[Jul 20, 2023] Associate-Cloud-Engineer Exam Dumps PDF Updated Dump from GuideTorrent Guaranteed Success [Q20-Q35]

[Jul 20, 2023] Associate-Cloud-Engineer Exam Dumps PDF Updated Dump from GuideTorrent Guaranteed Success

Pass Your Google Exam with Associate-Cloud-Engineer Exam Dumps

NEW QUESTION # 20
You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible.
Which range should you use?

• A. 10.0.0.0/8
• B. 192.168.0.0/16
• C. 172.16.0.0/12
• D. 0.0.0.0/0

Answer: A

NEW QUESTION # 21
You are running an application on multiple virtual machines within a managed instance group and have autoscaling enabled. The autoscaling policy is configured so that additional instances are added to the group if the CPU utilization of instances goes above 80%. VMs are added until the instance group reaches its maximum limit of five VMs or until CPU utilization of instances lowers to 80%. The initial delay for HTTP health checks against the instances is set to 30 seconds. The virtual machine instances take around three minutes to become available for users. You observe that when the instance group autoscales, it adds more instances then necessary to support the levels of end-user traffic. You want to properly maintain instance group sizes when autoscaling.
What should you do?

• A. Increase the initial delay of the HTTP health check to 200 seconds.
• B. Decrease the maximum number of instances to 3.
• C. Use a TCP health check instead of an HTTP health check.
• D. Set the maximum number of instances to 1.

Answer: A

NEW QUESTION # 22
You are developing a new web application that will be deployed on Google Cloud Platform. As part of your release cycle, you want to test updates to your application on a small portion of real user traffic. The majority of the users should still be directed towards a stable version of your application. What should you do?

• A. Deploy the application on Kubernetes Engine.
  For a new release, update the deployment to use the new version
• B. Deploy me application on App Engine.
  For each update, create a new version of the same service.
  Configure traffic splitting to send a small percentage of traffic to the new version
• C. Deploy the application on Kubernetes Engine.
  For a now release, create a new deployment for the new version Update the service e to use the now deployment.
• D. Deploy the application on App Engine.
  For each update, create a new service.
  Configure traffic splitting to send a small percentage of traffic to the new service.

Answer: B

NEW QUESTION # 23
A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints.
Which of the following should the Architect recommend?

• A. Enable Amazon CloudWatch Events in the AWS Management Console.
• B. Create a crontab job script in each instance to push the logs regularly to Amazon S3.
• C. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances.
• D. Enable AWS CloudTrail to map all API calls invoked by the applications.

Answer: C

NEW QUESTION # 24
You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application are located all over the world. You want to minimize latency for the clients. Which load balancing option should you use?

• A. SSL Proxy Load Balancer
• B. Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0on the target instances.
• C. HTTPS Load Balancer
• D. Network Load Balancer

Answer: A

Explanation:
Explanation/Reference: https://cloud.google.com/load-balancing/docs/ssl

NEW QUESTION # 25
You have deployed an application on a single Compute Engine instance. The application writes logs to disk. Users start reporting errors with the application. You want to diagnose the problem. What should you do?

• A. Navigate to Cloud Logging and view the application logs.
• B. Configure a Health Check on the instance and set a Low Healthy Threshold value.
• C. Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.
• D. Connect to the instance's serial console and read the application logs.

Answer: C

Explanation:
Reference:
https://cloud.google.com/error-reporting/docs/setup/compute-engine

NEW QUESTION # 26
You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?

• A. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.
• B. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage.
• C. Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.
• D. Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.

Answer: B

NEW QUESTION # 27
You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?

• A. Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket.
• B. Create a service account and add it to the IAM role 'storage.objectAdmin' for that bucket.
• C. Create a service account with an access scope. Use the access scope
  'https://www.googleapis.com/auth/devstorage.write_only'.
• D. Create a service account with an access scope. Use the access scope
  'https://www.googleapis.com/auth/cloud-platform'.

Answer: D

NEW QUESTION # 28
You have successfully created a development environment in a project for an application. This application uses Compute Engine and Cloud SQL. Now, you need to create a production environment for this application.
The security team has forbidden the existence of network routes between these 2 environments, and asks you to follow Google-recommended practices. What should you do?

• A. Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.
• B. Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.
• C. Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.
• D. Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

Answer: C

NEW QUESTION # 29
You need to set up a policy so that videos stored in a specific Cloud Storage Regional bucket are moved to Coldline after 90 days, and then deleted after one year from their creation. How should you set up the policy?

• A. Use gsutil rewrite and set the Delete action to 365 days.
• B. Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days.
• C. Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 275 days (365 - 90)
• D. Use gsutil rewrite and set the Delete action to 275 days (365-90).

Answer: C

NEW QUESTION # 30
You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of
10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?

• A. Use an automatic mode VPC network, configure static routes, and use active/active routing
• B. Use a custom mode VPC network, configure static routes, and use active/passive routing
• C. Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing
• D. Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing

Answer: C

NEW QUESTION # 31
You need to select and configure compute resources for a set of batch processing jobs. These jobs take around
2 hours to complete and are run nightly. You want to minimize service costs. What should you do?

• A. Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.
• B. Select Compute Engine. Use VM instance types that support micro bursting.
• C. Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.
• D. Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

Answer: D

NEW QUESTION # 32
Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.
What should you do?

• A. Configure the IP of the database as custom metadata for each instance, and query the metadata server.
• B. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.
• C. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.
• D. Create a private zone on Cloud DNS, and configure the applications with the DNS name.

Answer: D

Explanation:
Forwarding zones Cloud DNS forwarding zones let you configure target name servers for specific private zones. Using a forwarding zone is one way to implement outbound DNS forwarding from your VPC network. A Cloud DNS forwarding zone is a special type of Cloud DNS private zone. Instead of creating records within the zone, you specify a set of forwarding targets. Each forwarding target is an IP address of a DNS server, located in your VPC network, or in an on-premises network connected to your VPC network by Cloud VPN or Cloud Interconnect.
https://cloud.google.com/nat/docs/overview
DNS configuration Your on-premises network must have DNS zones and records configured so that Google domain names resolve to the set of IP addresses for either private.googleapis.com or restricted.googleapis.com. You can create Cloud DNS managed private zones and use a Cloud DNS inbound server policy, or you can configure on-premises name servers. For example, you can use BIND or Microsoft Active Directory DNS. https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-domain

NEW QUESTION # 33
Your company's infrastructure is on-premises, but all machines are running at maximum capacity.
You want to burst to Google Cloud. The workloads on Google Cloud must be able to directly communicate to the workloads on-premises using a private IP range. What should you do?

• A. Create bastion hosts both in your on-premises environment and on Google Cloud. Configure both as proxy servers using their public IP addresses.
• B. In Google Cloud, configure the VPC for VPC Network Peering.
• C. In Google Cloud, configure the VPC as a host for Shared VPC.
• D. Set up Cloud VPN between the infrastructure on-premises and Google Cloud.

Answer: D

Explanation:
vpc network peering does not connect to on-prem. Cloud VPN is the correct solution.
https://cloud.google.com/vpn/docs/concepts/overview

NEW QUESTION # 34
You have created a code snippet that should be triggered whenever a new file is uploaded to a Cloud Storage bucket. You want to deploy this code snippet. What should you do?

• A. Use Cloud Functions and configure the bucket as a trigger resource.
• B. Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.
• C. Use Dataflow as a batch job, and configure the bucket as a data source.
• D. Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.

Answer: A

Explanation:
Google Cloud Storage Triggers
Cloud Functions can respond to change notifications emerging from Google Cloud Storage.
These notifications can be configured to trigger in response to various events inside a bucket- object creation, deletion, archiving and metadata updates.
Note: Cloud Functions can only be triggered by Cloud Storage buckets in the same Google Cloud Platform project.
Event types
Cloud Storage events used by Cloud Functions are based on Cloud Pub/Sub Notifications for Google Cloud Storage and can be configured in a similar way.
Supported trigger type values are:
google.storage.object.finalize
google.storage.object.delete
google.storage.object.archive
google.storage.object.metadataUpdate
Object Finalize
Trigger type value: google.storage.object.finalize
This event is sent when a new object is created (or an existing object is overwritten, and a new generation of that object is created) in the bucket.
https://cloud.google.com/functions/docs/calling/storage#event_types

NEW QUESTION # 35
......

New Real Associate-Cloud-Engineer Exam Dumps Questions: https://testking.guidetorrent.com/Associate-Cloud-Engineer-dumps-questions.html