not an
actual deployment strategy.
Proprietary + Confidential
A. Cloud Monitoring
B. Cloud Debugger
C. Cloud Profiler
D. Cloud Trace
Proprietary + Confidential
A. Cloud Monitoring
B. Cloud Debugger
C. Cloud Profiler
D. Cloud Trace
Proprietary + Confidential
Edward has created a Managed Instance Group in the region closest to his headquarters. He is using the
Standard network tier to reduce costs. Edward has just been told that he needs to implement a hot
standby for disaster recovery. What do you recommend?
A. Create another Managed Instance Group in another region using the same instance template as the
current one. Modify the backend of the current load balancer and add the new instance group to it.
B. Create another Managed Instance Group in another region using the same instance template as the
current one. Delete the existing load balancer and create a new one with both MIGs in the backend
and specify the Premium tier.
C. Create scripts to deploy a new Managed Instance Group in another region, along with a new load
balancer should the need arise.
D. Edward needs to explain to management that no additional action is required, as the existing
Managed Instance Group is already deployed in multiple zones in a Region. If something were to
happen in one zone, the others would not be impacted.
Proprietary + Confidential
Edward has created a Managed Instance Group in the region closest to his headquarters. He is using the
Standard network tier to reduce costs. Edward has just been told that he needs to implement a hot
standby for disaster recovery. What do you recommend?
A. Create another Managed Instance Group in another region using the same instance template as the
current one. Modify the backend of the current load balancer and add the new instance group to it.
B. Create another Managed Instance Group in another region using the same instance template
as the current one. Delete the existing load balancer and create a new one with both MIGs in
the backend and specify the Premium tier.
C. Create scripts to deploy a new Managed Instance Group in another region, along with a new load
balancer should the need arise.
D. Edward needs to explain to management that no additional action is required, as the existing
Managed Instance Group is already deployed in multiple zones in a Region. If something were to
happen in one zone, the others would not be impacted.
Proprietary + Confidential
Certification is just one step on your professional journey. Google Cloud also offers
our partners access to advanced solutions training, and a new quality-focused
program called Delivery Readiness Index (DRI) to help you achieve service
excellence with your customers.
Proprietary + Confidential
DRI helps to benchmark partner proficiency and capability at any point during
the customer journey however should be used primarily as a lead measure to
predict and prepare for partner delivery success.
With the DRI insights, we can prescriptively advise the partner project team on
the ground and bridge niche capability gaps.
DRI also takes action. For partner consultants, DRI generates a tailored L&D
plan that prescribes personalized learning, training, and skill development to
build GCP proficiency.
Proprietary + Confidential