Google Associate Cloud Engineer Practice Test Questions, Exam Dumps

Practice Exams:

View All

Associate Cloud Engineer Google Practice Test Questions and Exam Dumps

Question No 1:

Your company’s operational team is responsible for managing a large number of instances on Google Cloud Compute Engine, and each member needs administrative access to these servers. Every employee already has a Google account. The security team wants to ensure that the deployment of credentials is both operationally efficient and secure, with the ability to track who accessed each instance.

What is the best approach to meet these requirements?

A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.
D. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Answer:

C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.

Explanation:

In a cloud environment like Google Cloud, managing access to virtual machines (VMs) securely and efficiently is essential. The use of SSH keys for authentication is a standard and secure method of ensuring that only authorized users can access your Compute Engine instances.

Option C is the best solution because it leverages Google Cloud Identity and Access Management (IAM) combined with SSH key management to meet both security and operational efficiency requirements.

Adding the public key to their Google account: By having each member of the team generate their own SSH key pair and adding the public key to their Google account, the process becomes more manageable. This ensures that each user has a unique key pair, which is essential for auditing and tracking access. Google Cloud can automatically associate the user's public SSH key with their identity when they log in.
Granting the "compute.osAdminLogin" role: This role allows users to log in to the instances with administrative privileges, as required by the operational team. Using IAM roles such as this ensures that only authorized individuals (those who are members of the specific Google group with the assigned role) can access the instances. This approach is not only secure but also simplifies the process of managing access, as you can leverage existing group structures within Google accounts for access control.

The other options are less ideal for the following reasons:

Option A: This method would require you to manage and distribute private SSH keys to every team member, which is not only insecure but also operationally inefficient. The private keys should never be shared, as losing a private key or having it compromised would lead to a security breach.
Option B: While using a configuration management tool to deploy SSH keys is a valid approach, it involves additional complexity and overhead. Additionally, it doesn’t address how to tie access to individual team members, making it more difficult to track who accessed the instances.
Option D: Setting up a project-wide public SSH key is not recommended because it grants access to all instances within the project. This approach lacks granularity and control over who can access which instance. Additionally, managing a single private key for multiple users is less secure and makes auditing more difficult.

In conclusion, Option C is the most secure and efficient approach for managing access to Compute Engine instances while allowing the security team to track individual users' actions.

Question No 2:

You need to create a custom Virtual Private Cloud (VPC) in Google Cloud with a single subnet, and the subnet's IP range must be as large as possible. Which IP range should you select for the subnet?

A. 0.0.0.0/0
B. 10.0.0.0/8
C. 172.16.0.0/12
D. 192.168.0.0/16

Answer: B. 10.0.0.0/8

Explanation:

When creating a custom VPC and subnet in Google Cloud, it is important to choose an IP range that provides sufficient address space for your network while complying with best practices for private IP addressing. Google Cloud allows users to define their own subnets within the private IP address space.

The IP ranges in the options correspond to different subnets within private IP address spaces as defined by RFC 1918:

Option A: 0.0.0.0/0: This represents the entire IPv4 address space (i.e., all possible IP addresses). While it technically allows any IP range, using it would be highly insecure and inefficient because it encompasses far more addresses than are necessary. This range is not suitable for creating a VPC subnet and is not a valid option for private IP addressing.
Option B: 10.0.0.0/8: This IP range is part of the private address space defined by RFC 1918. The 10.0.0.0/8 range offers the largest possible private IP space, with over 16 million IP addresses (specifically, 16,777,216 addresses). This makes it an ideal choice for organizations that need to create a large subnet. When creating a custom VPC with a single subnet that requires as many addresses as possible, 10.0.0.0/8 is the optimal choice.
Option C: 172.16.0.0/12: This range is another private IP address range defined by RFC 1918. The 172.16.0.0/12 range provides a larger address space than 192.168.0.0/16, with over 1 million addresses, but it is still smaller than the 10.0.0.0/8 range. While this option is valid for creating a subnet, it does not provide as many addresses as the 10.0.0.0/8 range.
Option D: 192.168.0.0/16: This is the smallest private address range defined by RFC 1918, with only 65,536 addresses. It is commonly used for smaller networks but would not meet the requirement for the "largest possible" subnet.

