New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PDF Associate-Cloud-Engineer Study Guide

Page: 2 / 21
Question 8

You have just created a new project which will be used to deploy a globally distributed application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You want to perform the first step in preparation of creating the instance. What should you do?

Options:

A.

Grant yourself the IAM role of Cloud Spanner Admin

B.

Create a new VPC network with subnetworks in all desired regions

C.

Configure your Cloud Spanner instance to be multi-regional

D.

Enable the Cloud Spanner API

Question 9

You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Options:

A.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

B.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

C.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

D.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Question 10

You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

Options:

A.

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

B.

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

C.

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

D.

Set up a high-priority (1000) rule to allow the appropriate ports.

Question 11

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.

How should you configure the auditor's permissions?

Options:

A.

Create a custom role with view-only project permissions. Add the user's account to the custom role.

B.

Create a custom role with view-only service permissions. Add the user's account to the custom role.

C.

Select the built-in IAM project Viewer role. Add the user's account to this role.

D.

Select the built-in IAM service Viewer role. Add the user's account to this role.

Page: 2 / 21
Exam Name: Google Cloud Certified - Associate Cloud Engineer
Last Update: Dec 22, 2024
Questions: 285
Associate-Cloud-Engineer pdf

Associate-Cloud-Engineer PDF

$25.5  $84.99
Associate-Cloud-Engineer Engine

Associate-Cloud-Engineer Testing Engine

$28.5  $94.99
Associate-Cloud-Engineer PDF + Engine

Associate-Cloud-Engineer PDF + Testing Engine

$40.5  $134.99