Practice Exams:

Free Professional-Cloud-Architect Exam Braindumps

Pass your Google Certified Professional - Cloud Architect (GCP) exam with these free Questions and Answers

Page 10 of 54
PDF with 267 Questions
QUESTION 41

- (Exam Topic 5)
You created a pipeline that can deploy your source code changes to your infrastructure in instance groups for self healing.
One of the changes negatively affects your key performance indicator. You are not sure how to fix it and investigation could take up to a week.
What should you do

  1. A. Log in to a server, and iterate a fix locally
  2. B. Change the instance group template to the previous one, and delete all instances.
  3. C. Revert the source code change and rerun the deployment pipeline
  4. D. Log into the servers with the bad code change, and swap in the previous code

Correct Answer: C

QUESTION 42

- (Exam Topic 4)
For this question, refer to the Dress4Win case study.
At Dress4Win, an operations engineer wants to create a tow-cost solution to remotely archive copies of database backup files. The database files are compressed tar files stored in their current data center. How should he proceed?

  1. A. Create a cron script using gsutil to copy the files to a Coldline Storage bucket.
  2. B. Create a cron script using gsutil to copy the files to a Regional Storage bucket.
  3. C. Create a Cloud Storage Transfer Service Job to copy the files to a Coldline Storage bucket.
  4. D. Create a Cloud Storage Transfer Service job to copy the files to a Regional Storage bucket.

Correct Answer: A
Follow these rules of thumb when deciding whether to use gsutil or Storage Transfer Service:
Professional-Cloud-Architect dumps exhibit When transferring data from an on-premises location, use gsutil.
Professional-Cloud-Architect dumps exhibit When transferring data from another cloud storage provider, use Storage Transfer Service.
Professional-Cloud-Architect dumps exhibit Otherwise, evaluate both tools with respect to your specific scenario.
Use this guidance as a starting point. The specific details of your transfer scenario will also help you determine which tool is more appropriate
https://cloud.google.com/storage-transfer/docs/overview

QUESTION 43

- (Exam Topic 5)
Your company acquired a healthcare startup and must retain its customers’ medical information for up to 4 more years, depending on when it was created. Your corporate policy is to securely retain this data, and then delete it as soon as regulations allow.
Which approach should you take?

  1. A. Store the data in Google Drive and manually delete records as they expire.
  2. B. Anonymize the data using the Cloud Data Loss Prevention API and store it indefinitely.
  3. C. Store the data using the Cloud Storage and use lifecycle management to delete files when they expire.
  4. D. Store the data in Cloud Storage and run a nightly batch script that deletes all expired datA.

Correct Answer: C
https://cloud.google.com/storage/docs/lifecycle

QUESTION 44

- (Exam Topic 5)
You have an application that runs in Google Kubernetes Engine (GKE). Over the last 2 weeks, customers have reported that a specific part of the application returns errors very frequently. You currently have no logging or monitoring solution enabled on your GKE cluster. You want to diagnose the problem, but you have not been able to replicate the issue. You want to cause minimal disruption to the application. What should you do?

  1. A. * 1. Update your GKE cluster to use Cloud Operations for GKE.* 2. Use the GKE Monitoring dashboard to investigate logs from affected Pods.
  2. B. * 1. Create a new GKE cluster with Cloud Operations for GKE enabled.* 2. Migrate the affected Pods to the new cluster, and redirect traffic for those Pods to the new cluster.* 3. Use the GKE Monitoring dashboard to investigate logs from affected Pods.
  3. C. * 1. Update your GKE cluster to use Cloud Operations for GKE, and deploy Prometheus.* 2. Set an alert to trigger whenever the application returns an error.
  4. D. * 1. Create a new GKE cluster with Cloud Operations for GKE enabled, and deploy Prometheus.* 2. Migrate the affected Pods to the new cluster, and redirect traffic for those Pods to the new cluste
  5. E. * 3. Set an alert to trigger whenever the application returns an error.

Correct Answer: A
Reference: https://cloud.google.com/blog/products/management-tools/using-logging-your-apps-running- kubernetes-engine

QUESTION 45

- (Exam Topic 5)
Your company has a networking team and a development team. The development team runs applications on Compute Engine instances that contain sensitive data. The development team requires administrative permissions for Compute Engine. Your company requires all network resources to be managed by the networking team. The development team does not want the networking team to have access to the sensitive data on the instances. What should you do?

  1. A. * 1. Create a project with a standalone VPC and assign the Network Admin role to the networking team.* 2. Create a second project with a standalone VPC and assign the Compute Admin role to the development team.* 3. Use Cloud VPN to join the two VPCs.
  2. B. * 1. Create a project with a standalone Virtual Private Cloud (VPC), assign the Network Admin role to the networking team, and assign the Compute Admin role to the development team.
  3. C. * 1. Create a project with a Shared VPC and assign the Network Admin role to the networking team.* 2. Create a second project without a VPC, configure it as a Shared VPC service project, and assign the Compute Admin role to the development team.
  4. D. * 1. Create a project with a standalone VPC and assign the Network Admin role to the networking team.* 2. Create a second project with a standalone VPC and assign the Compute Admin role to the development team.* 3. Use VPC Peering to join the two VPCs.

Correct Answer: C
In this scenario, a large organization has a central team that manages security and networking controls for the entire organization. Developers do not have permissions to make changes to any network or security settings defined by the security and networking team but they are granted permission to create resources such as virtual machines in shared subnets. To facilitate this the organization makes use of a shared VPC (Virtual Private Cloud). A shared VPC allows creation of a VPC network of RFC 1918 IP spaces that associated projects (service projects) can then use. Developers using the associated projects can create VM instances in the shared VPC network spaces. The organization's network and security admins can create subnets, VPNs, and firewall rules usable by all the projects in the VPC network.
https://cloud.google.com/iam/docs/job-functions/networking#single_team_manages_security_network_for_orga
Reference: https://cloud.google.com/vpc/docs/shared-vpc

Page 10 of 54
PDF with 267 Questions

Post your Comments and Discuss Google Professional-Cloud-Architect exam with other Community members: