• Home
  • Articles
  • Get Latest Oct-2021 Conduct effective penetration tests using ActualCollection Associate-Cloud-Engineer exam [Q29-Q49]

Get Latest Oct-2021 Conduct effective penetration tests using ActualCollection Associate-Cloud-Engineer exam [Q29-Q49]

Share

Get Latest [Oct-2021] Conduct effective penetration tests using  ActualCollection Associate-Cloud-Engineer

Penetration testers simulate Associate-Cloud-Engineer exam PDF

NEW QUESTION 29
Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

  • A. Create a route on the VPC to route all traffic to the instance over the VPN tunnel.
  • B. Create the instance with Private Google Access enabled.
  • C. Create the instance without a public IP address.
  • D. Create a deny-all egress firewall rule on the VPC network.

Answer: B

Explanation:
Explanation
Get private access to Google services, such as storage, big data, analytics, or machine learning, without having to give your service a public IP address. Reference: https://cloud.google.com/vpc

 

NEW QUESTION 30
Your developers are trying to select the best compute service to run a static website. They have a dozen HTML pages, a few Javascript files, and some CSS. They need the site to be highly available for the few weeks it is running. They also have a limited budget.
What is the best service to use to run the site?

  • A. Compute Engine
  • B. App Engine
  • C. Kubernetes Engine
  • D. Cloud Storage

Answer: D

 

NEW QUESTION 31
Your team uses a third-party monitoring solution. They've asked you to deploy it to the nodes in your Kubernetes Engine Cluster. What's the best way to do that?

  • A. Deploy the monitoring pod as a DaemonSet.
  • B. Use Deployment Manager to deploy the monitoring solution.
  • C. Connect to each node via SSH and install the monitoring solution.
  • D. Deploy the monitoring pod as a Deployment.

Answer: A

 

NEW QUESTION 32
Your company is moving from an on-premises environment to Google Cloud Platform (GCP). You have multiple development teams that use Cassandra environments as backend databases. They all need a development environment that is isolated from other Cassandra instances. You want to move to GCP quickly and with minimal support effort. What should you do?

  • A. 1. Build an instruction guide to install Cassandra on GCP.
    2. Make the instruction guide accessible to your developers.
  • B. 1. Advise your developers to go to Cloud Marketplace.
    2. Ask the developers to launch a Cassandra image for their development work.
  • C. 1. Build a Cassandra Compute Engine instance and take a snapshot of it.
    2. Upload the snapshot to Cloud Storage and make it accessible to your developers.
    3. Build instructions to create a Compute Engine instance from the snapshot so that developers can do it themselves.
  • D. 1. Build a Cassandra Compute Engine instance and take a snapshot of it.
    2. Use the snapshot to create instances for your developers.

Answer: B

 

NEW QUESTION 33
You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive dat a. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?

  • A. Create a signed URL with a four-hour expiration and share the URL with the company.
  • B. Configure the storage bucket as a static website and furnish the object's URL to the company. Delete the object from the storage bucket after four hours.
  • C. Set object access to 'public' and use object lifecycle management to remove the object after four hours.
  • D. Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.

Answer: A

 

NEW QUESTION 34
Your boss has asked you to set up something to perform monitoring and logging. The ideal solution would allow you to monitor your Google Cloud resources as well as a few different EC2 instances running inside AWS. Which option would meet the criteria with the least amount of work?

  • A. Stackdriver
  • B. Deploy a custom solution based on the ELK stack.
  • C. Datadog
  • D. AWS Cloudwatch

Answer: A

 

NEW QUESTION 35
You need to run an important query in BigQuery but expect it to return a lot of records. You want to find out how much it will cost to run the query. You are using on-demand pricing. What should you do?

  • A. Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.
  • B. Use the command line to run a dry run query to estimate the number of bytes returned.
    Then convert that bytes estimate to dollars using the Pricing Calculator.
  • C. Run a select count (*) to get an idea of how many records your query will look through.
    Then convert that number of rows to dollars using the Pricing Calculator.
  • D. Use the command line to run a dry run query to estimate the number of bytes read.
    Then convert that bytes estimate to dollars using the Pricing Calculator.

Answer: D

Explanation:
https://cloud.google.com/bigquery/docs/estimate-costs

 

NEW QUESTION 36
You need a dynamic way of provisioning VMs on Compute Engine. The exact specifications will be in a dedicated configuration file. You want to follow Google's recommended practices. Which method should you use?

  • A. Cloud Composer
  • B. Unmanaged Instance Group
  • C. Deployment Manager
  • D. Managed Instance Group

Answer: C

Explanation:
Google Cloud Deployment Manager allows you to specify all the resources needed for your application in a declarative format using yaml. You can also use Python or Jinja2 templates to parameterize the configuration and allow reuse of common deployment paradigms such as a load balanced, auto-scaled instance group. Treat your configuration as code and perform repeatable deployments.
https://cloud.google.com/deployment-manager

 

NEW QUESTION 37
You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event.
You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?

  • A. Use a custom mode VPC network, configure static routes, and use active/passive routing
  • B. Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing
  • C. Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing
  • D. Use an automatic mode VPC network, configure static routes, and use active/active routing

Answer: B

 

NEW QUESTION 38
You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

  • A. Run gcloud init to set the current project to my-project, and then run gcloud services list --available.
  • B. Run gcloud info to view the account value, and then run gcloud services list --account <Account>.
  • C. Run gcloud projects list to get the project ID, and then run gcloud services list --project <project ID>.
  • D. Run gcloud projects describe <project ID> to verify the project value, and then run gcloud services list
    --available.

Answer: C

 

NEW QUESTION 39
Your development team has asked you to set up an external TCP load balancer with SSL offload. Which load balancer should you use?

  • A. HTTPS load balancer
  • B. HTTP load balancer
  • C. SSL proxy
  • D. TCP proxy

Answer: A,C

 

NEW QUESTION 40
Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

  • A. Ask the auditor for their Google account, and give them the Security Reviewer role on the project.
  • B. Ask the auditor for their Google account, and give them the Viewer role on the project.
  • C. Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
  • D. Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

Answer: C

 

NEW QUESTION 41
You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web-applications project.
What should you do?

  • A. Give "project owner" role to crm-databases-proj and the web-applications project.
  • B. Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
  • C. Give "project owner" role to crm-databases-proj and bigquery.dataViewer role to web-applications.
  • D. Give "project owner" for web-applications appropriate roles to crm-databases- proj

Answer: C

 

NEW QUESTION 42
You are managing several Google Cloud Platform (GCP) projects and need access to all logs for the past 60 days. You want to be able to explore and quickly analyze the log contents. You want to follow Google- recommended practices to obtain the combined logs for all projects. What should you do?

  • A. Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.
  • B. Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.
  • C. Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.
  • D. Navigate to Stackdriver Logging and select resource.labels.project_id="*"

Answer: B

 

NEW QUESTION 43
A cloud engineer wants to create a VM named whiz-server-1 with four CPUs. Which of the following commands would he use to create the VM whiz-server-1?

  • A. gcloud compute instances create --machine-type=n1-standard-4 whiz-server-1
  • B. gcloud compute instances create --cpus=4 whiz-server-1
  • C. gcloud compute instances create --machine-type=n1-4-cpu whiz-server-1
  • D. gcloud compute instances create --machine-type=n1-standard-4 -instancename whiz-server-1

Answer: A

 

NEW QUESTION 44
Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?

  • A. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.
  • B. 1. Go to the GKE console, and delete existing clusters.
    2. Recreate a new cluster.
    3. Clear the option to enable legacy Stackdriver Logging.
  • C. 1. Go to the GKE console, and delete existing clusters.
    2. Recreate a new cluster.
    3. Clear the option to enable legacy Stackdriver Monitoring.
  • D. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

Answer: D

 

NEW QUESTION 45
You host a static website on Cloud Storage. Recently, you began to include links to PDF files on this site.
Currently, when users click on the links to these PDF files, their browsers prompt them to save the file onto their local system. Instead, you want the clicked PDF files to be displayed within the browser window directly, without prompting the user to save the file locally. What should you do?

  • A. Add a label to the storage bucket with a key of Content-Type and value of application/pdf.
  • B. Set Content-Type metadata to application/pdf on the PDF file objects.
  • C. Enable 'Share publicly' on the PDF file objects.
  • D. Enable Cloud CDN on the website frontend.

Answer: B

 

NEW QUESTION 46
You have deployed an application on a single Compute Engine instance. The application writes logs to disk.
Users start reporting errors with the application. You want to diagnose the problem. What should you do?

  • A. Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.
  • B. Navigate to Cloud Logging and view the application logs.
  • C. Connect to the instance's serial console and read the application logs.
  • D. Configure a Health Check on the instance and set a Low Healthy Threshold value.

Answer: B

 

NEW QUESTION 47
You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?

  • A. Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.
  • B. Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.
  • C. Create a Cloud Memorystore for Redis instance with 32-GB capacity.
  • D. Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

Answer: D

 

NEW QUESTION 48
Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Google-recommended practices. What should you do?

  • A. 1. Create an IAM entry for each data scientist's user account.
    2. Assign the BigQuery dataViewer user role to the group.
  • B. 1. Create an IAM entry for each data scientist's user account.
    2. Assign the BigQuery jobUser role to the group.
  • C. 1. Create a dedicated Google group in Cloud Identity.
    2. Add each data scientist's user account to the group.
    3. Assign the BigQuery dataViewer user role to the group.
  • D. 1. Create a dedicated Google group in Cloud Identity.
    2. Add each data scientist's user account to the group.
    3. Assign the BigQuery jobUser role to the group.

Answer: C

Explanation:
Explanation/Reference: https://cloud.google.com/bigquery/docs/cloud-sql-federated-queries

 

NEW QUESTION 49
......

Tested Material Used To Associate-Cloud-Engineer Test Engine: https://www.actualcollection.com/Associate-Cloud-Engineer-exam-questions.html

Steps Necessary To Pass The Associate-Cloud-Engineer Exam: https://drive.google.com/open?id=1LRWffs3DV8bkhpEK1FQ54toVIMLrdaeY

 

Related Articles

more
Google Associate-Cloud-Engineer Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy