Google Cloud Associate Cloud Engineer Practice Exam - 1:
These are top 50 GCP ACE(Google Cloud Platform Associate Cloud Engineer) certification practice questions/cheatsheet (GCP ACE exam dumps) for professionals who are aspired to be GCP ACE certified. You will find these GCP ACE questions and answers very helpful in your GCP-ACE certification and interviews. Prepare well and All the very best.
All the feedbacks and suggestions are most welocome.
-
You have a Cloud Datastore database that you would like to backup. You'd like to issue a command and have it return immediately while the backup runs in the background. You want the backup file to be stored in a Cloud Storage bucket named my-datastore-backup. What command would you use?
a). gcloud datastore backup gs://my-datastore-backup b). gsutil datastore export gs://my-datastore-backup --async c). gcloud datastore export gs://my-datastore-backup d). gcloud datastore export gs://my-datastore-backup --async Correct: d Explanation: The correct command is gcloud datastore export gs://my-datastore-backup --async. Export, not backup, is the datastore command to save data to a Cloud Storage bucket. Gsutil is used to manage Cloud Storage, not Cloud Datastore.
Reference: https://cloud.google.com/datastore/docs/export-import-entities
-
Your organization has created multiple folders, one for each department. In each folder, departments have one or more projects. What would you expect resources within the folder to share?
a). Service accounts b). IAM policies c). IAM roles d). Permissions Correct: b Explanation: Folders are used to group resources that share common IAM policies. Service accounts are specific to a set of operating requirements within a project. Permissions are associated with roles but not directly with folders. IAM roles are granted to identities, not folders.
Reference: https://cloud.google.com/resource-manager/docs/creating-managing-folders
-
As a consultant to a mid-sized retailer you have been asked to help choose a managed database platform for the company's inventory management application. The retailer's market is limited to the Northeast United States. What service would you recommend?
a). Bigtable b). Cloud Dataproc c). Cloud Spanner d). Cloud SQL Correct: d Explanation: Cloud SQL is a managed relational database service suitable for regionally used applications. Cloud Spanner is also a managed relational database but it is designed for multi-region and global applications. BigQuery is not used for transaction processing systems. Cloud Dataproc is a managed Spark/Hadoop service, not a relational database. For more information, see
Reference: https://cloud.google.com/sql/docs
-
An auditor is reviewing your GCP use. They have asked for access to any audit logs available in GCP. What audit logs are available for each project, folder, and organization?
a). Admin Activity b). User Login c). Performance Metrics d). System Event e). Data Access f). Policy Access Correct: a, d, e Explanation: Cloud Audit Logs maintain three audit logs: Admin Activity logs, Data Access logs, and System Event logs. There is no such thing as a Policy Access log, a User Login log, or a Performance Metric log in GCP Audit Logs.
Reference: https://cloud.google.com/logging/docs/audit
-
A developer is trying to upload files from their local device to a Compute Engine VM using the gcloud scp command. The copy command is failing. What would you check to try to correct the problem?
a). Grant the identity the roles/compute.admin role b). Add the identity of the developer to the administrator group for the VM. c). Grant the identity compute.admin permission d). Ensure firewall rules allow traffic to port 22 to allow SSH connections. Correct: d Explanation: To copy files to a VM, a firewall rule must be in place to allow traffic on port 22, the default SSH port. Administrator privileges are not needed to upload a file so the other three options are not correct. For more information, see https://cloud.google.com/compute/docs/instances/transferfiles.
Reference: https://cloud.google.com/compute/docs/instances/transferfiles
-
A group of data scientists need access to data stored in Cloud Bigtable. You want to follow Google recommended best practices for security. What role would you assign to the data scientist to allow them to read data from Bigtable?
a). roles/bigtable.owner b). roles/bigtable.reader c). roles/bigtable.user e). roles/bigtable.admin Correct: b Explanation: The role/bigtable.reader gives the data scientist the ability to read data but not write data or modify the database. This follows the Principle of Least Privilege as recommended by Google. Roles/bigtable.admin gives permissions to administer all instances in a project, which is not needed by a data scientist. Roles/bigtable.user provides read and write permissions but data scientist do not need read permission. There is no predefined role called roles/bigtable.owner.
