Google ACE Practice Tests

Questions and Answers

What is the optimal method for managing SSH access for a team responsible for Compute Engine instances?

Have each member generate an SSH key pair and send their public key to be configured manually.

Have each team member generate their own SSH key pair and add their public key to their Google account. (correct)

Generate a new SSH key pair and configure the public key in each instance's metadata.

Generate a new SSH key pair and configure the public key as a project-wide public SSH key.

Which role should be granted to a Google group for members who need administrative access to instances?

compute.instanceAdmin

compute.osAdminLogin (correct)

compute.viewer

compute.networkAdmin

What is a critical concern for the security team when managing SSH keys for instances?

Limiting access to only one SSH key for the entire team.

Ensuring that the same SSH key is used across all instances.

Determining which team member accessed a specific instance. (correct)

Automatically rotating SSH keys every month.

What is the primary advantage of allowing project-wide public SSH keys?

It reduces the number of public keys needing to be managed across instances.

When creating a custom VPC with a single subnet, what is the desired range to use for maximum capacity?

10.0.0.0/8

What type of configuration management tool can automate the deployment of SSH keys across instances?

Ansible

Why is it important for individual team members to generate their own SSH key pairs?

To enhance accountability for instance access.

Which of the following is a disadvantage of using a single shared SSH key for all team members?

Difficulties in tracking access and accountability.

Which method should you use to follow Google's recommended practices for specifying configurations?

Deployment Manager

What is the correct approach to deploy a Dockerfile on Kubernetes Engine?

Create a Docker image and a Deployment YAML file, then use kubectl

What is the fastest way to set up a new Jenkins server for your project?

Use GCP Marketplace to launch the Jenkins solution

Which command should you use to update a deployment in Deployment Manager without downtime?

gcloud deployment update

For deploying a Jenkins server with minimal steps, which option is the least efficient?

Download and deploy Jenkins Java WAR manually

Which method allows automatic deployment configurations in Google Cloud?

Deployment Manager

What must you do to ensure a seamless update of a deployment in Deployment Manager?

Use a rolling update strategy

Which deployment strategy is best for quick setups in Google Cloud?

Using Pre-configured Solutions from Marketplace

What is the most effective way to determine why an App Engine application did not deploy to the intended project?

Go to Cloud Shell and run gcloud config list.

To ensure 10 Compute Engine instances automatically restart if they crash and remain highly available during maintenance, what setting should be configured?

Set 'Automatic Restart' to on and 'On-host maintenance' to Migrate.

What key feature should be used for the instances to maintain availability even during maintenance events?

Instance group with 'On-host maintenance' set to Migrate.

Which option is NOT required when configuring an instance template for handling crashes in Compute Engine?

Specifying the machine type in advanced settings.

Which configuration minimizes downtime for Compute Engine instances during system maintenance?

Enable automatic restarts and set maintenance to Migrate.

Which command helps to verify the Google Cloud configuration for App Engine deployment?

gcloud config list

For a Compute Engine instance to automatically recover from crashes, which health condition must be set?

Health check must use HTTP and return a healthy status.

What happens to an instance if 'On-host maintenance' is set to Terminate?

The instance is deleted and cannot be recovered.

What user role should be assigned to the group for BigQuery access?

BigQuery dataViewer role

What is the main task involved in enabling communication between tiers in the given scenario?

Creating an ingress firewall rule for all instances

Which tier must communicate with tier #2 in the described infrastructure?

Tier #1

In the recommended firewall rule, what should the source filter be for the communication from tier #1 to tier #2?

Internal IP range 10.0.1.0/24

What protocol needs to be allowed for communication between tier #2 and tier #3?

TCP:8080

What is the main purpose of the service accounts assigned to each tier?

To facilitate inter-tier communication

If you want to restrict tier #2's communication to only tier #3, which configuration should you ensure?

Use the service account for tier #2 as the source filter

What additional adjustment might be necessary for the firewall rules in a secure environment?

Limit access to only specified service accounts

What is the purpose of creating a custom route advertisement using Cloud Router?

To announce a specific network to an on-premises network.

What is the recommended practice for processing messages from a Cloud Pub/Sub topic on Cloud Run?

Create a push subscription that uses a service account for your Cloud Run application.

Which option best minimizes costs when deploying a low-traffic containerized application?

Deploy the container on Cloud Run.

How should you configure a DNS server in your on-premises network for *.googleapis.com?

As a CNAME record pointing to restricted.googleapis.com.

What is the initial step to take for creating a Cloud Pub/Sub subscription for a Cloud Run application?

Grant the Cloud Run service account the Pub/Sub Subscriber role.

Which deployment option utilizes Kubernetes for processing Pub/Sub messages effectively?

Deploy on GKE and use a cluster for internal message routing.

In a scenario where you have deployed an application on Cloud Run, what role must be assigned to the service account used by Cloud Run?

Cloud Run Invoker role for triggering Cloud Run services.

What configuration should be avoided when deploying a low-frequency HTTP endpoint application?

Implementing GKE with cluster autoscaling enabled.

Study Notes

Google Cloud Practice Test Highlights

• Google Account Access Management: Grant the compute.osAdminLogin role to Google group members for SSH access, allowing individual public key management.
• Custom VPC Creation: Use Deployment Manager to create a custom VPC with a single large subnet, adhering to Google's best practices.
• Kubernetes Deployment: Deploy a Dockerfile by creating a Docker image, uploading it to Container Registry, and using a Deployment YAML file along with kubectl.
• Jenkins Server Deployment: Simplest deployment of Jenkins server is through GCP Marketplace, enabling quick setup with minimal steps.
• Deployment Manager Updates: To avoid downtime, use the specific command for rolling updates in Deployment Manager.
• App Engine Deployment Analysis: For deployment issues, check Google Cloud configuration with the gcloud config list command in Cloud Shell.
• Compute Engine Instance Configuration: For high availability with automatic restart during maintenance, use instance groups with Autohealing health checks configured.
• Service Account Communication: Establish TCP communication between different tiers in Compute Engine through specific ingress firewall rules targeting service accounts.
• Cloud Run and Pub/Sub Integration: For Cloud Run applications processing Pub/Sub messages, grant the service account the Cloud Run Invoker role and create a subscription that uses this service account as the push endpoint.
• Cost-Effective Application Deployment: For minimal cost applications with low HTTP request traffic, deploy on Cloud Run instead of GKE or App Engine Flexible.

Description

Prepare for the Google Associate Cloud Engineer certification with these practice tests. This quiz covers essential concepts and scenarios related to managing Compute Engine instances efficiently and securely within a company. Test your knowledge and readiness for the certification exam.