Associate-Cloud-Engineer | All About Highest Quality Associate-Cloud-Engineer Training Tools

Passleader offers free demo for Associate-Cloud-Engineer exam. "Google Cloud Certified - Associate Cloud Engineer", also known as Associate-Cloud-Engineer exam, is a Google Certification. This set of posts, Passing the Google Associate-Cloud-Engineer exam, will help you answer those questions. The Associate-Cloud-Engineer Questions & Answers covers all the knowledge points of the real exam. 100% real Google Associate-Cloud-Engineer exams and revised by experts!

Free Associate-Cloud-Engineer Demo Online For Google Certifitcation:

NEW QUESTION 1
Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range 172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?

  • A. Modify the existing subnet range to 172.16.20.0/24.
  • B. Create a new Secondary IP Range in the VPC and configure the VMs to use that range.
  • C. Create a new VPC network for the VM
  • D. Enable VPC Peering between the VMs’ VPC network and the Dataproc cluster VPC network.
  • E. Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC networ
  • F. Configure a custom Route exchange.

Answer: B

Explanation:
A subnet has a single primary IP address range and, optionally, one or more secondary IP address ranges. For each subnet IP address range, Google Cloud creates a subnet route. When you use VPC Network Peering, Google Cloud always exchanges the subnet routes that don't use privately reused public IP addresses between the two peered networks. If firewall rules in each network permit communication, VM instances in one network can communicate with instances in the peered network.

NEW QUESTION 2
You need to create a new billing account and then link it with an existing Google Cloud Platform project. What should you do?

  • A. Verify that you are Project Billing Manager for the GCP projec
  • B. Update the existing project to link it to the existing billing account.
  • C. Verify that you are Project Billing Manager for the GCP projec
  • D. Create a new billing account and linkthe new billing account to the existing project.
  • E. Verify that you are Billing Administrator for the billing accoun
  • F. Create a new project and link the new project to the existing billing account.
  • G. Verify that you are Billing Administrator for the billing accoun
  • H. Update the existing project to link it to the existing billing account.

Answer: C

NEW QUESTION 3
You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same Deployment Manager deployment, you also want to create a DaemonSet in the kube-system namespace of the cluster. You want a solution that uses the fewest possible services. What should you do?

  • A. Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.
  • B. Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.
  • C. With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.
  • D. In the cluster’s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.

Answer: C

NEW QUESTION 4
Your customer has implemented a solution that uses Cloud Spanner and notices some read latency-related performance issues on one table. This table is accessed only by their users using a primary key. The table schema is shown below.
Associate-Cloud-Engineer dumps exhibit
You want to resolve the issue. What should you do?
Associate-Cloud-Engineer dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: D

NEW QUESTION 5
You are building an archival solution for your data warehouse and have selected Cloud Storage to archive your data. Your users need to be able to access this archived data once a quarter for some regulatory requirements. You want to select a cost-efficient option. Which storage option should you use?

  • A. Cold Storage
  • B. Nearline Storage
  • C. Regional Storage
  • D. Multi-Regional Storage

Answer: B

Explanation:
Nearline, Coldline, and Archive offer ultra low-cost, highly-durable, highly available archival storage. For data accessed less than once a year, Archive is a cost-effective storage option for long-term preservation of data.
Coldline is also ideal for cold storage—data your business expects to touch less than once a quarter. For warmer storage, choose Nearline: data you expect to access less than once a month, but possibly multiple times throughout the year. All storage classes are available across all GCP regions and provide unparalleled sub-second access speeds with a consistent API.

NEW QUESTION 6
You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions. You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?

  • A. Create a single budget for all projects and configure budget alerts on this budget.
  • B. Create a separate billing account per sandbox project and enable BigQuery billing export
  • C. Create a Data Studio dashboard to plot the spending per billing account.
  • D. Create a budget per project and configure budget alerts on all of these budgets.
  • E. Create a single billing account for all sandbox projects and enable BigQuery billing export
  • F. Create a Data Studio dashboard to plot the spending per project.

Answer: C

NEW QUESTION 7
You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application. You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce-network, that has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE. You want to minimize effort. What should you do?

  • A. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.
  • B. 1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.
  • C. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created.
  • D. 1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

Answer: A

NEW QUESTION 8
You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?

  • A. Enable the Node Auto-Repair feature for your GKE cluster.
  • B. Enable the Node Auto-Upgrades feature for your GKE cluster.
  • C. Select the latest available cluster version for your GKE cluster.
  • D. Select “Container-Optimized OS (cos)” as a node image for your GKE cluster.

Answer: B

NEW QUESTION 9
You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?

  • A. Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.
  • B. Add the auditors group to two new custom IAM roles.
  • C. Add the auditor user accounts to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.
  • D. Add the auditor user accounts to two new custom IAM roles.

