Most Recent Google Associate-Cloud-Engineer Exam Questions & Answers

Prepare for the Google Associate Cloud Engineer exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Google Associate-Cloud-Engineer exam and achieve success.

The questions for Associate-Cloud-Engineer were last updated on Nov 20, 2024.

Viewing page 1 out of 57 pages.
Viewing questions 1-5 out of 283 questions

Get All 283 Questions & Answers

Question No. 1

You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

ASet up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

BSet up a high-priority (1000) rule that pairs both ingress and egress ports.

CSet up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

DSet up a high-priority (1000) rule to allow the appropriate ports.

Show Answer

Correct Answer: A

Implied rules Every VPC network has two implied firewall rules. These rules exist, but are not shown in the Cloud Console: Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by Google Cloud. A higher priority firewall rule may restrict outbound access. Internet access is allowed if no other firewall rules deny outbound traffic and if the instance has an external IP address or uses a Cloud NAT instance. For more information, see Internet access requirements. Implied deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming connections to them. A higher priority rule might allow incoming access. The default network includes some additional rules that override this one, allowing certain types of incoming connections. https://cloud.google.com/vpc/docs/firewalls#default_firewall_rules

Question No. 2

You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud

Project. What should you do?

AEnable Audit Logs for all APIs that are related to data storage.

BReview the IAM permissions for any role that allows for data access.

CReview the Identity-Aware Proxy settings for each resource.

DCreate a Data Loss Prevention job.

Show Answer

Correct Answer: B

https://cloud.google.com/logging/docs/audit

Question No. 3

You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?

ACreate a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

BCreate a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

CCreate 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

DCreate 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

Show Answer

Correct Answer: A

When we create subnets in the same VPC with different CIDR ranges, they can communicate automatically within VPC. Resources within a VPC network can communicate with one another by using internal (private) IPv4 addresses, subject to applicable network firewall rules

Ref:https://cloud.google.com/vpc/docs/vpc

Question No. 4

You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost-effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end. What should you do?

AAdd a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

BAdd a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

CAdd a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

DAdd a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

Show Answer

Correct Answer: B

Nearline Storage is ideal for data you plan to read or modify on average once per month or less. And this option archives just the noncurrent versions which is what we want to do.

Ref:https://cloud.google.com/storage/docs/storage-classes#nearline

Question No. 5

You are running a web application on Cloud Run for a few hundred users. Some of your users complain that the initial web page of the application takes much longer to load than the following pages. You want to follow Google's recommendations to mitigate the issue. What should you do?

AUpdate your web application to use the protocol HTTP/2 instead of HTTP/1.1

BSet the concurrency number to 1 for your Cloud Run service.

CSet the maximum number of instances for your Cloud Run service to 100.

DSet the minimum number of instances for your Cloud Run service to 3.

Show Answer

Correct Answer: D

Unlock All Questions for Google Associate-Cloud-Engineer Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 283 Questions & Answers