PROFESSIONAL-CLOUD-ARCHITECT Online Practice Questions and Answers

One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify authenticity of your logs?

A. Write the log concurrently in the cloud and on premises

B. Use a SQL database and limit who can modify the log table

C. Digitally sign each timestamp and log entry and store the signature

D. Create a JSON dump of each log entry and store it in Google Cloud Storage

You created a pipeline that can deploy your source code changes to your infrastructure in instance groups for self-healing. One of the changes negatively affects your key performance indicator.

You are not sure how to fix it, and investigation could take up to a week.

What should you do?

A. Log in to a server, and iterate on the fox locally

B. Revert the source code change, and rerun the deployment pipeline

C. Log into the servers with the bad code change, and swap in the previous code

D. Change the instance group template to the previous one, and delete all instances

Your customer support tool logs all email and chat conversations to Cloud Bigtable for retention and analysis.

What is the recommended approach for sanitizing this data of personally identifiable information or payment card information before initial storage?

A. Hash all data using SHA256

B. Encrypt all data using elliptic curve cryptography

C. De-identify the data with the Cloud Data Loss Prevention API

D. Use regular expressions to find and redact phone numbers, email addresses, and credit card numbers

You have an application that will run on Compute Engine. You need to design an architecture that takes into account a disaster recovery plan that requires your application to fail over to another region in case of a regional outage. What should you do?

A. Deploy the application on two Compute Engine instances in the same project but in a different region. Use the first instance to serve traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster.

B. Deploy the application on a Compute Engine instance. Use the instance to serve traffic, and use the HTTP load balancing service to fail over to an instance on your premises in case of a disaster.

C. Deploy the application on two Compute Engine instance groups, each in the same project but in a different region. Use the first instance group to serve traffic, and use the HTTP load balancing service to fail over to the standby instance group in case of a disaster.

D. Deploy the application on two Compute Engine instance groups, each in separate project and a different region. Use the first instance group to server traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster.

You need to set up Microsoft SQL Server on GCP. Management requires that there's no downtime in case of a data center outage in any of the zones within a GCP region. What should you do?

A. Configure a Cloud SQL instance with high availability enabled.

B. Configure a Cloud Spanner instance with a regional instance configuration.

C. Set up SQL Server on Compute Engine, using Always On Availability Groups using Windows Failover Clustering. Place nodes in different subnets.

D. Set up SQL Server Always On Availability Groups using Windows Failover Clustering. Place nodes in different zones.

The development team has provided you with a Kubernetes Deployment file. You have no infrastructure yet and need to deploy the application. What should you do?

A. Use gcloud to create a Kubernetes cluster. Use Deployment Manager to create the deployment.

B. Use gcloud to create a Kubernetes cluster. Use kubectl to create the deployment.

C. Use kubectl to create a Kubernetes cluster. Use Deployment Manager to create the deployment.

D. Use kubectl to create a Kubernetes cluster. Use kubectl to create the deployment.

You are designing an application for use only during business hours. For the minimum viable product release, you'd like to use a managed product that automatically "scales to zero" so you don't incur costs when there is no activity. Which primary compute resource should you choose?

A. Cloud Functions

B. Compute Engine

C. Kubernetes Engine

D. AppEngine flexible environment

Your web application has several VM instances running within a VPC. You want to restrict communications between instances to only the paths and ports you authorize, but you don't want to rely on static IP addresses or subnets because the app can autoscale. How should you restrict communications?

A. Use separate VPCs to restrict traffic

B. Use firewall rules based on network tags attached to the compute instances

C. Use Cloud DNS and only allow connections from authorized hostnames

D. Use service accounts and configure the web application particular service accounts to have access

Your customer runs a web service used by e-commerce sites to offer product recommendations to users. the company has begun experimenting with a machine learning model on Google Cloud Platform to improve the quality of results. What should the customer do to improve their model's results over time?

A. Export Cloud Machine Learning Engine performance metrics from Stackdriver to BigQuery, to be used to analyze the efficiency of the model.

