Google Professional-Cloud-Architect Questions and Answers Guarantee you Oass the Test Easily [Q57-Q73]

Google Professional-Cloud-Architect Questions and Answers Guarantee you Oass the Test Easily

Share Latest Professional-Cloud-Architect DUMP with 282 Questions and Answers

Google Professional-Cloud-Architect certification exam covers various topics, including designing and planning a cloud solution architecture, managing and provisioning a cloud solution infrastructure, designing for security and compliance, analyzing and optimizing technical and business processes, and managing implementations of cloud architecture. Professional-Cloud-Architect exam is designed to test the candidate's proficiency in these areas and their ability to apply their knowledge to real-world scenarios.

Google Professional-Cloud-Architect certification exam is a rigorous test of the candidate's knowledge and understanding of Google Cloud Platform. Professional-Cloud-Architect exam consists of multiple-choice questions and is designed to challenge the candidate's ability to apply their knowledge in real-world situations. Google Certified Professional - Cloud Architect (GCP) certification is an excellent way to demonstrate your expertise in cloud computing and enhance your career prospects. With the growing demand for cloud architects, obtaining this certification can help you stand out in a competitive job market.

 

NEW QUESTION # 57
Your company's test suite is a custom C++ application that runs tests throughout each day on Linux virtual machines. The full test suite takes several hours to complete, running on a limited number of on premises servers reserved for testing. Your company wants to move the testing infrastructure to the cloud, to reduce the amount of time it takes to fully test a change to the system, while changing the tests as little as possible. Which cloud infrastructure should you recommend?

• A. Google Cloud Dataproc to run Apache Hadoop jobs to process each test
• B. Google App Engine with Google Stackdriver for logging
• C. Google Compute Engine managed instance groups with auto-scaling
• D. Google Compute Engine unmanaged instance groups and Network Load Balancer

Answer: C

Explanation:
https://cloud.google.com/compute/docs/instance-groups/

NEW QUESTION # 58
Your company's test suite is a custom C++ application that runs tests throughout each day on Linux virtual machines. The full test suite takes several hours to complete, running on a limited number of on premises servers reserved for testing. Your company wants to move the testing infrastructure to the cloud, to reduce the amount of time it takes to fully test a change to the system, while changing the tests as little as possible. Which cloud infrastructure should you recommend?

• A. Google Compute Engine managed instance groups with auto-scaling
• B. Google Cloud Dataproc to run Apache Hadoop jobs to process each test
• C. Google App Engine with Google Stackdriver for logging
• D. Google Compute Engine unmanaged instance groups and Network Load Balancer

Answer: B

NEW QUESTION # 59
Your application needs to process credit card transactions. You want the smallest scope of Payment Card Industry (PCI) compliance without compromising the ability to analyze transactional data and trends relating to which payment methods are used. How should you design your architecture?

• A. Create separate projects that only process credit card data.
• B. Create a tokenizer service and store only tokenized data.
• C. Streamline the audit discovery phase by labeling all of the virtual machines (VMs) that process PCI data.
• D. Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor.
• E. Create separate subnetworks and isolate the components that process credit card data.

Answer: B

Explanation:
Explanation
https://cloud.google.com/solutions/pci-dss-compliance-in-gcp

NEW QUESTION # 60
Your company has just recently activated Cloud Identity to manage users. The Google Cloud Organization has been configured as wed. The security learn needs to secure protects that will be part of the Organization.
They want to prohibit IAM users outside the domain from gaining permissions from now on. What should they do?

• A. Create a technical user (e g . crawler@yourdomain com), and give it the protect owner rote at root organization level Write a bash script that
  * Lists all me IAM rules of all projects within the organization
  * Deletes all users that do not belong to the company domain Create a Compute Engine instance m a project within the Organization and configure gcloud to be executed with technical user credentials Configure a cron job that executes the bash script every hour.
• B. Configure Cloud Scheduler o trigger a Cloud Function every hour that removes all users that don't belong to the Cloud identity domain from all projects.
• C. Configure an organization policy to restrict identities by domain
• D. Configure an organization policy to block creation of service accounts

Answer: B

Explanation:
https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains

NEW QUESTION # 61
For this question, refer to the Mountkirk Games case study
Mountkirk Games needs to create a repeatable and configurable mechanism for deploying isolated application environments. Developers and testers can access each other's environments and resources, but they cannot access staging or production resources. The staging environment needs access to some services from production.
What should you do to isolate development environments from staging and production?

