NEW QUESTION 1
You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The object should be kept for three years, and you need to minimize cost. What should you do?

• A. Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.
• B. Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.
• C. Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.
• D. Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Answer: A

NEW QUESTION 2
You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes. Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?

• A. Fill in local SS
• B. Fill in persistent disk storage and snapshot storage.
• C. Fill in local SS
• D. Add estimated cost for cluster management.
• E. Select Add GPU
• F. Fill in persistent disk storage and snapshot storage.
• G. Select Add GPU
• H. Add estimated cost for cluster management.

Answer: C

NEW QUESTION 3
You manage three Google Cloud projects with the Cloud Monitoring API enabled. You want to follow Google-recommended practices to visualize CPU and network metrics for all three projects together. What should you do?

• A. * 1. Create a Cloud Monitoring Dashboard* 2. Collect metrics and publish them into the Pub/Sub topics 3. Add CPU and network Charts (or each of (he three projects
• B. * 1. Create a Cloud Monitoring Dashboard.* 2. Select the CPU and Network metrics from the three projects.* 3. Add CPU and network Charts lot each of the three protects.
• C. * 1 Create a Service Account and apply roles/viewer on the three projects* 2. Collect metrics and publish them lo the Cloud Monitoring API* 3. Add CPU and network Charts for each of the three projects.
• D. * 1. Create a fourth Google Cloud project* 2 Create a Cloud Workspace from the fourth project and add the other three projects

Answer: B

NEW QUESTION 4
You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

• A. Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
• B. Create a Kubernetes Service of type ClusterIP for your applicatio
• C. Configure the public DNS name of your application using the IP of this Service.
• D. Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluste
• E. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
• F. Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application.Forward the public traffic to HAProxy with an iptable rul
• G. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Answer: A

NEW QUESTION 5
Your company publishes large files on an Apache web server that runs on a Compute Engine instance. The Apache web server is not the only application running in the project. You want to receive an email when the egress network costs for the server exceed 100 dollars for the current month as measured by Google Cloud Platform (GCP). What should you do?

• A. Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notificationtype of “email.”
• B. Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”
• C. Export the billing data to BigQuer
• D. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollar
• E. Schedule the Cloud Function using Cloud Scheduler to run hourly.
• F. Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging.Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollar
• G. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Answer: D

NEW QUESTION 6
You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do?

• A. Create a Cloud Bigtable cluster and use the HBase API
• B. Deploy MongoDB Alias from the Google Cloud Marketplace
• C. Download a MongoDB installation package and run it on Compute Engine instances
• D. Download a MongoDB installation package, and run it on a Managed Instance Group

Answer: D

NEW QUESTION 7
You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

• A. Enable API and then share charts from project A, B, and C.
• B. Enable API and then give the metrics.reader role to projects A, B, and C.
• C. Enable API and then use default dashboards to view all projects in sequence.
• D. Enable API, create a workspace under project A, and then add project B and C.

Answer: D

NEW QUESTION 8
You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?

• A. Change the default region property setting in the existing GCP project to asia-northeast1.
• B. Change the region property setting in the existing App Engine application from us-central to asia-northeast1.
• C. Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.
• D. Create a new GCP project and create an App Engine application inside this new projec
• E. Specify asia-northeast1 as the region to serve your application.

Answer: C

NEW QUESTION 9
You have an application that looks for its licensing server on the IP 10.0.3.21. You need to deploy the licensing server on Compute Engine. You do not want to change the configuration of the application and want the application to be able to reach the licensing server. What should you do?

• A. Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.
• B. Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server.
• C. Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server.
• D. Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address.

Answer: A

NEW QUESTION 10
You have a Google Cloud Platform account with access to both production and development projects. You need to create an automated process to list all compute instances in development and production projects on a daily basis. What should you do?

• A. Create two configurations using gcloud confi
• B. Write a script that sets configurations as active, individuall
• C. For each configuration, use gcloud compute instances list to get a list of compute resources.
• D. Create two configurations using gsutil confi
• E. Write a script that sets configurations as active,individuall
• F. For each configuration, use gsutil compute instances list to get a list of compute resources.
• G. Go to Cloud Shell and export this information to Cloud Storage on a daily basis.
• H. Go to GCP Console and export this information to Cloud SQL on a daily basis.

Answer: A

NEW QUESTION 11
Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?

• A. Modify the existing subnet range to 172.16.20.0/24.
• B. Create a new Secondary IP Range in the VPC and configure the VMs to use that range.
• C. Create a new VPC network for the VM
• D. Enable VPC Peering between the VMs’ VPC network and the Dataproc cluster VPC network.
• E. Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC networ
• F. Configure a custom Route exchange.

