ASSOCIATE-CLOUD-ENGINEER Online Practice Questions and Answers

You're working on creating a script that can extract the IP address of a Kubernetes Service. Your coworker sent you a code snippet that they had saved. Which one is the best starting point for your code?

A. kubectl get svc -o filtered- json='{.items[*].status.loadBalancer.ingress[0].ip}'

B. kubectl get svc -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}'

C. kubectl get svc -o html

D. kubectl get svc

Your boss has asked you to onboard a new user and provide them with access to their team's project. What set of steps best describes what needs to happen?

A. Add them as a member of the project, grant them the required roles, and sync the user back to G Suite.

B. Add the user inside of G Suite, create a user group, and add them to that user group.

C. Add the user inside of G Suite; sync from G Suite to the Active Directory using the Directory Sync util; add them as a member and grant them the required roles.

D. Add the user inside of G Suite, add them as a member of the project, and grant them the required roles.

Your security team has asked you to present them some numbers based on the logs that are exported to BigQuery. Due to the team structure, your manager has asked you to determine how much the query will cost. What's the best way to determine the cost?

A. It's not possible to estimate the cost of a query.

B. Create the query and execute the query in "cost estimation mode"

C. Create the query and use the dry-run option to determine the amount of data read, then use the price calculator to determine the cost.

D. Use the BigQuery index viewer to determine how many records you'll be reading.

You're attempting to remove the zone property from the Compute Engine service, that was set with the incorrect value. Which command would accomplish your task?

A. gcloud config unset compute/zone

B. gcloud config unset zone

C. gcloud config configurations unset compute/zone

D. gcloud unset compute/zone

You're attempting to install the kubectl component on an Ubuntu server, though, you're getting an error. The error indicates that the component manager is disabled. What is the most likely cause for the error?

A. The Cloud SDK was not installed with root permissions.

B. The Cloud SDK was installed using apt.

C. The Cloud SDK is using the wrong configuration.

D. The Cloud SDK is running inside a Docker container.

You are running out of primary internal IP addresses in a subnet for a custom mode VPC. The subnet has the IP range 10.0.0.0/20, and the IP addresses are primarily used by virtual machines in the project. You need to provide more IP addresses for the virtual machines. What should you do?

A. Add a secondary IP range 10.1.0.0/20 to the subnet.

B. Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/18.

C. Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

D. Convert the subnet IP range from IPv4 to IPv6.

You have an application that looks for its licensing server on the IP 10.0.3.21. You need to deploy the licensing server on Compute Engine. You do not want to change the configuration of the application and want the application to be able to reach the licensing server. What should you do?

A. Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.

B. Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server.

C. Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server.

D. Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address.

You want to verify the IAM users and roles assigned within a GCP project named my-project. What should you do?

A. Run gcloud iam roles list. Review the output section.

B. Run gcloud iam service-accounts list. Review the output section.

C. Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

D. Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

You are managing a Data Warehouse on BigQuery. An external auditor will review your company's processes, and multiple external consultants will need view access to the data. You need to provide them with view access while following

Google-recommended practices.

What should you do?

A. Grant each individual external consultant the role of BigQuery Editor

B. Grant each individual external consultant the role of BigQuery Viewer

C. Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

D. Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

You have an application that runs on Compute Engine VM instances in a custom Virtual Private Cloud (VPC). Your company's security policies only allow the use to internal IP addresses on VM instances and do not let VM instances connect to the internet. You need to ensure that the application can access a file hosted in a Cloud Storage bucket within your project. What should you do?

A. Enable Private Service Access on the Cloud Storage Bucket.

B. Add slorage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list to protected projects.

C. Enable Private Google Access on the subnet within the custom VPC.

D. Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket.