Google Associate Cloud Engineer Exam Dumps and Practice Test Questions Set 7 Q 121- 140

Practice Exams:

View All

Google Associate Cloud Engineer Exam Dumps and Practice Test Questions Set 7 Q 121- 140

Visit here for our full Google Associate Cloud Engineer exam dumps and practice test questions.

Question 121

You need to deploy a web application that requires automatic scaling based on HTTP traffic and supports custom container images with minimal operational overhead. Which Google Cloud service is most appropriate?

A) Compute Engine with managed instance groups
B) App Engine Standard Environment
C) Cloud Run
D) Kubernetes Engine (GKE)

Answer C) Cloud Run

Explanation

A) Compute Engine with managed instance groups allows horizontal scaling of VM instances based on metrics like CPU or load. Although it can achieve high availability, each VM must be managed manually, including OS patching, container runtime setup, and deployment management. Scaling based on HTTP requests requires custom configuration. Rolling updates must be carefully orchestrated to avoid downtime. For stateless containerized applications, this solution introduces unnecessary operational complexity compared to serverless platforms.

B) App Engine Standard Environment automatically scales applications based on HTTP request volume and abstracts infrastructure management. While this reduces operational overhead, it has limitations for custom container images and non-standard runtimes. This makes it less suitable for modern containerized workloads requiring flexibility.

C) Cloud Run is a fully managed, serverless container platform optimized for stateless workloads. It automatically scales based on incoming HTTP requests, including scaling to zero when no traffic is present. Cloud Run supports custom container images, zero-downtime deployments with traffic splitting, and integrates seamlessly with IAM for security. Operational overhead is minimal because infrastructure management, patching, and load balancing are fully abstracted. Cloud Run is ideal for web applications requiring fast deployment, elastic scaling, and high availability with minimal administrative effort.

D) Kubernetes Engine (GKE) provides container orchestration with autoscaling, rolling updates, and self-healing. While highly flexible and suitable for complex microservices architectures, it introduces operational complexity because clusters, nodes, networking, and monitoring must be managed. For simple web applications needing HTTP-driven scaling, GKE is overkill compared to Cloud Run.

The correct solution is Cloud Run because it delivers fully managed scaling, minimal operational overhead, high availability, and support for containerized workloads. Cloud Run provides the ideal balance of simplicity, flexibility, and reliability for stateless web applications.

Question 122

You need to implement a real-time analytics pipeline for IoT sensor data, performing transformations, filtering, and storing results for reporting. Which combination of Google Cloud services is most appropriate?

A) Cloud Functions and Cloud Storage
B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery
C) Cloud Run and Cloud SQL
D) Compute Engine and Cloud Bigtable

Answer B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery

Explanation

A) Cloud Functions with Cloud Storage can handle event-driven workloads triggered by file uploads. While serverless and scalable, this combination is not optimized for high-throughput, real-time analytics. Complex transformations, aggregations, and windowed computations are difficult to implement. Cold starts can introduce latency, and continuous scaling for high-frequency IoT data is challenging.

B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery provide a fully managed, serverless real-time analytics solution. Pub/Sub ensures scalable and reliable ingestion of IoT events with at-least-once delivery. Dataflow enables real-time transformations, filtering, aggregations, and windowed computations. BigQuery provides scalable storage and query capabilities for analytics and reporting. This architecture is fault-tolerant, scalable, and provides near real-time insights. Built-in monitoring, logging, IAM integration, checkpointing, and retries ensure operational visibility and data integrity. This combination minimizes operational overhead while supporting enterprise-grade IoT pipelines.

C) Cloud Run and Cloud SQL can manage containerized workloads and relational storage. Cloud SQL, however, is not optimized for high-throughput streaming analytics. Using it for continuous IoT streams may result in latency and performance bottlenecks.

D) Compute Engine and Cloud Bigtable can handle high-throughput workloads. Compute Engine requires manual orchestration, scaling, and monitoring. Cloud Bigtable is excellent for time-series data but lacks native analytics capabilities, making it operationally complex and less suitable than the serverless Pub/Sub, Dataflow, and BigQuery architecture.

The correct solution is Pub/Sub, Dataflow, and BigQuery because it enables scalable ingestion, real-time transformation, and storage for analytics with minimal operational overhead, fault tolerance, and enterprise-grade reliability.

