CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Google Associate Cloud Engineer

Free Google Associate Cloud Engineer Exam Braindumps (page: 26)

Page 25 of 74
PDF with 290 Questions

You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods.
What should you do?

  1. Use Binary Authorization and whitelist only the container images used by your customers' Pods.
  2. Use the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods.
  3. Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers' Pods.
  4. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods.

Answer(s): C


Reference:

https://cloud.google.com/kubernetes-engine/sandbox/

GKE Sandbox provides an extra layer of security to prevent untrusted code from affecting the host kernel on your cluster nodes when containers in the Pod execute unknown or untrusted code. Multi- tenant clusters and clusters whose containers run untrusted workloads are more exposed to security vulnerabilities than other clusters. Examples include SaaS providers, web-hosting providers, or other organizations that allow their users to upload and run code.
When you enable GKE Sandbox on a node pool, a sandbox is created for each Pod running on a node in that node pool. In addition, nodes running sandboxed Pods are prevented from accessing other Google Cloud services or cluster metadata. Each sandbox uses its own userspace kernel. With this in mind, you can make decisions about how to group your containers into Pods, based on the level of isolation you require and the characteristics of your applications.

Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/sandbox-pods



Your customer has implemented a solution that uses Cloud Spanner and notices some read latency- related performance issues on one table. This table is accessed only by their users using a primary key. The table schema is shown below.



You want to resolve the issue.
What should you do?

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): C

Explanation:

As mentioned in Schema and data model, you should be careful when choosing a primary key to not accidentally create hotspots in your database. One cause of hotspots is having a column whose value monotonically increases as the first key part, because this results in all inserts occurring at the end of your key space. This pattern is undesirable because Cloud Spanner divides data among servers by key ranges, which means all your inserts will be directed at a single server that will end up doing all the work. https://cloud.google.com/spanner/docs/schema-design#primary-key-prevent-hotspots



Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project.
What should you do?

  1. Add the group for the finance team to roles/billing user role.
  2. Add the group for the finance team to roles/billing admin role.
  3. Add the group for the finance team to roles/billing viewer role.
  4. Add the group for the finance team to roles/billing project/Manager role.

Answer(s): C

Explanation:

"Billing Account Viewer access would usually be granted to finance teams, it provides access to spend information, but does not confer the right to link or unlink projects or otherwise manage the properties of the billing account." https://cloud.google.com/billing/docs/how-to/billing-access



Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices.
What should you do?

  1. Add your SREs to roles/iam.roleAdmin role.
  2. Add your SREs to roles/accessapproval approver role.
  3. Add your SREs to a group and then add this group to roles/iam roleAdmin role.
  4. Add your SREs to a group and then add this group to roles/accessapproval approver role.

Answer(s): D






Post your Comments and Discuss Google Google Associate Cloud Engineer exam with other Community members:

Google Associate Cloud Engineer Discussions & Posts