Reference: https://cloud.google.com/bigtable/docs/access-control
-
You want to load balance an application that receives traffic from other resources in the same VPC. All traffic is TCP with IPv4 addresses. What load balancer would you recommend?
a). Internal TCP/UDP Load Balancing b). SSL Proxy Load Balancing c). TCP Proxy Load Balancing d). Network TCP/UDP Load Balancing Correct: a Explanation: Internal TCP/UDP Load Balancing is used for internal traffic, that is not from the internet. SSL Proxy, TCP Proxy, and Network TCP/UDP load balancing are used with external traffic.
Reference: https://cloud.google.com/load-balancing/docs/choosing-load-balancer
-
You want to deploy an application to a Kubernetes Engine cluster using a manifest file called my-app.yaml. What command would you use?
a). gcloud containers deployment apply my-app.yaml b). kubectl apply -f my-app.yaml c). gcloud deployment apply my-app.yaml d). kubectl deployment apply my-app.yaml Correct: b Explanation: The correct answer is to use the "kubectl apply -f" with the name of the deployment file. Deployments are Kubernetes abstractions and are managed using kubectl, not gcloud. The other options are not valid commands.
Reference: https://kubernetes.io/docs/reference/kubectl/overview/
-
A photographer wants to share images they have stored in a Cloud Storage bucket called free-photos-on-gcp. What command would you use to allow all users to read these files?
a). gsutil ch allUsers:Viewer gs://free-photos-on-gcp b). gsutil iam ch allUsers:objectViewer gs://free-photos-on-gcp c). gcloud ch allUsers:objectViewer gs://free-photos-on-gcp d). gcloud iam ch allUsers:Viewer gs://free-photos-on-gcp Correct: b Explanation: The correct command is gsutil iam ch allUsers:objectViewer gs://free-photos-on-gcp. Gsutil is used with Cloud Storage, not gcloud so the gcloud ch option is incorrect. The term objectViewer is the correct way to grant read access to objects in a bucket.
Reference: https://cloud.google.com/storage/docs/gsutil/commands/iam
-
Your department runs a legacy application on an on premises cluster. The nodes in the cluster are heterogeneous. You want to migrate this cluster to Google Cloud. What Compute Engine resource would you use?
a). Autoscaler b). Managed instance groups (MIGs) c). Network load balancer d). Unmanaged instance group Correct: d Explanation: Heterogeneous clusters can be run on unmanaged instance groups but not managed instance groups. Network load balancer is used to distribute workload in a cluster but it is not an instance group itself. Autoscaler adds and removes nodes in a managed instance group as needed.
Reference: https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-unmanaged-instances
-
You have created a Kubernetes Engine cluster that will run machine learning training processes and machine learning prediction processes. The training processes require more CPU and memory than the prediction processes. How would you configure the cluster to support this?
a). Increase the number of replica sets for the machine learning training process. b). Use two node pools, one configured with more CPU and memory than the other. d). Use multiple pods with some configured for more CPU and memory. c). Increase the number of deployments for the machine learning training process. Correct: b Explanation: Node pools are used to configure resources for particular workloads. All nodes in a node pool are configured the same. Replica sets and deployments do not control the number of CPUs or amount of memory.
-
You will be creating a GKE cluster and want to use Cloud Operations for GKE instead of legacy monitoring and logging. If you create the cluster using a gcloud container clusters create command, what parameter would you specify to explicitly enable Cloud Operations for GKE?
a). --enable-gke-monitor b). --disable-legacy-monitoring c). --enable-cloud-operations d). --enable-stackdriver-kubernetes Correct: d Explanation: The correct way to enable Cloud Operations for GKE is to use the parameter --enablestackdriver-kubernetes. The other options are not valid parameter names.
Reference: https://cloud.google.com/sdk/gcloud/reference/container/clusters/create
-
A client of yours has a Python 3 application that usually has very little load but sometimes experiences sudden and extreme spikes in traffic. They want to run it in GCP but they want to keep costs as low as possible. They also want to minimize management overhead. What service would you recommend?
a). Kubernetes Engine b). Compute Engine c). App Engine d). Cloud Functions Correct: c Explanation: App Engine is designed for applications written in supported languages, including Python 3, that need to run at low cost, and need to scale in response to rapid increases in load. App Engine is a managed service and as such minimizes operational overhead . Compute Engine and Kubernetes Engine both require more management overhead. Cloud Functions are used to respond to events in GCP, not to execute a continually running application.
