GCP Cloud Architect Professional exam: Mock test examples

It is high time to test your knowledge on what you have learned. Here are four mock exams to help you. Good luck!

Mock test one

1. Company X needs to keep their data available for auditing purposes for 5 years. They don't plan to access this storage more than once a year. Which storage option should they choose?
   1. Google Cloud Bigtable
   2. Google Cloud Multi-Regional Storage
   3. Google Cloud Archive Storage
   4. Google Cloud Nearline Storage
   5. Google Cloud BigQuery
2. Company X wants to choose a proper storage system for IoT sensor data. There are 2,000 sensors that send temperature data every second. Company X would like to perform further analysis of the accumulated data. Please select the most appropriate choice:
   1. Google Cloud Bigtable
   2. Google Cloud Datastore
   3. Google Cloud Spanner
   4. Google Cloud SQL
3. You have deployed a virtual machine instance to GCP in project X. Specific configuration and software have been installed on this instance. In order to share this image with other teams that only have access to project Z, what would you advise?
   1. Create a snapshot. Use the snapshot to create a custom image. Share the image with the other projects.
   2. Create a snapshot and store it on Google storage.
   3. Use a third-party tool to perform a file-level backup of the instance. Copy the image to Google storage. Import the image to project Z.
   4. Use Google Transfer Services.
4. Company X is looking to analyze data. They are using a hybrid cloud mixture of on-premises and GCP infrastructure and need to analyze both stream and batch data. Select the appropriate GCP service that will allow them to achieve this requirement:
   1. Google Cloud Dataproc
   2. Google Cloud BigQuery
   3. Google Cloud Compute Engine and Apache Airflow
   4. Google Cloud Dataflow
5. Company X is using Hadoop to analyze data. They are using a hybrid cloud mixture of on-premises and GCP infrastructure. They want to move the data analysis to GCP, but they want to migrate it with minimal effort. Which service should they use?
   1. Google Cloud Dataproc
   2. Google Cloud Dataflow
   3. Google Cloud Composer
   4. Google Compute Engine
6. Customer X is storing data on Google Datastore. They are using a hybrid cloud mixture of on-premises and GCP infrastructure. Applications on both platforms are needed to access Datastore. Which solution should be used to enable access?
   1. Use Google-managed keys for GCP instances. Use user-managed keys for on-premises instances.
   2. Use Google-managed keys for all instances.
   3. Use Google-managed keys for GCP instances. Use Firebase authentication for on-premises instances.
   4. Use Google-managed keys for GCP instances. Use a third-party tool for on-premises instances.
7. Company X is using GCP with a number of configured projects. They have special requirements vis-à-vis billing visibility and management. Based on the following statement, select the appropriate answer: A CTO should be able to control the budget for different projects, while a project manager should be able to see billing information for their project only.
   1. Set the billing administrator role to the CTO for all the projects that they manage. Set the billing viewer role to the project manager for their project.
   2. Set the billing administrator role to the program manager for a random project. Set the billing viewer role to the project manager for their project.
   3. Set the billing administrator role to the program and project managers.
   4. Set the owner role to the program and project managers.
8. You are monitoring a service with uptime checks. The services are reported as unavailable from different GCP regions. You know that the service is up and running. How can you solve the monitoring issues?
   1. Download the source IPs from the uptime check console and create an ingress firewall rule for the service.
   2. Download the source IPs from the uptime check console and create an egress firewall rule for the service.
   3. Use a third-party tool, outside GCP, to create the uptime checks.
   4. Install Cloud operations monitoring agents on all instances that are hosting the service.
9. Company X is looking to create a development and production environment in GCP. What would be the best practice to separate those environments?
   1. Create two separate projects for each environment. Give the development team access to the development project only. Give the operation team access to production only.
   2. Create two separate projects for each environment. Give the development team and the production team access to both projects.
   3. Create one project and two VPCs. Give the development team and the production team access to that project.
   4. Create two separate Google accounts for each team.
10. Company X wants to perform an analysis of data coming from sensors. The data can arrive out of order. You need to make sure that the data is in the correct order. Which services should be used to minimize the effort?
    1. IoT Core, Pub/Sub, and Dataflow
    2. IoT Core, Pub/Sub, and Dataproc
    3. IoT Core, Pub/Sub, and Google Kubernetes Engine (GKE)
    4. IoT Core, Pub/Subs, and GCE
11. Company X has deployed an application using App Engine. They want to release a new version of that application to production. They want to test that application on only one set of users. What is the most appropriate solution?
    1. Deploy a new version of the application. Use traffic splitting to redirect part of the requests to the new version.
    2. Deploy the application to a separate project and direct the user to use a new URL to connect to it.
    3. Migrate the application to GKE and use blue-green deployment.
    4. Migrate the application to GKE and use rolling updates.
12. Company X is using the App Engine flexible environment. They have deployed a new version of the application. The application crashed. The code is stored in GitHub. How would the fastest recovery be performed?
    1. Delete the new application and deploy a new application from GitHub.
    2. Roll back the application to a previous release.
    3. Split the traffic between the old and new releases, 10% to 90%.
    4. Open a ticket with GCP support to roll back the application to the previous release.
13. Company X is using Google Cloud's operations suite to monitor their GCP environment. They want to store the logs and be able to analyze them. What would be the best solution for them?
    1. Create a sink to Pub/Sub.
    2. Create a sink to Spanner.
    3. Create a sink to BigQuery.
    4. Create a sink to Bigtable.
14. Company X is using a GKE cluster. You wish to increase the number of nodes in the cluster. What would be the most appropriate command to run?
    1. Run the gcloud container clusters increase command to change the number of nodes.
    2. Run the gcloud container clusters resize command to change the number of nodes.
    3. Run the kubectl container cluster scale command to change the number of nodes.
    4. Run the gcloud container cluster resize command to change the number of nodes.
15. Company X wants to migrate their MySQL database to the cloud. They would like to use managed services. Select the most appropriate choice.
    1. Use a Compute Engine instance and deploy MySQL.
    2. Use a App Engine instance and deploy MySQL.
    3. Use Cloud SQL.
    4. Use Cloud Spanner.
16. Company X is creating an application that will analyze the comments on their Facebook profiles. They want to use the easiest way to analyze whether there are any negative comments. Which service should they use?
    1. TensorFlow
    2. Google AutoML
    3. Google ML Engine
    4. The Natural Language API
17. Company X wants to leverage ML in order to estimate the cost of the materials, based on past data. What type of model should they use?
    1. Regression
    2. Classification
    3. Multi-class classification model
18. Company X wants to set alerts for project budgets. What is the best way to achieve this?
    1. Create budget alerts with the desired percentage.
    2. Create a ticket with Google Support to set hard quotas.
    3. Create a cron job to check the billing and send an email if a threshold is exceeded.
    4. Set a limit on credit cards that are attached to the account.
19. Company X wants to store data in Cloud Storage. The data will be accessed once every quarter. After a year, the data will be archived. What is the most cost-effective solution?
    1. Store the data in a multi-regional bucket. Set the auto-archiving policy to 365 days.
    2. Store the data in a regional bucket. Set the auto-archiving policy to 365 days.
    3. Store the data in a Nearline bucket. Set the object life cycle policy to move the data to the Archive bucket after 365 days.
    4. Store the data in the Nearline bucket. Create a cron job to move the data to the Archive bucket after 365 days.
20. Company X wants to set up a static website. What is the fastest and most cost-effective solution?
    1. Use Cloud Launcher to deploy Apache Server.
    2. Use App Engine with a predefined web server.
    3. Use Cloud Compute Engine and a startup script to install Apache Server.
    4. Use Cloud Storage to host content.

