The Secret Of Google Professional-Cloud-Architect Free Exam Questions

NEW QUESTION 1

You are designing a mobile chat application. You want to ensure people cannot spoof chat messages, by providing a message were sent by a specific user.
What should you do

• A. Tag messages client side with the originating user identifier and the destination user.
• B. Encrypt the message client side using block-based encryption with a shared key.
• C. Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key.
• D. Use a trusted certificate authority to enable SSL connectivity between the client application and the server.

Answer: C

NEW QUESTION 2

You have been engaged by your client to lead the migration of their application infrastructure to GCP. One of their current problems is that the on-premises high performance SAN is requiring frequent and expensive upgrades to keep up with the variety of workloads that are identified as follows: 20TB of log archives retained for legal reasons; 500 GB of VM boot/data volumes and templates; 500 GB of image thumbnails; 200 GB of customer session state data that allows customers to restart sessions even if off-line for several days.
Which of the following best reflects your recommendations for a cost-effective storage allocation?

• A. Local SSD for customer session state dat
• B. Lifecycle-managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes.
• C. Memcache backed by Cloud Datastore for the customer session state dat
• D. Lifecycle- managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes.
• E. Memcache backed by Cloud SQL for customer session state dat
• F. Assorted local SSD-backed instances for VM boot/data volume
• G. Cloud Storage for log archives and thumbnails.
• H. Memcache backed by Persistent Disk SSD storage for customer session state dat
• I. Assorted local SSDbacked instances for VM boot/data volume
• J. Cloud Storage for log archives and thumbnails.

Answer: D

Explanation:
https://cloud.google.com/compute/docs/disks

NEW QUESTION 3

A recent audit that a new network was created in Your GCP project. In this network, a GCE instance has an SSH port open the world. You want to discover this network's origin. What should you do?

• A. Search for Create VM entry in the Stackdriver alerting console.
• B. Navigate to the Activity page in the Home sectio
• C. Set category to Data Access and search for Create VM entry.
• D. In the logging section of the console, specify GCE Network as the logging sectio
• E. Search for the Create Insert entry.
• F. Connect to the GCE instance using project SSH Key
• G. Identify previous logins in system logs, and match these with the project owners list.

Answer: C

NEW QUESTION 4

For this question refer to the TerramEarth case study
Operational parameters such as oil pressure are adjustable on each of TerramEarth's vehicles to increase their efficiency, depending on their environmental conditions. Your primary goal is to increase the operating efficiency of all 20 million cellular and unconnected vehicles in the field How can you accomplish this goal?

• A. Have your engineers inspect the data for patterns, and then create an algorithm with rules that make operational adjustments automatically.
• B. Capture all operating data, train machine learning models that identify ideal operations, and run locally to make operational adjustments automatically.
• C. Implement a Google Cloud Dataflow streaming job with a sliding window, and use Google Cloud Messaging (GCM) to make operational adjustments automatically.
• D. Capture all operating data, train machine learning models that identify ideal operations, and host in Google Cloud Machine Learning (ML) Platform to make operational adjustments automatically.

Answer: B

NEW QUESTION 5

Your company wants to start using Google Cloud resources but wants to retain their on-premises Active Directory domain controller for identity management. What should you do?

• A. Use the Admin Directory API to authenticate against the Active Directory domain controller.
• B. Use Google Cloud Directory Sync to synchronize Active Directory usernames with cloud identities and configure SAML SSO.
• C. Use Cloud Identity-Aware Proxy configured to use the on-premises Active Directory domain controller as an identity provider.
• D. Use Compute Engine to create an Active Directory (AD) domain controller that is a replica of the onpremises AD domain controller using Google Cloud Directory Sync.

Answer: B

Explanation:
https://cloud.google.com/solutions/federating-gcp-with-active-directory-introduction#implementing_federation

NEW QUESTION 6

Your organization wants to control IAM policies for different departments independently, but centrally. Which approach should you take?

• A. Multiple Organizations with multiple Folders
• B. Multiple Organizations, one for each department
• C. A single Organization with Folder for each department
• D. A single Organization with multiple projects, each with a central owner

Answer: C

Explanation:
Folders are nodes in the Cloud Platform Resource Hierarchy. A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of GCP resources. Folders allow you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies. While a folder can contain multiple folders or resources, a given folder or resource can have exactly one parent.
References: https://cloud.google.com/resource-manager/docs/creating-managing-folders

NEW QUESTION 7

You are creating an App Engine application that uses Cloud Datastore as its persistence layer. You need to retrieve several root entities for which you have the identifiers. You want to minimize the overhead in operations performed by Cloud Datastore. What should you do?

• A. Create the Key object for each Entity and run a batch get operation
• B. Create the Key object for each Entity and run multiple get operations, one operation for each entity
• C. Use the identifiers to create a query filter and run a batch query operation
• D. Use the identifiers to create a query filter and run multiple query operations, one operation for each entity

Answer: C

Explanation:
https://cloud.google.com/datastore/docs/concepts/entities#datastore-datastore-batch-upsert-nodejs

NEW QUESTION 8

You are using Cloud Shell and need to install a custom utility for use in a few weeks. Where can you store the file so it is in the default execution path and persists across sessions?

• A. ~/bin
• B. Cloud Storage
• C. /google/scripts
• D. /usr/local/bin

Answer: D

Explanation:
https://medium.com/google-cloud/no-localhost-no-problem-using-google-cloud-shell-as-my-full-time-developm

NEW QUESTION 9

For this question, refer to the TerramEarth case study
Your development team has created a structured API to retrieve vehicle data. They want to allow third parties to develop tools for dealerships that use this vehicle event data. You want to support delegated authorization against this data. What should you do?

• A. Build or leverage an OAuth-compatible access control system.
• B. Build SAML 2.0 SSO compatibility into your authentication system.
• C. Restrict data access based on the source IP address of the partner systems.
• D. Create secondary credentials for each dealer that can be given to the trusted third party.

Answer: A

Explanation:
https://cloud.google.com/appengine/docs/flexible/go/authorizing-apps https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#delegate_application_autho Delegate application authorization with OAuth2
Cloud Platform APIs support OAuth 2.0, and scopes provide granular authorization over the methods that are supported. Cloud Platform supports both service-account and user-account OAuth, also called three-legged OAuth.
References:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#delegate_application_autho
https://cloud.google.com/appengine/docs/flexible/go/authorizing-apps

NEW QUESTION 10

Your company's user-feedback portal comprises a standard LAMP stack replicated across two zones. It is deployed in the us-central1 region and uses autoscaled managed instance groups on all layers, except the database. Currently, only a small group of select customers have access to the portal. The portal meets a 99.99% availability SLA under these conditions However next quarter, your company will be making the portal available to all users, including unauthenticated users. You need to develop a resiliency testing strategy to ensure the system maintains the SLA once they introduce additional user load. What should you do?

• A. Capture existing users input, and replay captured user load until autoscale is triggered on all layer
• B. At the same time, terminate all resources in one of the zones.
• C. Create synthetic random user input, replay synthetic load until autoscale logic is triggered on at least one layer, and introduce "chaos" to the system by terminating random resources on both zones.
• D. Expose the new system to a larger group of users, and increase group ' size each day until autoscale logic is tnggered on all layer
• E. At the same time, terminate random resources on both zones.
• F. Capture existing users input, and replay captured user load until resource utilization crosses 80%. Also,derive estimated number of users based on existing users usage of the app, and deploy enough resources to handle 200% of expected load.

Answer: A

NEW QUESTION 11

You have an application deployed on Kubernetes Engine using a Deployment named echo-deployment. The deployment is exposed using a Service called echo-service. You need to perform an update to the application with minimal downtime to the application. What should you do?

• A. Use kubect1 set image deployment/echo-deployment <new-image>
• B. Use the rolling update functionality of the Instance Group behind the Kubernetes cluster
• C. Update the deployment yaml file with the new container imag
• D. Use kubect1 delete deployment/ echo-deployment and kubect1 create –f <yaml-file>
• E. Update the service yaml file which the new container imag
• F. Use kubect1 delete service/echoservice and kubect1 create –f <yaml-file>

Answer: A

Explanation:
https://cloud.google.com/kubernetes-engine/docs/how-to/updating-apps#updating_an_application

NEW QUESTION 12

You deploy your custom Java application to Google App Engine. It fails to deploy and gives you the following stack trace.

What should you do?