Reference: https://cloud.google.com/appengine/docs/standard
-
During an audit, auditors determined that there are insufficient access controls on Cloud Storage buckets. The auditors recommend you use uniform bucket-level access. After applying uniform bucket-level access some users that had access to objects in buckets no longer have access. What could be the cause?
a). Applying uniform bucket-level access removes all access privileges. No user will have access until permissions are reset. b). Users do not have permissions through ACLs that allow them access to objects in buckets. Prior to setting uniform bucket-level access, those users had access through IAM. c). Users do not have IAM permissions that allow them access to objects in buckets. Prior to setting uniform bucket-level access, those users had access through ACLs. d). ACLs are removed when uniform bucket-level access is applied. ACLs must be recreated. Correct: c Explanation: Access is granted to Cloud Storage objects using IAM or access control lists (ACLs). When uniform bucket-level access is applied, users only have access through IAM roles and permissions. A users that could access objects before uniform bucket-level access is applied but not after must have had access through ACLs.
Reference: https://cloud.google.com/storage/docs/uniform-bucket-level-access
-
A startup has an app that allows users to upload images to Cloud Storage. The images should be analyzed as soon as possible once they are loaded. Processing takes approximately 1 second for each image. There are periods when no images are uploaded and other times when many images are upload in short periods of time. What compute option would you use to process images?
a). Compute Engine b). Kubernetes Engine c). App Engine Flexible d). Cloud Functions Correct: d Explanation: Cloud Functions is used to respond to events in GCP, including uploading of files in Cloud Storage. Processing can finish within the time limits Cloud Functions must run. Since there are periods when no images are uploaded, there is no need to have an application running continuously and checking for new image uploads so App Engine Flexible, Cloud Engine, and Kubernetes Engine are more than required.
Reference: https://cloud.google.com/functions/docs/how-to
-
A client has asked for your advice about building a data transformation pipeline. The pipeline will read data from Cloud Storage and Cloud Spanner, merge data from the two sources and write the data to a BigQuery data set. The client does not want to manage servers or other infrastructure, if possible. What GCP service would you recommend?
a). Cloud Dataprep b). Compute Engine c). Cloud Data Fusion d). Cloud Build Correct: c Explanation: Cloud Data Fusion is a managed service that is designed for building data transformation pipelines. Compute Engine is not a managed service. Cloud Dataprep is used to prepare data for analytics and machine learning. Cloud Build is a service for creating container images.
Reference: https://cloud.google.com/data-fusion/docs/how-to
-
You want to clone a persistent disk. What characteristics of the source and cloned disk must be the same?
a). Zone b). disk type c). Region d). Size Correct: a, b, c Explanation: The source and cloned disk must be in the same zone and region and must be of the same type. The size of the clone must be at least the size of the source disk but does not need to be the same.
Reference: https://cloud.google.com/compute/docs/disks/create-snapshots
-
You have a set of snapshots that you keep as backups of several persistent disks. You want to know the source disk for each snapshot. What command would you use to get that information?
a). gcloud compute disk describe b). gcloud compute snapshots list c). gcloud compute snapshots describe d). gcloud snapshots describe Correct: c Explanation: The correct command is gcloud compute snapshots describe which shows information about the snapshot, including source disk, creation time, and size. The other options are not valid gcloud commands.
Reference: https://cloud.google.com/sdk/gcloud/reference/compute/snapshots/describe
-
The CFO of you company feels you are spending too much on BigQuery. You determine that a few long running queries are costing more than they should. You would like to experiment with different ways of writing these queries. You'd like to know the estimated cost of running each query without actually running them. How could you do this?
a). Use the --estimate-cost option with the bq command. b). Use the --dry-run option with a bq query command. c). Use the --estimate-cost with the gcloud command. d). Use the Pricing Calculator. Correct: b Explanation: The correct answer is to use the --dry-run option with the bq select command. The Pricing Calculator can give you an estimate of aggregate costs based on storage and amount of data queried but it does not provide estimates of a the cost of running a specific query. There is no --estimate-cost option with either the bq or gcloud command.
