Google Associate Cloud Engineer (GCP) Sample Questions

Question 1. Your goal is to choose a cost-effective Google Cloud Platform solution for relational data. Working with a small set of operational data in one geographical location presents a challenge. For supporting point-in-time recovery, what would you do?

A. Cloud SQL (MySQL): Verifying that the enable binary logging option is selected
B. Cloud SQL (MySQL): Select the create failover replicas option.
C. Cloud Spanner: Setting up your instance with 2 nodes.
D. Cloud Spanner: Setting up your instance as multi-regional.

Correct Answer: A

Reference: https://cloud.google.com/sql/docs/mysql/backup-recovery/restore

Question 2. Your G-cloud configurations contain multiple configurations, and you want to look at the configuration of the Kubernetes Engine cluster of an inactive configuration using the fewest steps possible. How should you proceed?

A. G-cloud config configurations for describing and reviewing the output.
B. G-cloud config configurations for activating and G-cloud config list for reviewing the output.
C. Kubectl config get-contexts for reviewing the output.
D. Kubectl config use-context and Kubectl config view for reviewing the output.

Correct Answer: D

Reference: https://medium.com/google-cloud/kubernetes-engine-kubectl-config-b6270d2b656c

Question 3. Suppose your application looks for the licensing server at IP 10.0.3.21. If you deploy the licensing server on Compute Engine, though, you would like the application to be able to find the licensing server without modifying its configuration. How should you proceed?

A. Reserving the IP 10.0.3.21 as a static internal IP address using Gcloud and assigning it to the licensing server.
B. Reserving the IP 10.0.3.21 as a static public IP address using Gcloud and assigning it to the licensing server.
C. Using the IP 10.0.3.21 as a custom ephemeral IP address and then assigning it to the licensing server.
D. Starting the licensing server with an automatic ephemeral IP address, and then promoting it to a static internal IP address.

Correct Answer: A

Question 4. How would you deploy a Dockerfile on Kubernetes Engine?

A. Using Kubectl app deploy <dockerfilename>

B. Using G-cloud app deploy <dockerfilename>

C. Creating a docker image from the Dockerfile and uploading it to Container Registry. Creating a Deployment YAML file for pointing to that image. Using Kubectl for creating the deployment with that file.

D. Creating a docker image from the Dockerfile and uploading it to Cloud Storage. Creating a Deployment YAML file for pointing to that image. Using Kubectl for creating the deployment with that file.

Correct Answer: C

Reference: https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app

Question 5. Your development team required a new Jenkins server for their ongoing project. You need to deploy the server using the fewest steps possible. What should you do?

A. Downloading and deploying the Jenkins Java WAR to App Engine Standard.

B. Creating a new Compute Engine instance and installing Jenkins through the command-line interface.

C. Creating a Kubernetes cluster on Compute Engine and creating a deployment with the Jenkins Docker image.

D. Using GCP Marketplace for launching the Jenkins solution.

Correct Answer: D

Reference: https://cloud.google.com/solutions/using-jenkins-for-distributed-builds-on-compute-engine

Question 6. If you want to run a single binary application on the Google Cloud Platform, you can do so. Based on the underlying infrastructure’s CPU usage, you opted to scale the application automatically. In order to ensure the application scaling is as fast and cost-effective as possible, your organization’s policies require you to use virtual machines directly. How should you proceed?

A. Creating a Google Kubernetes Engine cluster, and using horizontal pod autoscaling to scale the application.
B. Creating an instance template, and using the template in a managed instance group with autoscaling configured.
C. Creating an instance template, and using the template in a managed instance group that scales up and down based on the time of day.
D. Using a set of third-party tools for building automation around scaling the application up and down, that is based on Stackdriver CPU usage monitoring.

Correct Answer: B

Question 7. You have significantly modified a Deployment Manager template and wish to confirm that all dependencies of the resources you defined in this template are met before you commit it to a project. We want to provide you with the most rapid response to these changes. How should you proceed?

A. Using granular logging statements within a Deployment Manager template authored in Python.
B. Monitoring activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
C. Executing the Deployment Manager template against a separate project with the same configuration, and monitoring for failures.
D. Executing the Deployment Manager template using the ג€” preview option in the same project, and observing the state of interdependent resources.

Correct Answer: D

Reference: https://cloud.google.com/deployment-manager/docs/deployments/updating-deployments

Question 8. Your App Engine application has a project that serves as your development environment. Having completed the testing required, you want to create a new project for use in your production environment. How should you proceed?

A. Using Gcloud for creating the new project, and then deploying your application to the new project.
B. Using Gcloud for creating the new project and for copying the deployed application to the new project.
C. Creating a Deployment Manager configuration file that copies the current App Engine deployment into a new project.
D. Deploying your application again using Gcloud and specifying the project parameter with the new project name for creating the new project.

Correct Answer: A

Question 9. If you are the project owner of a GCP project, you want your colleagues to have access to buckets and files stored in Cloud Storage. Your goal is to adhere to Google’s recommendations. How do you enroll your colleagues in IAM roles?