Mock test two

1. Company X wants a standardized re-deployable Hadoop cluster, with options that a managed service doesn't offer. Which solution would be best suited?
   1. A Cloud API
   2. Deployment Manager
   3. Dataflow
   4. TensorFlow
2. Company X is looking to connect their backend platform to a managed NoSQL database service. There is an expectation that the databases could grow into PB scale. As an architect, they ask you which is the best GCP service to fit these requirements without needing to refactor any applications. What is the best fit?
   1. MySQL
   2. Bigtable
   3. Firebase
   4. Redis
3. Select the different types of service accounts (choose three):
   1. User-managed
   2. Automated
   3. Google-managed
   4. G Suite
   5. Google APIs
4. Company X has two projects, separated by different VPCs that need to be able to communicate with one another. Which network service allows this?
   1. VPC peering
   2. Cloud Load Balancing
   3. Dedicated Interconnect
   4. VPN
5. Company X is looking to use containers in the cloud. They want to continue to be developer-focused and have a code-first strategy. What is the best solution?
   1. App Engine standard
   2. Containers on Compute Engine
   3. Cloud Run
   4. App Engine flexible
6. Your IT manager is looking at cloud vendor data storage services. His DBA has informed him that the principal requirements are strong consistency and high availability, with the potential to grow to PB scale. What is the best storage solution?
   1. Cloud SQL
   2. Cloud Storage
   3. Cloud Datastore
   4. Cloud Spanner
7. Company X needs to be PCI-compliant. Which combination of GCP services would help to meet these requirements?
   1. Cloud Monitoring, Cloud Trace, and Cloud Spanner
   2. Cloud Monitoring, Cloud Logging, and BigQuery
   3. Cloud Error Reporting, Cloud Debugger, and Datastore
   4. Cloud Tagging, Cloud Trace, and BigQuery
8. A storage engineer for Company X needs to migrate data from his AWS S3 bucket to his GCP storage bucket. What is the best solution for this?
   1. Storage Transfer Service
   2. Transfer Appliance
   3. Online transfer
   4. BigQuery data transfer
9. A company web page is serving users all over the globe. They want to make sure that users will always get content in the most efficient manner, regardless of where they are located. Which load-balancing solution would best fit these requirements?
   1. Network Load Balancing
   2. Internal Load Balancing
   3. HTTP(S) Load Balancing
   4. TCP Proxy Load Balancing
10. Company X is looking to the cloud to achieve autoscaling. They wish to deploy over multiple zones in a standardized manner, while also benefiting from load balancing. What GCP service best suits this scenario?
    1. Deployment Manager
    2. Managed instance groups
    3. Google Compute Engine manager
    4. Instance fleet
11. You are creating new firewall rules and wish to identify specific targets according to their use, for example, a web server. Which filter should you use?
    1. Zones
    2. Network tags
    3. Instance groups
    4. Targets
12. You have deployed an instance into the same VPC as already-existing instances. When you try to use SSH to connect to the external IP address, the connection is refused. Why might this be?
    1. The firewall rule to allow SSH is restricted to internal traffic only.
    2. There is no external IP allocated to the instance.
    3. You do not have the correct custom Identity and Access Management (IAM) role to initiate SSH.
    4. You should use the Google API for external SSH.
13. At the moment, your IT department is seeing lots of bugs reported whenever a new software update is released for the company's internal timesheet application. These bugs were not spotted during QA. You have been asked to design a new strategy that will keep the bugs to a minimum and regain confidence in the IT department. Which option best suits this scenario?
    1. Advise that you should only deploy updates once per year.
    2. Deploy only part of the update to production.
    3. Perform the tests more times during QA.
    4. Use canary deployment methods.
14. Your company is looking to connect its onsite networks to a GCP VPC in order to dynamically exchange routes between each site. Which service would you advise?
    1. Cloud Router
    2. Cloud Interconnect
    3. External peering
    4. Cloud DNS
15. You plan to connect VPC networks using VPC peering. What network mode is best suited?
    1. Auto mode networks
    2. VPC VPN networks
    3. Custom mode
    4. Sub-networking mode
16. You have been tasked with researching different methods to extend your on-premises network to your GCP VPC network. You are reminded by your manager that your network bandwidth is 1 Gbps. What would be the best option?
    1. Dedicated Interconnect
    2. Partner Interconnect
    3. VPC Interconnect
    4. VPN Interconnect
17. Company X wants to extend their data center to the cloud. You have been hired as an external consultant to advise on the best hybrid connectivity option. They advise you that they need access to private compute resources on GCP but are not worried about encryption at the application level. What option best corresponds to their needs?
    1. Cloud VPN
    2. Partner Interconnect
    3. Direct Peering
    4. Carrier Peering
18. You want to serve all of your content with low latency, worldwide. Which GCP service should you use?
    1. Cloud CDN
    2. Cloud VPN
    3. Google CloudFront
    4. Cloud Endpoints
19. You wish to load balance your systems based on incoming ports. What load balancing concept should you use?
    1. Network Load Balancing
    2. TCP Load Balancing
    3. HTTP(S) Load Balancing
    4. SSL Proxy Load balancing
20. You are looking to allow access to publish messages to a Cloud Pub/Sub topic. Your security team reminds you that you should be as granular as possible. Which type of IAM role should you use?
    1. Primitive role
    2. Predefined role
    3. Custom role
    4. Policy-based role
    5. Topic role