• A. Create one subnetwork for development and another for staging and production.
• B. Create a project for development and test and another for staging and production.
• C. Create one project for development, a second for staging and a third for production.
• D. Create a network for development and test and another for staging and production.

Answer: C

NEW QUESTION # 62
You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via SSH into a specific machine without violating the security requirements. What should you do?

• A. Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance.
• B. Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance.
• C. Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP.
• D. Create a bastion host in the network to SSH into the bastion host from your office location. From the bastion host, SSH into the desired instance.

Answer: B

Explanation:
https://cloud.google.com/iap/docs/using-tcp-forwarding#tunneling_with_ssh Leveraging the BeyondCorp security model. "This January, we enhanced context-aware access capabilities in Cloud Identity-Aware Proxy (IAP) to help you protect SSH and RDP access to your virtual machines (VMs)-without needing to provide your VMs with public IP addresses, and without having to set up bastion hosts. "
https://cloud.google.com/blog/products/identity-security/cloud-iap-enables-context-aware-access-to-vms-via-ss Reference: https://cloud.google.com/solutions/connecting-securely

NEW QUESTION # 63
Your agricultural division is experimenting with fully autonomous vehicles.
You want your architecture to promote strong security during vehicle operation.
Which two architecture should you consider?
Choose 2 answers:

• A. Use multiple connectivity subsystems for redundancy.
• B. Use a trusted platform module (TPM) and verify firmware and binaries on boot.
• C. Enclose the vehicle's drive electronics in a Faraday cage to isolate chips.
• D. Require IPv6 for connectivity to ensure a secure address space.
• E. Treat every micro service call between modules on the vehicle as untrusted.
• F. Use a functional programming language to isolate code execution cycles.

Answer: B,C

NEW QUESTION # 64
A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops responding to SSH connections. It is still serving database requests to the application servers correctly.
What three steps should you take to diagnose the problem? (Choose three.)

• A. Delete the virtual machine (VM) and disks and create a new one
• B. Check inbound firewall rules for the network the machine is connected to
• C. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
• D. Take a snapshot of the disk and connect to a new machine to investigate
• E. Connect the machine to another network with very simple firewall rules and investigate
• F. Delete the instance, attach the disk to a new VM, and investigate

Answer: B,C,D

Explanation:
D: Handling "Unable to connect on port 22" error message
Possible causes include:
* There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Compute Engine instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than 22, you need to enable the access to that port with a custom firewall rule.
* The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from session to session.
F: Handling "Could not connect, retrying..." error
You can verify that the daemon is running by navigating to the serial console output page and looking for output lines prefixed with the accounts-from-metadata: string. If you are using a standard image but you do not see these output prefixes in the serial console output, the daemon might be stopped. Reboot the instance to restart the daemon.
Reference:
https://cloud.google.com/compute/docs/ssh-in-browser
https://cloud.google.com/compute/docs/ssh-in-browser

NEW QUESTION # 65
You company has a Kubernetes application that pulls messages from Pub/Sub and stores them in Firestore. Because the application is simple, it was deployed as a single pod. The infrastructure team has analyzed Pub/Sub metrics and discovered that the application cannot process the messages in real time. Most of them wait for minutes before being processed. You need to scale the elaboration process that is I/O-intensive. What should you do?

• A. Configure a Kubernetes autoscaling based on the subscription/push_request metric.
• B. Use the -enable- autoscaling flag when you create the Kubernetes cluster
• C. Use kubectl autoscale deployment APP_NAME -max 6 -min 2 -cpu- percent 50 to configure Kubernetes autoscaling deployment
• D. Configure a Kubernetes autoscaling based on the subscription/num_undelivered message metric.

Answer: A

Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/custom-and-external-metrics#external_metrics

NEW QUESTION # 66
Mountkirk Games wants to limit the physical location of resources to their operating Google Cloud regions.
What should you do?

• A. Configure a custom alert in Cloud Monitoring so you can disable resources as they are created in other
• B. Configure an organizational policy which constrains where resources can be deployed.
• C. Configure the quotas for resources in the regions not being used to 0.
• D. Configure IAM conditions to limit what resources can be configured.

Answer: B

Explanation:
regions.

NEW QUESTION # 67
Mountkirk Games wants to set up a continuous delivery pipeline. Their architecture includes many small services that they want to be able to update and roll back quickly. Mountkirk Games has the following requirements:
* Services are deployed redundantly across multiple regions in the US and Europe
* Only frontend services are exposed on the public internet
* They can provide a single frontend IP for their fleet of services
* Deployment artifacts are immutable
Which set of products should they use?

• A. Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager
• B. Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer
• C. Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine
• D. Google Cloud Storage, Google App Engine, Google Network Load Balancer

Answer: D

NEW QUESTION # 68
Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take? Choose 2 answers

• A. Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline.
• B. Ensure you have stubs to unit test all interfaces between components.
• C. Ensure every code check-in is peer reviewed by a security SME.
• D. Enable code signing and a trusted binary repository integrated with your CI/CD pipeline.
• E. Use source code security analyzers as part of the CI/CD pipeline.

Answer: A,E

Explanation:
Reference:
https://docs.microsoft.com/en-us/vsts/articles/security-validation-cicd-pipeline?view=vsts

NEW QUESTION # 69
An application development team believes their current logging tool will not meet their needs for their new cloud-based product. They want a better tool to capture errors and help them analyze their historical log data. You want to help them find a solution that meets their needs.
What should you do?

• A. Send them a list of online resources about logging best practices
• B. Help them upgrade their current tool to take advantage of any new features
• C. Direct them to download and install the Google StackDriver logging agent
• D. Help them define their requirements and assess viable logging tools

Answer: C

Explanation:
Explanation/Reference:
Explanation:
The Stackdriver Logging agent streams logs from your VM instances and from selected third party software packages to Stackdriver Logging. Using the agent is optional but we recommend it. The agent runs under both Linux and Microsoft Windows.
Note: Stackdriver Logging allows you to store, search, analyze, monitor, and alert on log data and events from Google Cloud Platform and Amazon Web Services (AWS). Our API also allows ingestion of any custom log data from any source. Stackdriver Logging is a fully managed service that performs at scale and can ingest application and system log data from thousands of VMs. Even better, you can analyze all that log data in real time.
References: https://cloud.google.com/logging/docs/agent/installation

NEW QUESTION # 70
For this question, refer to the TerramEarth case study. You are asked to design a new architecture for the ingestion of the data of the 200,000 vehicles that are connected to a cellular network. You want to follow Google-recommended practices.
Considering the technical requirements, which components should you use for the ingestion of the data?

• A. Cloud IoT Core with public/private key pairs
• B. Google Kubernetes Engine with an SSL Ingress
• C. Compute Engine with specific SSH keys
• D. Compute Engine with project-wide SSH keys

Answer: A

Explanation:
Explanation/Reference:
Dress4Win, A
Testlet 1
Company Overview
Dress4Win is a web-based company that helps their users organize and manage their personal wardrobe using a website and mobile application. The company also cultivates an active social network that connects their users with designers and retailers. They monetize their services through advertising, e-commerce, referrals, and a premium app model.
Company Background
Dress4Win's application has grown from a few servers in the founder's garage to several hundred servers and appliances in a collocated data center. However, the capacity of their infrastructure is now insufficient for the application's rapid growth. Because of this growth and the company's desire to innovate faster, Dress4Win is committing to a full migration to a public cloud.
Solution Concept
For the first phase of their migration to the cloud, Dress4Win is considering moving their development and test environments. They are also considering building a disaster recovery site, because their current infrastructure is at a single location. They are not sure which components of their architecture they can migrate as is and which components they need to change before migrating them.
Existing Technical Environment
The Dress4Win application is served out of a single data center location.
* Databases:
- MySQL - user data, inventory, static data
- Redis - metadata, social graph, caching
* Application servers:
- Tomcat - Java micro-services
- Nginx - static content
- Apache Beam - Batch processing
* Storage appliances:
- iSCSI for VM hosts
- Fiber channel SAN - MySQL databases
- NAS - image storage, logs, backups
* Apache Hadoop/Spark servers:
- Data analysis
- Real-time trending calculations
* MQ servers:
- Messaging
- Social notifications
- Events
* Miscellaneous servers:
- Jenkins, monitoring, bastion hosts, security scanners
Business Requirements
* Build a reliable and reproducible environment with scaled parity of production.
* Improve security by defining and adhering to a set of security and Identity and Access Management (IAM) best practices for cloud.
* Improve business agility and speed of innovation through rapid provisioning of new resources.
* Analyze and optimize architecture for performance in the cloud.
* Migrate fully to the cloud if all other requirements are met.
Technical Requirements
* Evaluate and choose an automation framework for provisioning resources in cloud.
* Support failover of the production environment to cloud during an emergency.
* Identify production services that can migrate to cloud to save capacity.
* Use managed services whenever possible.
* Encrypt data on the wire and at rest.
* Support multiple VPN connections between the production data center and cloud environment.
CEO Statement
Our investors are concerned about our ability to scale and contain costs with our current infrastructure. They are also concerned that a new competitor could use a public cloud platform to offset their up-front investment and freeing them to focus on developing better features.
CTO Statement
We have invested heavily in the current infrastructure, but much of the equipment is approaching the end of its useful life. We are consistently waiting weeks for new gear to be racked before we can start new projects. Our traffic patterns are highest in the mornings and weekend evenings; during other times, 80% of our capacity is sitting idle.
CFO Statement
Our capital expenditure is now exceeding our quarterly projections. Migrating to the cloud will likely cause an initial increase in spending, but we expect to fully transition before our next hardware refresh cycle. Our total cost of ownership (TCO) analysis over the next 5 years puts a cloud strategy between 30 to 50% lower than our current model.

NEW QUESTION # 71
Your web application uses Google Kubernetes Engine to manage several workloads. One workload requires a consistent set of hostnames even after pod scaling and relaunches.
Which feature of Kubernetes should you use to accomplish this?

• A. StatefulSets
• B. Container environment variables
• C. Role-based access control
• D. Persistent Volumes

Answer: A

Explanation:
Explanation
https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/

NEW QUESTION # 72
For this question, refer to the Dress4Win case study. To be legally compliant during an audit, Dress4Win must be able to give insights in all administrative actions that modify the configuration or metadata of resources on Google Cloud.
What should you do?

• A. Use Stackdriver Trace to create a trace list analysis.
• B. Use Stackdriver Monitoring to create a dashboard on the project's activity.
• C. Enable Cloud Identity-Aware Proxy in all projects, and add the group of Administrators as a member.
• D. Use the Activity page in the GCP Console and Stackdriver Logging to provide the required insight.

Answer: D

NEW QUESTION # 73
......

To prepare for the GCP exam, candidates can take advantage of a range of resources available online. Google offers a range of training programs, including online courses, tutorials, and hands-on labs, to help candidates build their knowledge and skills in GCP. Additionally, third-party training providers offer courses and study materials that can help candidates prepare for the exam.

 

Dumps for Free Professional-Cloud-Architect Practice Exam Questions: https://www.actualtorrent.com/Professional-Cloud-Architect-questions-answers.html

PDF Dumps 2024 Exam Questions with Practice Test: https://drive.google.com/open?id=1ycSYCMgWm1kOSpCK_cH7NK4GBC4d-uoS