Black Friday Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

examstrack slider

Achieve Success in the Google Professional-Cloud-Architect Exam: A Detailed Google Certified Professional - Cloud Architect (GCP) Guide

Questions 1

Your company has a Google Cloud project that uses BigQuery for data warehousing They have a VPN tunnel between the on-premises environment and Google Cloud that is configured with Cloud VPN. The security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing. What should they do?

Options:

A.

Configure Private Google Access for on-premises only.

B.

Perform the following tasks:

1) Create a service account.

2) Give the BigQuery JobUser role and Storage Reader role to the service account.

3) Remove all other IAM access from the project.

C.

Configure VPC Service Controls and configure Private Google Access.

D.

Configure Private Google Access.

Buy Now
Questions 2

You are designing a large distributed application with 30 microservices. Each of your distributed microservices needs to connect to a database back-end. You want to store the credentials securely. Where should you store the credentials?

Options:

A.

In the source code

B.

In an environment variable

C.

In a secret management system

D.

In a config file that has restricted access through ACLs

Buy Now
Questions 3

Your company operates nationally and plans to use GCP for multiple batch workloads, including some that are not time-critical. You also need to use GCP services that are HIPAA-certified and manage service costs.

How should you design to meet Google best practices?

Options:

A.

Provisioning preemptible VMs to reduce cost. Discontinue use of all GCP services and APIs that are not HIPAA-compliant.

B.

Provisioning preemptible VMs to reduce cost. Disable and then discontinue use of all GCP and APIs that are not HIPAA-compliant.

C.

Provision standard VMs in the same region to reduce cost. Discontinue use of all GCP services and APIs that are not HIPAA-compliant.

D.

Provision standard VMs to the same region to reduce cost. Disable and then discontinue use of all GCP services and APIs that are not HIPAA-compliant.

Buy Now
Questions 4

Your company wants to start using Google Cloud resources but wants to retain their on-premises Active

Directory domain controller for identity management. What should you do?

Options:

A.

Use the Admin Directory API to authenticate against the Active Directory domain controller.

B.

Use Google Cloud Directory Sync to synchronize Active Directory usernames with cloud identities and

configure SAML SSO.

C.

Use Cloud Identity-Aware Proxy configured to use the on-premises Active Directory domain controller as an identity provider.

D.

Use Compute Engine to create an Active Directory (AD) domain controller that is a replica of the onpremises AD domain controller using Google Cloud Directory Sync.

Buy Now
Questions 5

You are monitoring Google Kubernetes Engine (GKE) clusters in a Cloud Monitoring workspace. As a Site Reliability Engineer (SRE), you need to triage incidents quickly. What should you do?

Options:

A.

Navigate the predefined dashboards in the Cloud Monitoring workspace, and then add metrics and create alert policies.

B.

Navigate the predefined dashboards in the Cloud Monitoring workspace, create custom metrics, and install alerting software on a Compute Engine instance.

C.

Write a shell script that gathers metrics from GKE nodes, publish these metrics to a Pub/Sub topic, export the data to BigQuery, and make a Data Studio dashboard.

D.

Create a custom dashboard in the Cloud Monitoring workspace for each incident, and then add metrics and create alert policies.

Buy Now
Questions 6

Your architecture calls for the centralized collection of all admin activity and VM system logs within your

project.

How should you collect these logs from both VMs and services?

Options:

A.

All admin and VM system logs are automatically collected by Stackdriver.

B.

Stackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent

must be installed on each instance to collect system logs.

C.

Launch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it.

D.

Install the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.

Buy Now
Questions 7

Your company is building a new architecture to support its data-centric business focus. You are responsible for setting up the network. Your company’s mobile and web-facing applications will be deployed on-premises, and all data analysis will be conducted in GCP. The plan is to process and load 7 years of archived .csv files totaling 900 TB of data and then continue loading 10 TB of data daily. You currently have an existing 100-MB internet connection.

What actions will meet your company’s needs?

Options:

A.

Compress and upload both achieved files and files uploaded daily using the qsutil –m option.

B.

Lease a Transfer Appliance, upload archived files to it, and send it, and send it to Google to transfer

archived data to Cloud Storage. Establish a connection with Google using a Dedicated Interconnect or

Direct Peering connection and use it to upload files daily.

C.

Lease a Transfer Appliance, upload archived files to it, and send it, and send it to Google to transfer

archived data to Cloud Storage. Establish one Cloud VPN Tunnel to VPC networks over the public internet, and compares and upload files daily using the gsutil –m option.

D.

Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish a Cloud VPN Tunnel to VPC networks over the public internet, and compress and upload files daily.

Buy Now
Questions 8

Your company acquired a healthcare startup and must retain its customers’ medical information for up to 4 more years, depending on when it was created. Your corporate policy is to securely retain this data, and then delete it as soon as regulations allow.

Which approach should you take?

Options:

A.

Store the data in Google Drive and manually delete records as they expire.

B.

Anonymize the data using the Cloud Data Loss Prevention API and store it indefinitely.

C.

Store the data using the Cloud Storage and use lifecycle management to delete files when they expire.

D.

Store the data in Cloud Storage and run a nightly batch script that deletes all expired datA.

Buy Now
Questions 9

For this question, refer to the TerramEarth case study.

TerramEarth's 20 million vehicles are scattered around the world. Based on the vehicle's location its telemetry data is stored in a Google Cloud Storage (GCS) regional bucket (US. Europe, or Asia). The CTO has asked you to run a report on the raw telemetry data to determine why vehicles are breaking down after 100 K miles. You want to run this job on all the data. What is the most cost-effective way to run this job?

Options:

A.

Move all the data into 1 zone, then launch a Cloud Dataproc cluster to run the job.

B.

Move all the data into 1 region, then launch a Google Cloud Dataproc cluster to run the job.

C.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a multi region bucket and use a Dataproc cluster to finish the job.

D.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a region bucket and use a Cloud Dataproc cluster to finish the jo

Buy Now
Questions 10

For this question, refer to the TerramEarth case study.

TerramEarth plans to connect all 20 million vehicles in the field to the cloud. This increases the volume to 20 million 600 byte records a second for 40 TB an hour. How should you design the data ingestion?

Options:

A.

Vehicles write data directly to GCS.

B.

Vehicles write data directly to Google Cloud Pub/Sub.

C.

Vehicles stream data directly to Google BigQuery.

D.

Vehicles continue to write data using the existing system (FTP).

Buy Now
Exam Code: Professional-Cloud-Architect
Exam Name: Google Certified Professional - Cloud Architect (GCP)
Last Update: Dec 2, 2024
Questions: 277

PDF + Testing Engine

$164.99
$57.75

Testing Engine

$124.99
$43.75

PDF (Q&A)

$104.99
$36.75

Google Free Exams

Google Free Exams
Elevate your Google exam preparation with free access to high-quality resources at Examstrack.