Untitled Quiz

Questions and Answers

D.Store game statistics in a Bigtable database partitioned by username.Which of these options are best suited for storing game statistics in a Bigtable database partitioned by username?

Bigtable (correct)

Cloud Spanner

Firestore

Cloud SQL

You are building an application that stores relational data from users. Users across the globe will use this application. Your CTO is concerned about the scaling requirements because the size of the user base is unknown. You need to implement a database solution that can scale with your user growth with minimum configuration changes. Which storage solution should you use?

Cloud SQL

Bigtable

Firestore

Cloud Spanner (correct)

Your company has multiple projects linked to a single billing account in Google Cloud. You need to visualize the costs with specific metrics that should be dynamically calculated based on company-specific criteria. You want to automate the process. What should you do?

In the Google Cloud console, Visualize the costs related to the projects in the Cost breakdown section.

Configure Cloud Billing data export to BigQuery for the billing account. Create a Looker Studio dashboard on top of the BigQuery export. (correct)

In the Google Cloud console, use the export functionality of the Cost table. Create a Looker Studio dashboard on top of the CSV export.

In the Google Cloud console, Visualize the costs related to the projects in the Reports section.

You have an application that runs on Compute Engine VM instances in a custom Virtual Private Cloud (VPC). Your company's security policies only allow the use of internal IP addresses on VM instances and do not let VM instances connect to the internet. You need to ensure that the application can access a file hosted in a Cloud Storage bucket within your project. What should you do?

Enable Private Google Access on the subnet within the custom VPC.

Your company completed the acquisition of a startup and is now merging the IT systems of both companies. The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is billed to your organization. You want to accomplish this task with minimal effort. What should you do?

Use the projects.move method to move the project to your organization. Update the billing account of the project to that of your organization.

All development (dev) teams in your organization are located in the United States. Each dev team has its own Google Cloud project. You want to restrict access so that each dev team can only create cloud resources in the United States (US). What should you do?

Create a folder to contain all the dev projects. Create an organization policy to limit resources in US locations.

You are configuring Cloud DNS. You want to create DNS records to point home.mydomain.com, mydomain.com, and www.mydomain.com to the IP address of your Google Cloud load balancer. What should you do?

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

You have two subnets (subnet-a and subnet-b) in the default VPC. Your database servers are running in subnet-a. Your application servers and web servers are running in subnet-b. You want to configure a firewall rule that only allows database traffic from the application servers to the database servers. What should you do?

Create service accounts sa-app and sa-db. - Associate service account sa-app with the application servers and the service account sa-db with the database servers. - Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.

Your team wants to deploy a specific content management system (CMS) solution to Google Cloud. You need a quick and easy way to deploy and install the solution. What should you do?

Search for the CMS solution in Google Cloud Marketplace. Deploy the solution directly from Cloud Marketplace.

You are working for a startup that was officially registered as a business 6 months ago. As your customer base grows, your use of Google Cloud increases. You want to allow all engineers to create new projects without asking them for their credit card information. What should you do?

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

Your continuous integration and delivery (CI/CD) server can't execute Google Cloud actions in a specific project because of permission issues. You need to validate whether the used service account has the appropriate roles in the specific project. What should you do?

Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.

Your team is using Linux instances on Google Cloud. You need to ensure that your team logs in to these instances in the most secure and cost efficient way. What should you do?

Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

Create a custom role, and add all the required compute.disks.list and compute.images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

You are running a web application on Cloud Run for a few hundred users. Some of your users complain that the initial web page of the application takes much longer to load than the following pages. You want to follow Google's recommendations to mitigate the issue. What should you do?

Set the minimum number of instances for your Cloud Run service to 3.

You are building a data lake on Google Cloud for your Internet of Things (IoT) application. The loT application has millions of sensors that are constantly streaming structured and unstructured data to your backend in the cloud. You want to build a highly available and resilient architecture based on Google-recommended practices. What should you do?

