Google Cloud Certified Professional-Cloud-Architect Syllabus Exam Questions Answers

Page: 10 / 13

Question 40

For this question, refer to the Helicopter Racing League (HRL) case study. Your team is in charge of creating a

payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers,

and season ticket holders. You need to implement a custom card tokenization service that meets the following

requirements:

• It must provide low latency at minimal cost.

• It must be able to identify duplicate credit cards and must not store plaintext card numbers.

• It should support annual key rotation.

Which storage approach should you adopt for your tokenization service?

Options:

Store the card data in Secret Manager after running a query to identify duplicates.

Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode.

Encrypt the card data with a deterministic algorithm and shard it across multiple Memorystore instances.

Use column-level encryption to store the data in Cloud SQL.

Question 41

For this question, refer to the Helicopter Racing League (HRL) case study. The HRL development team

releases a new version of their predictive capability application every Tuesday evening at 3 a.m. UTC to a

repository. The security team at HRL has developed an in-house penetration test Cloud Function called Airwolf.

The security team wants to run Airwolf against the predictive capability application as soon as it is released

every Tuesday. You need to set up Airwolf to run at the recurring weekly cadence. What should you do?

Options:

Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.

Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.

Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.

Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.

Question 42

For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional

racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user

experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic

coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are

a member of the HRL security team and you need to configure the update that will allow only the Fastly IP

address ranges through the External HTTP(S) load balancer. Which command should you use?

Options:

glouc compute firewall rules update hlr-policy \

--priority 1000 \

target tags-sourceiplist fastly \

--allow tcp:443

gcloud compute security policies rules update 1000 \

--security-policy hlr-policy \

--expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \

--action " allow"

gcloud compute firewall rules update

sourceiplist-fastly \

priority 1000 \

allow tcp: 443

gcloud compute priority-policies rules update

1000 \

security policy from fastly

--src- ip-ranges"

-- action " allow"

Question 43

For this question, refer to the TerramEarth case study.

TerramEarth's 20 million vehicles are scattered around the world. Based on the vehicle's location its telemetry data is stored in a Google Cloud Storage (GCS) regional bucket (US. Europe, or Asia). The CTO has asked you to run a report on the raw telemetry data to determine why vehicles are breaking down after 100 K miles. You want to run this job on all the data. What is the most cost-effective way to run this job?

Options:

Move all the data into 1 zone, then launch a Cloud Dataproc cluster to run the job.

Move all the data into 1 region, then launch a Google Cloud Dataproc cluster to run the job.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a multi region bucket and use a Dataproc cluster to finish the job.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a region bucket and use a Cloud Dataproc cluster to finish the jo