CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Google Associate Cloud Engineer

Free Google Associate Cloud Engineer Exam Braindumps (page: 15)

Page 14 of 74
PDF with 290 Questions

Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.



Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:


- Instances in tier #1 must communicate with tier #2.

- Instances in tier #2 must communicate with tier #3.

What should you do?

  1. 1. Create an ingress firewall rule with the following settings:
    - Targets: all instances
    - Source filter:
    IP ranges (with the range set to 10.0.2.0/24)
    - Protocols: allow all2. Create an ingress firewall rule with the following settings:
    - Targets: all instances
    - Source filter: IP ranges (with the range set to 10.0.1.0/24)
    - Protocols: allow all
  2. 1. Create an ingress firewall rule with the following settings:
    - Targets: all instances with tier #2 service account
    - Source filter: all instances with tier #1 service account
    - Protocols: allow TCP:80802.
    Create an ingress firewall rule with the following settings:
    - Targets: all instances with tier #3 service account
    - Source filter: all instances with tier #2 service account
    - Protocols: allow TCP: 8080
  3. 1. Create an ingress firewall rule with the following settings:
    - Targets: all instances with tier #2 service account
    - Source filter: all instances with tier #1 service account
    - Protocols: allow all2. Create an ingress firewall rule with the following settings:
    - Targets: all instances with tier #3 service account
    - Source filter: all instances with tier #2 service account
    - Protocols: allow all
  4. 1. Create an egress firewall rule with the following settings:
    - Targets: all instances
    - Source filter: IP ranges (with the range set to 10.0.2.0/24)
    - Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:
    - Targets: all instances
    - Source filter: IP ranges (with the range set to 10.0.1.0/24)
    - Protocols: allow TCP: 8080

Answer(s): B

Explanation:

1. Create an ingress firewall rule with the following settings: "¢ Targets: all instances with tier #2 service account "¢ Source filter: all instances with tier #1 service account "¢ Protocols: allow TCP:8080 2. Create an ingress firewall rule with the following settings: "¢ Targets: all instances with tier #3 service account "¢ Source filter: all instances with tier #2 service account "¢ Protocols: allow

TCP: 8080



You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us- central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices.
What should you do?

  1. 1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
  2. 1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.
  3. 1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
  4. 1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

Answer(s): C

Explanation:

Given that the new instance wants to access the application on the existing compute engine instance, these applications seem to be related so they should be within the same VPC. It is possible to have them in different VPCs and peer the VPCs but this is a lot of additional work and we can simplify this by choosing the option below (which is the answer)

1. Create a subnet in the same VPC, in europe-west1.
2. Create the new instance in the new subnet and use the first instance subnets private address as the endpoint. is the right answer.
We can create another subnet in the same VPC and this subnet is located in europe-west1. We can then spin up a new instance in this subnet. We also have to set up a firewall rule to allow communication between the two subnets. All instances in the two subnets with the same VPC can communicate through the internal IP Address
Ref: https://cloud.google.com/vpc



Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps.
What should you do?

  1. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.
  2. 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.
  3. 1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.
  4. 1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

Answer(s): A

Explanation:

https://cloud.google.com/logging/docs/api/v2/resource-list

GKE Containers have more log than GKE Cluster Operations:

.-GKE Containe:
cluster_name: An immutable name for the cluster the container is running in. namespace_id: Immutable ID of the cluster namespace the container is running in. instance_id: Immutable ID of the GCE instance the container is running in. pod_id: Immutable ID of the pod the container is running in.
container_name: Immutable name of the container.
zone: The GCE zone in which the instance is running.

VS

.-GKE Cluster Operations project_id: The identifier of the GCP project associated with this resource, such as "my-project".
cluster_name: The name of the GKE Cluster.
location: The location in which the GKE Cluster is running.



You have a website hosted on App Engine standard environment. You want 1% of your users to see a new test version of the website. You want to minimize complexity.
What should you do?

  1. Deploy the new version in the same application and use the --migrate option.
  2. Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.
  3. Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.
  4. Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.

Answer(s): B

Explanation:

https://cloud.google.com/appengine/docs/standard/python/splitting-traffic#gcloud






Post your Comments and Discuss Google Google Associate Cloud Engineer exam with other Community members:

Google Associate Cloud Engineer Discussions & Posts