Associate-Cloud-Engineer試験無料問題集（290題）「Google Associate Cloud Engineer 認定」

出題：1

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company's security policy also restricts developer permissions to Compute Engine.
Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

A. * Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.
* Copy the role across all projects created within the organization with the gcloud iam roles copy command.
* Assign the role to developers in those projects.

B. * Add all developers to a Google group in Cloud Identity.
* Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

C. * Add all developers to a Google group in Cloud Identity.
* Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.
* Assign the custom role to the Google group.

D. * Add all developers to a Google group in Google Groups for Workspace.
* Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running on four GKE n1-standard-2 nodes. You need to deploy additional pods requiring n2-highmem-16 nodes without any downtime. What should you do?

A. Create a new Node Pool and specify machine type n2-highmem-16. Deploy the new pods.

B. Create a new cluster with n2-highmem-16 nodes. Redeploy the pods and delete the old cluster.

C. Use gcloud container clusters upgrade. Deploy the new services.

D. Create a new cluster with both n1-standard-2 and n2-highmem-16 nodes. Redeploy the pods and delete the old cluster.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

You are creating a Google Kubernetes Engine (GKE) cluster with a cluster autoscaler feature enabled. You need to make sure that each node of the cluster will run a monitoring pod that sends container metrics to a third-party monitoring solution. What should you do?

A. Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

B. Deploy the monitoring pod in a DaemonSet object.

C. Reference the monitoring pod in a Deployment object.

D. Deploy the monitoring pod in a StatefulSet object.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?

A. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage.

B. Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.

C. Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.

D. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

For analysis purposes, you need to send all the logs from all of your Compute Engine instances to a BigQuery dataset called platform-logs. You have already installed the Stackdriver Logging agent on all the instances.
You want to minimize cost. What should you do?

A. 1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3.
Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.

B. 1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2.
Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset.

C. 1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform- logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB (CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day.

D. 1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances' metadata to add the following value: logs-destination: bq://platform- logs.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

A colleague handed over a Google Cloud project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

A. Use the gcloud projects get-iam-policy command to view the current role assignments.

B. Navigate to Identity-Aware Proxy and check the permissions for these resources.

C. In the Google Cloud console, validate which SSH keys have been stored as project-wide keys.

D. Enable Audit logs on the IAM & admin page for all resources, and validate the results.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Your learn wants to deploy a specific content management system (CMS) solution lo Google Cloud. You need a quick and easy way to deploy and install the solution. What should you do?

A. Use the installation guide of the CMS provider. Perform the installation through your configuration management system.

B. Search for the CMS solution in Google Cloud Marketplace. Use gcloud CLI to deploy the solution.

C. Search for the CMS solution in Google Cloud Marketplace. Use Terraform and the Cloud Marketplace ID to deploy the solution with the appropriate parameters.

D. Search for the CMS solution in Google Cloud Marketplace. Deploy the solution directly from Cloud Marketplace.

正解：D 解答を投票する

出題：8

Your Dataproc cluster runs in a single Virtual Private Cloud (VPC) network in a single subnet with range
172.16.20.128/25. There are no private IP addresses available in the VPC network. You want to add new VMs to communicate with your cluster using the minimum number of steps. What should you do?

A. Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC network. Configure a custom Route exchange.

B. Modify the existing subnet range to 172.16.20.0/24.

C. Create a new VPC network for the VMs. Enable VPC Peering between the VMs' VPC network and the Dataproc cluster VPC network.

D. Create a new Secondary IP Range in the VPC and configure the VMs to use that range.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

You have a number of applications that have bursty workloads and are heavily dependent on topics to decouple publishing systems from consuming systems. Your company would like to go serverless to enable developers to focus on writing code without worrying about infrastructure. Your solution architect has already identified Cloud Pub/Sub as a suitable alternative for decoupling systems. You have been asked to identify a suitable GCP Serverless service that is easy to use with Cloud Pub/Sub. You want the ability to scale down to zero when there is no traffic in order to minimize costs. You want to follow Google recommended practices.
What should you suggest?

A. Cloud Run

B. Cloud Functions.

C. Cloud Run for Anthos

D. App Engine Standard

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

A company wants to build an application that stores images in a Cloud Storage bucket and wants to generate thumbnails as well as resize the images. They want to use a google managed service that can scale up and scale down to zero automatically with minimal effort. You have been asked to recommend a service. Which GCP service would you suggest?

A. Cloud Functions

B. Google Compute Engine

C. Google Kubernetes Engine

D. Google App Engine

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

You are managing a Data Warehouse on BigQuery. An external auditor will review your company's processes, and multiple external consultants will need view access to the data. You need to provide them with view access while following Google-recommended practices. What should you do?

A. Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

B. Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

C. Grant each individual external consultant the role of BigQuery Editor

D. Grant each individual external consultant the role of BigQuery Viewer

正解：B 解答を投票する

出題：12

Your coworker has helped you set up several configurations for gcloud. You've noticed that you're running commands against the wrong project. Being new to the company, you haven't yet memorized any of the projects. With the fewest steps possible, what's the fastest way to switch to the correct configuration?

A. Re-authenticate with the gcloud auth login command and select the correct configurations on login.

B. Run gcloud configurations list followed by gcloud configurations activate .

C. Run gcloud config configurations list followed by gcloud config configurations activate.

D. Run gcloud config list followed by gcloud config activate.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements:
* All service accounts that require a key should be created in a centralized project called pj-sa.
* Service account keys should only be valid for one day.
You need a Google-recommended solution that minimizes cost. What should you do?

A. Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

B. Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

C. Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

D. Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20. and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

A. Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

B. Convert the subnet IP range from IPv4 to IPv6

C. Add a secondary IP range 10.1.0.0/20 to the subnet.

D. Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

正解：A 解答を投票する

出題：15

You are configuring Cloud DNS. You want !to create DNS records to point home.mydomain.com, mydomain.
com. and www.mydomain.com to the IP address of your Google Cloud load balancer. What should you do?

A. Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

B. Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

C. Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

D. Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

正解：A 解答を投票する

出題：16

You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional
2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?

A. Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of
32 GB.

B. Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.

C. Create a Cloud Memorystore for Redis instance with 32-GB capacity.

D. Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

You need to provide a cost estimate for a Kubernetes cluster using the GCP pricing calculator for Kubernetes.
Your workload requires high IOPs, and you will also be using disk snapshots. You start by entering the number of nodes, average hours, and average days. What should you do next?

A. Fill in local SSD. Fill in persistent disk storage and snapshot storage.

B. Fill in local SSD. Add estimated cost for cluster management.

C. Select Add GPUs. Add estimated cost for cluster management.

D. Select Add GPUs. Fill in persistent disk storage and snapshot storage.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：18

Your company requires that Google Cloud products are created with a specific configuration to comply with your company's security policies You need to implement a mechanism that will allow software engineers at your company to deploy and update Google Cloud products in a preconfigured and approved manner. What should you do?

A. Create Java packages that utilize the Google Cloud Client Libraries for Java to configure Google Cloud products. Store and share the packages in a source code repository.

B. Use the Google Cloud APIs by using curl to configure Google Cloud products. Store and share the curl commands in a source code repository.

C. Create bash scripts that utilize the Google Cloud CLI to configure Google Cloud products. Store and share the bash scripts in a source code repository.

D. Create Terraform modules that utilize the Google Cloud Terraform Provider to configure Google Cloud products. Store and share the modules in a source code repository.

正解：D 解答を投票する

Associate-Cloud-Engineer試験無料問題集「Google Associate Cloud Engineer 認定」