Google Associate Cloud Engineer Exam  Dumps and Practice Test Questions Set 9 Q 161- 180

Visit here for our full Google Associate Cloud Engineer exam dumps and practice test questions.

Question 161

You need to deploy a containerized microservices application that requires automatic scaling, service-to-service authentication, and traffic management with minimal operational overhead. Which Google Cloud service or architecture is most appropriate?

A) Compute Engine with managed instance groups
B) App Engine Standard Environment
C) Kubernetes Engine (GKE) with Istio
D) Cloud Run

Answer C) Kubernetes Engine (GKE) with Istio

Explanation

A) Compute Engine with managed instance groups allows scaling of virtual machines horizontally based on metrics such as CPU utilization. While this provides basic scaling, deploying a containerized microservices application on VMs introduces significant operational overhead. Each service must be manually orchestrated, networked, and updated. Security and service-to-service communication require additional configurations such as firewall rules or VPNs. Rolling updates, traffic splitting, and service discovery must be implemented manually, making this approach less suitable for containerized microservices needing automation and secure communication.

B) App Engine Standard Environment provides automatic scaling and abstracts the underlying infrastructure. While it reduces operational overhead, it is not optimized for containerized microservices requiring custom runtimes or service mesh capabilities. Inter-service authentication, traffic routing, and security are limited in the Standard Environment. This makes App Engine less suitable for complex microservices architectures.

C) Kubernetes Engine (GKE) with Istio is the ideal solution for containerized microservices requiring automatic scaling, secure service-to-service communication, and advanced traffic management. GKE provides enterprise-grade container orchestration with horizontal pod autoscaling, rolling updates, self-healing, and declarative deployments. Istio adds a service mesh layer, enabling mutual TLS for secure inter-service communication, traffic routing, retries, fault injection, and observability. This combination allows developers to focus on application logic while minimizing operational overhead, as infrastructure management, scaling, and security policies are automated. Enterprise-grade logging, monitoring, and policy enforcement are built-in, providing full visibility and operational control.

D) Cloud Run provides serverless deployment for stateless workloads and supports containerized applications. While it offers automatic scaling and reduced operational overhead, Cloud Run lacks built-in service mesh capabilities for secure inter-service authentication and complex traffic management. Implementing multi-service communication would require additional tools, making Cloud Run less suitable for complex microservices architectures.

The correct solution is Kubernetes Engine with Istio because it provides automated orchestration, secure service-to-service communication, traffic management, observability, and minimal operational overhead. This makes it ideal for modern, containerized microservices deployments.

Question 162

You need to migrate a production MySQL database to Cloud SQL with minimal downtime and ensure transactional consistency. Which approach is most appropriate?

A) Export to SQL dump and import
B) Database Migration Service (DMS) with continuous replication
C) Manual schema creation and ETL migration
D) Cloud Storage Transfer Service

Answer B) Database Migration Service (DMS) with continuous replication

Explanation

A) Exporting a MySQL database to a SQL dump and importing it into Cloud SQL is suitable for small databases or testing, but it introduces significant downtime in production. Any changes made after the export are lost, leading to potential data inconsistency. Large databases may take hours or days to migrate, making this approach infeasible for enterprise workloads requiring near-zero downtime.

B) Database Migration Service (DMS) with continuous replication is designed for enterprise database migrations with minimal downtime. DMS automates the initial schema migration and data copy, followed by continuous replication of ongoing changes. This ensures that the target Cloud SQL instance remains synchronized with the source database during migration. Continuous replication maintains transactional consistency and allows cutover with near-zero downtime. DMS also provides monitoring, validation, and rollback options to reduce operational risk. For production MySQL workloads, DMS ensures a reliable, automated, and minimal-risk migration.

C) Manual schema creation and ETL migration is error-prone, operationally complex, and time-consuming. Continuous replication must be implemented manually, increasing the risk of data loss or inconsistency. This approach is not suitable for production databases requiring minimal downtime.

