Associate Cloud Engineer Exam#4 - Marked Exam 1
Cloud Engineering Certification Quiz
Test your knowledge and skills with our Cloud Engineering Certification Quiz! Designed for professionals preparing for their Associate Cloud Engineer Exam, this quiz offers 20 multiple choice questions that cover critical concepts and practical scenarios.
Whether you're a budding cloud engineer or looking to refresh your expertise, this quiz will help you:
- Assess your understanding of cloud technologies.
- Prepare effectively for certification.
- Identify areas for further improvement.
You're trying to provide temporary access to some files in a Cloud Storage bucket. You want to limit the time that the files are available to 10 minutes. With the fewest steps possible, what is the best way to generate a signed URL?
In the UI select the objects and click the Generate Signed URL button.
Create a service account and JSON key. Use the gsutil signurl -t 10m command and pass in the JSON key and bucket.
In the UI select the objects and click the "Sign With Key" button.
Create a service account and JSON key. Use the gsutil signurl -d 10m command and pass in the JSON key and bucket.
You've been running App Engine applications in a Standard Environment for a few weeks. With several successful deployments, you've just deployed a broken version, and the developers have gone home for the day. What is the fastest way to get the site back into a functioning state?
Have the developers fix the issue and deploy.
Use the gcloud app rollback command.
In the UI, click Traffic Splitting and direct 100% of the traffic to the previous version.
In the UI, click the Rollback button on the versions page.
Your developers have been thoroughly logging everything that happens in the API. The API allows end users to request the data as JSON, XML, CSV, and XLS. Supporting all of these formats is taking a lot of developer effort. Management would like to start tracking which options are used over the next month. Without modifying the code, what's the fastest way to be able to report on this data at the end of the month?
Create a custom counter logging metric that uses a regex to extract the data format into a label. At the end of the month, use the metric viewer to see the group by the label.
Create a log sink that filters for rows that mention the data format. Export that to BigQuery, and run a query at the end of the month.
Create a custom monitoring metric in code and edit the API code to set the metric each time the API is called.
Export the logs to excel, and search for the different fields.
Your engineers have asked you to set up a subnet with the largest IP address range possible. Which of the following ranges would work best?
0.0.0.0/0
10.0.0.0/32
192.168.0.0/16
10.0.0.0/8
What must you do before you create an instance with a GPU? ( Pick at least 2)
You must only select the GPU driver type. The correct base image is selected automatically.
You must select which boot disk image you want to use for the instance.
Nothing. GPU drivers are automatically included with the boot disk images.
You must make sure the selected image has the appropriate GPU driver is installed
You've been running your App Engine app for a few weeks with Autoscaling, and it's been working well. However, your marketing team is planning on a massive campaign, and they expect a lot of burst traffic. How would you go about ensuring there are always 4 idle instances?
Set the min_instances property in the app.yaml,
Switch to manual scaling and use the burst_traffic_protection property to True in the app.yaml.
Set the min_idle_instances property in the app.yaml.
Switch to manual scaling and use the idle_instance_count property in the app.yaml.
30 minutes ago you created a log sink that exports all of your project audit logs to Cloud Storage. You can see in the log viewer that there are new records. However, you're not seeing them in your Storage Bucket. What is the most likely cause?
Cloud Storage isn't a supported destination.
Each log sink destination has its own time window for saving the data.
The Cloud Storage Bucket doesn't have the correct permissions.
You forgot to enable the sink inside the Cloud Storage UI.
You've seen some errors in the logs for a specific Deployment. You've narrowed the issue down to the Pod named "ad-generator" that is throwing the errors. Your engineers aren't able to reproduce the error in any other environment. They've told you that if they could just "connect into the container" for 5 minutes, they could figure out the root cause. What steps would allow them to run commands against the container?
Use the kubectl exec -it ad-generator -- /bin/bash command to run a shell on that container.
Use the kubectl exec -it -- /bin/bash command to run a shell on that container.
Use the kubectl run command to run a shell on that container.
Use the kubectl run ad-generator /bin/bash command to run a shell on that container.
You're migrating an on-premises application to Google Cloud. The application uses a component that requires a licensing server. The license server has the IP address 10.28.0.10. You want to deploy the application without making any changes to the code or configuration. How should you go about deploying the application?
Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static internal IP address of 10.28.0.10. Assign the static address to the license server instance.
Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static external IP address of 10.28.0.10. Assign the static address to the license server instance
Create a subnet with a CIDR range of 10.28.0.0/10. Reserve a static external IP address of 10.28.0.10. Assign the static address to the license server instance.
Create a subnet with a CIDR range of 10.28.0.0/29. Reserve a static internal IP address of 10.28.0.10. Assign the static address to the license server instance.