Mock test three

1. You build a container image using the Cloud Build service. You want to access information such as the Google Cloud project where their image is built. What is the recommended way to do it?
   1. Use substitutions in your build config file to substitute specific variables at build time.
   2. Run a gcloud command in your build.
   3. Run an API call to get the information.
   4. It is not possible to access this information.
2. You are running a web application on a Linux distribution. You want to completely remove the overhead of patching the operating system. Which option best suits your requirements?
   1. Containerize the application and use managed base images.
   2. Make the VMs read-only.
   3. Use an Alpine (stripped-down) image for your VMs.
   4. Use Google's OS patching service.
3. You are tasked with containerizing a classic LAMP application. What would be the best practice you should follow (choose two options)?
   1. Package a single app per container.
   2. Package all apps into a single container.
   3. Remove unnecessary tools.
   4. Use public images.
4. You moved your application to GKE and want to see how the application reacts to faults caused by a single microservice not being available. What is the easiest way to do this?
   1. Write a script that will randomly kill microservices.
   2. Enable Istio on the GKE cluster and use fault injection.
   3. Deploy the application from a YAML file that was edited to remove the code related to the microservice you want to test.
   4. Move the microservice to a GCE VM and power off the VM during the tests.
5. You are adding a new feature to your application and decided to use Cloud Functions. Your application is on a GCE VM running within a VPC. The Cloud Function needs direct network access to that VM. How can this be achieved?
   1. Use private services access.
   2. User Serverless VPC Access.
   3. Use Private Google Access.
   4. Use Private Service Connect for Google APIs.
6. You want to scale your Managed Instance Group (MIG) based on a custom metric you created. Which option suits your requirements?
   1. Create a Cloud schedule and Cloud function to query the metric and then scale the MIG.
   2. Create a Cloud operations suite alert to trigger the scale out event.
   3. Set up your MIG to export the custom metric from all VMs in the group.
   4. Custom metrics are not supported by MIGs.
7. You want to measure how well your web application hosted on a GKE cluster is performing. Which option best suits your needs?
   1. Periodically perform a survey of customer satisfaction among the users.
   2. Create Cloud Monitoring health checks.
   3. Use a third-party SaaS solution to perform periodic checks of HTTP 400 responses.
   4. Define and set SLIs and SLOs using Cloud Monitoring.
8. You want to make sure only authenticated and authorized users can access your application running on a GKE cluster. What is the Google-recommended design?
   1. Create a frontend container with proprietary authentication and an authorization mechanism.
   2. Use Identity-Aware Proxy and GKE Ingress.
   3. Move your application to Cloud Run and set up authorization.
   4. Integrate your application with Active Directory using LDAP.
9. You want to securely connect to your GCE VMs using RDP and SSH from the public internet. What is the best practice?
   1. Use IAP TCP forwarding.
   2. Set a public IP address on all the VMs.
   3. Use VPN tunnel to the VM.
   4. Install a third-party remote desktop tool on the VMs.
10. Your company is located in one of the European countries where the GCP region is available. You will be serving customers from that country. You want to make sure you don't allow the deployment of resources outside of that GCP region. How can this be achieved?
    1. Use organization policies.
    2. Disable other regions from the Google Console in the Admin menu.
    3. Disable other regions using the gcloud regions disallow command.
    4. Disable other regions in the billing account settings.
11. As per the CIS Benchmarks, you want to disallow some VMs to use external IP addresses. How can this be achieved?
    1. Use organization policies.
    2. Set metadata on the GCP project.
    3. Configure VPC as private.
    4. Configure the subnet as private.
12. You want your cloud-native application to be able to access GCP services in a secure way. What is the Google-recommended way to do it?
    1. Store the Google service account tokens in Kubernetes Secrets.
    2. Store the Google service account tokens in the container image.
    3. Store the Google service account tokens in a private container registry.
    4. Use Workload Identity.
13. You are planning to deploy a landing zone for your new customer. The customer wants to make sure that there is a clear separation of duties between the Network and Compute teams. Which architecture will you use?
    1. Shared VPC in a single-host project and multiple service projects
    2. Single VPC per project
    3. Single VPC and multiple-project with VPC peering to that single project
    4. Single VPC and multiple-project with VPN tunnels to that single project
14. You want to run your application in containers and be able to move it across your hybrid and multi-cloud landscape. By default, the application will run in GCP. You want to make sure that the application will scale automatically. Which service should you choose?
    1. Google Compute Engine
    2. Google App Engine
    3. Google Cloud Run
    4. Google Cloud Functions
15. You are running your cloud-native workloads in a hybrid environment with GKE and an on-premises Kubernetes cluster. You want to make sure the Kubernetes clusters are configured in a unified way. How can this be achieved?
    1. Apply Kubernetes ConfigMaps on each of the clusters.
    2. Attach your on-premises clusters to Anthos and use Config Management.
    3. Install Istio on all your clusters and use CRDs.
    4. Install Config Connector on all your clusters and use CRDs.
16. You are designing a cloud-native application that will store data that needs to be queried by other applications running in Google Cloud. You decided to use Cloud Run. What is the best storage option?
    1. Store the data on a GCS bucket.
    2. Move the app to GKE instead and use PVC.
    3. Connect from Cloud Run to the Cloud SQL service.
    4. Cloud Run does not allow you to store persistent data.
17. You want to load-balance user traffic between Cloud Run services running in two GCP regions. What is the Google-recommended practice?
    1. Use serverless Network Endpoint Groups (NEGs) and the External HTTP(S) load balancer.
    2. Use Anthos Service Mesh.
    3. Use Anthos ingress.
    4. Use a multi-cluster service.
18. You are developing an in-house application and want the application to send the logs to Cloud Logging. Which option best suits your needs?
    1. Install a custom Fluentd agent on your instances.
    2. Configure the Cloud Logging agent to include your application logs.
    3. Create a cron job and script that will call the Cloud Logging API to send the logs periodically.
    4. It is not possible to collect custom logs with the Cloud Logging agent.
19. You want to distribute user traffic between services that run on different Anthos GKE clusters. Which option best suits your needs?
    1. Use a multi-cluster service.
    2. Use Anthos Multi Cluster Ingress.
    3. Use a third-party ingress running on a separate GKE cluster.
    4. Use a Network Load Balancer.
20. You have deployed a new revision of your application to Cloud Run. You see that the change made in the new revision contains a bug in the interface. You want to revert to the previous revision as quickly as possible. Select the correct way to do this:
    1. SSH to the container and change the code.
    2. Use the MANAGE TRAFFIC function to set that previous revision's traffic percentage to 100.
    3. Revert the changes in the code, build a new container image, and deploy a new revision.
    4. Delete the service and redeploy it with the container image used for previous revision.