Reference: https://cloud.google.com/bigquery/docs/estimate-costs
-
You are using HTTP(S) Load Balancing for a Web application that has several services. Depending on the URL specified by a user, requests are routed to different backend services. What would you use to specify how those request should be routed?
a). URL maps b). Routes c). Traces d). Firewall rules Correct: a Explanation: URL maps specify direct requests to particular services. Routes are used to specify paths to destination IP addresses outside a subnet. Firewall rules control the flow of traffic on a network. Traces are used to understand performance characteristics of services in a distributed system.
Reference: https://cloud.google.com/load-balancing/docs/url-map
-
An application running in Compute Engine sometimes gets spikes in load. You want to add instances automatically when load increases significantly and plan to use managed instance groups. What would you need to create in order to automatically scale the cluster?
a). Persistent Disk b). Snapshot c). Load balancer d). Instance template Correct: d Explanation: An instance template is needed to enable Compute Engine to automatically add instances to a managed instance group. Snapshots are not required to add instances to a managed instance group. Persistent disks are not needed to control the addition of nodes to a managed instance group. Load balancers are used with managed instance groups but are not the thing that automatically adds nodes to the managed instance group.
Reference: https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances
-
A new team member has just created a new project in GCP. What role is automatically granted to them when they create the project?
a). roles/viewer b). roles/browser c). roles/editor d). roles/owner Correct: d Explanation: When you create a project, you are automatically granted the roles/owner role. The owner role includes permissions granted by roles/editor, roles/viewer, and roles/browser.
Reference: https://cloud.google.com/resource-manager/docs/access-control-proj
-
As a developer using GCP, you will need to set up a local development environment. You will want to authorize the use of gcloud commands to access resources. What commands could you use to authorize access?
a). gcloud config login b). gcloud auth login c). gcloud login d). gcloud init Correct: b, d Explanation: Gcloud init will authorize access and perform other common setup steps. Gcloud auth login will authorize access only. Gcloud login and gcloud config login are not valid commands.
Reference: https://cloud.google.com/sdk/docs/initializing
-
A data warehouse administrator is trying to load data from Cloud Storage to BigQuery. What permissions will they need?
a). bigquery.tables.create b). bigquery.jobs.create c). bigquery.tables.list d). bigquery.jobs.list e). bigquery.tables.updateData Correct: a, b, e Explanation: To load data, an identity must have bigquery.tables.create, bigquery.tables.updateData, and bigquery.jobs.create. bigquery.tables.list is needed to list tables and metadata on tables.
Reference: https://cloud.google.com/bigquery/docs/batch-loading-data
Reference: https://cloud.google.com/bigquery/docs/access-control
-
A startup has created an IoT application that analyzes data from sensors deployed on vehicles. The application depends on a database that can write large volumes of data at low latency. The startup has used HBase in the past but want to migrate to a managed database service. What service would you recommend?
a). Cloud Spanner b). Bigtable c). Cloud Dataproc d). BigQuery Correct: b Explanation: Bigtable is a wide column database with low latency writes that is well suited for IoT data storage. BigQuery is a data warehouse service. Cloud Dataproc is a managed Spark/Hadoop service. Cloud Spanner is a global-scale relational database designed for transaction processing.
Reference: https://cloud.google.com/bigtable/docs/schema-design
Reference: https://cloud.google.com/bigtable/docs/schema-design-steps
-
You have created a set of firewall rules to control ingress and egress traffic to a network. Traffic that you intended to allow to leave the network appears to be blocked. What could you do to get information to help you diagnose the problem?
a). Enable Cloud Monitoring of each firewall rule b). Use Cloud Debugger to debug the firewall rules c). Enable firewall rule logging for each of the firewall rules d). Enable Cloud Trace of each firewall rule Correct: c Explanation: Firewall rule logging can be enabled for each firewall rule. Each time the rule is applied to allow or deny traffic, a connection record is created. Connection records can be viewed in Cloud Logging. Cloud Monitoring is used for collecting and view metrics on resource performance. Cloud Trace is used to understand performance in distributed systems. Cloud Debugger is used by developers to identify and correct errors in code.