D) Cloud Storage Transfer Service is designed for object storage transfers and cannot perform database migrations. Using it for MySQL migration would require extensive custom solutions, making it inefficient and risky.

The correct solution is Database Migration Service with continuous replication because it ensures minimal downtime, transactional consistency, automated operations, and enterprise-grade reliability for production MySQL databases.

Question 163

You need to grant a third-party contractor temporary access to upload files to a Cloud Storage bucket. Which method is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is highly insecure and violates the principle of least privilege. It exposes all project resources, complicates auditing, revocation, and monitoring. Using personal credentials for external contractors is unacceptable in enterprise environments and violates security best practices.

B) Creating a service account with long-lived keys provides programmatic access but is not suitable for temporary access. Managing key rotation, secure storage, and revocation introduces operational complexity and increases security risk, especially for short-term access.

C) Signed URLs provide temporary, secure access to specific objects in Cloud Storage without creating IAM accounts. Permissions and expiration times can be configured to restrict access to specific operations, such as uploads or downloads. Signed URLs are auditable, scalable, and enforce least-privilege access. They automatically expire to prevent unauthorized access, ensuring security while allowing contractors to perform their tasks efficiently. Signed URLs are widely used in enterprise environments for granting temporary access to external collaborators.

D) Granting Owner permissions is excessive and insecure. Owners have full control over all project resources, which is unnecessary for temporary uploads and increases the risk of accidental or malicious resource modification.

The correct solution is signed URLs because they provide temporary, secure, auditable access with minimal operational overhead while protecting other resources. This ensures contractors can complete their tasks safely and efficiently.

Question 164

You need to monitor Compute Engine instances for CPU, memory, and disk usage and alert your operations team when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging captures logs for auditing and troubleshooting but does not provide real-time metrics or threshold-based alerts. Building alerting and monitoring pipelines using logs alone introduces latency, operational complexity, and delays in incident response.

B) Cloud Monitoring collects real-time metrics from Compute Engine instances, including CPU utilization, memory usage, and disk I/O. Alerting policies allow thresholds to be defined, and notifications can be sent to email, Slack, PagerDuty, or other channels. Dashboards provide visualization for trends and operational insights, enabling proactive incident response, capacity planning, and performance optimization. Integration with IAM ensures centralized and secure observability. Automated alerts minimize downtime, enhance operational efficiency, and allow teams to address potential issues before they impact users. Cloud Monitoring provides enterprise-grade observability, fault detection, and scalable monitoring for infrastructure workloads.

C) Cloud Trace is designed to monitor application latency and distributed request performance. It does not capture infrastructure metrics such as CPU, memory, or disk usage, making it unsuitable for system-level monitoring.

D) Cloud Storage notifications alert users to object changes in storage buckets. They are unrelated to Compute Engine metrics and cannot trigger threshold-based alerts.

The correct solution is Cloud Monitoring with alerting policies because it provides real-time metrics, dashboards, automated notifications, and operational insights. This ensures proactive management, reduces downtime, and improves reliability for Compute Engine instances.

Question 165

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion or corruption but does not provide resilience against regional failures. If the region becomes unavailable, the application experiences downtime until resources are restored in another region. This approach does not meet enterprise RTO or RPO requirements for mission-critical workloads.

B) Multi-region deployment with active-active instances ensures continuous availability across multiple regions. Traffic is routed via a global load balancer, and healthy instances in unaffected regions handle requests automatically during a regional outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployments meet enterprise RTO and RPO requirements, ensuring near-zero downtime. Cloud-native features such as health checks, global routing, and automated failover enhance operational reliability and business continuity. This design is ideal for mission-critical applications that require continuous availability and enterprise-grade disaster recovery capabilities.

C) Single-region deployment with snapshots allows recovery, but the restoration process in another region introduces downtime. Snapshots alone do not provide automated failover or high availability, making this architecture insufficient for mission-critical workloads.