You're looking for the IP address of a specific instance that is running in your default zone. Which command and flag(s) could you use to return just the IP address?
The gcloud compute list along with the filter and format flags.
The gcloud compute list along with the o flag and jsonpath value.
The gcloud compute instances list along with the o flag and jsonpath value.
The gcloud compute instances list along with the filter and format flags.
Your boss has asked you to onboard a new user and provide them with access to their team's project. What set of steps best describes what needs to happen?
Add them as a member of the project, grant them the required roles, and sync the user back to G Suite.
Add the user inside of G Suite, create a user group inside of GCP IAM settings, and add them to that user group.
Add the user inside of G Suite, add them as a member of the project, and grant them the required roles.
Add the user inside of G Suite; sync from G Suite to the Active Directory using the Directory Sync util; add them as a member and grant them the required roles.
Which of the following is a valid use case for Flow Logs?
Blocking instances from communicating over certain ports.
Network forensics.
Proxying SSL traffic.
Serving as a UDP relay.
You've been asked to add a new IAM member and grant them access to run some queries on BigQuery. Considering the principle of least privilege, which role should you assign?
Roles/bigquery.dataViewer and roles/bigquery.jobUser
Project Editor
Roles/bigquery.admin
roles/bigquery.dataOwner
You have 3 Cloud Storage buckets that all store sensitive data. Which grantees should you audit to ensure that these buckets are not public?
AllUsers
allAuthenticatedUsers
PublicUsers
AllUsers and allAuthenticatedUsers
You've created a new "Custom Role" for a specific new job role inside your company. The role consisted of several permissions; some had a status of "Supported" others a status of "Testing." The role has been working for weeks; however, some permissions recently stopped working. What is the most likely cause for this?
The custom role has reached its expiration period.
The latest Google applied updates reset all of the custom roles.
One or more permissions with a status of "Testing" have changed.
Your account has been compromised by hackers.
You have several users who need access to some very specific Google Cloud functionality. You'd like to follow the principle of least privilege. What's the best way to ensure these users can list Cloud Storage buckets, list BigQuery jobs, and list compute disks?
Add the users to a group, apply the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.
Use the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.
Create a custom role for this job role, add the required permissions, and add the users to the role.
Add the users to the viewer role.
While looking at your application's source code in your private Github repo, you've noticed that a service account key has been committed to git. What steps should you take next?
Revoke the key, remove the key from Git, purge the Git history to remove all traces of the file, ensure the key is added to the .gitignore file.
Delete the project and create a new one.
Do nothing. Git is fine for keys if the repo is private.
Contact Google Cloud Support
You're deploying an application to a Compute Engine instance, and it's going to need to make calls to read from Cloud Storage and Bigtable. You want to make sure you're following the principle of least privilege. This Compute Engine instance is the only instance in this project. What's the easiest way to ensure the code can authenticate to the required Google Cloud APIs?
Use the default Compute Engine service account and set its scopes. Let the code find the default service account using "Application Default Credentials".
Create a new service account and key with the required limited permissions. Set the instance to use the new service account. Edit the code to use the service account key.
Create a new user account with the required roles. Store the credentials in Cloud Key Management Service and download them to the instance in code.
Register the application with the Binary Registration Service and apply the required roles.
You've set up an instance inside your new network and subnet. Your firewall rules are set to target all instances in your network. You have the following firewall rules. NAME:deny-all | NETWORK:devnet | DIRECTION:INGRESS | PRIORITY:1000 | DENY:tcp:0-65535,udp:0-6553 NAME:open-ssh | NETWORK:devnet | DIRECTION:INGRESS | PRIORITY:5000 | ALLOW:tcp:22 " However, when you attempt to connect to your instance via SSH, your connection is timing out. What is the most likely cause?
Your instance needs to be rebooted.
The SSH key hasn't been uploaded to the instance.
The firewall rule needs to be applied to the instance specifically.
The deny rule overrides the allow rule.
Which of the following is a valid use case for using a primitive role?
When granting permission to a development project or to the development team.
When there are more than 10 users.
When creating a custom role requires more than 10 permissions.
When granting permission to a production project, or to a third-party company.
{"name":"Associate Cloud Engineer Exam#4 - Marked Exam 1", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge and skills with our Cloud Engineering Certification Quiz! Designed for professionals preparing for their Associate Cloud Engineer Exam, this quiz offers 20 multiple choice questions that cover critical concepts and practical scenarios.Whether you're a budding cloud engineer or looking to refresh your expertise, this quiz will help you:Assess your understanding of cloud technologies.Prepare effectively for certification.Identify areas for further improvement.","img":"https:/images/course8.png"}