B. Build a roadmap to move the machine learning model training from Cloud GPUs to Cloud TPUs, which offer better results.

C. Monitor Compute Engine announcements for availability of newer CPU architectures, and deploy the model to them as soon as they are available for additional performance.

D. Save a history of recommendations and results of the recommendations in BigQuery, to be used as training data.

You are developing a globally scaled frontend for a legacy streaming backend data API. This API expects events in strict chronological order with no repeat data for proper processing. Which products should you deploy to ensure guaranteed-once FIFO (first-in, first-out) delivery of data?

A. Cloud Pub/Sub alone

B. Cloud Pub/Sub to Cloud DataFlow

C. Cloud Pub/Sub to Stackdriver

D. Cloud Pub/Sub to Cloud SQL

You want to allow your operations team to store logs from all the production projects in your Organization, without including logs from other projects. All of the production projects are contained in a folder. You want to ensure that all logs for existing and new production projects are captured automatically. What should you do?

A. Create an aggregated export on the Production folder. Set the log sink to be a Cloud Storage bucket in an operations project.

B. Create an aggregated export on the Organization resource. Set the log sink to be a Cloud Storage bucket in an operations project.

C. Create log exports in the production projects. Set the log sinks to be a Cloud Storage bucket in an operations project.

D. Create log exports in the production projects. Set the log sinks to be BigQuery datasets in the production projects, and grant IAM access to the operations team to run queries on the datasets.

For this question, refer to the TerramEarth case study. You are migrating a Linux-based application from your private data center to Google Cloud. The TerramEarth security team sent you several recent Linux vulnerabilities published by Common Vulnerabilities and Exposures (CVE). You need assistance in understanding how these vulnerabilities could impact your migration. What should you do? (Choose two.)

A. Open a support case regarding the CVE and chat with the support engineer.

B. Read the CVEs from the Google Cloud Status Dashboard to understand the impact.

C. Read the CVEs from the Google Cloud Platform Security Bulletins to understand the impact.

D. Post a question regarding the CVE in Stack Overflow to get an explanation.

E. Post a question regarding the CVE in a Google Cloud discussion group to get an explanation.

For this question, refer to the TerramEarth case study. You have broken down a legacy monolithic application into a few containerized RESTful microservices. You want to run those microservices on Cloud Run. You also want to make sure the services are highly available with low latency to your customers. What should you do?

A. Deploy Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTTP(S) Load Balancing instance and attach the Cloud Endpoints to its backend.

B. Deploy Cloud Run services to multiple regions. Create serverless network endpoint groups pointing to the services. Add the serverless NEGs to a backend service that is used by a global HTTP(S) Load Balancing instance.

C. Deploy Cloud Run services to multiple regions. In Cloud DNS, create a latency-based DNS name that points to the services.

D. Deploy Cloud Run services to multiple availability zones. Create a TCP/IP global load balancer. Add the Cloud Run Endpoints to its backend service.

Mountkirk Games has deployed their new backend on Google Cloud Platform (GCP). You want to create a through testing process for new versions of the backend before they are released to the public. You want the testing environment to scale in an economical way. How should you design the process?

A. Create a scalable environment in GCP for simulating production load

B. Use the existing infrastructure to test the GCP-based backend at scale

C. Build stress tests into each component of your application using resources internal to GCP to simulate load

D. Create a set of static environments in GCP to test different levels of load ?for example, high, medium, and low

Mountkirk Games wants to set up a continuous delivery pipeline. Their architecture includes many small services that they want to be able to update and roll back quickly. Mountkirk Games has the following requirements:

1.

Services are deployed redundantly across multiple regions in the US and Europe

2.

Only frontend services are exposed on the public internet

3.

They can provide a single frontend IP for their fleet of services

4.

Deployment artifacts are immutable Which set of products should they use?

A. Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine

B. Google Cloud Storage, Google App Engine, Google Network Load Balancer

C. Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer

D. Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager