Associate-Cloud-Engineer試験無料問題集（287題）「Google Associate Cloud Engineer 認定」

出題：1

You have a VM instance running in a VPC with single-stack subnets. You need to ensure that the VM instance has a fixed IP address so that other services hosted in the same VPC can communicate with the VM.
You want to follow Google-recommended practices while minimizing cost. What should you do?

A. Promote the existing IP address of the VM to become a static internal IP address.

B. Reserve a new static external IPv6 address and assign the new IP address to the VM.

C. Promote the existing IP address of the VM to become a static external IP address.

D. Reserve a new static external IP address and assign the new IP address to the VM.

正解：C 解答を投票する

出題：2

Your company implemented BigQuery as an enterprise data warehouse. Users from multiple business units run queries on this data warehouse. However, you notice that query costs for BigQuery are very high, and you need to control costs. Which two methods should you use? (Choose two.)

A. Split your BigQuery data warehouse into multiple data warehouses for each business unit.

B. Create separate copies of your BigQuery data warehouse for each business unit.

C. Apply a user- or project-level custom query quota for BigQuery data warehouse.

D. Split the users from business units to multiple projects.

E. Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

正解：C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

A. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

B. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to BETA while testing the role permissions.

C. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to BETA while testing the role permissions.

D. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Your company publishes large files on an Apache web server that runs on a Compute Engine instance. The Apache web server is not the only application running in the project. You want to receive an email when the egress network costs for the server exceed 100 dollars for the current month as measured by Google Cloud Platform (GCP). What should you do?

A. Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of "email."

B. Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging.Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

C. Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

D. Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of "email."

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

A. Ask the auditor for their Google account, and give them the Viewer role on the project.

B. Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

C. Ask the auditor for their Google account, and give them the Security Reviewer role on the project.

D. Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

You have deployed an application on a single Compute Engine instance. The application writes logs to disk.
Users start reporting errors with the application. You want to diagnose the problem. What should you do?

A. Navigate to Cloud Logging and view the application logs.

B. Connect to the instance's serial console and read the application logs.

C. Configure a Health Check on the instance and set a Low Healthy Threshold value.

D. Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

正解：D 解答を投票する

出題：7

Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do?

A. 1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

B. 1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

C. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

D. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.
How should you configure the auditor's permissions?

A. Select the built-in IAM project Viewer role. Add the user's account to this role.

B. Select the built-in IAM service Viewer role. Add the user's account to this role.

C. Create a custom role with view-only project permissions. Add the user's account to the custom role.

D. Create a custom role with view-only service permissions. Add the user's account to the custom role.

正解：A 解答を投票する

出題：9

You need to migrate invoice documents stored on-premises to Cloud Storage. The documents have the following storage requirements:
* Documents must be kept for five years.
* Up to five revisions of the same invoice document must be stored, to allow for corrections.
* Documents older than 365 days should be moved to lower cost storage tiers.
You want to follow Google-recommended practices to minimize your operational and development costs.
What should you do?

A. Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.

B. Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

C. Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.

D. Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

You are a Google Cloud organization administrator. You need to configure organization policies and log sinks on Google Cloud projects that cannot be removed by project users to comply with your company's security policies. The security policies are different for each company department Each company department has a user with the Project Owner role assigned to their projects. What should you do?

A. Organize projects under folders for each department. Configure both organization policies and log sinks on the folders

B. Use a standard naming convention for projects that includes the department name. Configure both organization policies and log sinks on the projects.

C. Use a standard naming convention for projects that includes the department name. Configure organization policies on the organization and log sinks on the projects.

D. Organize projects under folders for each department. Configure organization policies on the organization and log sinks on the folders.

正解：A 解答を投票する

出題：11

You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?

A. 1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

B. 1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

C. 1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

D. 1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

You are configuring Cloud DNS. You want !to create DNS records to point home.mydomain.com, mydomain.
com. and www.mydomain.com to the IP address of your Google Cloud load balancer. What should you do?

A. Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

B. Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

C. Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

D. Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

正解：A 解答を投票する

出題：13

You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be able to record all requests that read any of the stored data. You want to make sure you comply with these requirements. What should you do?

A. Scan the bucker using the Data Loss Prevention API.

B. Allow only a single Service Account access to read the data.

C. Enable Data Access audit logs for the Cloud Storage API.

D. Enable the Identity Aware Proxy API on the project.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

You want to select and configure a cost-effective solution for relational data on Google Cloud Platform. You are working with a small set of operational data in one geographic location. You need to support point-in-time recovery. What should you do?

A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.

B. Select Cloud Spanner. Set up your instance as multi-regional.

C. Select Cloud SQL (MySQL). Select the create failover replicas option.

D. Select Cloud Spanner. Set up your instance with 2 nodes.

正解：A 解答を投票する

出題：15

Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting to the game with their personal phones over the Internet. The game sends UDP packets to update the servers about the gamers' actions while they are playing in multiplayer mode. Your game backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a single IP address. What should you do?

A. Configure an Internal UDP load balancer in front of the application servers.

B. Configure an SSL Proxy load balancer in front of the application servers.

C. Configure an External HTTP(s) load balancer in front of the application servers.

D. Configure an External Network load balancer in front of the application servers.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

You have a project for your App Engine application that serves a development environment. The required testing has succeeded and you want to create a new project to serve as your production environment. What should you do?

A. Use gcloud to create the new project and to copy the deployed application to the new project.

B. Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.

C. Use gcloud to create the new project, and then deploy your application to the new project.

D. Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements:
* All service accounts that require a key should be created in a centralized project called pj-sa.
* Service account keys should only be valid for one day.
You need a Google-recommended solution that minimizes cost. What should you do?

A. Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

B. Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

C. Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

D. Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：18

You want to configure 10 Compute Engine instances for availability when maintenance occurs. Your requirements state that these instances should attempt to automatically restart if they crash. Also, the instances should be highly available including during system maintenance. What should you do?

A. Create an instance group for the instances. Set the 'Autohealing' health check to healthy (HTTP).

B. Create an instance group for the instance. Verify that the 'Advanced creation options' setting for 'do not retry machine creation' is set to off.

C. Create an instance template for the instances. Set the 'Automatic Restart' to on. Set the 'On-host maintenance' to Migrate VM instance. Add the instance template to an instance group.

D. Create an instance template for the instances. Set 'Automatic Restart' to off. Set 'On-host maintenance' to Terminate VM instances. Add the instance template to an instance group.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：19

You are deploying a production application on Compute Engine. You want to prevent anyone from accidentally destroying the instance by clicking the wrong button. What should you do?

A. Disable Automatic restart on the instance.

B. Disable the flag "Delete boot disk when instance is deleted."

C. Enable delete protection on the instance.

D. Enable Preemptibility on the instance.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：20

You are asked to set up application performance monitoring on Google Cloud projects A, B, and C as a single pane of glass. You want to monitor CPU, memory, and disk. What should you do?

A. Enable API and then use default dashboards to view all projects in sequence.

B. Enable API and then share charts from project A, B, and C.

C. Enable API, create a workspace under project A, and then add project B and C.

D. Enable API and then give the metrics.reader role to projects A, B, and C.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

Associate-Cloud-Engineer試験無料問題集「Google Associate Cloud Engineer 認定」