Free Professional-Cloud-Architect Exam Braindumps

- (Exam Topic 10)
For this question, refer to the EHR Healthcare case study. In the past, configuration errors put public IP addresses on backend servers that should not have been accessible from the Internet. You need to ensure that no one can put external IP addresses on backend Compute Engine instances and that external IP addresses can only be configured on frontend Compute Engine instances. What should you do?

1. A. Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
2. B. Revoke the compute.networkAdmin role from all users in the project with front end instances.
3. C. Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.
4. D. Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.

Correct Answer: A
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#disableexternalip

- (Exam Topic 4)
For this question, refer to the Dress4Win case study.
Dress4Win has asked you to recommend machine types they should deploy their application servers to. How should you proceed?

1. A. Perform a mapping of the on-premises physical hardware cores and RAM to the nearest machine types in the cloud.
2. B. Recommend that Dress4Win deploy application servers to machine types that offer the highest RAM to CPU ratio available.
3. C. Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.
4. D. Identify the number of virtual cores and RAM associated with the application server virtual machines align them to a custom machine type in the cloud, monitor performance, and scale the machine types up until the desired performance is reached.

Correct Answer: C

- (Exam Topic 5)
All compute Engine instances in your VPC should be able to connect to an Active Directory server on specific ports. Any other traffic emerging from your instances is not allowed. You want to enforce this using VPC firewall rules.
How should you configure the firewall rules?

1. A. Create an egress rule with priority 1000 to deny all traffic for all instance
2. B. Create another egress rule with priority 100 to allow the Active Directory traffic for all instances.
3. C. Create an egress rule with priority 100 to deny all traffic for all instance
4. D. Create another egress rule with priority 1000 to allow the Active Directory traffic for all instances.
5. E. Create an egress rule with priority 1000 to allow the Active Directory traffi
6. F. Rely on the implied deny egress rule with priority 100 to block all traffic for all instances.
7. G. Create an egress rule with priority 100 to allow the Active Directory traffi
8. H. Rely on the implied deny egress rule with priority 1000 to block all traffic for all instances.

Correct Answer: B
https://cloud.google.com/vpc/docs/firewalls

- (Exam Topic 5)
You are designing a large distributed application with 30 microservices. Each of your distributed microservices needs to connect to a database back-end. You want to store the credentials securely. Where should you store the credentials?

1. A. In the source code
2. B. In an environment variable
3. C. In a secret management system
4. D. In a config file that has restricted access through ACLs

Correct Answer: C
https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application

- (Exam Topic 5)
You have developed a non-critical update to your application that is running in a managed instance group, and have created a new instance template with the update that you want to release. To prevent any possible impact to the application, you don't want to update any running instances. You want any new instances that are created by the managed instance group to contain the new update. What should you do?

1. A. Start a new rolling restart operation.
2. B. Start a new rolling replace operation.
3. C. Start a new rolling updat
4. D. Select the Proactive update mode.
5. E. Start a new rolling updat
6. F. Select the Opportunistic update mode.

Correct Answer: D
In certain scenarios, an opportunistic update is useful because you don't want to cause instability to the system if it can be avoided. For example, if you have a non-critical update that can be applied as necessary without any urgency and you have a MIG that is actively being autoscaled, perform an opportunistic update so that Compute Engine does not actively tear down your existing instances to apply the update. When resizing down, the autoscaler preferentially terminates instances with the old template as well as instances that are not yet in a RUNNING state.