Google Associate Cloud Engineer - Practice Test 1
You have deployed a Linux-based application on a Google Compute Engine instance. An external contractor needs secure access to this instance. The contractor is connected to your corporate network via a VPN but does not possess a Google account. What is the most appropriate method to grant them access?
Since the external contractor does not have a Google account, solutions relying on Google authentication like Identity-Aware Proxy (IAP) are not suitable. The most secure and common method for granting SSH access to a Linux instance without a Google account is to use SSH key pairs. The public key is added to the instance, while the private key remains securely with the contractor.
A VM instance is deployed in a Google Cloud VPC with single-stack subnets. To enable consistent communication from other services within the same VPC, the VM requires a fixed IP address. Which Google-recommended and cost-effective approach should be taken?
For communication within the same VPC, an internal IP address is sufficient and more secure as it's not exposed to the internet. Promoting the existing internal IP to static ensures it remains fixed without incurring costs associated with external IP addresses when not needed. This aligns with Google's best practices for internal service communication and cost optimization.
You are designing a network architecture for an application on Google Cloud Compute Engine. You need to deploy production virtual machines (VMs) and development VMs. The production VMs must reside in a distinct subnet from the development VMs. All VMs, regardless of their environment, need to communicate with each other using internal IP addresses without requiring additional routing configurations. You plan to set up a Virtual Private Cloud (VPC) and two subnets to meet these requirements. Which configuration best satisfies these conditions?
A single custom VPC allows all subnets within it to communicate via internal IP addresses without extra routing. Placing subnets in different regions and with different CIDR ranges ensures proper isolation between production and test environments while maintaining connectivity within the same VPC. Subnets within the same VPC cannot have overlapping CIDR ranges.
Your organization's Google Cloud environment recently underwent an audit, revealing that several resources are shared with users whose email addresses do not belong to your corporate Google Workspace domain. You need to implement a solution to prevent future sharing with external domains and also address the existing mismatched users. Which approach should you take?
Organizational policy constraints, specifically 'Restrict identities by domain', are the correct way to prevent future sharing with external domains. However, these policies are not retroactive, meaning they will not automatically remove existing mismatched users. Therefore, after setting the policy, a manual or programmatic cleanup of existing non-compliant users is required.
You need to upload a 32 GB file to a Google Cloud Storage Nearline bucket. Your network connection provides a consistent 1 Gbps bandwidth, and you are the sole user. To maximize the utilization of the available bandwidth for a rapid transfer, how should you proceed with the upload?
For large files and high-bandwidth connections, gsutil's parallel composite uploads significantly improve transfer speed. This feature splits the file into smaller parts and uploads them concurrently, leveraging the available network capacity more efficiently. Other options either don't optimize for large file transfers or are counterproductive.