D) Deploying all resources in a private VPC enhances security but does not provide cross-region redundancy. A regional failure would render all resources unavailable, making this approach unsuitable for disaster recovery.

The correct solution is multi-region deployment with active-active instances because it ensures redundancy, automated failover, near-zero downtime, and operational continuity. This approach aligns with cloud-native disaster recovery best practices, ensuring resilience, high availability, and business continuity for mission-critical workloads.

Question 166

You need to deploy a global web application that requires low latency for users worldwide and automatic scaling. Which Google Cloud service or architecture is most appropriate?

A) Single Compute Engine instance with autoscaling
B) App Engine Standard Environment with regional deployment
C) Global HTTP(S) Load Balancer with multi-region backend instances
D) Cloud Run deployed in a single region

Answer C) Global HTTP(S) Load Balancer with multi-region backend instances

Explanation

A) A single Compute Engine instance with autoscaling provides horizontal scaling within a single region. While autoscaling allows the VM to adjust based on CPU or memory utilization, it does not provide global distribution or low latency for users located far from the deployed region. Regional outages or network issues would cause downtime for all users, making this solution unsuitable for a global web application that requires high availability. Manual configuration of load balancing, failover, and traffic routing adds operational complexity and increases the risk of service disruption.

B) App Engine Standard Environment offers automatic scaling and abstracts underlying infrastructure management, including patching, monitoring, and load balancing. While it can scale in response to HTTP requests, regional deployment limits availability and performance for global users. Requests from distant users may experience higher latency. App Engine Standard Environment does not provide automatic global failover; additional configuration and replication would be needed for multi-region deployment. This approach increases operational overhead while still not achieving optimal global low-latency performance.

C) Global HTTP(S) Load Balancer with multi-region backend instances is the most appropriate architecture for globally distributed applications. It routes user traffic to the nearest healthy backend instances, reducing latency and improving the user experience. Multi-region deployment ensures resilience to regional outages, as traffic is automatically rerouted to other healthy regions. Auto-scaling across regions allows the system to adapt dynamically to changes in demand, ensuring availability and performance. Features such as SSL termination, health checks, and Cloud CDN integration further enhance security, reliability, and performance. This architecture is designed for enterprise-grade web applications requiring high availability, fault tolerance, and low-latency global performance.

D) Cloud Run deployed in a single region offers serverless scaling for containerized workloads but does not provide resilience to regional outages. Traffic from global users may experience high latency due to network distance from the deployed region. While Cloud Run reduces operational management for scaling, deploying in a single region does not meet the requirements for global availability and low latency. Multi-region deployment would be necessary, but it adds complexity for load balancing and failover that is automatically handled by a Global Load Balancer.

The correct solution is Global HTTP(S) Load Balancer with multi-region backend instances because it provides enterprise-grade scalability, fault tolerance, automated failover, low latency for global users, and operational efficiency. This ensures high availability and consistent user experience across the globe.

Question 167

You need to migrate a high-volume production PostgreSQL database to Cloud SQL with minimal downtime and ensure transactional consistency. Which approach is most appropriate?

A) Export to SQL dump and import
B) Database Migration Service (DMS) with continuous replication
C) Manual schema creation and ETL migration
D) Cloud Storage Transfer Service

Answer B) Database Migration Service (DMS) with continuous replication

Explanation

A) Exporting a PostgreSQL database to a SQL dump and importing it into Cloud SQL is only feasible for small databases with non-critical workloads. The export process captures a snapshot at a specific point in time, which means any transactions occurring after the export are not replicated. Large databases may require hours or days for migration, causing significant downtime. Additionally, data integrity is not guaranteed, making this unsuitable for production workloads that require transactional consistency.