Stream data to Pub/Sub, and use Dataflow to send data to Cloud Storage.

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20, and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/18.

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company's security policy also restricts developer permissions to Compute Engine, Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

Add all developers to a Google group in Cloud Identity. Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level. Assign the custom role to the Google group.

You are working for a hospital that stores its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

Create a script that uses the gcloud storage command to synchronize the on-premises storage with Cloud Storage, Schedule the script as a cron job.

Your company has an internal application for managing transactional orders. The application is used exclusively by employees in a single physical location. The application requires strong consistency, fast queries, and ACID guarantees for multi-table transactional updates. The first version of the application is implemented in PostgreSQL, and you want to deploy it to the cloud with minimal code changes. Which database is most appropriate for this application?

Cloud SQL

Your company runs one batch process in an on-premises server that takes around 30 hours to complete. The task runs monthly, can be performed offline, and must be restarted if interrupted. You want to migrate this workload to the cloud while minimizing cost. What should you do?

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

You are planning to migrate the following on-premises data management solutions to Google Cloud: •One MySQL cluster for your main database •Apache Kafka for your event streaming platform •One Cloud SQL for PostgreSQL database for your analytical and reporting needsYou want to implement Google-recommended solutions for the migration. You need to ensure that the new solutions provide global scalability and require minimal operational and infrastructure management. What should you do?

Migrate from MySQL to Cloud Spanner, from Kafka to Pub/Sub, and from Cloud SQL for PostgreSQL to BigQuery.

During a recent audit of your existing Google Cloud resources, you discovered several users with email addresses outside of your Google Workspace domain. You want to ensure that your resources are only shared with users whose email addresses match your domain. You need to remove any mismatched users, and you want to avoid having to audit your resources to identify mismatched users. What should you do?

Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

Your application is running on Google Cloud in a managed instance group (MIG). You see errors in Cloud Logging for one VM that one of the processes is not responsive. You want to replace this VM in the MIG quickly. What should you do?

Use the gcloud compute instance-groups managed recreate-instances command to recreate the VM.

You want to permanently delete a Pub/Sub topic managed by Config Connector in your Google Cloud project. What should you do?

Use kubectl to delete the topic resource.

Your company is using Google Workspace to manage employee accounts. Anticipated growth will increase the number of personnel from 100 employees to 1,000 employees within 2 years. Most employees will need access to your company's Google Cloud account. The systems and processes will need to support 10x growth without performance degradation, unnecessary complexity, or security issues. What should you do?

Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation.

You want to host your video encoding software on Compute Engine. Your user base is growing rapidly, and users need to be able to encode their videos at any time without interruption or CPU limitations. You must ensure that your encoding solution is highly available, and you want to follow Google-recommended practices to automate operations. What should you do?

Deploy your solution to an instance group, and set the autoscaling based on CPU utilization.

Your managed instance group raised an alert stating that new instance creation has failed to create new instances. You need to solve the instance creation problem. What should you do?

Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names.

You have created an application that is packaged into a Docker image. You want to deploy the Docker image as a workload on Google Kubernetes Engine. What should you do?

Upload the image to Artifact Registry and create a Kubernetes Deployment referencing the image.

You are using Looker Studio to visualize a table from your data warehouse that is built on top of BigQuery. Data is appended to the data warehouse during the day. At night, the daily summary is recalculated by overwriting the table. You just noticed that the charts in Looker Studio are broken, and you want to analyze the problem. What should you do?

Use the BigQuery interface to review the nightly job and look for any errors.

You have a batch workload that runs every night and uses a large number of virtual machines (VMs). It is fault-tolerant and can tolerate some of the VMs being terminated. The current cost of VMs is too high. What should you do?

Run a test using simulated maintenance events. If the test is successful, use Spot N2 Standard VMs when running future jobs.

You created several resources in multiple Google Cloud projects. All projects are linked to different billing accounts. To better estimate future charges, you want to have a single visual representation of all costs incurred. You want to include new cost data as soon as possible. What should you do?

Configure Billing Data Export to BigQuery and visualize the data in Looker Studio.

Study Notes

Cloud Platform Study Notes

• D.Store game statistics in a Bigtable database partitioned by username.

  • Best option for optimal gaming performance globally without complexity is Cloud Spanner
  • Cloud Spanner is a globally distributed, horizontally scalable database service.
  • Offers strong consistency guarantees, high availability, and automatic scaling.
  • Suitable for storing user data mapped to game statistics.

• Question: 200

  • Building an application with a large user base, global users, and needing a solution that scales with minimal configuration changes.
  • The best choice is Cloud Spanner.

• Question: 201

  • Need to visualize costs with company-specific criteria in multiple projects that are linked in Google Cloud
  • Configure Cloud Billing data export to BigQuery
  • Create a Looker Studio dashboard on top of BigQuery export for visualization of costs based on the specific metrics.

• Question: 202

  • Application running on Compute Engine VM instances in a custom VPC, with security policies requiring only internal IP addresses.
  • Need to access a Cloud Storage bucket within the same project
  • Enable Private Google Access on the subnet within the custom VPC
  • A VPC feature allowing access to Google services and APIs

• Question: 203

  • Merging IT systems from an acquired startup
  • Use projects.move method to move the project to your organization.
  • Update the billing account of the project to your organization's account for seamless integration.

• Question: 204

  • Limiting resource creation to the United States (US) for dev teams within an organization.
  • Create a folder to contain all dev projects.
  • Create an organization policy within the folder to limit resources to the US locations.

• Question: 205

  • Configuring Cloud DNS to point specific domain names to a Google Cloud load balancer
  • Create one A record to point the primary domain to the load balancer.
  • Create two CNAME records to point subdomains to respective domains.

• Question: 206

  • Configuring a firewall rule for database traffic from application servers to database servers.
  • Create two service accounts—sa-app and sa-db—associating with application servers and database servers respectively.
  • Create an ingress firewall rule to allow network traffic from sa-app to sa-db.

• Question: 207

  • Deploying a specific content management system (CMS) solution on Google Cloud
  • Use the Google Cloud Marketplace for quick deployment.

• Question: 208

  • Allowing engineers to create projects without credit card information.
  • Create a billing account.
  • Associate a payment method with it.
  • Grant permissions to project creators to associate projects with the billing account.

• Question: 209

  • Verifying service account roles for a CI/CD server.
  • Check Identity and Access Management (IAM) roles assigned to the service account.

• Question: 210

  • Secure and cost-effective login to Linux instances on Google Cloud.
  • Use the gcloud compute ssh command with the --tunnel-through-iap flag.
  • Allow ingress traffic from a specified IP range on port 22.

• Question: 211

  • Granting external member list access to compute images and disks in Google Cloud projects.
  • Create a custom role with the necessary compute.disks.list and compute.images.list permissions.
  • Grant the custom role to the user

• Question: 212

  • Slow initial load times for web applications created in Cloud Run.
  • Set the minimum number of instances for Cloud Run

• Question: 213

  • Building a data lake for an application with millions of sensors streaming structured and unstructured data.
  • Stream data to Pub/Sub using a scalable message queue
  • Use Dataflow to consume data from Pub/Sub and store in Cloud Storage for high availability.

• Question: 214

  • Running out of primary internal IP addresses for virtual machines in a custom VPC
  • Add a secondary IP range to the subnet to accommodate additional addresses.

• Question: 215

  • Implementing project permissions for all developers in the company for Compute Engine, Cloud Functions, and Cloud SQL resources
  • Create a custom role with these permissions for the organization.
  • Assign to all developers belonging to a Google Group

• Question: 216

  • Automating upload of medical images to Cloud Storage from an on-premises server.
  • Use Cloud Functions triggered by a Pub/Sub topic to transfer images.
  • Use the gcloud storage command to synchronize the on-premises storage with Cloud Storage and schedule it as a Cron job

• Question: 217

  • Implementing database solution with strong consistency, fast queries, and ACID properties for the cloud
  • Choose Cloud SQL for PostgreSQL.

