NEW QUESTION 1

You have a Python web application with many dependencies that requires 0.1 CPU cores and 128 MB of memory to operate in production. You want to monitor and maximize machine utilization. You also to reliably deploy new versions of the application. Which set of steps should you take?

• A. Perform the following:1) Create a managed instance group with f1-micro type machines.2) Use a startup script to clone the repository, check out the production branch, install the dependencies, and start the Python app.3) Restart the instances to automatically deploy new production releases.
• B. Perform the following:1) Create a managed instance group with n1-standard-1 type machines.2) Build a Compute Engine image from the production branch that contains all of the dependencies and automatically starts the Python app.3) Rebuild the Compute Engine image, and update the instance template to deploy new production releases.
• C. Perform the following:1) Create a Kubernetes Engine cluster with n1-standard-1 type machines.2) Build a Docker image from the production branch with all of the dependencies, and tag it with the version number.3) Create a Kubernetes Deployment with the imagePullPolicy set to “IfNotPresent” in the staging namespace, and then promote it to the production namespace after testing.
• D. Perform the following:1) Create a Kubernetes Engine cluster with n1-standard-4 type machines.2) Build a Docker image from the master branch will all of the dependencies, and tag it with “latest”.3) Create a Kubernetes Deployment in the default namespace with the imagePullPolicy set to “Always”. Restart the pods to automatically deploy new production releases.

Answer: D

Explanation:
https://cloud.google.com/compute/docs/instance-templates

NEW QUESTION 2

For this question, refer to the Mountkirk Games case study.
Mountkirk Games wants to set up a real-time analytics platform for their new game. The new platform must meet their technical requirements. Which combination of Google technologies will meet all of their requirements?

• A. Container Engine, Cloud Pub/Sub, and Cloud SQL
• B. Cloud Dataflow, Cloud Storage, Cloud Pub/Sub, and BigQuery
• C. Cloud SQL, Cloud Storage, Cloud Pub/Sub, and Cloud Dataflow
• D. Cloud Dataproc, Cloud Pub/Sub, Cloud SQL, and Cloud Dataflow
• E. Cloud Pub/Sub, Compute Engine, Cloud Storage, and Cloud Dataproc

Answer: B

Explanation:
A real time requires Stream / Messaging so Pub/Sub, Analytics by Big Query.
Ingest millions of streaming events per second from anywhere in the world with Cloud Pub/Sub, powered by Google's unique, high-speed private network. Process the streams with Cloud Dataflow to ensure reliable, exactly-once, low-latency data transformation. Stream the transformed data into BigQuery, the cloud-native data warehousing service, for immediate analysis via SQL or popular visualization tools.
From scenario: They plan to deploy the game’s backend on Google Compute Engine so they can capture streaming metrics, run intensive analytics.
Requirements for Game Analytics Platform
Dynamically scale up or down based on game activity
Process incoming data on the fly directly from the game servers
Process data that arrives late because of slow mobile networks
Allow SQL queries to access at least 10 TB of historical data
Process files that are regularly uploaded by users’ mobile devices
Use only fully managed services
References: https://cloud.google.com/solutions/big-data/stream-analytics/

NEW QUESTION 3

You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN to an on-premises network. How should you deploy the VPN?

• A. Use VPC Network Peering between the VPC and the on-premises network.
• B. Expose the VPC to the on-premises network using IAM and VPC Sharing.
• C. Create a global Cloud VPN Gateway with VPN tunnels from each region to the on-premises peer gateway.
• D. Deploy Cloud VPN Gateway in each regio
• E. Ensure that each region has at least one VPN tunnel to the on-premises peer gateway.

Answer: C

Explanation:
https://cloud.google.com/vpn/docs/how-to/creating-static-vpns

NEW QUESTION 4

During a high traffic portion of the day, one of your relational databases crashes, but the replica is never promoted to a master. You want to avoid this in the future. What should you do?

• A. Use a different database.
• B. Choose larger instances for your database.
• C. Create snapshots of your database more regularly.
• D. Implement routinely scheduled failovers of your databases.

Answer: D

Explanation:
https://cloud.google.com/solutions/dr-scenarios-planning-guide

NEW QUESTION 5

You created a pipeline that can deploy your source code changes to your infrastructure in instance groups for self healing.
One of the changes negatively affects your key performance indicator. You are not sure how to fix it and investigation could take up to a week. What should you do

• A. Log in to a server, and iterate a fix locally
• B. Change the instance group template to the previous one, and delete all instances.
• C. Revert the source code change and rerun the deployment pipeline
• D. Log into the servers with the bad code change, and swap in the previous code

Answer: C

NEW QUESTION 6

Your company is using BigQuery as its enterprise data warehouse. Data is distributed over several Google Cloud projects. All queries on BigQuery need to be billed on a single project. You want to make sure that no query costs are incurred on the projects that contain the data. Users should be able to query the datasets, but not edit them.
How should you configure users’ access roles?