B) Database Migration Service (DMS) with continuous replication is designed for enterprise-grade migrations with minimal downtime. DMS automates the initial data load and schema migration, followed by continuous replication of ongoing changes from the source database to the Cloud SQL target. This ensures that the target remains in sync with the source, allowing cutover with minimal disruption. Continuous replication maintains transactional consistency, ensuring no data is lost. DMS provides monitoring, validation, and rollback capabilities, reducing operational risk. This approach is ideal for high-volume, production PostgreSQL workloads that require near-zero downtime and enterprise-grade reliability during migration.

C) Manual schema creation and ETL migration is highly operationally complex and error-prone. Implementing continuous replication manually is difficult and increases the risk of data inconsistency, downtime, and lost transactions. This approach is not suitable for production workloads that require high availability.

D) Cloud Storage Transfer Service is designed for object storage transfers and does not provide database migration or transactional replication. Attempting to use it for PostgreSQL migration would require custom scripts and tools, making it inefficient, unreliable, and risky.

The correct solution is Database Migration Service with continuous replication because it provides minimal downtime, ensures transactional consistency, automates operational tasks, and offers enterprise-grade monitoring and failover capabilities. This allows production databases to migrate safely without impacting business operations.

Question 168

You need to provide temporary access for a contractor to download files from a Cloud Storage bucket securely. Which method is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is highly insecure and violates the principle of least privilege. It exposes all project resources, complicates auditing, revocation, and monitoring. Personal credentials are intended for individual use and should never be shared externally, especially with contractors. This approach creates unnecessary security risk.

B) Creating a service account with long-lived keys provides programmatic access but is unsuitable for temporary use. Managing key rotation, secure storage, and revocation adds operational complexity. For short-term access, this is an over-engineered and risky solution.

C) Signed URLs provide temporary, secure access to specific objects in Cloud Storage without requiring IAM accounts. Permissions and expiration times can be configured to restrict access to downloads for a defined period. Signed URLs enforce least-privilege access, are auditable, and automatically expire to prevent unauthorized use. Contractors can download files securely without gaining broader access to project resources. This approach is widely used for secure temporary access in enterprise environments.

D) Granting Owner permissions is excessive and insecure. Owners have full control over all project resources, which is unnecessary for downloading files. This introduces a high risk of accidental or malicious modification of critical resources and violates security best practices.

The correct solution is signed URLs because they provide temporary, secure, auditable access with minimal operational overhead. Contractors can perform the required downloads safely without compromising other resources.

Question 169

You need to monitor Compute Engine instances for CPU, memory, and disk usage and alert your operations team when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging captures logs for auditing and troubleshooting but does not provide infrastructure-level metrics or threshold-based alerts. Using logs alone requires additional processing, creating latency and operational complexity. This makes proactive monitoring difficult, as alerts cannot be triggered directly based on CPU, memory, or disk usage metrics.

B) Cloud Monitoring collects real-time metrics from Compute Engine instances, including CPU utilization, memory usage, and disk I/O. Alerting policies allow thresholds to be set, and notifications can be sent to email, Slack, PagerDuty, or other channels. Dashboards provide visualization of trends, enabling proactive incident response, capacity planning, and performance optimization. Integration with IAM ensures secure, centralized observability. Automated alerts minimize downtime, improve operational efficiency, and enable teams to address issues before end users are impacted. Cloud Monitoring provides scalable, enterprise-grade observability and fault detection for infrastructure workloads.

C) Cloud Trace monitors application latency and distributed request performance but does not capture infrastructure metrics such as CPU, memory, or disk usage. It is designed for debugging and optimizing applications, not system-level monitoring.

D) Cloud Storage notifications alert users to object changes in storage buckets. They are unrelated to Compute Engine metrics and cannot provide threshold-based alerts.

The correct solution is Cloud Monitoring with alerting policies because it provides real-time metrics, dashboards, automated notifications, and operational insights. This ensures proactive management, reduces downtime, and improves reliability for Compute Engine workloads.