Question 123

You need to provide temporary secure access for a third-party contractor to upload files to a Cloud Storage bucket. Which method is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is highly insecure and violates least-privilege principles. It exposes all project resources and makes auditing, revocation, and monitoring difficult. This approach is not acceptable in enterprise environments.

B) Creating a service account with long-lived keys provides programmatic access but is unsuitable for temporary access. Long-lived keys require secure management, rotation, and monitoring. Sharing keys introduces operational risk and administrative complexity.

C) Signed URLs allow temporary, secure access to specific objects in Cloud Storage without creating IAM accounts. Permissions and expiration times can be set to limit access scope and duration. Signed URLs are auditable, scalable, and operationally efficient. They enforce least-privilege access and reduce security risks. Contractors can perform their tasks safely, and access automatically expires, preventing unauthorized use.

D) Granting Owner permissions is excessive and insecure. Owners have full control over all project resources, which is unnecessary for temporary uploads. This violates security best practices and increases operational risk.

The correct solution is signed URLs because they provide temporary, secure, auditable access with minimal operational overhead. This ensures contractors can safely perform required tasks without compromising other resources.

Question 124

You need to monitor Compute Engine instances for CPU, memory, and disk usage and alert your operations team when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging captures logs for auditing and troubleshooting but does not provide real-time system metrics or threshold-based alerts. Using logs alone for monitoring requires additional pipelines and increases operational complexity, making proactive incident response difficult.

B) Cloud Monitoring collects real-time metrics from Compute Engine instances, including CPU, memory, and disk I/O. Alerting policies allow thresholds to be defined, and notifications can be sent via email, Slack, PagerDuty, or other channels. Dashboards provide trend visualization and operational insights, enabling proactive incident response, capacity planning, and performance optimization. Integration with IAM and logging ensures centralized observability. Automated alerts reduce downtime, improve operational efficiency, and allow corrective action before issues affect users. Cloud Monitoring supports enterprise-grade monitoring across infrastructure workloads.

C) Cloud Trace monitors application latency and distributed request performance. While valuable for debugging and optimization, it does not monitor infrastructure metrics such as CPU, memory, or disk usage, making it unsuitable for system monitoring.

D) Cloud Storage notifications alert users to object changes in storage buckets. They are unrelated to Compute Engine metrics and cannot trigger threshold-based alerts.

The correct solution is Cloud Monitoring with alerting policies because it provides real-time metrics, automated notifications, dashboards, and operational insights. This enables proactive response, minimizes downtime, and ensures high availability for Compute Engine workloads.

Question 125

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion or corruption but does not provide resilience against regional failures. If the region fails, downtime occurs until resources are restored elsewhere. This does not meet near-zero recovery time objectives (RTO) or recovery point objectives (RPO) required for mission-critical workloads.

B) Multi-region deployment with active-active instances ensures continuous availability across multiple regions. Traffic is distributed using a global load balancer, and healthy instances in unaffected regions automatically handle requests during a regional outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployments meet enterprise RTO and RPO requirements, ensuring near-zero downtime and operational continuity. Cloud-native features like health checks, global routing, and automated failover enhance resilience, reliability, and business continuity. This solution is ideal for mission-critical applications requiring continuous availability and operational resilience.

C) Single-region deployment with snapshots allows recovery but requires manual restoration in another region, introducing downtime. Snapshots alone do not provide automated failover or high availability.

D) Deploying resources in a private VPC improves security but does not provide cross-region redundancy. A regional failure would render all resources unavailable, making this approach insufficient for disaster recovery.

The correct solution is multi-region deployment with active-active instances because it ensures redundancy, automated failover, near-zero downtime, and operational continuity. This design aligns with cloud-native disaster recovery best practices, ensuring resilience, high availability, and business continuity for mission-critical workloads.

Question 126

You need to deploy a stateless API service that automatically scales based on HTTP requests and requires minimal operational management. Which Google Cloud service is most appropriate?

A) Compute Engine with managed instance groups
B) App Engine Standard Environment
C) Cloud Run
D) Kubernetes Engine (GKE)

Answer C) Cloud Run

Explanation

A) Compute Engine with managed instance groups enables horizontal scaling of virtual machines based on CPU or load metrics. However, each VM requires patching, container runtime management, and operational oversight. Scaling based on HTTP traffic is indirect and requires additional configuration. Rolling updates need manual orchestration to prevent downtime. For stateless API services, this approach introduces significant operational complexity compared to serverless solutions.

B) App Engine Standard Environment provides automatic scaling based on HTTP traffic and abstracts infrastructure management. While operational overhead is reduced, App Engine Standard has limitations for custom container images and specialized runtimes, making it less flexible for modern containerized APIs.

C) Cloud Run is a fully managed, serverless platform optimized for stateless workloads. It scales automatically in response to HTTP requests, including scaling down to zero during idle periods, which minimizes cost. Cloud Run supports custom container images, zero-downtime deployments, and integrates with IAM for secure access. Operational management is minimal because the platform handles infrastructure, patching, and load balancing. Cloud Run is ideal for stateless API services requiring rapid deployment, elastic scaling, and high availability with minimal operational overhead.

D) Kubernetes Engine (GKE) provides container orchestration with features like autoscaling, rolling updates, and self-healing. While highly flexible and suitable for complex microservices architectures, it introduces operational complexity because clusters, nodes, networking, and monitoring must be managed. For simple stateless APIs requiring HTTP-driven scaling, GKE is more complex and cost-inefficient than Cloud Run.

The correct solution is Cloud Run because it delivers fully managed scaling, minimal operational overhead, high availability, and support for containerized workloads. It balances simplicity, flexibility, and reliability for stateless API services.

Question 127

You need to implement a streaming analytics pipeline for IoT sensor data, performing real-time transformations and storing results for reporting. Which combination of Google Cloud services is most appropriate?

A) Cloud Functions and Cloud Storage
B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery
C) Cloud Run and Cloud SQL
D) Compute Engine and Cloud Bigtable

Answer B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery

Explanation

A) Cloud Functions with Cloud Storage handles event-driven workloads triggered by file uploads but is not optimized for high-throughput streaming analytics. Implementing transformations, aggregations, and windowed computations is complex. Cold starts may add latency, and continuous scaling for frequent IoT events can be challenging.

B) Cloud Pub/Sub, Cloud Dataflow, and BigQuery provide a fully managed, serverless streaming analytics solution. Pub/Sub supports scalable ingestion of IoT events with at-least-once delivery guarantees. Dataflow handles real-time transformations, filtering, aggregations, and windowed computations. BigQuery allows scalable storage and querying of processed data for analytics and reporting. The architecture is fault-tolerant, near real-time, and operationally efficient. Monitoring, logging, IAM integration, checkpointing, and retries ensure data integrity and visibility. This combination minimizes operational overhead while supporting enterprise-grade IoT pipelines.

C) Cloud Run and Cloud SQL can process containerized workloads and store relational data, but Cloud SQL is not optimized for high-throughput streaming analytics. Using it for continuous streams may introduce latency and performance bottlenecks.

D) Compute Engine with Cloud Bigtable provides high throughput and flexibility. Compute Engine requires manual orchestration, scaling, and monitoring. Cloud Bigtable excels at time-series data but lacks built-in analytics capabilities. Operational complexity is higher compared to the fully managed Pub/Sub, Dataflow, and BigQuery solution.

The correct solution is Pub/Sub, Dataflow, and BigQuery because it enables scalable ingestion, real-time transformation, and analytics with minimal operational overhead, high reliability, and enterprise-grade performance.

Question 128

You need to provide temporary secure access for a third-party contractor to upload files to a Cloud Storage bucket. Which method is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is insecure and violates the principle of least privilege. It exposes all project resources and complicates auditing, revocation, and monitoring. This is unacceptable for enterprise environments.

C) Signed URLs provide temporary, secure access to specific objects in Cloud Storage without creating IAM accounts. Permissions and expiration times can be configured to limit access scope and duration. Signed URLs are auditable, scalable, and operationally efficient. They enforce least-privilege access and reduce risk. Contractors can perform their tasks safely, and access automatically expires to prevent misuse.

The correct solution is signed URLs because they provide temporary, secure, auditable access with minimal operational overhead. This allows contractors to complete their tasks safely without compromising other resources.

Question 129

You need to monitor Compute Engine instances for CPU, memory, and disk usage and alert your operations team when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging captures logs for auditing and troubleshooting but does not provide real-time system metrics or threshold-based alerts. Using logs for monitoring requires additional pipelines, which adds operational complexity and latency, making proactive incident response difficult.

B) Cloud Monitoring collects real-time metrics from Compute Engine instances, including CPU, memory, and disk I/O. Alerting policies allow thresholds to be defined, and notifications can be sent via email, Slack, PagerDuty, or other channels. Dashboards provide trend visualization and operational insights, enabling proactive incident response, capacity planning, and performance optimization. Integration with IAM and logging ensures centralized observability. Automated alerts reduce downtime and improve operational efficiency, allowing teams to address issues before users are impacted. This service provides enterprise-grade monitoring and ensures consistent observability across infrastructure workloads.

C) Cloud Trace monitors application latency and distributed request performance. While useful for debugging, it does not capture infrastructure metrics like CPU, memory, or disk usage, making it unsuitable for system monitoring.

D) Cloud Storage notifications alert users to object changes in storage buckets. They are unrelated to Compute Engine metrics and cannot trigger threshold-based alerts.

The correct solution is Cloud Monitoring with alerting policies because it provides real-time metrics, dashboards, automated notifications, and operational insights. This enables proactive response, minimizes downtime, and ensures high availability for Compute Engine workloads.

Question 130

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion or corruption but does not provide resilience against regional failures. If the region fails, downtime occurs until resources are restored elsewhere. This approach does not meet near-zero recovery time objectives (RTO) or recovery point objectives (RPO) required for mission-critical workloads.

B) Multi-region deployment with active-active instances ensures continuous availability across multiple regions. Traffic is distributed using a global load balancer, and healthy instances in unaffected regions automatically handle requests during a regional outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployments meet enterprise RTO and RPO requirements, ensuring near-zero downtime and operational continuity. Cloud-native features such as health checks, global routing, and automated failover enhance resilience, reliability, and business continuity. This solution is ideal for mission-critical applications requiring continuous availability and enterprise-grade disaster recovery.

Question 131

You need to deploy a multi-service containerized application that requires automatic scaling, secure inter-service communication, and minimal operational overhead. Which Google Cloud service is most appropriate?

A) Compute Engine with managed instance groups
B) App Engine Standard Environment
C) Kubernetes Engine (GKE) with Istio
D) Cloud Run

Answer C) Kubernetes Engine (GKE) with Istio

Explanation

A) Compute Engine with managed instance groups allows horizontal scaling of VMs based on metrics such as CPU utilization. However, deploying multi-service containerized applications requires manual orchestration, networking setup, security configuration, and rolling updates. Managing service-to-service communication securely adds operational complexity. This approach increases maintenance overhead compared to managed orchestration solutions.

B) App Engine Standard Environment automatically scales based on incoming HTTP traffic and abstracts infrastructure management. While it reduces operational overhead, it has limitations for multi-service applications and custom containers. App Engine Standard lacks advanced routing, service-to-service security, and full observability needed for complex microservices architectures.

C) Kubernetes Engine (GKE) with Istio provides enterprise-grade orchestration and service mesh capabilities. GKE handles container orchestration, horizontal pod autoscaling, rolling updates, self-healing, and monitoring. Istio provides secure service-to-service communication using mutual TLS, traffic routing, retries, and observability. This combination minimizes operational overhead while providing flexibility, security, and high availability. Monitoring, logging, policy enforcement, and load balancing are integrated, ensuring enterprise-grade reliability. For multi-service containerized applications, GKE with Istio is the most suitable solution.

D) Cloud Run is fully managed and serverless, providing automatic scaling for stateless workloads. While it supports containerized services, it lacks native orchestration and advanced inter-service communication features. Implementing secure, complex multi-service architectures with Cloud Run requires additional configuration and external tools, making it less efficient than GKE with Istio.

The correct solution is Kubernetes Engine with Istio because it provides automated orchestration, secure inter-service communication, rolling updates, observability, and operational efficiency, making it ideal for enterprise microservices architectures.

Question 132

You need to migrate a production PostgreSQL database to Cloud SQL with minimal downtime and continuous replication. Which approach is most appropriate?

