The Secret Of Google Associate-Cloud-Engineer Testing Material

Master the Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer content and be ready for exam day success quickly with this Passleader Associate-Cloud-Engineer study guide. We guarantee it!We make it a reality and give you real Associate-Cloud-Engineer questions in our Google Associate-Cloud-Engineer braindumps.Latest 100% VALID Google Associate-Cloud-Engineer Exam Questions Dumps at below page. You can use our Google Associate-Cloud-Engineer braindumps and pass your exam.

Free Associate-Cloud-Engineer Demo Online For Google Certifitcation:

NEW QUESTION 1
You built an application on your development laptop that uses Google Cloud services. Your application uses Application Default Credentials for authentication and works fine on your development laptop. You want to migrate this application to a Compute Engine virtual machine (VM) and set up authentication using Google- recommended practices and minimal changes. What should you do?

  • A. Assign appropriate access for Google services to the service account used by the Compute Engine VM.
  • B. Create a service account with appropriate access for Google services, and configure the application to use this account.
  • C. Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.
  • D. Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Answer: B

NEW QUESTION 2
You need to grant access for three users so that they can view and edit table data on a Cloud Spanner instance. What should you do?

  • A. Run gcloud iam roles describe roles/spanner.databaseUse
  • B. Add the users to the role.
  • C. Run gcloud iam roles describe roles/spanner.databaseUse
  • D. Add the users to a new grou
  • E. Add the group to the role.
  • F. Run gcloud iam roles describe roles/spanner.viewer --project my-projec
  • G. Add the users to the role.
  • H. Run gcloud iam roles describe roles/spanner.viewer --project my-projec
  • I. Add the users to a new group.Add the group to the role.

Answer: A

NEW QUESTION 3
You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?

  • A. 1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.
  • B. 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.
  • C. 1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.
  • D. 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Answer: D

NEW QUESTION 4
Your company runs one batch process in an on-premises server that takes around 30 hours to complete. The task runs monthly, can be performed offline, and must be restarted if interrupted. You want to migrate this workload to the cloud while minimizing cost. What should you do?

  • A. Migrate the workload to a Compute Engine Preemptible VM.
  • B. Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.
  • C. Migrate the workload to a Compute Engine V
  • D. Start and stop the instance as needed.
  • E. Create an Instance Template with Preemptible VMs O
  • F. Create a Managed Instance Group from the template and adjust Target CPU Utilizatio
  • G. Migrate the workload.

Answer: B

NEW QUESTION 5
You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?

  • A. Fill in local SS
  • B. Fill in persistent disk storage and snapshot storage.
  • C. Fill in local SS
  • D. Add estimated cost for cluster management.
  • E. Select Add GPU
  • F. Fill in persistent disk storage and snapshot storage.
  • G. Select Add GPU
  • H. Add estimated cost for cluster management.

Answer: C

NEW QUESTION 6
You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

  • A. Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
  • B. Create a Kubernetes Service of type ClusterIP for your applicatio
  • C. Configure the public DNS name of your application using the IP of this Service.
  • D. Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluste
  • E. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
  • F. Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application.Forward the public traffic to HAProxy with an iptable rul
  • G. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Answer: A

NEW QUESTION 7
You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

  • A. Deploy the monitoring pod in a StatefulSet object.
  • B. Deploy the monitoring pod in a DaemonSet object.
  • C. Reference the monitoring pod in a Deployment object.
  • D. Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

Answer: B

NEW QUESTION 8
You deployed an App Engine application using gcloud app deploy, but it did not deploy to the intended project. You want to find out why this happened and where the application deployed. What should you do?

  • A. Check the app.yaml file for your application and check project settings.
  • B. Check the web-application.xml file for your application and check project settings.
  • C. Go to Deployment Manager and review settings for deployment of applications.
  • D. Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

Answer: A

NEW QUESTION 9
You have created a code snippet that should be triggered whenever a new file is uploaded to a Cloud Storage bucket. You want to deploy this code snippet. What should you do?

  • A. Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.
  • B. Use Cloud Functions and configure the bucket as a trigger resource.
  • C. Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.
  • D. Use Dataflow as a batch job, and configure the bucket as a data source.

Answer: A

NEW QUESTION 10
You are building an application that processes data files uploaded from thousands of suppliers. Your primary goals for the application are data security and the expiration of aged data. You need to design the application to:
•Restrict access so that suppliers can access only their own data.
•Give suppliers write access to data only for 30 minutes.
•Delete data that is over 45 days old.
You have a very short development cycle, and you need to make sure that the application requires minimal maintenance. Which two strategies should you use? (Choose two.)

  • A. Build a lifecycle policy to delete Cloud Storage objects after 45 days.
  • B. Use signed URLs to allow suppliers limited time access to store their objects.
  • C. Set up an SFTP server for your application, and create a separate user for each supplier.
  • D. Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.
  • E. Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

Answer: AE

NEW QUESTION 11
You need to monitor resources that are distributed over different projects in Google Cloud Platform. You want to consolidate reporting under the same Stackdriver Monitoring dashboard. What should you do?

  • A. Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.
  • B. For each project, create a Stackdriver accoun
  • C. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects.
  • D. Configure a single Stackdriver account, and link all projects to the same account.
  • E. Configure a single Stackdriver account for one of the project
  • F. In Stackdriver, create a Group and add the other project names as criteria for that Group.

Answer: D

NEW QUESTION 12
You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm. What should you do?

  • A. Download the private key from the service account, and add it to each VMs custom metadata.
  • B. Download the private key from the service account, and add the private key to each VM’s SSH keys.
  • C. Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.
  • D. When creating the VMs, set the service account’s API scope for Compute Engine to read/write.

Answer: C

NEW QUESTION 13
You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?

  • A. Create an instance template for the instance
  • B. Set the ‘Automatic Restart’ to o
  • C. Set the ‘On-host maintenance’ to Migrate VM instanc
  • D. Add the instance template to an instance group.
  • E. Create an instance template for the instance
  • F. Set ‘Automatic Restart’ to of
  • G. Set ‘On-host maintenance’ to Terminate VM instance
  • H. Add the instance template to an instance group.
  • I. Create an instance group for the instance
  • J. Set the ‘Autohealing’ health check to healthy (HTTP).
  • K. Create an instance group for the instanc
  • L. Verify that the ‘Advanced creation options’ setting for ‘do not retry machine creation’ is set to off.

Answer: B

NEW QUESTION 14
You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google- recommended practices to obtain the combined logs for all projects. What should you do?

  • A. Navigate to Stackdriver Logging and select resource.labels.project_id="*"
  • B. Create a Stackdriver Logging Export with a Sink destination to a BigQuery datase
  • C. Configure the table expiration to 60 days.
  • D. Create a Stackdriver Logging Export with a Sink destination to Cloud Storag
  • E. Create a lifecycle rule to delete objects after 60 days.
  • F. Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuer
  • G. Configure the table expiration to 60 days.

Answer: B

NEW QUESTION 15
Your organization uses Active Directory (AD) to manage user identities. Each user uses this identity for federated access to various on-premises systems. Your security team has adopted a policy that requires users to log into Google Cloud with their AD identity instead of their own login. You want to follow the
Google-recommended practices to implement this policy. What should you do?

  • A. Sync Identities with Cloud Directory Sync, and then enable SAML for single sign-on
  • B. Sync Identities in the Google Admin console, and then enable Oauth for single sign-on
  • C. Sync identities with 3rd party LDAP sync, and then copy passwords to allow simplified login with (he same credentials
  • D. Sync identities with Cloud Directory Sync, and then copy passwords to allow simplified login with the same credentials.

Answer: A

NEW QUESTION 16
You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site.
Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly, without prompting the user to save the file locally. What should you do?

  • A. Enable Cloud CDN on the website frontend.
  • B. Enable ‘Share publicly’ on the PDF file objects.
  • C. Set Content-Type metadata to application/pdf on the PDF file objects.
  • D. Add a label to the storage bucket with a key of Content-Type and value of application/pdf.

Answer: C

NEW QUESTION 17
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.
Associate-Cloud-Engineer dumps exhibit
Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
• Instances in tier #1 must communicate with tier #2.
• Instances in tier #2 must communicate with tier #3. What should you do?

  • A. 1. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)•Protocols: allow all
  • B. 1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow TCP: 8080
  • C. 1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow all
  • D. 1. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow TCP: 8080

Answer: B

NEW QUESTION 18
You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using UDP. You want to make sure it is reachable by clients over that port. What should you do?

  • A. Add the network tag allow-udp-636 to the VM instance running the LDAP server.
  • B. Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.
  • C. Add a network tag of your choice to the instanc
  • D. Create a firewall rule to allow ingress on UDP port 636 for that network tag.
  • E. Add a network tag of your choice to the instance running the LDAP serve
  • F. Create a firewall rule to allow egress on UDP port 636 for that network tag.

Answer: C

NEW QUESTION 19
......

100% Valid and Newest Version Associate-Cloud-Engineer Questions & Answers shared by Certshared, Get Full Dumps HERE: https://www.certshared.com/exam/Associate-Cloud-Engineer/ (New 190 Q&As)