• Question: 218

  • Migrating a 30-hour batch process to Google Cloud
  • Migrate the workload to a Compute Engine VM.
  • Start and potentially stop the instances as needed

• Question: 219

  • Migrating on-premises data management solutions to the Google Cloud
  • Migrate MySQL to Cloud Spanner, Kafka to PubSub, Cloud SQL (PostgreSQL) to BigQuery

• Question: 220

  • Removing users with mismatched email addresses in Google Cloud
  • Set up an organizational policy constraint to automatically remove users with mismatched domains.

• Question: 221

  • Replacing a non-responsive VM in a managed instance group (MIG) in Google Cloud.
  • Use gcloud compute instance-groups managed recreate-instances to recreate the VM.

• Question: 222

  • Permanently deleting a Pub/Sub topic managed by Config Connector.
  • Use kubectl to delete the topic resource.

• Question: 223

  • Scaling Google Cloud resources for handling a 10x growth within two years (100 employees to 1,000).
  • Utilize identity federation between Cloud Identity and Google Workspace
  • Enforce multi-factor authentication for the organization.

• Question: 224

  • Implementing a highly available video encoding solution on Compute Engine.
  • Deploy the solution in an instance group, configured for autoscaling based on CPU utilization.

• Question: 225

  • Diagnosing failures in creating new instances in a managed instance group.
  • Review the instance template to validate the configuration for correctness.

• Question: 226

  • Deploying a Docker image as a workload on GKE
  • Upload to Artifact Registry, then create a Kubernetes Deployment

• Question: 227

  • Diagnosing a broken Looker Studio report displaying BigQuery data.
  • Use the BigQuery interface to check for nightly job errors for broken charts.

• Question: 228

  • Reducing cost of virtual machine (VM) instances for a fault-tolerant batch workload that runs nightly.
  • Implement a test using simulated maintenance events to assess the resilience.
  • Replace standard VMs with the fault-tolerant Spot VMs if the test succeeds

• Question: 229

  • Consolidating cost views for multiple projects with different billing accounts.
  • Configure Billing Data Export to BigQuery and use Looker Studio dashboards for visualization.

• Question: 230

  • Migrating unstructured data from various formats to cloud
  • Use Storage Transfer Service for data migration from on-premises to Cloud Storage.

• Question: 231

  • Diagnosing application errors on a Compute Engine instance.
  • Use the Cloud Logging agent to view the application logs. The default option is not sufficient.

• Question: 232

  • Following Google-recommended practices for initial project setup
  • Use the gcloud CLI to enable the necessary Compute Engine and Cloud Storage APIs.

• Question: 233

  • Deploying pre-built Docker images on Google Cloud
  • Upload Docker images to Artifact Registry
  • Deploy to Cloud Run to ensure automatic scaling

• Question: 234

  • Designing a highly available and resilient architecture for a data lake application, with millions of sensors streaming structured and unstructured data
  • Stream data to Pub/Sub and then to Cloud Storage with Dataflow for high availability and durability.

• Question: 235

  • Setting up permissions for the DevOps group in a Google Cloud development project.
  • Create a custom IAM role restricted to Compute Engine resources.
  • Grant this role to the DevOps group in the organization.

• Question: 236

  • Migrating a complex microservice application to a serverless Google Cloud solution
  • Use the existing CI/CD pipeline to generate Docker images. Deploy them to Cloud Run, updating configurations where needed.

• Question: 237

  • Optimizing a Kubernetes cluster with multiple microservices for resource efficiency.
  • Create a node pool with compute-optimized (n1-highcpu) machine types for the image rendering microservice.