Reference: https://cloud.google.com/vpc/docs/firewall-rules-logging
-
A Cloud Storage user wants to rename several files in a bucket. What command should they use?
a). gsutil mv b). gsutil cp c). gsutil rename d). gsutil rn Correct: a Explanation: To rename a file in cloud storage, use the move command gsutil mv. Gsutil cp will copy files, not rename them. Gsutil rewrite and gsutil rn are not a valid command.
Reference: https://cloud.google.com/storage/docs/gsutil/commands/mv
-
Your organization has created multiple projects in several folders. You have been assigned to manage them and want to get descriptive information about each project. What command would you use to get metadata about a project?
a). gcloud describe projects <PROJECT_ID> b). gcloud projects describe <PROJECT_ID> c). gcloud describe projects <PROJECT_NAME> d). gcloud projects describe <PROJECT_NAME> Correct: b Explanation: The correct command is 'gcloud projects describe <PROJECT_ID'>. 'gcloud projects describe <PROJECT_NAME>' is incorrect because PROJECT_NAME is not used in this command. 'gcloud describe projects' is wrong because 'describe' and 'projects' are in the wrong order in the command. 'gcloud describe project <PROJECT_NAME>' is incorrect because it uses PROJECT_NAME instead of PROJECT_ID.
Reference: https://cloud.google.com/sdk/gcloud/reference/projects/describe
-
A group of developers are creating a multi-tiered application. Each tier is in its own project. The developer would like to work with a common VPC network. What would you use to implement this?
a). Create routes between subnets of each project b). Create a VPN between projects c). Create firewall rules to load balance traffic between each project's subnets. d). Create a shared VPC Correct: d Explanation: A shared VPC allows projects to share a common VPC network. VPNs are used to link VPCs to on premises networks. Routes and firewall rules are not sufficient for implementing a common VPC. Firewall rules are not used to load balance, they are used to control the ingress and egress of traffic on a network.
Reference: https://cloud.google.com/vpc/docs/shared-vpc
Reference: https://cloud.google.com/composer/docs/how-to/managing/configuring-shared-vpc
-
As a consultant to a new GCP customer, you are asked to help set up billing accounts. What permission must an identity have in order to create a billing account?
a). billing.create b). roles/billing.create c). roles/billing.accounts.create d). billing.accounts.create Correct: d Explanation: billing.accounts.create is the permission needed to create a billing account. billing.create is not a valid permission. Roles are sets of permissions but they are not permissions themselves so roles/billing.create and roles/billing.accounts.create are not correct answers.
Reference: https://cloud.google.com/billing/docs/how-to/manage-billing-account
-
You have just created a custom mode network using the command: gcloud compute networks create. You want to eventually deploy instances in multiple regions. What is the next thing you should do?
a). Create subnets in regions where you plan to deploy instances b). Create firewall rules to load balance traffic c). Create subnets in all regions d). Create a VPN between the custom model network and other networks in the VPC. Correct: a Explanation: After creating a custom mode network, you will need to create subnets in regions where instances will be deployed. You do not have to create subnets in all regions but an instance cannot be deployed to a region without a subnet. Firewalls are used to control the ingress and egress of data, they are not used to load balance. VPNs are used to provide connectivity between Google Cloud and outside networks, such as an on premises network.
Reference: https://cloud.google.com/vpc/docs/using-vpc
Reference: https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/create
-
A client of yours wants to deploy a stateless application to Kubernetes cluster. The replication controller is named my-app-rc. The application should scale based on CPU utilization; specifically when CPU utilization exceeds 80%. There should never be fewer than 2 pods or more than 6. What command would you use to implement autoscaling with these parameters?
a). kubectl apply rc my-app-rc --min=2 --max=6 --cpu-percent=80 b). kubectl autoscale rc my-app-rc --min=2 --max=6 --cpu-percent=80 c). gcloud containers apply rc my-app-rc --min=2 --max=6 --cpu-percent=80 d). gcloud containers autoscale rc my-app-rc --min=2 --max=6 --cpu-percent=80 Correct: b Explanation: The correct command is to use kubectl autoscale specifying the appropriate min, max, and cpu percent. Specifically: kubectl autoscale rc my-app-rc --min=2 --max=6 --cpu-percent=80. The other options are not valid commands.
