Google Associate Cloud Engineer - Practice Test 2
A healthcare organization stores patient medical images on-premises and needs to implement an automated solution to archive new images to Google Cloud Storage. The solution must ensure that any newly generated medical images are reliably uploaded to Cloud Storage. Which approach should you design and implement?
Option 2 provides a straightforward and robust solution for synchronizing on-premises data with Cloud Storage. The `gcloud storage` command offers powerful synchronization capabilities, and scheduling it as a cron job ensures automated, recurring uploads. This method is generally easier to implement and maintain for direct file synchronization from an on-premises environment compared to event-driven architectures for initial bulk or continuous synchronization.
You have successfully established a development environment within a Google Cloud project for an application utilizing Compute Engine and Cloud SQL. Now, you need to set up a production environment for this application. The security team has mandated strict network isolation between the two environments and requires adherence to Google's recommended best practices. What is the most appropriate action to take?
Google Cloud best practices recommend using separate projects for different environments (e.g., development, production) to ensure strong isolation, especially for security. This approach inherently prevents network routes between environments and aligns with the security team's requirements. Options that involve sharing resources or using existing projects for other divisions violate isolation principles.
You are developing an application on your Ubuntu laptop, which has the Google Cloud SDK installed via the official Ubuntu package repository. You need to test your application locally using a Cloud Datastore emulator. What is the correct method to install the necessary emulator component?
Since the Cloud SDK was installed from the Google Cloud Ubuntu package repository, additional components should also be installed using the system's package manager, `apt-get`. The `gcloud components install` command is used when the SDK is installed via the standalone installer or `curl` script, not when installed via `apt-get`. Therefore, `apt-get install google-cloud-sdk-datastore-emulator` is the correct approach.
Your existing application running in Google Kubernetes Engine (GKE) consists of multiple pods running on four GKE n1-standard-2 nodes. You need to deploy additional pods requiring n2-highmem-16 nodes without any downtime. What is the most efficient way to achieve this?
To introduce new machine types for specific workloads within an existing GKE cluster without downtime, creating a new node pool with the desired machine type (n2-highmem-16) is the recommended approach. This allows the new pods to be scheduled on the appropriate nodes while the existing application continues to run on the original node pool. Migrating the entire cluster or upgrading it directly would likely cause downtime or be less efficient.
You are managing a BigQuery data warehouse in your Google Cloud project. A third-party analytics company, operating in their own Google Cloud project, requires access to a specific BigQuery dataset within your project to provide a recommendation service. How should you securely grant them access?
The most secure and recommended approach for cross-project access is for the consuming project (the partner company's project) to create a Service Account. You then grant this specific Service Account the necessary permissions (e.g., BigQuery Data Viewer) directly on your BigQuery dataset. This ensures that the partner manages their own credentials and you retain full control over the permissions granted to your resources.