Mock test four

1. OS Login can be enabled and disabled by setting metadata values at which level (select all that count)?
   1. VM
   2. Project
   3. Organization
   4. Folder
2. As a security analyst, you are looking for the ability to define fine-grained attribute-based access control for projects and resources. Which service offers this ability?
   1. Access Context Manager
   2. Cloud Armor
   3. Organization Policy Service
   4. Data Loss Prevention
3. A storage admin has provided you with information regarding a new Cloud Storage bucket that you requested. You use Cloud Shell to set a retention period of 1 month, but receive an error similar to the following: 400 cannot be set for a bucket that has a retention policy. What is the most likely issue?
   1. Buckets only support a retention period in seconds.
   2. You do not have full permissions on the bucket.
   3. The bucket has versioning enabled.
   4. The bucket is using a customer-managed encryption key.
4. You have created and modified a persistent boot disk and are required to save the state for creating new instances. What does GCP offer to assist you?
   1. Instance templates
   2. Local SSDs
   3. Public images
   4. Custom images
5. You wish to create a BigQuery table. What source options are available (select all that are applicable)?
   1. Upload
   2. Empty table
   3. Google Cloud Storage
   4. Cloud Spanner
   5. Bigtable
   6. Pub/Sub event
6. You want to use off-the-shelf templates to deploy GCP resources. A colleague recommended the Cloud Foundation Toolkit (CFT). What does this provide (select all that are applicable)?
   1. Templates for Deployment Manager
   2. Access to Cloud Shell with ct and bq installed
   3. Templates for Terraform
   4. Templates for Cloud Formation
7. You currently run your enterprise applications on VMware on-premises. You want them to run in Google Cloud as soon as possible. What service can assist you?
   1. Cloud Migration Services
   2. Creating an Interconnect network and performing vMotion
   3. Migrate for Compute Engine
   4. Cloud operations suite
8. You have been given the responsibility to design a highly available solution that will securely connect your on-premises network to your VPC network. What service should you look to utilize?
   1. Cloud VPC
   2. Cloud Routing
   3. HA Tunneling
   4. HA VPN
9. You currently have access to Compute Engine instances that are dedicated to hosting only your project's VMs, but you have been asked whether there is any way to reduce the cost. During your investigation, you notice that not all the VMs are using all their resources. What can you look into in more detail to assist in reducing the cost?
   1. Shared responsibility model
   2. Overcommitting CPU on sole-tenant VMs
   3. Migrate to an HPC-ready VM instance
   4. Overcommitting memory on a sole-tenant VM
10. You are required to move disk data across to a different project. What is the correct procedure?
    1. Create a backup of the disk in project A, create a new disk in project B based on the backed-up disk, and attach a new disk to the instance in project B.
    2. Back up the VM in project A, sync the VM to project B, and power on the backup in project B.
    3. Create a snapshot of the disk in project A, edit the snapshot configuration to point towards project b, and edit the instance in project B to consume the snapshot.
    4. Create a snapshot of the disk in project A, create a new disk in project B based on the snapshot, and attach a new disk to the instance in project B.
11. Your company is looking for a solution to transform lightweight data as it arrives and store it as structured data. What services could best fit this scenario?
    1. Cloud Storage, Cloud Run, and BigQuery
    2. Pub/Sub, Dataflow, and Bigtable
    3. Cloud Storage, BigQuery, and Cloud Run
    4. Dataflow, Pub/Sub, and Bigtable
12. You are creating a new project for some developers. You wish to restrict them from deploying resources to a particular location. What IAM feature should you use?
    1. Workload Identity
    2. Labels
    3. Resource retention policies
    4. Organizational policies
13. You are setting up a new dataset in BigQuery and want to optimize storage. One of your colleagues states it would be nice to remove unneeded tables and partitions. What should you set?
    1. Table expiration
    2. Table deletion policies
    3. Query optimization policy
    4. Dataset expiration
14. You have been asked to investigate a hybrid connectivity solution that matches the following requirements:
    • Low latency
    • Highly available
    • Large-data transfers

    Which service best fits your needs?

    1. Interconnect
    2. Peering
    3. VPC
    4. VPN
15. You are required to migrate TBs of data from your on-premises machines to an existing cloud storage bucket. You want to perform this in a single transfer. What is the most suited service?
    1. Cloud Storage Transfer Service
    2. Transfer Appliance
    3. BigQuery Data Transfer Service
    4. Cloud Storage Transfer appliance
16. You have been tasked with setting up replication in Cloud SQL. You have been told the main requirement is to improve read performance by making replicas available closer to your application's region. Which type of replication should you choose?
    1. HA read replicas
    2. Cross-region read replicas
    3. External read replicas
    4. Multi-region read replicas
17. You have a latency-sensitive application using Bigtable and want to prevent imbalanced traffic among the nodes in the cluster. What is the recommendation from Google to achieve this?
    1. Ensure your cluster has Bigtable QPS enabled.
    2. Ensure your cluster runs at less than 50% memory usage.
    3. Ensure your cluster runs at less than 50% CPU load.
    4. Ensure your cluster has Bigtable GPS disabled.
18. You are developing a software service in GCP backends and want to expose the API to be consumed only by other developers that you trust. Which service best fits your needs?
    1. Apigee
    2. Cloud APIs service
    3. Cloud Endpoints
    4. GKE
19. You are looking for a Google service where you can import source code from Cloud Storage and then produce a container image. Which service fits your needs?
    1. Cloud Run
    2. Cloud Pipelines
    3. Cloud CI/CD
    4. Cloud Build
20. Which hybrid connectivity service uses BGP for your VPC networks?
    1. Cloud Router
    2. Cloud Interconnect
    3. Cloud Network Connectivity Center
    4. Cloud

Answers to mock test one

1. C: Archive storage is the most cost-effective option. For more information, refer to https://cloud.google.com/storage/.
2. A: Bigtable is a petabyte-scale, fully managed NoSQL database service for large analytical and operational workloads. It is ideal for ad technology, financial technology, and IoT. For more information, refer to https://cloud.google.com/bigtable/.
3. A: Custom images can be created from snapshots and shared across projects. For more information, refer to https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images.
4. D: "Cloud Dataflow is a fully managed service for transforming and enriching data in stream (https://cloud.google.com/solutions/big-data/stream-analytics/) (real-time) and batch (historical) modes with equal reliability and expressiveness – no more complex workarounds or compromises needed. And with its serverless approach to resource provisioning and management, you have access to virtually limitless capacity to solve your biggest data processing challenges, while paying only for what you use." For more information, refer to https://cloud.google.com/dataflow/:
   

   Figure 19.1 – Dataflow diagram (Source: https://cloud.google.com/dataflow/. License: https://creativecommons.org/licenses/by/4.0/legalcode)

5. A: Cloud Dataproc is a fast, easy-to-use, fully managed cloud service for running Apache Spark and Apache Hadoop clusters in a simpler, more cost-efficient way. For more information, refer to https://cloud.google.com/dataproc/:
   

   Figure 19.2 – Dataproc diagram (Source: https://cloud.google.com/dataproc/. License: https://creativecommons.org/licenses/by/4.0/legalcode)

6. A: Refer to the following diagram to understand the best practices:
   

   Figure 19.3 – Service accounts (Source: https://cloud.google.com/iam/docs/understanding-service-accounts. License: https://creativecommons.org/licenses/by/4.0/legalcode)

7. A: IAM best practice is to set the minimum-required privileges. For more information, refer to https://cloud.google.com/blog/products/gcp/iam-best-practice-guides-available-now.
8. A: You need to open firewall rules to allow uptime checks. For more information, refer to https://cloud.google.com/monitoring/uptime-checks/using-uptime-checks#get-ips:
   

   Figure 19.4 – Uptime checks (Source: https://cloud.google.com/monitoring/uptime-checks/#monitoring_uptime_check_list_ips-console. License: https://creativecommons.org/licenses/by/4.0/legalcode)

   "Your use of uptime checks is affected by any firewalls protecting your service:

   If the resource you are checking isn't publicly available, you must configure the resource's firewall to permit incoming traffic from the uptime check servers. Refer to Getting uptime-check IP addresses at https://cloud.google.com/monitoring/uptime-checks/using-uptime-checks#get-ips to download a list of the IP addresses.

   If the resource you are checking doesn't have an external IP address, uptime checks are unable to reach it."