Therefore, Option B (10.0.0.0/8) is the correct answer because it offers the largest available private IP range, providing the most flexibility for creating a single large subnet.

Question No 3:

You need to select and configure a cost-effective solution for storing relational data on Google Cloud Platform, for a small set of operational data in a single geographic location. The solution must support point-in-time recovery. What should you do?

A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.
B. Select Cloud SQL (MySQL). Select the create failover replicas option.
C. Select Cloud Spanner. Set up your instance with 2 nodes.
D. Select Cloud Spanner. Set up your instance as multi-regional.

Answer:
A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.

Explanation:

For a cost-effective solution that meets the requirement of supporting relational data in a single geographic location with point-in-time recovery, Cloud SQL (MySQL) is an appropriate choice. Cloud SQL is a fully managed relational database service for MySQL, PostgreSQL, and SQL Server on Google Cloud, making it ideal for small to medium-sized datasets.

To support point-in-time recovery (PITR) in Cloud SQL, you need to enable binary logging. This allows for transactional logging, which enables you to recover data to a specific point in time in case of data loss or corruption. By selecting the enable binary logging option, Cloud SQL will store the binary logs necessary for performing point-in-time recovery.

Why not other options?

Option B (creating failover replicas) is more appropriate for high availability and failover redundancy, not specifically for point-in-time recovery.
Option C and Option D mention Cloud Spanner, which is designed for globally distributed, highly scalable, and highly available relational databases. Cloud Spanner is more suitable for large-scale applications with multi-regional or global needs and comes at a higher cost, making it unnecessary for small, local datasets.

Key Points:

Cloud SQL is cost-effective for small datasets and supports point-in-time recovery when binary logging is enabled.
Cloud Spanner is ideal for large-scale, globally distributed applications but is overkill for small, localized relational data needs.
Point-in-time recovery can be easily implemented in Cloud SQL through binary logging.

Question No 4:

You want to configure autohealing for network load balancing for a group of Compute Engine instances running in multiple zones.

The goal is to automatically recreate VMs if they are unresponsive after 3 attempts of 10 seconds each, using the fewest possible steps. What should you do?

A. Create an HTTP load balancer with a backend configuration that references an existing instance group. Set the health check to healthy (HTTP).
B. Create an HTTP load balancer with a backend configuration that references an existing instance group. Define a balancing mode and set the maximum RPS to 10.
C. Create a managed instance group. Set the Autohealing health check to healthy (HTTP).
D. Create a managed instance group. Verify that the autoscaling setting is on.

Answer:
C. Create a managed instance group. Set the Autohealing health check to healthy (HTTP).

Explanation:

To configure autohealing for your instances, you should use a managed instance group (MIG), which automatically handles the health and scaling of the Compute Engine instances. By configuring autohealing, you can automatically recreate unresponsive instances based on a health check, ensuring that your application maintains high availability.

In this case, the health check should be set to "healthy (HTTP)" to monitor the HTTP status of the instances. If an instance fails to respond properly to the health check after 3 attempts (with a 10-second interval), the instance will be automatically recreated.

Why not other options?

Option A focuses on HTTP load balancing but does not address the autohealing requirement. While you can define a health check, it’s the managed instance group (MIG) with autohealing that provides automatic instance recreation.
Option B involves load balancing and setting a maximum RPS (requests per second), which is useful for controlling traffic, but not for autohealing the instances.
Option D mentions autoscaling, but autoscaling only adjusts the number of instances based on traffic load, not health checks. It does not automatically replace unresponsive instances like autohealing does.

