[Mar 09, 2022] DumpsFree Associate-Cloud-Engineer dumps & Google Cloud Certified sure practice dumps [Q128-Q147]

[Mar 09, 2022] DumpsFree Associate-Cloud-Engineer dumps & Google Cloud Certified sure practice dumps

Google Associate-Cloud-Engineer Actual Questions and Braindumps

NEW QUESTION 128
You manage an App Engine Service that aggregates and visualizes data from BigQuery. The application is deployed with the default App Engine Service account. The data that needs to be visualized resides in a different project managed by another team. You do not have access to this project, but you want your application to be able to read data from the BigQuery dataset. What should you do?

• A. In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.
• B. Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.
• C. Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.
• D. In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.
  :
  The Owner, Editor, and Viewer primitive roles include the BigQuery Admin (roles/bigquery.dataOwner), BigQuery Data Editor (roles/bigquery.dataEditor), and BigQuery Data Viewer (roles/bigquery.dataViewer) roles, respectively. This means the Owner, Editor, and Viewer primitive roles have BigQuery access as defined for the respective BigQuery roles.

Answer: A

Explanation:
Reference:
https://cloud.google.com/bigquery/docs/access-control

 

NEW QUESTION 129
You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?

• A. Create the instance with the default Compute Engine service account.
  Grant the service account permissions on Cloud Storage.
• B. Create the instance with the default Compute Engine service account.
  Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
• C. Create a new service account and assign this service account to the new instance.
  Grant the service account permissions on Cloud Storage.
• D. Create a new service account and assign this service account to the new instance.
  Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Answer: C

 

NEW QUESTION 130
You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?

• A. Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.
• B. Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.
• C. When creating the VM via the web console, specify the service account under the 'Identity and API Access' section.
• D. Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.

Answer: C

 

NEW QUESTION 131
You are hosting an application from Compute Engine virtual machines (VMs) in us-central1-a. You want to adjust your design to support the failure of a single Compute Engine zone, eliminate downtime, and minimize cost. What should you do?

• A. - Create an HTTP(S) Load Balancer.
  -Create one or more global forwarding rules to direct traffic to your VMs.
• B. - Create a Managed Instance Group and specify us-central1-a as the zone.
  -Configure the Health Check with a short Health Interval.
• C. - Create Compute Engine resources in us-central1-b.
  -Balance the load across both us-central1-a and us-central1-b.
• D. - Perform regular backups of your application.
  -Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.
  -Restore from backups when notified.

Answer: B

 

NEW QUESTION 132
You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost- effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end. What should you do?

• A. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.
• B. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.
• C. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.
• D. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

Answer: D

Explanation:
https://cloud.google.com/storage/docs/managing-lifecycles

 

NEW QUESTION 133
Your engineers have asked you to set up a subnet with the largest IP address range possible. Which of the following ranges would work best?

• A. 192.168.0.0/16
• B. 0.0.0.0/0
• C. 10.0.0.0/32
• D. 10.0.0.0/8

Answer: C

 

NEW QUESTION 134
You keep attempting to execute a command, and while there's no error being thrown, you suspect something is going wrong. You want to check out the gcloud logs. However, you can't recall in which directory they're located. Your script skills are not what they could be, so you can't rely on using those fancy command line skills.
Which command could you run to show you where the log directory is located?

• A. gcloud logging
• B. gcloud info
• C. gcloud
• D. google logs

Answer: B

 

NEW QUESTION 135
You need to verify that a Google Cloud Platform service account was created at a particular time.
What should you do?

• A. Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.
• B. Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.
• C. Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.
• D. Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

Answer: A

 

NEW QUESTION 136
You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?

• A. Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
• B. Execute the Deployment Manager template using the ?preview option in the same project, and observe the state of interdependent resources.
• C. Use granular logging statements within a Deployment Manager template authored in Python.
• D. Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.

Answer: B

Explanation:
https://cloud.google.com/deployment-manager/docs/deployments/updating-deployments

 

NEW QUESTION 137
Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting to the game with their personal phones over the Internet. The game sends UDP packets to update the servers about the gamers' actions while they are playing in multiplayer mode. Your game backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a single IP address. What should you do?

• A. Configure an Internal UDP load balancer in front of the application servers.
• B. Configure an External Network load balancer in front of the application servers.
• C. Configure an External HTTP(s) load balancer in front of the application servers.
• D. Configure an SSL Proxy load balancer in front of the application servers.