9. A: Based on best practice with the fewest possible privileges. For more information, refer to https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations.
10. A: Dataflow will accommodate the processing of late data. Dataflow is a managed Apache Beam service.

    However, data isn't always guaranteed to arrive in a pipeline chronologically or at predictable intervals. Beam tracks a watermark, which is the system's notion of when all data in a certain window can be expected to have arrived in the pipeline. Once the watermark progresses past the end of a window, any further element that arrives with a timestamp in that window is considered late data. For more information, refer to https://beam.apache.org/documentation/programming-guide/.

11. A: Use traffic splitting to redirect a subset of traffic to the correct version of the application. For more information, refer to https://cloud.google.com/appengine/docs/standard/python/splitting-traffic.
12. B: The fastest way is to roll back the application.

    "We don't want to mess around with our code; we need to fix this right now. Users are upset! Go back to the list of versions and check the box next to the version that was deployed first. Now, click the MAKE DEFAULT button located above the list. Traffic immediately switches over to the stable version. Crisis averted!

    That was easy.

    You can now delete the buggy version by checking the box next to the version and then clicking the DELETE button located above the list."

    For more information, refer to https://cloud.google.com/community/tutorials/how-to-roll-your-app-engine-managed-vms-app-back-to-a-previous-version-part-1.

13. C: BigQuery datasets provide big data analysis capabilities. For more information, refer to https://cloud.google.com/logging/docs/export/configure_export_v2 and https://cloud.google.com/logging/.
14. B: The gcloud container clusters resize parameter is used for resizing the GKE cluster. For more information, refer to https://cloud.google.com/sdk/gcloud/reference/container/clusters/resize.
15. C: "Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL and MySQL databases in the cloud." For more information, refer to https://cloud.google.com/sql/.
16. D: Sentiment analysis inspects the given text and identifies the prevailing emotional opinion within the text, especially with a view to determining a writer's attitude as positive, negative, or neutral. For more information, refer to https://cloud.google.com/natural-language/docs/analyzing-sentiment.
17. A: For more information, refer to https://developers.google.com/machine-learning/crash-course/descending-into-ml/linear-regression.
18. A: "You can apply budget alerts to either a billing account or a project, and you can set the budget alert at a specific amount or match it to the previous month's spend. The alerts will be sent to billing administrators and billing account users when spending exceeds a percentage of your budget." For more information, refer to https://cloud.google.com/billing/docs/how-to/budgets.
19. C: For more information, refer to https://cloud.google.com/storage/docs/lifecycle.
20. D: For more information, refer to https://cloud.google.com/storage/docs/static-website.

Answers to mock test two

1. B: Deployment Manager. Requirements are a non-managed service and one that is standardized. Deployment Manager allows for repeatable deployments. For more information, refer to https://cloud.google.com/deployment-manager/https://cloud.google.com/deployment-manager/.
2. B: Bigtable and Redis are the only NoSQL options. The keyword here is "refactor."
3. A, C, E: For more information, refer to https://cloud.google.com/iam/docs/service-accounts.
4. A: VPC peering allows connectivity across two VPC networks, regardless of whether or not they belong to the same project. For more information, refer to https://cloud.google.com/vpc/docs/using-vpc-peering.
5. D: App Engine's flexible environment is developer-focused and has a code-first strategy. For more information, refer to https://cloud.google.com/appengine/docs/flexible/.
6. D: Cloud Spanner can scale into PT of data and fits the requirements for high availability and strong consistency. For more information, refer to https://cloud.google.com/spanner/.
7. B: Cloud Monitoring, Cloud Logging, and BigQuery. For more information, refer to https://cloud.google.com/blog/products/gcp/oro-how-gcp-smoothed-our-path-to-pci-dss-compliance.
8. A: Storage Transfer Service. For more information, refer to https://cloud.google.com/storage-transfer/docs/overview.
9. C: HTTP(S) Load Balancing. For more information, refer to https://cloud.google.com/load-balancing/docs/choosing-load-balancer
10. B: Managed instance groups; specifically, regional managed instance groups let you improve availability by spreading instances across multiple zones with a region. For more information, refer to https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups.
11. B: Tags that are put onto GCE instances can also be used to determine the firewall rule on both inbound and outbound rules. If a web server is applied to a VM and added to the firewall rule, then it will be impacted. For more information, refer to https://cloud.google.com/vpc/docs/firewalls.
12. A: The default VPC rules have default-allow-internal specified, which permits incoming connections to a VM instance from others in the same network. For more information, refer to https://cloud.google.com/vpc/docs/firewalls#default_firewall_rules.
13. D: Use canary deployment methods. For more information, refer to https://cloud.google.com/blog/products/gcp/how-release-canaries-can-save-your-bacon-cre-life-lessons?hl=de.
14. A: A Cloud Router uses BGP to learn new subnets in your VPC and announces them on your on-premises network. For more information, refer to https://cloud.google.com/router/docs/concepts/overview.
15. C: Custom mode networks. For more information, refer to https://cloud.google.com/vpc/docs/vpc.
16. B: Partner Interconnect. Dedicated Interconnect requires 10 GB, and the other options do not exist. For more information, refer to https://cloud.google.com/interconnect/docs/how-to/choose-type.
17. A: Cloud VPN satisfies requirements. If application-level encryption is needed, then Partner Interconnect or Direct Interconnect should be considered. If there is a requirement to connect to G Suite, then Carrier Peering should be considered. For more information, refer to https://cloud.google.com/hybrid-connectivity/.
18. A: Cloud Content Delivery Network caches in numerous locations around the world, thereby yielding reduced latency. For more information, refer to https://cloud.google.com/cdn/docs/overview.
19. A: Network Load Balancing can balance loads on your system based on the incoming address, port, and protocol type. For more information, refer to https://cloud.google.com/load-balancing/docs/network/.
20. B: Predefined role. For more information, refer to https://cloud.google.com/iam/docs/overview.

Answers to mock test three

1. A: "Substitutions are helpful for variables whose value isn't known until build time, or to reuse an existing build request with different variable values. Cloud Build provides built-in substitutions or you can define your own substitutions. Use substitutions in your build's steps and images to resolve their values at build time." For more information, refer to https://cloud.google.com/build/docs/configuring-builds/substitute-variable-values.
2. A: Managed base images follow security best practices – in addition to being maintained with regular patching and testing, they can be rebuilt from scratch reproducibly. By comparing them to the original source, we can verify that no flaws were introduced. For more information, refer to https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-let-google-do-the-patching-with-new-managed-base-images.
3. A and C: "When you start working with containers, it's a common mistake to treat them as virtual machines that can run many different things simultaneously. A container can work this way but doing so reduces most of the advantages of the container model. Because a container is designed to have the same life cycle as the app it hosts, each of your containers should contain only one app." "To protect your apps from attackers, try to reduce the attack surface of your app by removing any unnecessary tools. For example, remove utilities like netcat, which you can use to create a reverse shell inside your system. If netcat is not in the container, the attacker has to find another way."

   For more information, refer to https://cloud.google.com/architecture/best-practices-for-building-containers.

4. B: Istio allows you to inject faults to test the resiliency of your application.

   For more information, refer to https://istio.io/latest/docs/tasks/traffic-management/fault-injection/.

5. B: "Serverless VPC Access enables you to connect from a serverless environment on Google Cloud (Cloud Run, Cloud Functions, or the App Engine standard environment) directly to your VPC network. This connection makes it possible for your serverless environment to access Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address."

   For more information, refer to https://cloud.google.com/vpc/docs/private-access-options and https://cloud.google.com/vpc/docs/configure-serverless-vpc-access.

6. C: "You can create custom metrics using Cloud Monitoring and write your own monitoring data to the Monitoring service. This gives you side-by-side access to standard Google Cloud data and your custom monitoring data, with a familiar data structure and consistent query syntax. If you have a custom metric, you can choose to scale based on the data from these metrics."

   For more information, refer to https://cloud.google.com/compute/docs/autoscaler/scaling-stackdriver-monitoring-metrics.

7. D: "Service monitoring has a set of core concepts, which are introduced here:
   • Service-Level Indicator (SLI): a measurement of performance
   • Service-Level Objective (SLO): a statement of desired performance"

   For more information, refer to https://cloud.google.com/stackdriver/docs/solutions/slo-monitoring and https://sre.google/sre-book/service-level-objectives/.

8. B: When an application or resource is protected by IAP, it can only be accessed through the proxy by members (https://cloud.google.com/iam/docs/overview#concepts_related_identity), also known as users, who have the correct Identity and Access Management (IAM) role (https://cloud.google.com/iam/docs/understanding-roles). When you grant a user access to an application or resource by IAP, they're subject to the fine-grained access controls implemented by the product in use without requiring a VPN. When a user tries to access an IAP-secured resource, IAP performs authentication and authorization checks.

   For more information, refer to https://cloud.google.com/iap/docs/concepts-overview.

   IAP is integrated through Ingress for GKE. This integration enables you to control resource-level access for employees instead of using a VPN.

   For more information, refer to https://cloud.google.com/iap/docs/cloud-iap-context-aware-access-howto.

9. A: If you are connecting from anywhere over the public internet, it's best to enable Identity-Aware Proxy TCP forwarding for your project.

   For more information, refer to https://cloud.google.com/compute/docs/instances/connecting-to-windows.

10. A: Policies to restrict public IP addresses but allow some exceptions.
11. A: By default, all VM instances are allowed to use external IP addresses.

    The allowed/denied list of VM instances must be identified by the VM instance name, in the form: projects/PROJECT_ID/zones/ZONE/instances/INSTANCE.

    For more information, refer to https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints.

12. D: Workload Identity is the recommended way to access Google Cloud services from applications running within GKE, due to its improved security properties and manageability. For information about alternative ways to access Google Cloud APIs from GKE, refer to https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.
13. A: "Shared VPC lets organization administrators delegate administrative responsibilities, such as creating and managing instances, to Service Project Admins while maintaining centralized control over network resources such as subnets, routes, and firewalls." For more information, refer to https://cloud.google.com/vpc/docs/shared-vpc.
14. C: Knative provides an open API and runtime environment that enables you to run your serverless workloads anywhere you choose – fully managed on Google Cloud, on Anthos on Google Kubernetes Engine (GKE), or on your own Kubernetes cluster. Knative makes it easy to start with Cloud Run and later move to Cloud Run for Anthos, or start in your own Kubernetes cluster and migrate to Cloud Run in the future. By using Knative as the underlying platform, you can move your workloads freely across platforms, while significantly reducing the switching costs. For more information, refer to https://cloud.google.com/knative.
15. B: "With Anthos Config Management, you can create a common configuration across all your infrastructure, including custom policies, and apply it both on-premises and across clouds. Anthos Config Management evaluates changes and rolls them out to all Kubernetes clusters so that your desired state is always reflected."

    For more information, refer to https://cloud.google.com/anthos/config-management.

16. C: Cloud SQL is a fully managed database service that helps you set up, maintain, manage, and administer your relational databases in the cloud. For more information, refer to https://cloud.google.com/sql/docs/mysql/connect-run.
17. A: "A Network Endpoint Group (NEG) specifies a group of backend endpoints for a load balancer. A serverless NEG is a backend that points to a Cloud Run (https://cloud.google.com/run/docs), App Engine (https://cloud.google.com/appengine/docs), or Cloud Functions (https://cloud.google.com/functions/docs) service."

    "If a backend service contains several NEGs, the load balancer balances traffic by forwarding requests to the serverless NEG in the closest available region. However, backend services can only contain one serverless NEG per region. To make your Cloud Run service available from multiple regions, you will need to set up cross-region routing. You should be able to use a single URL scheme that works anywhere in the world yet serves user requests from the region closest to the user. If the closest region is unavailable or is short on capacity, the request will be routed to a different region."

    For more information, refer to https://cloud.google.com/load-balancing/docs/https/setting-up-https-serverless#multi_region_lb.

18. B: Besides the list of default logs (https://cloud.google.com/logging/docs/agent/default-logs) that the Logging agent streams by default, you can customize the Logging agent to send additional logs to Logging or to adjust agent settings by adding input configurations.

    For more information, refer to https://cloud.google.com/logging/docs/agent/logging/configuration#configure.

19. B: "Multi Cluster Ingress (MCI) is a cloud-hosted multi-cluster Ingress controller for Anthos GKE clusters. It's a Google-hosted service that supports deploying shared load balancing resources across clusters and across regions." For more information, refer to https://cloud.google.com/kubernetes-engine/docs/concepts/multi-cluster-ingress.
20. B: Cloud Run allows you to specify which revisions should receive traffic and to specify traffic percentages that are received by a revision. This feature allows you to roll back to a previous revision, gradually roll out a revision, and split traffic between multiple revisions.

    For more information, refer to https://cloud.google.com/run/docs/rollouts-rollbacks-traffic-migration.

Answers to mock test four

1. A and B: Metadata values can be added at the VM and project level.For more information, refer to https://cloud.google.com/compute/docs/instances/managing-instance-access.
2. A: Access Context Manager offers fine-grained, attribute-based access control for projects or resources. For more information, refer to https://cloud.google.com/access-context-manager/docs/overview.
3. C: Retention policies cannot be enabled if versioning is set, as they are mutually exclusive features. For more information, refer to https://cloud.google.com/storage/docs/bucket-lock.
4. D: Custom images meet our requirements to save the state of our boot disk and create new instances based on this. For more information, refer to https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images.
5. A, B, C, and E are all applicable selections when creating a BigQuery table:
   

   Figure 19.5 – BigQuery options

6. A and C: For more information, refer to https://cloud.google.com/foundation-toolkit. The Cloud Foundation Toolkit (CFT) offers templates for both Deployment Manager and Terraform.
7. C: For more information, refer to https://cloud.google.com/migrate/compute-engine/docs/4.2/getting-started. Migrate for Compute Engine can help to migrate from on-premises VMware private clouds into GCP.
8. D: For more information, refer to https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#ha-vpn.
9. B: For more information, refer to https://cloud.google.com/compute/docs/nodes/overcommitting-cpus-sole-tenant-vms. Overcommitting CPU on sole-tenant machines allows us to share CPU resources across our VMs and therefore reduce cost.
10. D: This is the correct procedure for moving disk data across projects. For more information, refer to https://cloud.google.com/compute/docs/disks/create-snapshots.
11. A: "Lightweight" is the keyword here. Lightweight data transformation is a use case for Cloud Run. Cloud Run transforms lightweight data as it arrives and stores it as unstructured data. In this example, a file can be uploaded to Cloud Storage, and an event is triggered and delivered to a Cloud Run service. Data is then structured and stored in a BigQuery table. As answer A is the only option that mentions Cloud Run, this is the correct answer. For more information, refer to https://cloud.google.com/run.
12. D: Organizational policies can help us restrict where GCP resources are deployed. For more information, refer to https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations.
13. A: For more information, refer to https://cloud.google.com/bigquery/docs/best-practices-storage. Setting a table expiration time on our Big Query table will delete data when the time is exceeded. This option is useful if you need access to only the most recent data. It is also useful if you are experimenting with data and do not need to preserve it.
14. A: Interconnect fulfills the requirements for low-latency, highly available, large-data transfers. For more information, refer to https://cloud.google.com/network-connectivity/docs/interconnect#docs.
15. A: The Cloud Storage Transfer Service is ideal for one-off transfers of TBs' worth of data. For more information, refer to https://cloud.google.com/storage-transfer/docs/on-prem-overview.
16. B: Cross-region read replicas are a great fit for this use case. For more information, refer to https://cloud.google.com/sql/docs/mysql/replication.
17. B: For more information, refer to https://cloud.google.com/bigtable/docs/performance. This capacity also provides a buffer for traffic spikes or key-access hotspots, which can cause imbalanced traffic among nodes in the cluster.
18. C: For more information, refer to https://cloud.google.com/endpoints. Cloud Endpoints lets us develop APIs on any GCP backend and then share our APIs with other developers.
19. D: For more information, refer to https://cloud.google.com/build/docs/overview. Cloud Build can import from various sources and deliver artifacts as part of a serverless CI/CD pipeline.
20. A: Cloud routes use BGP. For more information, refer to https://cloud.google.com/network-connectivity/docs/router/concepts/overview.

Вас заинтересует / Intresting for you:

Steps to create an IP plan usi... 4567 views Андрей Волков Sun, 14 Feb 2021, 09:11:38

Cisco Device Monitoring and Ha... 1946 views Валерий Павлюков Wed, 09 Feb 2022, 16:09:53

NTP configuration on a Cisco s... 2792 views Валерий Павлюков Wed, 09 Feb 2022, 15:50:00

NAT configuration on a Cisco s... 1360 views Валерий Павлюков Wed, 09 Feb 2022, 15:46:14