Question 170

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion or corruption but does not provide resilience against regional failures. If the region becomes unavailable, the application experiences downtime until resources are restored in another region. This design does not meet enterprise RTO or RPO requirements for mission-critical workloads.

B) Multi-region deployment with active-active instances ensures continuous availability across multiple regions. Traffic is routed via a global load balancer, and healthy instances in unaffected regions automatically handle requests during a regional outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployments meet enterprise RTO and RPO requirements, ensuring near-zero downtime and operational continuity. Cloud-native features such as health checks, global routing, and automated failover enhance resilience, reliability, and business continuity. This design is ideal for mission-critical applications requiring continuous availability and enterprise-grade disaster recovery.

C) Single-region deployment with snapshots allows recovery, but restoring in another region introduces downtime. Snapshots alone do not provide automated failover or high availability, making this approach insufficient for mission-critical workloads.

D) Deploying resources in a private VPC enhances security but does not provide cross-region redundancy. A regional failure would render all resources unavailable, making this approach unsuitable for disaster recovery.

The correct solution is multi-region deployment with active-active instances because it ensures redundancy, automated failover, near-zero downtime, and operational continuity. This architecture aligns with cloud-native disaster recovery best practices, ensuring resilience, high availability, and business continuity for mission-critical workloads.

Question 171

You need to deploy a machine learning model that serves predictions at low latency for a web application. Which Google Cloud service is most appropriate?

A) AI Platform Prediction
B) Cloud Functions
C) Compute Engine with TensorFlow Serving
D) Cloud Storage

Answer A) AI Platform Prediction

Explanation

A) AI Platform Prediction is a fully managed service for deploying machine learning models. It supports online prediction with low latency and automatically scales to meet traffic demands. It integrates with TensorFlow, scikit-learn, XGBoost, and other common ML frameworks. It provides features such as versioning, traffic splitting, and monitoring for deployed models. Operational management, including scaling, model updates, and logging, is handled by the platform, making it ideal for serving predictions in production environments with minimal operational overhead.

B) Cloud Functions is a serverless platform that executes code in response to events. While it can be used to serve lightweight models for low-throughput requests, it is not optimized for high-performance ML inference. Cold starts, limited runtime, and resource constraints can result in higher latency, making it less suitable for production-level model serving with consistent low latency requirements.

C) Compute Engine with TensorFlow Serving provides full control over the environment, allowing deployment of custom models with high performance. However, it requires manual management of scaling, load balancing, security, and monitoring. Operational overhead is higher, and scaling to meet variable traffic requires careful configuration and additional infrastructure management, making it less suitable for rapid deployment and low-latency serving without significant operational effort.

D) Cloud Storage is designed for object storage and cannot serve predictions. While models can be stored in Cloud Storage, it does not provide inference capabilities, low latency, or integration for serving predictions to applications.

The correct solution is AI Platform Prediction because it provides fully managed model serving with low latency, automatic scaling, versioning, monitoring, and minimal operational overhead. It is ideal for production machine learning workloads requiring fast and reliable predictions.

Question 172

You need to ingest high-volume IoT sensor data and perform real-time analytics, transforming and storing results for reporting. Which combination of services is most appropriate?

A) Cloud Functions and Cloud Storage
B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery
C) Cloud Run and Cloud SQL
D) Compute Engine and Cloud Bigtable

Answer B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery

Explanation

A) Cloud Functions with Cloud Storage can handle event-driven tasks but is not optimized for high-throughput streaming analytics. Continuous ingestion, transformation, and real-time aggregation for IoT data at scale would be operationally complex. Cold starts and concurrency limits can introduce latency and inconsistency.

B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery provide a fully managed, scalable pipeline for real-time analytics. Pub/Sub handles reliable, high-throughput ingestion of streaming data. Dataflow provides real-time transformations, aggregations, and windowed computations with fault tolerance. BigQuery allows scalable storage and querying for reporting and dashboards. This combination ensures near real-time analytics, automated scaling, operational efficiency, and enterprise-grade reliability. Monitoring, logging, and checkpointing further improve operational observability and data integrity. This architecture is ideal for high-volume IoT analytics pipelines.

