Google Associate Cloud Engineer - Practice Test 1
You are designing a network architecture for an application that requires separate environments for production and development workloads on Google Compute Engine. Production virtual machines (VMs) must reside in a distinct subnet from development VMs. All VMs across both environments need to communicate with each other using internal IP addresses without requiring additional routing configurations. You need to set up the Virtual Private Cloud (VPC) and the two necessary subnets. Which configuration effectively meets these requirements?
A single custom VPC allows all subnets within it to communicate via internal IP addresses without extra routing. Placing subnets in different regions and assigning distinct CIDR ranges ensures proper separation for production and development VMs while maintaining connectivity within the same VPC. Subnets within the same VPC cannot have overlapping CIDR ranges.
You are using the Google Cloud Pricing Calculator to estimate the cost of a new Google Kubernetes Engine (GKE) cluster. Your application requires high I/O operations per second (IOPS) and will utilize disk snapshots for data protection. After entering the number of nodes, average hours, and average days, what is the most appropriate next step to accurately reflect these requirements in the cost estimate?
The requirement for high IOPS directly points to using local SSDs, which provide higher performance than standard persistent disks. Additionally, the explicit mention of using disk snapshots necessitates including snapshot storage in the cost estimate. Cluster management costs are typically included by default or are a separate line item not directly tied to these specific workload requirements.
Your application leverages Cloud Spanner for real-time user state management and Cloud Bigtable for logging all user-triggered events. Daily backups of Cloud Spanner data are exported to Cloud Storage. An analyst requests an ad-hoc join of data from Cloud Spanner and Cloud Bigtable for specific users. What is the most efficient way to fulfill this request?
BigQuery external tables allow you to query data directly from Cloud Storage and Cloud Bigtable without needing to import or copy the data. This approach is highly efficient for ad-hoc queries as it avoids data movement and leverages BigQuery's powerful analytical capabilities. The other options involve more complex data movement or processing, which would be less efficient for a one-off request.
You need to provision a new Compute Engine instance within a Google Cloud project that does not yet exist. Which sequence of steps should you follow?
Before any resources can be created, a project must first exist and have billing enabled. Once the project is established, the necessary APIs, such as the Compute Engine API, must be explicitly enabled within that project. Only after these prerequisites are met can a Compute Engine instance be successfully provisioned.
As a project owner in Google Cloud Platform, you need to delegate comprehensive control over Cloud Storage buckets and objects to your team members, adhering to Google's recommended security practices for least privilege. Which IAM role should you grant to your colleagues?
The Storage Admin role (roles/storage.admin) provides full control over both buckets and objects within Cloud Storage, allowing team members to create, manage, and delete them, as well as set permissions. This role is appropriate for comprehensive management while avoiding the overly broad permissions of a Project Editor. Storage Object Admin and Storage Object Creator offer more granular but less comprehensive control than required for managing both buckets and objects.