Google Associate Cloud Engineer - Practice Test 2
You are configuring a new application within a Google Cloud VPC, and the user has expressed concerns about data egress. You need to implement firewall rules to allow only the absolutely necessary outbound traffic, ensuring the fewest possible open egress ports. Which configuration strategy should you employ?
In Google Cloud firewall rules, lower priority numbers indicate higher priority. To achieve the goal of blocking all egress except for specific ports, you need a high-priority rule that allows the necessary traffic and a lower-priority rule that blocks everything else. Therefore, a low-priority rule blocking all egress will be overridden by a high-priority rule allowing specific ports.
You have a Dockerfile for an application and need to deploy it to Google Kubernetes Engine. Which sequence of steps should you follow?
To deploy an application from a Dockerfile to Kubernetes Engine, you must first build the Docker image and store it in a container registry like Google Container Registry. Subsequently, a Kubernetes Deployment YAML file is created to specify the image location and desired deployment configuration. Finally, the `kubectl` command-line tool is used to apply this YAML file to create the deployment on Kubernetes Engine.
You are developing a video encoding application on Google Cloud Compute Engine. The application needs to handle a rapidly growing user base, ensuring continuous availability and sufficient CPU resources for encoding tasks. You want to implement a highly available solution that follows Google's recommended practices for automated operations. Which approach should you take?
To ensure high availability and automated scaling based on demand, deploying to a managed instance group (MIG) with autoscaling configured for CPU utilization is the recommended Google Cloud practice. This allows the system to automatically add or remove instances to meet the workload requirements without manual intervention. Standalone instances or manual scaling do not provide the same level of automation and high availability.
You have a web application deployed on Cloud Run for Anthos. To perform a canary deployment, you need to introduce an updated version of the application and direct a specific percentage of production user traffic to it. What is the most appropriate method to achieve this?
Cloud Run manages different versions of an application through revisions. To perform a canary deployment, you create a new revision for the updated application and then use Cloud Run's built-in traffic management features to split traffic between the existing and new revisions. This allows for controlled rollout without needing external load balancers or creating entirely new services.
Your organization has a significant volume of unstructured data in various file formats that requires Extract, Transform, Load (ETL) operations. You need to make this data available within Google Cloud for processing by a Dataflow job. Which Google Cloud service should you use to store this data, and what tool would you typically use for the initial upload?
Cloud Storage is the primary service for storing large quantities of unstructured data, such as files in various formats, within Google Cloud. The `gsutil` command-line tool is commonly used for interacting with Cloud Storage, including uploading data. Dataflow jobs can easily read and process data directly from Cloud Storage.