• Use a node pool with generic machine types (n2-standard) for the rest of the microservices.

• Question: 238

  • Configuring a highly available and reliable Kubernetes Engine cluster for a production application.
  • Created a GKE Autopilot cluster enrolled in the stable release channel to ensure reliability and low operational overhead.

• Question: 239

  • Implementing automated alerts for user experience issues in a Google Cloud web application
  • Use Cloud Monitoring to create an alert policy configured to send a notification when average HTTP response latency exceeds a specified duration.

• Question: 240

  • Migrating on-premises data analytics binary application to Google Cloud.
  • Lift-and-shift to a VM on Compute Engine using an instance schedule to start and stop the instances based on the processing schedule.

• Question: 241

  • Listing nodes on a GKE cluster, determining specific nodes for specific clusters

• Question: 242

  • Implementing short-term validity for service account keys.
  • Set an organization policy limiting service account key lifetimes.

• Question: 243

  • Estimating the cloud infrastructure costs for a three-tier web application on Google Cloud.
  • Use the Google Cloud Pricing Calculator to estimate costs for each component (instances, Cloud and SQL).

• Question: 244

  • Logging read and write operations in Bigtable for a company's SIEM system
  • Enable Data Read, Write, and Admin Read logs in Bigtable.
  • Configure a Pub/Sub topic as the sink destination for Cloud Logging.

• Configure appropriate organization-level policies for security compliance

• Question: 245

  • Implementing a GKE cluster with enhanced security and reduced operational costs.

  • Deploy a private autopilot cluster with shielded compute nodes.

• Question: 246

  • Migrating on-premises workloads to serverless Google Cloud solutions for efficiency
  • Migrate web application to App Engine, the backend API to Cloud Run, and the background job to Cloud Tasks for efficiency.

• Question: 247

  • Securing CI/CD pipeline on Compute Engine instances, using multiple service accounts and secrets

• Question: 248

  • Automatically changing the storage class for archived files on Cloud Storage.
  • Implement an object lifecycle policy to move files older than 30 days to Archive Storage.

• Question: 249

  • Deploying a workload on a Kubernetes cluster, optimizing for resource needs

  • Plan for varying usage patterns by using Vertical Pod Autoscaler to adjust resource usage.

• Question: 250

  • Migrating invoice documents across on-premises and cloud, with retention requirements
  • Create object versioning on the storage bucket to handle revisions. Apply lifecycle rules to transition older objects to lower-cost storage.

• Question: 251

  • Configuring proxies using environment variables

  • Set the CLOUDSDK_PROXY_USERNAME and CLOUDSDK_PROXY_PASSWORD environment variables.

• Question: 252

  • Configuring a Kubernetes Engine (GKE) cluster to optimize cost and meet the needs of different application parts with different levels of fault tolerances
  • Implement a cluster with both Spot and standard VMs to optimize cost.
  • Deploy critical applications on standard VMs.
  • Deploy less critical/non-critical applications on Spot VMs to gain cost savings.

• Question: 253

  • Deploying a new version of an application on Google Cloud, with gradual traffic allocation

• Question: 254

  • Implementing security requirements for Compute Engine instances.

• Integrate the Ops Agent to enable security monitoring, and configure proper permissions for security team visibility

• Question: 255

  • Managing revisions on Cloud Run for application updates, while minimizing outages for customers.
  • Use gradual rollouts and traffic splitting to allow for rollback if problems occur.

• Question: 256

  • Accessing a Compute Engine instance by an external consultant without Google account

• Generate an SSH key-pair for the consultant.

• Question: 257

  • Monitoring Google Cloud resources for security incidents.

  • Use Cloud Logging and Cloud Monitoring for simple monitoring and alerting for unexpected firewall changes and instance creations.

### Additional Information

• General guidelines and best practices for Google Cloud deployments were highlighted in several questions.
• Specific configurations and parameters for different GCP services and features are often directly related to the question context.