A) Export to SQL dump and import
B) Database Migration Service (DMS) with continuous replication
C) Manual schema creation and data copy
D) Cloud Storage Transfer Service

Answer B) Database Migration Service (DMS) with continuous replication

Explanation

A) Exporting a PostgreSQL database to a SQL dump and importing it into Cloud SQL is suitable for small, non-critical databases. However, it introduces downtime because writes to the source database are not captured during export. Large databases may require hours or days to migrate, resulting in unacceptable downtime for production workloads.

B) Database Migration Service (DMS) with continuous replication is designed for enterprise database migrations with minimal downtime. DMS automates initial data migration, schema conversion, and continuous replication of ongoing changes. This ensures the target Cloud SQL instance remains synchronized with the source database while the application remains online. Monitoring, logging, and automated cutover reduce operational risk. Continuous replication guarantees data consistency and near-zero downtime, making this approach ideal for production environments requiring high availability during migration.

C) Manual schema creation and data copy is error-prone, time-consuming, and introduces operational risk. Synchronizing ongoing changes requires custom scripts and continuous monitoring, making it impractical for production migrations with minimal downtime.

D) Cloud Storage Transfer Service is designed for moving objects between storage systems, not relational database migration. It lacks schema conversion, replication, and near-real-time synchronization, making it unsuitable for migrating PostgreSQL to Cloud SQL.

The correct solution is DMS with continuous replication because it ensures minimal downtime, data consistency, automation, and enterprise-grade reliability. This approach allows seamless migration while maintaining business continuity.

Question 133

You need to provide temporary secure access for a contractor to upload files to a Cloud Storage bucket. Which method is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is highly insecure, violates least-privilege principles, and exposes all project resources. Auditing, revocation, and monitoring are difficult, making it unsuitable for enterprise environments.

B) Creating a service account with long-lived keys provides programmatic access but is unsuitable for temporary access. Managing key rotation and secure storage increases operational risk, especially for contractors needing short-term access.

C) Signed URLs provide temporary, secure access to specific objects in Cloud Storage without creating IAM accounts. Permissions and expiration times can be configured to restrict access scope and duration. Signed URLs are auditable, scalable, and operationally efficient. They enforce least-privilege access, reduce security risk, and automatically expire to prevent unauthorized access. Contractors can complete tasks safely without compromising other resources.

D) Granting Owner permissions is excessive and insecure. Owners have full control over all project resources, which is unnecessary for temporary uploads and violates security best practices.

Question 134

You need to monitor Compute Engine instances for CPU, memory, and disk usage and alert your operations team when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging collects logs for auditing and troubleshooting but does not provide real-time metrics or threshold-based alerts. Using logs alone for monitoring requires additional pipelines, increasing latency and operational complexity, which is not suitable for proactive incident response.

B) Cloud Monitoring collects real-time metrics from Compute Engine instances, including CPU, memory, and disk I/O. Alerting policies allow threshold-based notifications via email, Slack, PagerDuty, or other channels. Dashboards provide trend visualization and operational insights, enabling proactive incident response, capacity planning, and performance optimization. Integration with IAM and logging ensures centralized observability. Automated alerts reduce downtime, improve operational efficiency, and allow teams to act before users are impacted. Cloud Monitoring is enterprise-grade and ensures consistent monitoring across infrastructure workloads.

C) Cloud Trace monitors application latency and distributed request performance. While useful for debugging and optimization, it does not capture infrastructure metrics like CPU, memory, or disk usage, making it unsuitable for system monitoring.

D) Cloud Storage notifications alert users to object changes in storage buckets. They are unrelated to Compute Engine instance metrics and cannot trigger threshold-based alerts.

Question 135

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion or corruption but does not provide resilience against regional failures. If the region becomes unavailable, downtime occurs until resources are restored elsewhere. This does not meet near-zero recovery time objectives (RTO) or recovery point objectives (RPO) required for mission-critical workloads.

B) Multi-region deployment with active-active instances ensures continuous availability across multiple regions. Traffic is routed using a global load balancer, and healthy instances in unaffected regions automatically handle requests during a regional outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployments meet enterprise RTO and RPO requirements, ensuring near-zero downtime and operational continuity. Cloud-native features like health checks, global routing, and automated failover enhance resilience, reliability, and business continuity. This solution is ideal for mission-critical applications requiring continuous availability and enterprise-grade disaster recovery.