Key Points:

Managed instance groups (MIGs) are essential for autohealing, which ensures that unresponsive instances are automatically recreated.
Health checks are critical in defining when instances should be considered unhealthy, triggering the autohealing process.
Autohealing is a key feature in maintaining the availability of applications in Google Cloud with minimal manual intervention.

Question No 5:

You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

A. Use gcloud config configurations describe to review the output.
B. Use gcloud config configurations activate and gcloud config list to review the output.
C. Use kubectl config get-contexts to review the output.
D. Use kubectl config use-context and kubectl config view to review the output.

Answer: C. Use kubectl config get-contexts to review the output.

Explanation:

When managing multiple configurations with gcloud, the kubectl command-line tool can be used to review and manage Kubernetes clusters. To view the configurations associated with Kubernetes clusters, the kubectl config get-contexts command provides a list of all available contexts, which represent different clusters, user credentials, and namespaces.

By running this command, you can see all the contexts available in your kubeconfig file, including those from inactive configurations. This is the simplest and fastest way to review which clusters are configured without activating or switching to the inactive configuration.

Why not other options?

Option A (gcloud config configurations describe) is a valid command for describing the details of a specific gcloud configuration but is not relevant to reviewing Kubernetes Engine clusters.
Option B (gcloud config configurations activate and gcloud config list) would involve switching to an active configuration, which is unnecessary for simply reviewing inactive configurations.
Option D (kubectl config use-context and kubectl config view) involves switching to a specific context and viewing detailed information about it, but you can achieve a quicker overview by using get-contexts.

Key Points:

kubectl config get-contexts is a lightweight and efficient command to list all Kubernetes contexts and check configurations without switching active configurations.
Understanding contexts helps you quickly identify which Kubernetes clusters are available and their associated settings.
kubectl is the primary tool for interacting with Kubernetes clusters, and commands like get-contexts and view provide valuable insights into your configurations.

Question No 6:

Your company stores application backup files in Google Cloud Storage as part of your disaster recovery plan. To ensure you are following Google's recommended practices, which storage option should you choose for storing these backup files?

A. Multi-Regional Storage
B. Regional Storage
C. Nearline Storage
D. Coldline Storage

Answer: A. Multi-Regional Storage

Explanation:

When storing backup files for disaster recovery in Google Cloud Storage, choosing the right storage class is critical to ensure that your data is both highly available and cost-efficient. Google Cloud offers several storage options, each designed for different use cases. Let's review the best options for storing backup files based on Google’s recommendations:

Multi-Regional Storage (A): This is the ideal choice for backup files intended for disaster recovery purposes. Multi-Regional Storage replicates your data across multiple geographic locations, ensuring high availability and durability. This makes it particularly suitable for disaster recovery because it guarantees that if one region experiences issues (e.g., network outage, data center failure), the data will still be available in other regions. Additionally, Multi-Regional Storage offers low-latency access from any location, which is important for quickly restoring backups during an emergency. This storage class is designed for critical data that requires high availability and redundancy, making it the best choice for backup files.

Regional Storage (B): While Regional Storage is similar to Multi-Regional in that it replicates data within a specific region, it does not provide the same level of redundancy across multiple regions. While it can still provide a good level of availability, it may not be as resilient in the case of a disaster affecting the entire region. Therefore, it’s not as suitable as Multi-Regional Storage for disaster recovery purposes where you want to ensure maximum availability across multiple geographic locations.

Nearline Storage (C): Nearline Storage is a good option for data that is accessed infrequently, typically less than once a month. This storage class is designed for archival data and backups that are rarely retrieved. While it is cost-effective for long-term storage, it doesn’t provide the high availability and multi-region redundancy that you would want for disaster recovery purposes. Therefore, it is not the best choice for backup files in a disaster recovery context.