C) Cloud Run with Cloud SQL is suitable for containerized applications and transactional workloads. However, Cloud SQL is not designed for high-throughput streaming analytics. Using Cloud Run for IoT ingestion would require complex orchestration and failover strategies.

D) Compute Engine with Cloud Bigtable provides flexibility and high throughput, but operational overhead is high. Compute Engine instances must be managed, scaled, and monitored manually, while Bigtable provides storage without native real-time analytics capabilities.

The correct solution is Cloud Pub/Sub, Dataflow, and BigQuery because it enables scalable ingestion, real-time processing, analytics, and operational efficiency for IoT data pipelines.

Question 173

You need to provide temporary, secure access for a partner to upload files to a Cloud Storage bucket. Which approach is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is insecure and violates least-privilege principles. It exposes all project resources, makes auditing difficult, and increases operational risk.

B) Creating a service account with long-lived keys provides programmatic access but is unsuitable for temporary access. Managing key rotation and secure storage adds operational complexity and risk.

C) Signed URLs allow temporary, secure access to specific objects in Cloud Storage without requiring IAM accounts. They can restrict permissions (upload/download) and expiration times, enforce least-privilege access, are auditable, and automatically expire to prevent unauthorized use. This approach is widely used for temporary external collaboration while protecting other resources.

D) Granting Owner permissions is excessive and insecure. Owners have full control over all project resources, which is unnecessary for uploading files. It introduces risk of accidental or malicious modifications.

The correct solution is signed URLs because they provide temporary, secure, auditable access with minimal operational overhead, ensuring contractors can perform uploads safely.

Question 174

You need to monitor Compute Engine instances for CPU, memory, and disk usage and send alerts when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging captures logs but does not provide real-time metrics or threshold-based alerts. Using logs alone for monitoring is inefficient, introduces latency, and requires additional processing pipelines.

B) Cloud Monitoring provides real-time metrics from Compute Engine instances, including CPU, memory, and disk I/O. Alerting policies allow thresholds to be set, with notifications sent via email, Slack, PagerDuty, or other channels. Dashboards provide visual trends, enabling proactive incident response, capacity planning, and operational optimization. IAM integration ensures secure, centralized observability. Automated alerts minimize downtime, enhance operational efficiency, and allow teams to address issues before impacting users.

C) Cloud Trace is designed for monitoring application latency and distributed request performance. It does not capture infrastructure metrics, making it unsuitable for system monitoring.

D) Cloud Storage notifications alert users to changes in object storage. They are unrelated to Compute Engine metrics and cannot trigger alerts based on CPU, memory, or disk usage.

The correct solution is Cloud Monitoring with alerting policies because it provides real-time metrics, dashboards, automated alerts, and operational insights. This ensures proactive management, reduces downtime, and improves reliability.

Question 175

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion but cannot withstand regional outages. Downtime occurs until resources are restored in another region, failing to meet enterprise RTO and RPO requirements.

B) Multi-region deployment with active-active instances ensures continuous availability across regions. Traffic is routed via a global load balancer, and healthy instances in other regions handle requests automatically during an outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployment ensures near-zero downtime, operational continuity, and meets enterprise RTO/RPO requirements. Features like health checks, global routing, and automated failover enhance reliability and resilience, making this architecture ideal for mission-critical applications requiring enterprise-grade disaster recovery.

C) Single-region deployment with snapshots allows recovery but requires manual restoration in another region, introducing downtime. Snapshots alone do not provide automated failover or high availability.

D) Deploying resources in a private VPC enhances security but does not provide cross-region redundancy. A regional failure would render resources unavailable, making this approach unsuitable for disaster recovery.