D) Deploying resources in a private VPC enhances security but does not provide cross-region redundancy. A regional failure would render all resources unavailable, making this approach insufficient for disaster recovery.

The correct solution is multi-region deployment with active-active instances because it ensures redundancy, automated failover, near-zero downtime, and operational continuity. This architecture aligns with cloud-native disaster recovery best practices, ensuring resilience, high availability, and business continuity for mission-critical workloads.

Question 136

You need to deploy a containerized microservices application that requires automatic scaling, rolling updates, and secure communication between services. Which Google Cloud solution is most appropriate?

A) Compute Engine with managed instance groups
B) App Engine Standard Environment
C) Kubernetes Engine (GKE) with Istio
D) Cloud Run

Answer C) Kubernetes Engine (GKE) with Istio

Explanation

A) Compute Engine with managed instance groups allows horizontal scaling of virtual machines based on metrics such as CPU or memory usage. While it can scale instances, it does not provide container orchestration, rolling updates, or secure inter-service communication natively. Each microservice must be managed manually, which introduces operational overhead and increases the risk of misconfiguration. Implementing automated updates, traffic routing, and security policies requires additional scripts or third-party tools, making this solution less ideal for modern containerized microservices.

B) App Engine Standard Environment automatically scales applications based on HTTP traffic and abstracts infrastructure management. However, it has limitations for multi-service containerized applications and custom runtime environments. It lacks advanced features such as rolling updates across multiple services and fine-grained service-to-service security. App Engine is more suitable for single-service web applications rather than complex microservices architectures requiring inter-service communication and enterprise-grade orchestration.

C) Kubernetes Engine (GKE) with Istio is the most suitable solution for this scenario. GKE provides robust container orchestration with features such as horizontal pod autoscaling, rolling updates, self-healing, and declarative deployments. Istio, as a service mesh, provides secure service-to-service communication using mutual TLS, fine-grained traffic management, retries, circuit breaking, and observability. Together, GKE and Istio offer a complete solution for deploying multi-service applications with minimal downtime, strong security, and efficient operational management. Monitoring, logging, and automated policy enforcement are built-in, making this the optimal solution for enterprise-grade microservices deployments.

D) Cloud Run is a fully managed, serverless platform for stateless containers. While it automatically scales based on HTTP traffic, it lacks native orchestration for multiple interdependent services and does not provide a service mesh for secure inter-service communication. Implementing secure communication and orchestration across multiple Cloud Run services requires custom solutions, which introduces complexity and operational risk.

The correct solution is Kubernetes Engine with Istio because it provides automated orchestration, secure inter-service communication, rolling updates, observability, and minimal operational overhead, making it ideal for containerized microservices in production environments.

Question 137

You need to migrate a production MySQL database to Cloud SQL with minimal downtime and ensure continuous replication of data during migration. Which approach is most appropriate?

A) Export to SQL dump and import
B) Database Migration Service (DMS) with continuous replication
C) Manual schema creation and data copy
D) Cloud Storage Transfer Service

Answer B) Database Migration Service (DMS) with continuous replication

Explanation

A) Exporting a MySQL database to a SQL dump and importing it into Cloud SQL may work for small, non-critical databases. However, this approach introduces downtime because changes made after the export are not captured. Large databases may require significant time to migrate, and the application may experience extended downtime, making this approach unsuitable for production workloads.

B) Database Migration Service (DMS) with continuous replication is designed for production migrations with minimal downtime. DMS automates initial schema migration, data migration, and continuous replication of ongoing changes. This ensures that the Cloud SQL target remains synchronized with the source database while the application continues to operate. DMS provides monitoring, logging, and automated cutover to minimize operational risk. Continuous replication guarantees data consistency and enables near-zero downtime migration, making it ideal for enterprise environments.

C) Manual schema creation and data copy is error-prone, time-consuming, and operationally complex. Synchronizing ongoing changes manually introduces the risk of data loss or inconsistency and is not suitable for production environments requiring high availability.

D) Cloud Storage Transfer Service is designed to transfer objects between storage systems. It does not provide database migration, schema conversion, or continuous replication capabilities, making it unsuitable for MySQL to Cloud SQL migration.

The correct solution is DMS with continuous replication because it ensures minimal downtime, maintains data integrity, and provides automated, enterprise-grade migration capabilities, enabling seamless migration of production databases.

Question 138

You need to provide temporary, secure access to a third-party contractor to upload files to a Cloud Storage bucket. Which method is most appropriate?

A) Share personal credentials
B) Create a service account with long-lived keys
C) Use signed URLs
D) Grant Owner permissions

Answer C) Use signed URLs

Explanation

A) Sharing personal credentials is highly insecure and violates the principle of least privilege. It exposes all project resources, complicates auditing and revocation, and increases security risk. This approach is unsuitable for enterprise environments.

B) Creating a service account with long-lived keys provides programmatic access but is not ideal for temporary access. Managing key rotation, storage, and revocation increases operational complexity and introduces security risks, especially for short-term contractor access.

C) Signed URLs provide temporary, secure access to specific objects in Cloud Storage without creating IAM accounts. Permissions and expiration times can be set to restrict access scope and duration. Signed URLs are auditable, scalable, and operationally efficient. They enforce least-privilege access, reduce security risk, and automatically expire to prevent unauthorized use. This approach allows contractors to safely perform uploads without compromising other resources or security.

D) Granting Owner permissions is excessive and insecure. Owners have full control over all project resources, which is unnecessary for temporary file uploads and violates security best practices.

The correct solution is signed URLs because they provide temporary, secure, auditable access with minimal operational overhead. This ensures contractors can safely complete tasks without compromising security or other resources.

Question 139

You need to monitor Compute Engine instances for CPU, memory, and disk usage and alert your operations team when thresholds are exceeded. Which service is most appropriate?

A) Cloud Logging
B) Cloud Monitoring with alerting policies
C) Cloud Trace
D) Cloud Storage notifications

Answer B) Cloud Monitoring with alerting policies

Explanation

A) Cloud Logging collects logs for auditing and troubleshooting but does not provide real-time metrics or threshold-based alerts. Using logs alone requires additional pipelines, increasing latency and operational complexity, making proactive incident response difficult.

B) Cloud Monitoring collects real-time metrics from Compute Engine instances, including CPU utilization, memory, and disk I/O. Alerting policies allow thresholds to be set, and notifications can be sent via email, Slack, PagerDuty, or other channels. Dashboards provide trend visualization and operational insights, enabling proactive incident response, capacity planning, and performance optimization. Integration with IAM and logging ensures centralized observability. Automated alerts reduce downtime, improve operational efficiency, and allow teams to respond before users are impacted. Cloud Monitoring is enterprise-grade and ensures consistent monitoring across infrastructure workloads.

C) Cloud Trace monitors application latency and distributed request performance. While valuable for debugging and optimization, it does not capture infrastructure metrics like CPU, memory, or disk usage, making it unsuitable for system monitoring.

D) Cloud Storage notifications alert users to object changes in storage buckets. They are unrelated to Compute Engine metrics and cannot trigger threshold-based alerts.

Question 140

You need to design a disaster recovery solution for a mission-critical application that must remain available during a regional outage. Which architecture is most appropriate?

A) Single-region deployment with automated backups
B) Multi-region deployment with active-active instances
C) Single-region deployment with snapshots
D) Deploy all resources in a private VPC

Answer B) Multi-region deployment with active-active instances

Explanation

A) Single-region deployment with automated backups protects against accidental deletion or corruption but does not provide resilience against regional failures. If the region becomes unavailable, downtime occurs until resources are restored elsewhere. This does not meet near-zero recovery time objectives (RTO) or recovery point objectives (RPO) required for mission-critical workloads.

B) Multi-region deployment with active-active instances ensures continuous availability across multiple regions. Traffic is routed via a global load balancer, and healthy instances in unaffected regions handle requests automatically during a regional outage. This architecture provides automated failover, high availability, fault tolerance, and scalability. Active-active deployments meet enterprise RTO and RPO requirements, ensuring near-zero downtime and operational continuity. Cloud-native features like health checks, global routing, and automated failover enhance resilience, reliability, and business continuity. This architecture is ideal for mission-critical applications requiring continuous availability and enterprise-grade disaster recovery.

Related posts: