Free Associate-Cloud-Engineer Exam Braindumps

You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

1. A. Set metadata to enable-oslogin=true for the instanc
2. B. Grant the dev1 group the compute.osLogin role.Direct them to use the Cloud Shell to ssh to that instance.
3. C. Set metadata to enable-oslogin=true for the instanc
4. D. Set the service account to no service account for that instanc
5. E. Direct them to use the Cloud Shell to ssh to that instance.
6. F. Enable block project wide keys for the instanc
7. G. Generate an SSH key for each user in the dev1 group.Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
8. H. Enable block project wide keys for the instanc
9. I. Generate an SSH key and associate the key with that instanc
10. J. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

Correct Answer: A

You want to find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project. What should you do in the GCP Console?

1. A. Open the Cloud Spanner console to review configurations.
2. B. Open the IAM & admin console to review IAM policies for Cloud Spanner roles.
3. C. Go to the Stackdriver Monitoring console and review information for Cloud Spanner.
4. D. Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Correct Answer: D
https://cloud.google.com/monitoring/audit-logging

You have a Linux VM that must connect to Cloud SQL. You created a service account with the appropriate access rights. You want to make sure that the VM uses this service account instead of the default Compute Engine service account. What should you do?

1. A. When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section.
2. B. Download a JSON Private Key for the service accoun
3. C. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.
4. D. Download a JSON Private Key for the service accoun
5. E. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.
6. F. Download a JSON Private Key for the service accoun
7. G. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.

Correct Answer: A

You have 32 GB of data in a single file that you need to upload to a Nearline Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the only one on the connection. You want to use as much of the rated 1 Gbps as possible to transfer the file rapidly. How should you upload the file?

1. A. Use the GCP Console to transfer the file instead of gsutil.
2. B. Enable parallel composite uploads using gsutil on the file transfer.
3. C. Decrease the TCP window size on the machine initiating the transfer.
4. D. Change the storage class of the bucket from Nearline to Multi-Regional.

Correct Answer: B
https://cloud.google.com/storage/docs/parallel-composite-uploads https://cloud.google.com/storage/docs/uploads-downloads#parallel-composite-uploads

Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.
What should you do?

1. A. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.
2. B. Create a private zone on Cloud DNS, and configure the applications with the DNS name.
3. C. Configure the IP of the database as custom metadata for each instance, and query the metadata server.
4. D. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Correct Answer: B
Forwarding zones Cloud DNS forwarding zones let you configure target name servers for specific private
zones. Using a forwarding zone is one way to implement outbound DNS forwarding from your VPC network. A Cloud DNS forwarding zone is a special type of Cloud DNS private zone. Instead of creating records within the zone, you specify a set of forwarding targets. Each forwarding target is an IP address of a DNS server, located in your VPC network, or in an on-premises network connected to your VPC network by Cloud VPN or Cloud Interconnect.
https://cloud.google.com/nat/docs/overview
DNS configuration Your on-premises network must have DNS zones and records configured so that Google domain names resolve to the set of IP addresses for either private.googleapis.com or restricted.googleapis.com. You can create Cloud DNS managed private zones and use a Cloud DNS inbound server policy, or you can configure on-premises name servers. For example, you can use BIND or Microsoft Active Directory DNS.
https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-domain