• A. Add all users to a grou
• B. Grant the group the role of BigQuery user on the billing project and BigQuery dataViewer on the projects that contain the data.
• C. Add all users to a grou
• D. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery user on the projects that contain the data.
• E. Add all users to a grou
• F. Grant the group the roles of BigQuery jobUser on the billing project and BigQuery dataViewer on the projects that contain the data.
• G. Add all users to a grou
• H. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery jobUser on the projects that contain the data.

Answer: A

Explanation:
Reference: https://cloud.google.com/bigquery/docs/running-queries

NEW QUESTION 7

You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?

• A. Install the latest BigQuery API client library for Python
• B. Run your script on a new virtual machine with the BigQuery access scope enabled
• C. Create a new service account with BigQuery access and execute your script with that user
• D. Install the bq component for gccloud with the command gcloud components install bq.

Answer: B

Explanation:
The error is most like caused by the access scope issue. When create new instance, you have the default Compute engine default service account but most serves access including BigQuery is not enable. Create an instance Most access are not enabled by default You have default service account but don't have the permission (scope) you can stop the instance, edit, change scope and restart it to enable the scope access. Of course, if you Run your script on a new virtual machine with the BigQuery access scope enabled, it also works
https://cloud.google.com/compute/docs/access/service-accounts

NEW QUESTION 8

You set up an autoscaling instance group to serve web traffic for an upcoming launch. After configuring the instance group as a backend service to an HTTP(S) load balancer, you notice that virtual machine (VM) instances are being terminated and re-launched every minute. The instances do not have a public IP address. You have verified the appropriate web response is coming from each instance using the curl command. You want to ensure the backend is configured correctly. What should you do?

• A. Ensure that a firewall rule exists to allow source traffic on HTTP/HTTPS to reach the load balancer.
• B. Assign a public IP to each instance and configure a firewall rule to allow the load balancer to reach the instance public IP.
• C. Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group.
• D. Create a tag on each instance with the name of the load balance
• E. Configure a firewall rule with the name of the load balancer as the source and the instance tag as the destination.

Answer: C

Explanation:
https://cloud.google.com/vpc/docs/using-firewalls
The best practice when configuration a health check is to check health and serve traffic on the same port. However, it is possible to perform health checks on one port, but serve traffic on another. If you do use two different ports, ensure that firewall rules and services running on instances are configured appropriately. If you run health checks and serve traffic on the same port, but decide to switch ports at some point, be sure to update both the backend service and the health check.
Backend services that do not have a valid global forwarding rule referencing it will not be health checked and will have no health status.
References: https://cloud.google.com/compute/docs/load-balancing/http/backend-service

NEW QUESTION 9

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?

• A. The effective policy is determined only by the policy set at the node
• B. The effective policy is the policy set at the node and restricted by the policies of its ancestors
• C. The effective policy is the union of the policy set at the node and policies inherited from its ancestors
• D. The effective policy is the intersection of the policy set at the node and policies inherited from its ancestors

Answer: B

Explanation:
Reference: https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy

NEW QUESTION 10

For this question, refer to the Mountkirk Games case study.
Mountkirk Games wants you to design their new testing strategy. How should the test coverage differ from their existing backends on the other platforms?

• A. Tests should scale well beyond the prior approaches.
• B. Unit tests are no longer required, only end-to-end tests.
• C. Tests should be applied after the release is in the production environment.
• D. Tests should include directly testing the Google Cloud Platform (GCP) infrastructure.

Answer: A

Explanation:
From Scenario:
A few of their games were more popular than expected, and they had problems scaling their application servers, MySQL databases, and analytics tools.
Requirements for Game Analytics Platform include: Dynamically scale up or down based on game activity

NEW QUESTION 11

Your web application uses Google Kubernetes Engine to manage several workloads. One workload requires a consistent set of hostnames even after pod scaling and relaunches.
Which feature of Kubernetes should you use to accomplish this?

• A. StatefulSets
• B. Role-based access control
• C. Container environment variables
• D. Persistent Volumes

Answer: A

Explanation:
https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/

NEW QUESTION 12

Your customer wants to capture multiple GBs of aggregate real-time key performance indicators (KPIs) from their game servers running on Google Cloud Platform and monitor the KPIs with low latency. How should they capture the KPIs?