The correct solution is multi-region deployment with active-active instances because it ensures redundancy, automated failover, near-zero downtime, and operational continuity. This aligns with cloud-native disaster recovery best practices and ensures business continuity for mission-critical workloads.

Question 176

You need to deploy a global web application that serves low-latency traffic to users worldwide and must remain available during regional outages. Which architecture is most appropriate?

A) Single Compute Engine instance with autoscaling
B) App Engine Standard Environment with regional deployment
C) Global HTTP(S) Load Balancer with multi-region backend instances
D) Cloud Run deployed in a single region

Answer C) Global HTTP(S) Load Balancer with multi-region backend instances

Explanation

A) A single Compute Engine instance with autoscaling can adjust its resources based on CPU or memory load. While this provides scaling within a single region, it does not provide global distribution. Users in distant regions would experience high latency, and a regional outage would render the application unavailable. Manual configuration of load balancing, failover, and traffic routing is required, increasing operational complexity and risk. This makes a single-instance approach unsuitable for a globally distributed, highly available web application.

B) App Engine Standard Environment offers automatic scaling and abstracts infrastructure management, including patching and monitoring. However, a regional deployment limits availability and performance for users outside the region. Requests from distant users may face high latency. Multi-region deployment requires additional configuration, replication, and operational oversight. This limits the ability to achieve near-zero downtime and low latency globally.

C) Global HTTP(S) Load Balancer with multi-region backend instances provides enterprise-grade, globally distributed deployment. The load balancer routes user traffic to the nearest healthy backend, reducing latency and improving user experience. Multi-region deployment ensures resilience to regional failures, automatically rerouting traffic to other available regions. Features such as SSL termination, health checks, Cloud CDN integration, and auto-scaling enhance security, performance, and reliability. This architecture ensures high availability, fault tolerance, low latency, and operational efficiency for a global web application.

D) Cloud Run deployed in a single region provides serverless containerized application deployment with automatic scaling. While operational overhead is reduced, this deployment does not provide global redundancy or resilience to regional outages. Traffic from users in other regions may experience higher latency, and the application would be unavailable during a regional outage. Multi-region deployment with Cloud Run is possible but requires additional configuration, whereas a Global Load Balancer handles routing and failover automatically.

The correct solution is a Global HTTP(S) Load Balancer with multi-region backend instances because it provides automated scaling, fault tolerance, high availability, low latency for global users, and minimal operational overhead. This ensures a reliable user experience and enterprise-grade performance.

Question 177

You need to migrate a production MySQL database to Cloud SQL with minimal downtime while maintaining transactional consistency. Which approach is most appropriate?

A) Export to SQL dump and import
B) Database Migration Service (DMS) with continuous replication
C) Manual schema creation and ETL migration
D) Cloud Storage Transfer Service

Answer B) Database Migration Service (DMS) with continuous replication

Explanation

A) Exporting a MySQL database to a SQL dump and importing it into Cloud SQL is feasible for small, non-critical workloads. However, this approach causes significant downtime in production, and any changes made after the export are lost. For large databases, the export/import process can take hours or days, increasing downtime and operational risk. Data integrity and transactional consistency are not guaranteed, making this method unsuitable for production workloads requiring near-zero downtime.

B) Database Migration Service (DMS) with continuous replication is designed for enterprise-grade migrations. It automates initial schema migration and data load while continuously replicating ongoing changes to the Cloud SQL target. This ensures the target remains synchronized with the source database during migration, maintaining transactional consistency. Continuous replication allows cutover with minimal disruption, reducing operational risk. DMS includes monitoring, validation, and rollback options, providing enterprise-level reliability. For production MySQL workloads, DMS offers automated migration, near-zero downtime, and operational assurance.

C) Manual schema creation and ETL migration is operationally complex and error-prone. Implementing continuous replication manually is difficult, increasing the risk of data inconsistency, downtime, and lost transactions. This approach is not suitable for production workloads.

D) Cloud Storage Transfer Service is intended for object storage transfers and cannot handle database migrations. Attempting to use it for MySQL migration would require custom scripts and additional infrastructure, making the process inefficient and risky.

The correct solution is Database Migration Service with continuous replication because it ensures minimal downtime, transactional consistency, automated migration, and operational reliability for production MySQL databases.

Question 178

You need to provide temporary access for a contractor to upload files to a Cloud Storage bucket securely. Which method is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is highly insecure and violates the principle of least privilege. It exposes all project resources, complicates auditing, monitoring, and revocation. Personal credentials are intended for individual use and should never be shared with external parties.

B) Creating a service account with long-lived keys provides programmatic access but is unsuitable for temporary access. Key rotation, secure storage, and revocation introduce operational complexity and risk.

C) Signed URLs provide temporary, secure access to specific objects in Cloud Storage without creating IAM accounts. Permissions and expiration times can be configured to allow uploads while enforcing least-privilege access. Signed URLs automatically expire, preventing unauthorized access. This approach is widely used for secure temporary access in enterprise environments and ensures that contractors can perform their tasks without risking other project resources.

D) Granting Owner permissions is excessive and insecure. Owners have full control over all project resources, which is unnecessary for uploading files. This introduces high operational and security risk.

The correct solution is signed URLs because they provide temporary, secure, auditable access with minimal operational overhead. Contractors can complete uploads safely without compromising other resources.

Question 179

You need to monitor Compute Engine instances for CPU, memory, and disk usage and alert your operations team when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging collects logs for auditing and troubleshooting but does not provide real-time metrics or threshold-based alerts. Using logs alone requires additional processing pipelines and introduces latency, making it inefficient for proactive monitoring of system performance.

B) Cloud Monitoring provides real-time metrics for Compute Engine instances, including CPU utilization, memory usage, and disk I/O. Alerting policies allow thresholds to be defined, and notifications can be sent via email, Slack, PagerDuty, or other channels. Dashboards provide visualization for trends and operational insights. IAM integration ensures secure and centralized observability. Automated alerts allow teams to address potential issues proactively, reducing downtime and improving operational efficiency. Cloud Monitoring provides scalable, enterprise-grade observability and fault detection for infrastructure workloads.

C) Cloud Trace is designed for monitoring application latency and distributed request performance. It does not capture infrastructure metrics such as CPU, memory, or disk usage, making it unsuitable for system monitoring.

D) Cloud Storage notifications alert users to changes in storage objects and are unrelated to Compute Engine metrics. They cannot provide threshold-based alerts or operational monitoring for infrastructure.

The correct solution is Cloud Monitoring with alerting policies because it provides real-time metrics, dashboards, automated notifications, and operational insights, enabling proactive management and improved reliability.

Question 180

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion or corruption but does not provide resilience against regional failures. In the event of a regional outage, downtime occurs until resources are restored in another region. This approach does not meet enterprise RTO or RPO requirements for mission-critical workloads.

B) Multi-region deployment with active-active instances ensures continuous availability across multiple regions. Traffic is routed via a global load balancer, and healthy instances in unaffected regions automatically handle requests during a regional outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployment ensures near-zero downtime and operational continuity. Features such as health checks, global routing, and automated failover enhance reliability, resilience, and business continuity. This design is ideal for mission-critical applications that require enterprise-grade disaster recovery.

C) Single-region deployment with snapshots allows recovery, but restoration in another region introduces downtime. Snapshots alone do not provide automated failover or high availability, making this approach insufficient for mission-critical workloads.

D) Deploying resources in a private VPC enhances security but does not provide cross-region redundancy. A regional failure would render resources unavailable, making this approach unsuitable for disaster recovery.

The correct solution is multi-region deployment with active-active instances because it provides redundancy, automated failover, near-zero downtime, and operational continuity. This aligns with cloud-native disaster recovery best practices and ensures business continuity for mission-critical workloads.