Coldline Storage (D): Coldline Storage is designed for long-term archival storage, where data is expected to be accessed very infrequently, such as once a year. While it is the lowest-cost storage option, it’s not ideal for disaster recovery, as retrieval times can be longer and the storage is not intended for rapid access or high availability.

Thus, Multi-Regional Storage (A) is the recommended choice for your application backup files, as it ensures the highest level of durability, availability, and disaster recovery capabilities, following Google’s best practices.

Question No 7:

Your company has several employees who have been creating Google Cloud projects and paying for them with their personal credit cards, which are later reimbursed by the company.

The company now wants to centralize all these projects under a single billing account. What should you do to achieve this?

A. Contact cloud-billing@google.com with your bank account details and request a corporate billing account for your company.
B. Create a ticket with Google Support and wait for their call to share your credit card details over the phone.
C. In the Google Cloud Console, go to the Resource Manager and move all projects to the root Organization.
D. In the Google Cloud Console, create a new billing account and set up a payment method.

Answer:
C. In the Google Cloud Console, go to the Resource Manager and move all projects to the root Organization.

Explanation:

Centralizing billing for your company’s Google Cloud projects is a critical step for better financial control and management. Google Cloud allows organizations to centralize billing through a Billing Account, which can be linked to multiple projects. Here’s how to proceed efficiently:

Option C is the correct approach. In Google Cloud, the Resource Manager allows you to manage your cloud resources across projects. To centralize billing, you must move the projects into a single Google Cloud Organization. This way, all the cloud resources, including billing, will be managed centrally. Once the projects are linked to the Organization, they can be associated with a single billing account. This process ensures that all costs are funneled into one billing account, making it easier for your company to manage expenses and ensure accurate accounting. This method does not require contacting Google support or sharing sensitive information such as credit card details.

Option A is incorrect because Google Cloud’s billing system is managed through the Cloud Console, not via email. You do not need to contact Google support to request a corporate billing account. Instead, you can manage billing directly from the Google Cloud Console.

Option B is also incorrect. It is unnecessary and inefficient to wait for Google Support to call you and share your credit card details. Google Cloud provides self-service options for managing billing accounts, and no phone calls or direct sharing of credit card details are required.

Option D would only be a valid approach if you were starting from scratch with a new billing account. However, since your goal is to centralize existing projects under one account, simply creating a new billing account without linking the projects to an Organization will not achieve the desired outcome.

In conclusion, Option C is the best approach to centralize all projects under a single billing account. By moving the projects to the root Organization, you can efficiently manage billing and financial resources for all of your company’s Google Cloud projects.

Question No 8:

You have an application that is configured to look for its licensing server at IP address 10.0.3.21. You need to deploy the licensing server on Google Cloud Compute Engine without modifying the application's configuration.

The application must be able to reach the licensing server at the same IP address. What should you do?

A. Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.
B. Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server.
C. Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server.
D. Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address.

Answer: A. Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.

Explanation:

In this scenario, you are working with a licensing server that needs to be reached by the application using a specific IP address (10.0.3.21). The most straightforward solution is to reserve the IP 10.0.3.21 as a static internal IP address. By doing this, you ensure that the IP address does not change, which is essential since the application is already configured to look for the server at this particular IP address.

Here’s how this works:

Static Internal IP Address: This option allows you to reserve a specific IP address within your virtual private cloud (VPC) network. The IP address will remain fixed and will always point to the licensing server on Compute Engine.
When you create a static internal IP, it is bound to a specific network interface of a VM, meaning your application will always be able to find the licensing server at 10.0.3.21.

Why not other options?

Option B (public IP) is not necessary since the application is likely operating in a private network, and assigning a public IP to a licensing server would expose it unnecessarily to the internet.
Option C (custom ephemeral IP) is a temporary IP address that changes over time. It’s not suitable here because the application requires a fixed IP address.
Option D involves using an ephemeral IP initially and then promoting it to a static internal IP. This option introduces unnecessary complexity, as directly reserving a static internal IP (Option A) is simpler and more efficient.

Key Points:

A static internal IP is the most reliable solution for ensuring that the licensing server is always reachable at the same IP address.
There’s no need for public IP addresses or ephemeral IPs since the requirement is for a stable internal address that the application can always use.

Question No 9:

You are deploying an application to Google Cloud App Engine. You want the number of instances to scale based on the request rate, but you need at least 3 unoccupied instances at all times. Which scaling type should you use?

A. Manual Scaling with 3 instances.
B. Basic Scaling with min_instances set to 3.
C. Basic Scaling with max_instances set to 3.
D. Automatic Scaling with min_idle_instances set to 3.

Answer:
B. Basic Scaling with min_instances set to 3.

Explanation:

In Google Cloud App Engine, Basic Scaling is appropriate for applications that do not require continuous uptime but need to scale based on incoming traffic. The key part of the question is that you need to ensure at least 3 unoccupied instances at all times. This is where the min_instances setting in Basic Scaling comes into play.

Basic Scaling: This option automatically scales the number of instances based on request rate. When no traffic is present, instances are shut down to save resources. However, by setting min_instances to 3, you ensure that at least 3 instances are always running, even if there’s no traffic. This is especially useful for applications that need to be highly responsive but do not want to incur the delay of starting up instances when traffic arrives.

Why not other options?

Option A (Manual Scaling with 3 instances) would require you to manually manage the number of instances, which goes against the requirement for scaling based on traffic and would not provide the flexibility needed to respond to fluctuations in request rate.
Option C (Basic Scaling with max_instances set to 3) limits the number of instances to 3, but it does not guarantee that there will always be 3 instances running. This only restricts the upper limit.
Option D (Automatic Scaling with min_idle_instances set to 3) is part of Automatic Scaling, which is designed for applications with dynamic workloads. While this may seem like a viable option, it’s more suitable for applications where the number of instances is managed automatically based on load, rather than being fixed at a minimum number like in Basic Scaling.

Key Points:

Basic Scaling with min_instances ensures a fixed minimum number of instances at all times, which directly meets the requirement to have 3 unoccupied instances at all times.
This option provides both automatic scaling and a guaranteed baseline of instances, making it ideal for this scenario.

Question No 10:

You are creating a new production project in Google Cloud and want to replicate the IAM roles from an existing development project with the fewest steps. What should you do?

A. Use gcloud iam roles copy and specify the production project as the destination project.
B. Use gcloud iam roles copy and specify your organization as the destination organization.
C. In the Google Cloud Platform Console, use the ‘create role from role’ functionality.
D. In the Google Cloud Platform Console, use the ‘create role’ functionality and select all applicable permissions.

Answer: B. Use gcloud iam roles copy and specify your organization as the destination organization.

Explanation:

When you want to replicate IAM roles from one Google Cloud project to another, Option B is the best choice. The gcloud iam roles copy command allows you to copy predefined roles, custom roles, or both from an existing project to a new project. By specifying the destination as your organization, you ensure that the roles will be available to the entire organization, not just the project level.

gcloud iam roles copy: This command helps automate the process of copying IAM roles between projects and organizations. By copying roles at the organizational level, you can ensure consistency across your entire environment and maintain the same permissions setup between the two projects.

Why not other options?

Option A (copying roles to a destination project) is not ideal because IAM roles should be copied to the organization level to ensure they can be applied across multiple projects.
Option C (using the ‘create role from role’ functionality in the Google Cloud Console) would allow you to manually create roles, but this is a more manual process and could be error-prone, especially with multiple roles and permissions.
Option D (creating roles manually) is also a manual and time-consuming process, especially if you are working with many roles that need to be replicated from one project to another.

Key Points:

The gcloud iam roles copy command is an efficient way to copy IAM roles from one project to another or across an entire organization.
By specifying the destination as the organization, the roles will be available across all projects in the organization, ensuring consistency in permissions.