Reference: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale
-
The contents of the a Cloud Storage bucket called free-photos-gcp are currently stored in multiregional storage class. You want to change the storage class to nearline. What command would you use?
a). gsutil rewrite -s nearline gs://free-photos-gcp b). gsutil migrate --from multiregional --to nearline gs://free-photos-gcp c). gsutil migrate -s nearline gs://free-photos-gcp d). gsutil rewrite -from multiregional --to nearline gs://free-photos-gcp Correct: a Explanation: The correct command for changing the storage class is gsutil rewrite with the target storage class and bucket specified. Gsutil migrate is not a valid command. There is no need to specify the parameters -from or -to.
Reference: https://cloud.google.com/storage/docs/gsutil/commands/rewrite
-
You have created a process that will run nightly. The process needs read and write access to two Cloud Storage buckets. You do not want to use your identity to ensure the process has sufficient privileges. How would you ensure the process can read and write to the Cloud Storage buckets?
a). Create a service account and grant it a role that provides read and write permission. b). Create a federated identity and grant it permissions directly to enable read and write access. c). Create a service account and assign permissions directly to enable read and write access. d). Create a Cloud Identity and grant it a role that provides read and write permissions. Correct: a Explanation: Service accounts are used to provide applications and instances with an identity that can have roles that give the identity sufficient permission to execute operations it needs to perform.
-
You will be running an application that requires high levels of security. You want to ensure the application does not run on a server that has been compromised by a rootkit or other kernel-level malware. What kind of virtual machine would you use?
a). Hardened VM b). Shielded VM c). GPU-enabled VM d). Preemptible VM Correct: b Explanation: Shielded VMs are hardened virtual machines that use Secure Boot, virtual trusted platform module enabled Measured Boot, and integrity monitoring. Preemptible VMs can be taken back by Google at any time but cost significantly less than standard prices. Hardened VM is not a valid option in Compute Engine. GPU-enabled VMs can improve the performance of compute intensive applications, such as training machine learning models.
Reference: https://cloud.google.com/security/shielded-cloud/shielded-vm
-
Your company is migrating an on premises archive of files to Google Cloud. The archived files are infrequently used but on average about once every 30 days. You would like to minimize the cost of storage. What storage option would you recommend?
a). Nearline Storage b). Coldline Storage c). Multi-regional storage d). Persistent Disks Correct: a Explanation: Nearline Storage is a class of Cloud Storage designed for objects that will be accessed at most once every 30 days. Coldline Storage is suitable for objects accessed at most once per year. Multi-regional storage is best suited for objects that should have low latency access from multiple regions. Persistent disks should not be used for archival storage.
Reference: https://cloud.google.com/storage/docs/storage-classes
-
You want to use Cloud Identity to create identities. You have received a verification record for your domain. Where would you add that record?
a). In the billing account for your organization b). In the domain's DNS setting c). In the metadata of each resource created in your organization d). In IAM settings for each identity Correct: b Explanation: Cloud Identity provides domain verification records, which are added to DNS settings for the domain. IAM is used to control access granted to identities, it is not a place to manage domains. The billing account is used for payment tracking, it is not a place to manage domains. Resources do have metadata, but that metadata is not used to manage domains.
Reference: https://cloud.google.com/identity/docs/verify-domain
-
Your company has an on premises Hadoop cluster that is to be migrated to Google Cloud. The CFO wants to minimize operational overhead. What GCP service would you recommend?
a). Bigtable b). Cloud Dataproc c). Cloud Pub/Sub d). Cloud Dataflow Correct: b Explanation: Cloud Dataproc is a managed Spark/Hadoop service that can be used to migrate Hadoop clusters GCP. Cloud Pub/Sub is a queuing service that is used to ingest data and store it until it can be processed. Bigtable is a NoSQL database, not a queueing service. Cloud Dataflow is a stream and batch processing service, not a queueing service.
Reference: https://cloud.google.com/dataproc/docs/how-to
-
Your company has a complicated billing structure for GCP projects. You would like to set up multiple configurations for use with the command line interface. What command would you use to create those?
a). gcloud config configurations create b). gcloud config configurations set c). gcloud configurations set d). gcloud configurations create Correct: a Explanation: The correct command is gcloud config configurations create. Gcloud configurations crae, gcloud config configurations set, and gcloud configurations set are not valid gcloud commands to create configurations.
Reference: https://cloud.google.com/sdk/gcloud/reference/config/configurations/create
-
You have deployed a sole tenant node in Compute Engine. How will this restrict what VMs run on that node.
a). Only VMs using the same operating system will run on that node. b). Only VMs from the same organization will run on that node. c). Only one VM will run on that node. d). Only VMs from the same project will run on the node. Correct: d Explanation: On a sole tenant node, only VMs from the same project will run on that node. They do not need to use the same operating system. Sole tenant nodes are not restricted to a single VM. VMs from the same organization but different projects will not run on the same sole tenant instance.
Reference: https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes
-
You want to run a Kubernetes cluster for a high availability set of applications. What type of cluster would you use?
a). Multi-regional b). Single zone c). Regional d). Multi-zonal Correct: c Explanation: Regional clusters have replicas of the control plane while single zone and multi-zonal clusters have only one control plane. There is no such thing as multi-regional cluster.
-
A large enterprise has created multiple organizations in GCP. They would like to connect the VPC networks across organizations. What should they do?
a). Implement a Shared VPC b). Implement VPC Network Peering between VPCs c). Implement a VPN between VPCs d). Define firewall rules to allow egress traffic to other VPC networks Correct: b Explanation: Since the connected networks are in different organizations, they must use VPC Network Peering. VPC sharing is only available within a single organization. Firewall rule changes may be needed, but that is not sufficient. VPNs are used to connect GCP networks with on premises networks.
Reference: https://cloud.google.com/vpc/docs/vpc-peering
-
You are creating a set of virtual machines in Compute Engine. GCP will automatically assign an IP address to each. What type of IP address will be assigned?
a). Regional external address b). Global internal address c). Regional internal address d). Global external address Correct: c Explanation: GCP assigns regional internal IP addresses for VM instances, including GKE pods, nodes, and services. They are also used for Internal TCP/UDP Load Balancing and Internal HTTP(S) Load Balancing.
Reference: https://cloud.google.com/compute/docs/ip-addresses
-
You have created a target pool with instances in two zones which are in the same region. The target pool is not functioning correctly. What could be the cause of the problem?
a). The target pool is not sending logs to Cloud Logging. b). The target pool is missing a health check. c). The target pool nodes are configured with different memory specifications d). The target pool is not sending metrics to Cloud Monitoring. Correct: b Explanation: Target pools must have a health check to function properly. Nodes can be in different zones but must be in the same region. Cloud Monitoring and Cloud Logging are useful but they are not required for the target pool to function properly. Nodes in a pool have the same configuration.
Reference: https://cloud.google.com/load-balancing/docs/target-pools
-
A manager in your company is having trouble tracking the use and cost of resources across several projects. In particular, they do not know which resources are created by different teams they manage. What would you suggest the manager use to help better understand which resources are used by which team?
a). IAM policies b). Trace logs c). Audit logs d). Labels Correct: d Explanation: Labels are key-value pairs attached to resources and used to manage them. The manager could use a key-value pair with the key 'team-name' and the value the name of the team that created the resource. Audit logs do not necessarily have the names of teams that own a resource. Traces are used for performance monitoring and analysis. IAM policies are used to control access to resources, not to track which team created them.
Reference: https://cloud.google.com/resource-manager/docs/creating-managing-labels
-
The CFO of your company wants to improve an existing data warehouse by migrating it to Google Cloud. They want to minimize operational overhead while ensuring existing SQL tools can be used with the migrated data warehouse. What GCP service would you recommend?
a). Cloud SQL b). Cloud Spanner c). Bigtable d). BigQuery Correct: d Explanation: BigQuery is a managed, petabyte scale data warehouse, which uses SQL. Bigtable does not support SQL. Cloud SQL and Cloud Spanner support SQL but are designed for transaction processing, not analytical applications like data warehouses.
