Test 4 Professional Development Quiz

1.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Answer explanation

IAP controls access to your App Engine apps and Compute Engine VMs running on Google Cloud. It leverages user identity and the context of a request to determine if a user should be allowed access. IAP is a building block toward BeyondCorp, an enterprise security model that enables employees to work from untrusted networks without using a VPN.

2.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

You have created a code snippet that should be triggered whenever a new file is uploaded to a Cloud Storage bucket. You want to deploy this code snippet. What should you do?

Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.

Use Cloud Functions and configure the bucket as a trigger resource.

Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.

Use Dataflow as a batch job, and configure the bucket as a data source.

Answer explanation

Google Cloud Storage Triggers Cloud Functions can respond to change notifications emerging from Google Cloud Storage. These notifications can be configured to trigger in response to various events inside a bucket—object creation, deletion, archiving and metadata updates.

3.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The objects should be kept for three years, and you need to minimize cost. What should you do?

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Answer explanation

Standard Storage is best for data that is frequently accessed ("hot" data) and/or stored for only brief periods of time. Archive Storage Archive Storage is the lowest-cost, highly durable storage service for data archiving, online backup, and disaster recovery. Unlike the "coldest" storage services offered by other Cloud providers, your data is available within milliseconds, not hours or days. Archive Storage is the best choice for data that you plan to access less than once a year. https://cloud.google.com/storage/docs/storage-classes#standard

4.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be able to record all requests that read any of the stored data. You want to make sure you comply with these requirements. What should you do?

Enable the Identity Aware Proxy API on the project.

Scan the bucket using the Data Loss Prevention API.

Allow only a single Service Account access to read the data.

Enable Data Access audit logs for the Cloud Storage API.

Answer explanation

Data Access logs pertaining to Cloud Storage operations are not recorded by default. You have to enable them https://cloud.google.com/storage/docs/audit-logging

5.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions. You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?

Create a single budget for all projects and configure budget alerts on this budget.

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

Create a budget per project and configure budget alerts on all of these budgets.

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

Answer explanation

Set budgets and budget alerts: Avoid surprises on your bill by creating Cloud Billing budgets to monitor all of your Google Cloud charges in one place. A budget enables you to track your actual Google Cloud spend against your planned spend. After you've set a budget amount, you set budget alert threshold rules that are used to trigger email notifications. Budget alert emails help you stay informed about how your spend is tracking against your budget. https://cloud.google.com/billing/docs/how-to/budgets#budget-scop

6.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

You are deploying a production application on Compute Engine. You want to prevent anyone from accidentally destroying the instance by clicking the wrong button. What should you do?

Disable the flag ג€Delete boot disk when instance is deleted.ג€

Enable delete protection on the instance.

Disable Automatic restart on the instance.

Enable Preemptibility on the instance.

Answer explanation

As part of your workload, there might be certain VM instances that are critical to running your application or services, such as an instance running a SQL server, a server used as a license manager, and so on. These VM instances might need to stay running indefinitely so you need a way to protect these VMs from being deleted. By setting the deletionProtection flag, a VM instance can be protected from accidental deletion. If a user attempts to delete a VM instance for which you have set the deletionProtection flag, the request fails. Only a user that has been granted a role with compute.instances.create permission can reset the flag to allow the resource to be deleted. https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion

7.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The DevOps team needs access to all of the production services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Google-recommended practices. What should you do?

Grant all members of the DevOps team the role of Project Editor on the organization level.

Grant all members of the DevOps team the role of Project Editor on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

Answer explanation

Custom roles are user-defined, and allow you to bundle one or more supported permissions to meet your specific needs. Custom roles are not maintained by Google; when new permissions, features, or services are added to Google Cloud, your custom roles will not be updated automatically. When you create a custom role, you must choose an organization or project to create it in. You can then grant the custom role on the organization or project, as well as any resources within that organization or project. https://cloud.google.com/iam/docs/understanding-custom-roles#basic_concepts

8.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Your company wants to standardize the creation and management of multiple Google Cloud resources using Infrastructure as Code. You want to minimize the amount of repetitive code needed to manage the environment. What should you do?

Develop templates for the environment using Cloud Deployment Manager.

Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.

Use the Cloud Console interface to provision and manage all related resources.

Create a bash script that contains all requirement steps as gcloud commands.

Answer explanation

You can use Google Cloud Deployment Manager to create a set of Google Cloud resources and manage them as a unit, called a deployment. For example, if your team's development environment needs two virtual machines (VMs) and a BigQuery database, you can define these resources in a configuration file, and use Deployment Manager to create, change, or delete these resources. You can make the configuration file part of your team's code repository, so that anyone can create the same environment with consistent results. https://cloud.google.com/deployment-manager/docs/quickstart

9.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud Project. What should you do?

Enable Audit Logs for all APIs that are related to data storage.

Review the IAM permissions for any role that allows for data access.

Review the Identity-Aware Proxy settings for each resource.

Create a Data Loss Prevention job.

Answer explanation

Audit logs help you answer "who did what, where, and when?"'(from https://cloud.google.com/logging/docs/audit). So, not who has access, but rather who accessed.

10.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes. What should you do?

Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

Configure the IP of the database as custom metadata for each instance, and query the metadata server.

Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Answer explanation

Configure Private Google Access for on-premises hosts, DNS configuration Your on-premises network must have DNS zones and records configured so that Google domain names resolve to the set of IP addresses for either private.googleapis.com or restricted.googleapis.com. You can create Cloud DNS managed private zones and use a Cloud DNS inbound server policy, or you can configure on-premises name servers. For example, you can use BIND or Microsoft Active Directory DNS. https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-domain

Create a free account and access millions of resources

Similar Resources on Quizizz

Popular Resources on Quizizz

Discover more resources for Life Skills