Google Associate Cloud Engineer - Practice Test 1
As an Organization Administrator for your company's Google Cloud environment, you are responsible for ensuring compliance with strict rules requiring notification of any modifications to files and documents stored in Cloud Storage. Recently, a team member modified files without your knowledge, leading to production job failures. You need to implement a solution that guarantees real-time notifications for all changes to Cloud Storage objects while keeping management overhead to a minimum. What is the most effective approach?
Option 2 is the recommended and most effective solution. Enabling object versioning ensures data integrity by retaining previous versions, while configuring Pub/Sub notifications for Cloud Storage provides real-time, automated alerts for any object modifications, minimizing management overhead. Object Change Notifications (Option 4) is an older method and is deprecated in favor of Pub/Sub notifications for Cloud Storage.
A company needs to implement a cost-effective data archiving solution for a Cloud Storage bucket. The solution requires that data with multiple versions be archived after 30 days. Previous versions are accessed approximately once a month for reporting, and this archived data is also occasionally updated at month-end. Which action should be taken?
Nearline Storage is the most suitable option for this scenario because it is designed for data accessed less than once a month, which aligns with the requirement for monthly reporting and occasional month-end updates. It offers a cost-effective balance between storage costs and access frequency, with a 30-day minimum storage duration that matches the archiving policy. Coldline Storage would be less cost-effective due to its higher access costs and longer minimum storage duration, making it less ideal for data accessed monthly.
Your organization uses Compute Engine instances for its Linux workloads. You need to provide SSH access to these instances for a new third-party operations partner who does not use Google Accounts. What is the most appropriate method to grant them secure access to maintain the installed tooling?
The operations partner does not use Google Accounts, which rules out solutions like Cloud IAP that rely on Google identities. Adding SSH public keys directly to the VM instances is a standard and secure way to grant access to external users without Google Accounts. This method allows granular control over who can access specific instances.
Your application is configured to connect to a licensing server at the internal IP address 10.0.3.21. You need to deploy this licensing server on Google Compute Engine without modifying the application's existing configuration. Which action should you take to ensure the application can successfully reach the licensing server?
To ensure the application can reach the licensing server at a specific internal IP address without configuration changes, the server must be assigned a static internal IP. Reserving 10.0.3.21 as a static internal IP guarantees its persistence and availability within the private network. Ephemeral IPs can change, and public IPs are not suitable for internal application communication.
A former employee's access to Google Cloud was inadvertently maintained for two weeks post-termination. To investigate whether this individual accessed any confidential customer information during that period, what is the most appropriate action to take?
To determine if sensitive customer information was accessed, Data Access audit logs are required. These logs record API calls that read user-provided resource data, which includes access to sensitive information. Searching these logs using the user's email as the principal will identify their specific actions.