Reference: https://cloud.google.com/bigquery/docs/how-to
-
A software development team is using Google Container Registry to manage container images. You have recently joined the team and want to view metadata about existing container images. What command would you use?
a). gcloud container images list b). gcloud container metadata list c). gcloud images container list d). gcloud container list metadata Correct: a Explanation: The correct command is gcloud container images list. The other options are not valid gcloud commands. For more information, see
Reference: https://cloud.google.com/sdk/gcloud/reference/container/images/list
-
Kubernetes Engine collects application logs by default when the log data is written where?
a). SYSLOG b). SYSERR c). STDERR d). STDOUT Correct: c, d Explanation: Kubernetes Engine collects log data written to standard output (STDOUT) and standard error (STDERR).
-
A startup is implementing an IoT application that will ingest data at high speeds. The architect for the startup has decided that data should be ingested in a queue that can store the data until the processing application is able to process it. The architect also wants to use a managed service in Google Cloud. What service would you recommend?
a). Bigtable b). Cloud Dataflow c). Cloud Pub/Sub d). Cloud Dataproc Correct: c Explanation: Cloud Pub/Sub is a queuing service that is used to ingest data and store it until it can be processed. Bigtable is a NoSQL database, not a queueing service. Cloud Dataflow is a stream and batch processing service, not a queueing service. Cloud Dataproc is a managed Spark/Hadoop service.
Reference: https://cloud.google.com/pubsub/docs/overview
-
To avoid potentially violating a regulation, your company has determined that it will only use GCP resources in North America. How would you ensure no resources are created outside of North America?
a). Create a data lifecycle management policy that prevents data from being saved outside of North America. b). Create an Cloud Audit policy that prevents users from creating resources outside of North America. c). Create a policy at the folder level of the resource hierarchy that includes a constraint using a Resource Location Restriction. d). Create a policy at the organization level of the resource hierarchy that includes a constraint using a Resource Location Restriction. Correct: d Explanation: Constraints are the standard way to restrict where resources can be created and applying policies with constraints will enforce those constraints for all resources in the organization. If the policy were applied at the folder level, it would have to be applied for all folders and that is not as efficient as applying at the organization level. There is no such thing as a Cloud Audit policy.
Reference: https://cloud.google.com/resource-manager/docs/organizationpolicy/defining-locations
You may also refer to other interview preparation articles:
- Linux Interview Questions for Freshers
- Linux Interview Questions for Freshers - 2
- Linux Interview Questions for Freshers and Experienced - L1
- Linux Interview Questions for Experienced Linux Admins - L2
- Advanced Linux Interview Questions for Experienced Admins - L3
- Shell-Scripting interview questions
- OS Network Interview Questions
- GCP ACE Practice Questions - 1st
- GCP ACE Practice Questions - 2nd
- AWS Certified SysOps Administrator - Questions and Answers-1st
- AWS Certified SysOps Administrator - Questions and Answers-2nd
- AWS interview questions for experienced professionals - 1st
- AWS interview questions for experienced professionals - 2nd
- Ansible interview questions
- Kubernetes interview questions
- DevOps Interview Questions for Freshers and Experienced
- DevOps Interview Questions for Freshers and Experienced - 2
- GIT Interview Questions for DevOps Roles
- Jenkins Interview Questions for Experienced DevOps Engineer
- Terraform Interview Questions for Experienced DevOps Engineer
- Terraform Interview Questions for Experienced DevOps Engineer - 2
- Terraform Interview Questions for Experienced DevOps Engineer - 3
- JAVA Interview Questions
- JAVA Interview Questions - 2
- Manual Testing Interview Questions for QA Engineers/Testers
- DBMS Interview Questions
- Managerial interview questions
- Microsoft Azure Administrator AZ-103
You may also explore other articles in our bucket, Happy reading !!:
- What is gcpdiag ?
- What is Artificial Intelligence ?
- What is Machine Learning ?
- Unleashing the Power of Artificial Intelligence
- What is Neural Networks ?
- What is Internet of Things (IoT) ?
- What is Natural Language Processing (NLP) ?
- What is Robotics and Automation ?
- Quantum Computing: The Next Frontier
- Blockchain: A Primer for Beginners
- What is Virtual Reality (VR) ?
- Cybersecurity: Protecting our digital world
- What is AI Chat Open Assistant Chatbot ?
- What is Bard chatbot ?