• A. Upload missing JAR files and redeploy your application.
• B. Digitally sign all of your JAR files and redeploy your application
• C. Recompile the CLoakedServlet class using and MD5 hash instead of SHA1

Answer: B

NEW QUESTION 13

You need to evaluate your team readiness for a new GCP project. You must perform the evaluation and create a skills gap plan incorporates the business goal of cost optimization. Your team has deployed two GCP projects successfully to date. What should you do?

• A. Allocate budget for team trainin
• B. Set a deadline for the new GCP project.
• C. Allocate budget for team trainin
• D. Create a roadmap for your team to achieve Google Cloud certification based on job role.
• E. Allocate budget to hire skilled external consultant
• F. Set a deadline for the new GCP project.
• G. Allocate budget to hire skilled external consultant
• H. Create a roadmap for your team to achieve Google Cloud certification based on job role.

Answer: B

Explanation:
https://services.google.com/fh/files/misc/cloud_center_of_excellence.pdf

NEW QUESTION 14

Your company wants to track whether someone is present in a meeting room reserved for a scheduled meeting. There are 1000 meeting rooms across 5 offices on 3 continents. Each room is equipped with a motion sensor that reports its status every second. The data from the motion detector includes only a sensor ID and several different discrete items of information. Analysts will use this data, together with information about account owners and office locations. Which database type should you use?

• A. Flat file
• B. NoSQL
• C. Relational
• D. Blobstore

Answer: B

Explanation:
Relational databases were not designed to cope with the scale and agility challenges that face modern applications, nor were they built to take advantage of the commodity storage and processing power available today.
NoSQL fits well for:
Developers are working with applications that create massive volumes of new, rapidly changing data types — structured, semi-structured, unstructured and polymorphic data.

NEW QUESTION 15

One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify authenticity of your logs?

• A. Write the log concurrently in the cloud and on premises.
• B. Use a SQL database and limit who can modify the log table.
• C. Digitally sign each timestamp and log entry and store the signature.
• D. Create a JSON dump of each log entry and store it in Google Cloud Storage.

Answer: C

Explanation:
https://cloud.google.com/storage/docs/access-logs
References: https://cloud.google.com/logging/docs/reference/tools/gcloud-logging

NEW QUESTION 16

A small number of API requests to your microservices-based application take a very long time. You know that each request to the API can traverse many services. You want to know which service takes the longest in those cases. What should you do?

• A. Set timeouts on your application so that you can fail requests faster.
• B. Send custom metrics for each of your requests to Stackdriver Monitoring.
• C. Use Stackdriver Monitoring to look for insights that show when your API latencies are high.
• D. Instrument your application with Stackdnver Trace in order to break down the request latencies at each microservice.

Answer: D

Explanation:
https://cloud.google.com/trace/docs/overview

NEW QUESTION 17

Your web application has several VM instances running within a VPC. You want to restrict communications between instances to only the paths and ports you authorize, but you don’t want to rely on static IP addresses or subnets because the app can autoscale. How should you restrict communications?

• A. Use separate VPCs to restrict traffic
• B. Use firewall rules based on network tags attached to the compute instances
• C. Use Cloud DNS and only allow connections from authorized hostnames
• D. Use service accounts and configure the web application particular service accounts to have access

Answer: B

NEW QUESTION 18

You need to set up Microsoft SQL Server on GCP. Management requires that there’s no downtime in case of a data center outage in any of the zones within a GCP region. What should you do?

• A. Configure a Cloud SQL instance with high availability enabled.
• B. Configure a Cloud Spanner instance with a regional instance configuration.
• C. Set up SQL Server on Compute Engine, using Always On Availability Groups using Windows Failover Clusterin
• D. Place nodes in different subnets.
• E. Set up SQL Server Always On Availability Groups using Windows Failover Clusterin
• F. Place nodes in different zones.

Answer: D

Explanation:
https://cloud.google.com/sql/docs/sqlserver/configure-ha

NEW QUESTION 19

You are creating a solution to remove backup files older than 90 days from your backup Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?

• A. Write a lifecycle management rule in XML and push it to the bucket with gsutil.
• B. Write a lifecycle management rule in JSON and push it to the bucket with gsutil.
• C. Schedule a cron script using gsutil is -lr gs://backups/** to find and remove items older than 90 days.
• D. Schedule a cron script using gsutil ls -1 gs://backups/** to find and remove items older than 90 days and schedule it with cron.

Answer: B

Explanation:
https://cloud.google.com/storage/docs/gsutil/commands/lifecycle

NEW QUESTION 20
......