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/solutions/connecting-securely

 

NEW QUESTION 138
You're deploying an application to a Compute Engine instance, and it's going to need to make calls to read from Cloud Storage and Bigtable. You want to make sure you're following the principle of least privilege. What's the easiest way to ensure the code can authenticate to the required Google Cloud APIs?

• A. Use the default Compute Engine service account and set its scopes. Let the code find the default service account using "Application Default Credentials".
• B. Create a new user account with the required roles. Store the credentials in Cloud Key Management Service and download them to the instance in code.
• C. Register the application with the Binary Registration Service and apply the required roles.
• D. Create a new service account and key with the required limited permissions. Set the instance to use the new service account. Edit the code to use the service account key.

Answer: A

 

NEW QUESTION 139
You're in charge of setting up a Stackdriver account to monitor 3 separate projects. Which of the following is a Google best practice?

• A. Create a new, empty project to use as the host project for the Stackdriver account.
• B. Use one of the existing projects as the host project for the Stackdriver account.
• C. Use the existing project with the most resources as the host project for the Stackdriver account.
• D. Use the existing project with the least resources as the host project for the Stackdriver account.

Answer: A,C

 

NEW QUESTION 140
An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination. What should you do?

• A. View System Event Logs in Stackdriver. Search for the user's email as the principal.
• B. View Data Access audit logs in Stackdriver. Search for the user's email as the principal.
• C. View the Admin Activity log in Stackdriver. Search for the service account associated with the user.
• D. View System Event Logs in Stackdriver. Search for the service account associated with the user.

Answer: D

 

NEW QUESTION 141
You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

• A. Configure an external TCP proxy load balancer.
• B. Configure an external SSL proxy load balancer.
• C. Configure an HTTP(S) load balancer.
• D. Configure an internal TCP load balancer.

Answer: C

 

NEW QUESTION 142
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

• A. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow all
• B. 1. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow all2. Create an ingress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow all
• C. 1. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.2.0/24)* Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:* Targets: all instances* Source filter: IP ranges (with the range set to 10.0.1.0/24)* Protocols: allow TCP: 8080
• D. 1. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #2 service account* Source filter: all instances with tier #1 service account* Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:* Targets: all instances with tier #3 service account* Source filter: all instances with tier #2 service account* Protocols: allow TCP: 8080

Answer: D

 

NEW QUESTION 143
You have a Dockerfile that you need to deploy on Kubernetes Engine. What should you do?

• A. Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.
• B. Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.
• C. Use gcloud app deploy <dockerfilename>.
• D. Use kubectl app deploy <dockerfilename>.

Answer: A

 

NEW QUESTION 144
You recently deployed a new version of an application to App Engine and then discovered a bug in the release.
You need to immediately revert to the prior version of the application. What should you do?

• A. Run gcloud app restore.
• B. On the App Engine page of the GCP Console, select the application that needs to be reverted and click Revert.
• C. On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version.
• D. Deploy the original version as a separate application. Then go to App Engine settings and split traffic between applications so that the original version serves 100% of the requests.

Answer: D

 

NEW QUESTION 145
You have a website hosted on App Engine standard environment. You want 1% of your users to see a new test version of the website. You want to minimize complexity. What should you do?

• A. Create a new App Engine application in the same project. Deploy the new version in that application.
  Configure your network load balancer to send 1% of the traffic to that new application.
• B. Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.
• C. Deploy the new version in the same application and use the --migrateoption.
• D. Deploy the new version in the same application and use the --splitsoption to give a weight of 99 to the current version and a weight of 1 to the new version.

Answer: B

Explanation:
Explanation

 

NEW QUESTION 146
You are building a pipeline to process time-series data.
Which Google Cloud Platform services should you put in boxes 1,2,3, and 4?

• A. Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery
• B. Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
• C. Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
• D. Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

Answer: A

 

NEW QUESTION 147
......

To get more details about it please visit:

Associate Cloud Engineer Exam Reference

 

Latest Associate-Cloud-Engineer Pass Guaranteed Exam Dumps with Accurate & Updated Questions: https://www.dumpsfree.com/Associate-Cloud-Engineer-valid-exam.html

Pass Associate-Cloud-Engineer Exam with Updated Associate-Cloud-Engineer Exam Dumps PDF 2022: https://drive.google.com/open?id=1qCzMT37eTzM99TrFCkhsO70f_JYcHHk6