A. Project Editor
B. Storage Admin
C. Storage Object Admin
D. Storage Object Creator

Correct Answer: B

Question 10. In your Cloud Storage bucket, you have an object that you’d like to share with an outside company. But the object entails sensitive information. Ideally, the access should be revoked after four hours. A particular user-based access privilege cannot be granted to the external company since it does not have a Google account. Select the easiest method that is the most secure.

A. Creating a signed URL with a four-hour expiration and sharing the URL with the company.
B. Setting object access to ‘public’ and using object lifecycle management for removing the object after four hours.
C. Configuring the storage bucket as a static website and furnishing the object’s URL to the company. Deleting the object from the storage bucket after four hours.
D. Creating a new Cloud Storage bucket specifically for the external company to access. Copying the object to that bucket. Deleting the bucket after four hours have passed.

Correct Answer: A

Question 11. Your App Engine application tries to send and consume Cloud Pub/Sub messages, but the Cloud Pub/Sub API is currently unavailable. The API will require an authentication account for your application to use, but you must ensure the application is compatible with Cloud Pub/Sub. What would you do?

A. Enabling Cloud Pub/Sub API from the API Library on the GCP Console.
B. Relying on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.
C. Using Deployment Manager for deploying your application. Relying on the automatic enablement of all APIs used by the application being deployed.
D. Granting the App Engine default service account the role of Cloud Pub/Sub Admin and have your application enable the API on the first connection to Cloud Pub/ Sub.

Correct Answer: A

Question 12. How would you verify the IAM users and roles assigned within a GCP project named my-project?

A. Running Gcloud IAM roles list. Reviewing the output section.

B. Running Gcloud IAM service-accounts list. Reviewing the output section.

C. Navigating to the project and then to the IAM section in the GCP Console. Reviewing the members and roles.

D. Navigating to the project and then to the Roles section in the GCP Console. Reviewing the roles and status.

Correct Answer: C

Question 13. You want to load balance an instance group and have the load balancer terminate the SSL session for clients. Using the instance group, an HTTPS web application can be served publicly. What Google-recommended practice would you follow?

A. Configuring an HTTP(S) load balancer.
B. Configuring an internal TCP load balancer.
C. Configuring an external SSL proxy load balancer.
D. Configuring an external TCP proxy load balancer.

Correct Answer: A

Reference: https://cloud.google.com/load-balancing/docs/https/

Question 14. Your application runs on multiple virtual machines in a managed instance group and you have autoscaling enabled. According to the autoscaling policy, new instances are added to the group when CPU utilization reaches 80%. VMs are added to the instance group until the maximum of five VMs is reached or the CPU utilization of instances reaches 80%. HTTP health checks against instances are set to be delayed for 30 seconds at first.

Instances of the virtual machines are available for users in around three minutes. As your instance group auto-scales, you observe that more instances are added than are required to support the end-user traffic. Maintaining the instance group sizes during autoscaling is important. How would you do that?

A. Setting the maximum number of instances to 1.
B. Decreasing the maximum number of instances to 3.
C. Using a TCP health check instead of an HTTP health check.
D. Increasing the initial delay of the HTTP health check to 200 seconds.

Correct Answer: D

Question 15. Cloud Storage is used to host your static website. In recent months, you have begun including PDF links on this site. Currently, users are prompted to save PDF files to their local system when clicking on links to these PDF files. Rather than prompting the user to save the file locally, you want the clicked PDF files to open directly in the browser window. How would you proceed?

A. Enabling Cloud CDN on the website frontend.
B. Enabling ‘Share publicly’ on the PDF file objects.
C. Setting Content-Type metadata to application/pdf on the PDF file objects.
D. Adding a label to the storage bucket with a key of Content-Type and value of application/pdf.

Correct Answer: C

Question 16. As part of your project, you are given a single Virtual Private Cloud (VPC) and a single subnetwork in the us-central1 region. In this subnetwork, there is a Compute Engine instance hosting an application. A new instance of the same project must be deployed in the Europe-west1 region, and it needs access to the application. What Google-recommended practice would you follow?

A. 1. Setting up a subnetwork in Europe-west1 of the same VPC. 2. As the endpoint, create a new instance in the new subnetwork using the private address of the first instance.
B. 1. Creating a VPC and a subnetwork in Europe-west1. 2. Exposing the application with a load balancer internally. 3. Assigning the endpoint for the new application to the load balancer’s address in the new subnetwork.
C. 1. Creating a subnetwork in the same VPC, in Europe-west1. 2. Using Cloud VPN for connecting the two subnetworks. 3. Creating the new instance in the new subnetwork and using the first instance’s private address as the endpoint.
D. 1. Creating a VPC and also a subnetwork in Europe-west1. 2. Peering the two VPCs. 3. Creating the new instance in the new subnetwork and using the first instance’s private address as the endpoint.

Correct Answer: A

Question 17. Your website is being hosted on the App Engine standard environment. There is a new test version of your website that you want to show only 1% of users. How will you minimize complexity?

A. Deploying the newer version in the same application and then using the migrate option.
B. Deploying the new version in the same application and using the splits option for giving a weight of 99 to the current version and a weight of 1 to the new version.
C. Creating a new App Engine application in the same project. Deploying the new version in that application. Using the App Engine library for proxying 1% of the requests to the new version.
D. Creating a new App Engine application in the same project. Deploying the new version in that application. Configuring your network load balancer for sending 1% of the traffic to that new application.

Correct Answer: B

Question 18. On Cloud Run, you need to deploy an application that processes messages from a Cloud Pub/Sub topic. What Google-recommended practice would you follow?

A. 1. Creating a Cloud Function that uses a Cloud Pub/Sub trigger on that topic. 2. Calling the application on Cloud Run from the Cloud Function for every message.
B. 1. Granting the Pub/Sub Subscriber role to the service account used by Cloud Run. 2. Creating a Cloud Pub/Sub subscription for that topic. 3. Making the application pull messages from that subscription.
C. 1. Creating a service account. 2. Giving the Cloud Run Invoker role to that service account for your Cloud Run application. 3. Creating a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.
D. 1. Deploying your application on Cloud Run on GKE with the connectivity set to Internal. 2. Creating a Cloud Pub/Sub subscription for that topic. 3. In the same Google Kubernetes Engine cluster as your application, deploying a container that takes the messages and sends them to your application.

Correct Answer: D

Question 19. Cloud Spanner was used to build your Google Cloud application. It is necessary for your support team to monitor the environment, but they should not have access to table data.

A streamlined solution is necessary to grant the proper permissions to your support team, and you need to follow Google’s recommendations. What will you do?

A. Adding the support team group to the roles/monitoring.viewer role

B. Adding the support team group to the roles/spanner.database.User role.

C. Adding the support team group to the roles/spanner.database.Reader role.

D. Adding the support team group to the roles/stack driver. accounts.Viewer role.

Correct Answer: A

Question 20. Using the Deployment Manager, you create a cluster for Google Kubernetes Engine. A second deployment should be created using the same Deployment Manager DaemonSet within the Kube-system namespace. Which solution uses the fewest possible services?

A. Adding the cluster’s API as a new Type Provider in Deployment Manager, and using the new type for creating the DaemonSet.
B. Using the Deployment Manager Runtime Configurator for creating a new Config resource that contains the DaemonSet definition.
C. With Deployment Manager, creating a Compute Engine instance with a startup script that uses Kubectl for creating the DaemonSet.
D. In the cluster’s definition in Deployment Manager, adding metadata that has Kube-system as key and the DaemonSet manifest as value.

Correct Answer: A

Reference: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl

Google-Associate-Cloud-Engineer-Exam-free-practice-tests

Google Associate Cloud Engineer (GCP) Sample Questions

Question 1. Your goal is to choose a cost-effective Google Cloud Platform solution for relational data. Working with a small set of operational data in one geographical location presents a challenge. For supporting point-in-time recovery, what would you do?

Question 2. Your G-cloud configurations contain multiple configurations, and you want to look at the configuration of the Kubernetes Engine cluster of an inactive configuration using the fewest steps possible. How should you proceed?

Question 3. Suppose your application looks for the licensing server at IP 10.0.3.21. If you deploy the licensing server on Compute Engine, though, you would like the application to be able to find the licensing server without modifying its configuration. How should you proceed?

Question 4. How would you deploy a Dockerfile on Kubernetes Engine?

Question 5. Your development team required a new Jenkins server for their ongoing project. You need to deploy the server using the fewest steps possible. What should you do?

Question 7. You have significantly modified a Deployment Manager template and wish to confirm that all dependencies of the resources you defined in this template are met before you commit it to a project. We want to provide you with the most rapid response to these changes. How should you proceed?

Question 8. Your App Engine application has a project that serves as your development environment. Having completed the testing required, you want to create a new project for use in your production environment. How should you proceed?

Question 9. If you are the project owner of a GCP project, you want your colleagues to have access to buckets and files stored in Cloud Storage. Your goal is to adhere to Google’s recommendations. How do you enroll your colleagues in IAM roles?

Question 12. How would you verify the IAM users and roles assigned within a GCP project named my-project?

Question 13. You want to load balance an instance group and have the load balancer terminate the SSL session for clients. Using the instance group, an HTTPS web application can be served publicly. What Google-recommended practice would you follow?

Question 17. Your website is being hosted on the App Engine standard environment. There is a new test version of your website that you want to show only 1% of users. How will you minimize complexity?

Question 18. On Cloud Run, you need to deploy an application that processes messages from a Cloud Pub/Sub topic. What Google-recommended practice would you follow?

Question 19. Cloud Spanner was used to build your Google Cloud application. It is necessary for your support team to monitor the environment, but they should not have access to table data.

A streamlined solution is necessary to grant the proper permissions to your support team, and you need to follow Google’s recommendations. What will you do?

Question 20. Using the Deployment Manager, you create a cluster for Google Kubernetes Engine. A second deployment should be created using the same Deployment Manager DaemonSet within the Kube-system namespace. Which solution uses the fewest possible services?

Prepare for Assured Success