Google Associate Cloud Engineer - Practice Test 1
Your team is developing a critical application that requires deployment on Kubernetes. This production application demands high reliability and adherence to Google's recommended best practices for Kubernetes cluster provisioning. Which approach should you take?
Google-recommended practices for critical applications often point to GKE Autopilot for its managed nature and operational simplicity. For optimizing reliability and stability, especially for business-critical applications, the stable release channel is preferred as it offers thoroughly tested versions with fewer breaking changes compared to the rapid release channel.
Your company's on-premises infrastructure is operating at peak capacity, and you need to extend workloads to Google Cloud. The critical requirement is that these Google Cloud workloads must be able to communicate directly with on-premises workloads using private IP addresses. What is the most appropriate solution?
To enable direct communication using private IP addresses between on-premises infrastructure and Google Cloud, a secure and private tunnel is required. Cloud VPN provides this functionality by extending the on-premises network to Google Cloud, allowing workloads to communicate over internal IP ranges. Other options like Shared VPC, VPC Network Peering, or bastion hosts using public IPs do not meet the requirement for private IP communication between on-premises and Google Cloud.
A new contractor requires read-only access to view compute images and disks within a specific Google Cloud project. To adhere to the principle of least privilege and Google's recommended security practices, what is the most appropriate action to take?
The requirement is for list access only, adhering to the principle of least privilege. Creating a custom role with only the `compute.disks.list` and `compute.images.list` permissions directly grants the exact access needed without providing broader capabilities. Options involving predefined roles like `Compute Image User` or `Compute Storage Admin` would grant more permissions than required, such as the ability to use images or manage storage, which is not desired for simple list access.
Your organization runs a nightly batch processing workload that utilizes a large number of virtual machines (VMs). This workload is designed to be fault-tolerant and can gracefully handle the termination of some VMs without impacting the overall job completion. However, the current operational costs for these VMs are excessively high. Which strategy should you implement to reduce costs effectively?
For fault-tolerant batch workloads that can withstand VM terminations, Google Cloud Spot VMs (formerly Preemptible VMs) are the most cost-effective solution. They offer significant discounts compared to standard VMs. Testing with simulated maintenance events ensures the workload's resilience before fully adopting Spot VMs for production.
You are developing an application to handle data file uploads from numerous external suppliers. Your primary objectives are to ensure data security and to automatically manage data retention. Specifically, the application must: * Ensure each supplier can only access their own data. * Grant suppliers write access to data for a limited duration of 30 minutes. * Automatically remove data older than 45 days. You need to implement a solution with a rapid development cycle and minimal ongoing maintenance. Which two strategies should you employ?
Cloud Storage lifecycle policies are ideal for automatically deleting aged data (45 days) without requiring custom code or maintenance. Signed URLs provide a secure, time-limited mechanism for suppliers to upload their data directly to Cloud Storage, fulfilling the 30-minute write access requirement and restricting access to only their own data.