• A. Store time-series data from the game servers in Google Bigtable, and view it using Google Data Studio.
• B. Output custom metrics to Stackdriver from the game servers, and create a Dashboard in Stackdriver Monitoring Console to view them.
• C. Schedule BigQuery load jobs to ingest analytics files uploaded to Cloud Storage every ten minutes, and visualize the results in Google Data Studio.
• D. Insert the KPIs into Cloud Datastore entities, and run ad hoc analysis and visualizations of them inCloud Datala

Answer: A

Explanation:
https://cloud.google.com/monitoring/api/v3/metrics-details#metric-kinds

NEW QUESTION 13

You are designing a large distributed application with 30 microservices. Each of your distributed microservices needs to connect to a database back-end. You want to store the credentials securely. Where should you store the credentials?

• A. In the source code
• B. In an environment variable
• C. In a secret management system
• D. In a config file that has restricted access through ACLs

Answer: C

Explanation:
https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application

NEW QUESTION 14

You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must not be accessible through the public Internet. What should you do?

• A. Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database.
• B. Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the onpremises database.
• C. Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database.
• D. Deploy your application on App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.

Answer: D

Explanation:
https://cloud.google.com/appengine/docs/flexible/python/using-third-party-databases

NEW QUESTION 15

Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take? Choose 2 answers

• A. Ensure every code check-in is peer reviewed by a security SME.
• B. Use source code security analyzers as part of the CI/CD pipeline.
• C. Ensure you have stubs to unit test all interfaces between components.
• D. Enable code signing and a trusted binary repository integrated with your CI/CD pipeline.
• E. Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline.

Answer: BE

Explanation:
https://docs.microsoft.com/en-us/vsts/articles/security-validation-cicd-pipeline?view=vsts

NEW QUESTION 16

The database administration team has asked you to help them improve the performance of their new database server running on Google Compute Engine. The database is for importing and normalizing their performance statistics and is built with MySQL running on Debian Linux. They have an n1-standard-8 virtual machine with 80 GB of SSD persistent disk. What should they change to get better performance from this system?

• A. Increase the virtual machine's memory to 64 GB.
• B. Create a new virtual machine running PostgreSQL.
• C. Dynamically resize the SSD persistent disk to 500 GB.
• D. Migrate their performance metrics warehouse to BigQuery.
• E. Modify all of their batch jobs to use bulk inserts into the database.

Answer: C

NEW QUESTION 17

Your company operates nationally and plans to use GCP for multiple batch workloads, including some that are not time-critical. You also need to use GCP services that are HIPAA-certified and manage service costs.
How should you design to meet Google best practices?

• A. Provisioning preemptible VMs to reduce cos
• B. Discontinue use of all GCP services and APIs that are not HIPAA-compliant.
• C. Provisioning preemptible VMs to reduce cos
• D. Disable and then discontinue use of all GCP and APIs that are not HIPAA-compliant.
• E. Provision standard VMs in the same region to reduce cos
• F. Discontinue use of all GCP services and APIs that are not HIPAA-compliant.
• G. Provision standard VMs to the same region to reduce cos
• H. Disable and then discontinue use of all GCP services and APIs that are not HIPAA-compliant.

Answer: B

Explanation:
https://cloud.google.com/security/compliance/hipaa/

NEW QUESTION 18

You want your Google Kubernetes Engine cluster to automatically add or remove nodes based on CPUload. What should you do?

• A. Configure a HorizontalPodAutoscaler with a target CPU usag
• B. Enable the Cluster Autoscaler from the GCP Console.
• C. Configure a HorizontalPodAutoscaler with a target CPU usag
• D. Enable autoscaling on the managed instance group for the cluster using the gcloud command.
• E. Create a deployment and set the maxUnavailable and maxSurge propertie
• F. Enable the Cluster Autoscaler using the gcloud command.
• G. Create a deployment and set the maxUnavailable and maxSurge propertie
• H. Enable autoscaling on the cluster managed instance group from the GCP Console.

Answer: B

NEW QUESTION 19

You are building a continuous deployment pipeline for a project stored in a Git source repository and want to ensure that code changes can be verified deploying to production. What should you do?

• A. Use Spinnaker to deploy builds to production using the red/black deployment strategy so that changes can easily be rolled back.
• B. Use Spinnaker to deploy builds to production and run tests on production deployments.
• C. Use Jenkins to build the staging branches and the master branc
• D. Build and deploy changes to production for 10% of users before doing a complete rollout.
• E. Use Jenkins to monitor tags in the repositor
• F. Deploy staging tags to a staging environment for testing.After testing, tag the repository for production and deploy that to the production environment.

Answer: D

Explanation:
Reference: https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes/blob/master/ README.md

NEW QUESTION 20
......