Answer: B

Explanation:
A subnet has a single primary IP address range and, optionally, one or more secondary IP address ranges. For each subnet IP address range, Google Cloud creates a subnet route. When you use VPC Network Peering, Google Cloud always exchanges the subnet routes that don't use privately reused public IP addresses between the two peered networks. If firewall rules in each network permit communication, VM instances in one network can communicate with instances in the peered network.

NEW QUESTION 12
You are the organization and billing administrator for your company. The engineering team has the Project Creator role on the organization. You do not want the engineering team to be able to link projects to the billing account. Only the finance team should be able to link a project to a billing account, but they should not be able
to make any other changes to projects. What should you do?

• A. Assign the finance team only the Billing Account User role on the billing account.
• B. Assign the engineering team only the Billing Account User role on the billing account.
• C. Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.
• D. Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Answer: D

NEW QUESTION 13
The sales team has a project named Sales Data Digest that has the ID acme-data-digest You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?

• A. Grant the Project Editor role to the Marketing learn for acme data digest
• B. Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team
• C. Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there
• D. Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team.

Answer: C

NEW QUESTION 14
You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

• A. Use the GCP Console to transfer the file instead of gsutil.
• B. Enable parallel composite uploads using gsutil on the file transfer.
• C. Decrease the TCP window size on the machine initiating the transfer.
• D. Change the storage class of the bucket from Nearline to Multi-Regional.

Answer: B

NEW QUESTION 15
You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers’ Pods. What should you do?

• A. Use Binary Authorization and whitelist only the container images used by your customers’ Pods.
• B. Use the Container Analysis API to detect vulnerabilities in the containers used by your customers’ Pods.
• C. Create a GKE node pool with a sandbox type configured to gviso
• D. Add the parameter runtimeClassName: gvisor to the specification of your customers’ Pods.
• E. Use the cos_containerd image for your GKE node
• F. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers’ Pods.

Answer: C

NEW QUESTION 16
You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

• A. Set metadata to enable-oslogin=true for the instanc
• B. Grant the dev1 group the compute.osLogin role.Direct them to use the Cloud Shell to ssh to that instance.
• C. Set metadata to enable-oslogin=true for the instanc
• D. Set the service account to no service account for that instanc
• E. Direct them to use the Cloud Shell to ssh to that instance.
• F. Enable block project wide keys for the instanc
• G. Generate an SSH key for each user in the dev1 group.Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
• H. Enable block project wide keys for the instanc
• I. Generate an SSH key and associate the key with that instanc
• J. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

Answer: D

NEW QUESTION 17
You have a workload running on Compute Engine that is critical to your business. You want to ensure that the data on the boot disk of this workload is backed up regularly. You need to be able to restore a backup as quickly as possible in case of disaster. You also want older backups to be cleaned automatically to save on cost. You want to follow Google-recommended practices. What should you do?

• A. Create a Cloud Function to create an instance template.
• B. Create a snapshot schedule for the disk using the desired interval.
• C. Create a cron job to create a new disk from the disk using gcloud.
• D. Create a Cloud Task to create an image and export it to Cloud Storage.

Answer: B

NEW QUESTION 18
You’ve deployed a microservice called myapp1 to a Google Kubernetes Engine cluster using the YAML file specified below:

You need to refactor this configuration so that the database password is not stored in plain text. You want to follow Google-recommended practices. What should you do?

• A. Store the database password inside the Docker image of the container, not in the YAML file.
• B. Store the database password inside a Secret objec
• C. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.
• D. Store the database password inside a ConfigMap objec
• E. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.
• F. Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.

Answer: C

NEW QUESTION 19
You have a web application deployed as a managed instance group. You have a new version of the application to gradually deploy. Your web application is currently receiving live web traffic. You want to ensure that the available capacity does not decrease during the deployment. What should you do?

• A. Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1.
• B. Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.
• C. Create a new managed instance group with an updated instance templat
• D. Add the group to the backend service for the load balance
• E. When all instances in the new managed instance group are healthy, delete the old managed instance group.
• F. Create a new instance template with the new application versio
• G. Update the existing managed instance group with the new instance templat
• H. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template.

Answer: B

NEW QUESTION 20
You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive data. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?

• A. Create a signed URL with a four-hour expiration and share the URL with the company.
• B. Set object access to ‘public’ and use object lifecycle management to remove the object after four hours.
• C. Configure the storage bucket as a static website and furnish the object’s URL to the compan
• D. Delete the object from the storage bucket after four hours.
• E. Create a new Cloud Storage bucket specifically for the external company to acces
• F. Copy the object to that bucke
• G. Delete the bucket after four hours have passed.

Answer: A

NEW QUESTION 21
......