Answer: C

NEW QUESTION 10
You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?

  • A. Create a single custom VPC with 2 subnet
  • B. Create each subnet in a different region and with a different CIDR range.
  • C. Create a single custom VPC with 2 subnet
  • D. Create each subnet in the same region and with the same CIDR range.
  • E. Create 2 custom VPCs, each with a single subne
  • F. Create each subnet is a different region and with a different CIDR range.
  • G. Create 2 custom VPCs, each with a single subne
  • H. Create each subnet in the same region and with the same CIDR range.

Answer: A

NEW QUESTION 11
You are migrating a production-critical on-premises application that requires 96 vCPUs to perform its task. You want to make sure the application runs in a similar environment on GCP. What should you do?

  • A. When creating the VM, use machine type n1-standard-96.
  • B. When creating the VM, use Intel Skylake as the CPU platform.
  • C. Create the VM using Compute Engine default setting
  • D. Use gcloud to modify the running instance to have 96 vCPUs.
  • E. Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

Answer: C

NEW QUESTION 12
You are running an application on multiple virtual machines within a managed instance group and have autoscaling enabled. The autoscaling policy is configured so that additional instances are added to the group if the CPU utilization of instances goes above 80%. VMs are added until the instance group reaches its maximum limit of five VMs or until CPU utilization of instances lowers to 80%. The initial delay for HTTP health checks against the instances is set to 30 seconds. The virtual machine instances take around three minutes to become available for users. You observe that when the instance group autoscales, it adds more instances then necessary to support the levels of end-user traffic. You want to properly maintain instance group sizes when autoscaling. What should you do?

  • A. Set the maximum number of instances to 1.
  • B. Decrease the maximum number of instances to 3.
  • C. Use a TCP health check instead of an HTTP health check.
  • D. Increase the initial delay of the HTTP health check to 200 seconds.

Answer: D

NEW QUESTION 13
You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?

  • A. Run gcloud iam roles lis
  • B. Review the output section.
  • C. Run gcloud iam service-accounts lis
  • D. Review the output section.
  • E. Navigate to the project and then to the IAM section in the GCP Consol
  • F. Review the members and roles.
  • G. Navigate to the project and then to the Roles section in the GCP Consol
  • H. Review the roles and status.

Answer: D

NEW QUESTION 14
Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

  • A. Create the instance without a public IP address.
  • B. Create the instance with Private Google Access enabled.
  • C. Create a deny-all egress firewall rule on the VPC network.
  • D. Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

Answer: B

Explanation:
Get private access to Google services, such as storage, big data, analytics, or machine learning, without having to give your service a public IP address. Reference: https://cloud.google.com/vpc

NEW QUESTION 15
You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

  • A. Configure an HTTP(S) load balancer.
  • B. Configure an internal TCP load balancer.
  • C. Configure an external SSL proxy load balancer.
  • D. Configure an external TCP proxy load balancer.

Answer: A

NEW QUESTION 16
You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

  • A. Open the Cloud Spanner console to review configurations.
  • B. Open the IAM & admin console to review IAM policies for Cloud Spanner roles.
  • C. Go to the Stackdriver Monitoring console and review information for Cloud Spanner.
  • D. Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Answer: B

NEW QUESTION 17
You have an application that looks for its licensing server on the IP 10.0.3.21. You need to deploy the licensing server on Compute Engine. You do not want to change the configuration of the application and want the application to be able to reach the licensing server. What should you do?

  • A. Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.
  • B. Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server.
  • C. Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server.
  • D. Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address.

Answer: A

NEW QUESTION 18
You are using Google Kubernetes Engine with autoscaling enabled to host a new application. You want to expose this new application to the public, using HTTPS on a public IP address. What should you do?

  • A. Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.
  • B. Create a Kubernetes Service of type ClusterIP for your applicatio
  • C. Configure the public DNS name of your application using the IP of this Service.
  • D. Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluste
  • E. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.
  • F. Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application.Forward the public traffic to HAProxy with an iptable rul
  • G. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Answer: A

NEW QUESTION 19
Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.
Associate-Cloud-Engineer dumps exhibit
Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
• Instances in tier #1 must communicate with tier #2.
• Instances in tier #2 must communicate with tier #3. What should you do?

  • A. 1. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)•Protocols: allow all
  • B. 1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow TCP: 8080
  • C. 1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow all
  • D. 1. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow TCP: 8080

Answer: B

NEW QUESTION 20
......

100% Valid and Newest Version Associate-Cloud-Engineer Questions & Answers shared by Downloadfreepdf.net, Get Full Dumps HERE: https://www.downloadfreepdf.net/Associate-Cloud-Engineer-pdf-download.html (New 190 Q&As)