Google Associate Cloud Engineer - Practice Test 2
An external auditor needs to review both Admin Activity logs and Data Access logs within your Google Cloud project. Which Google Cloud Identity and Access Management (IAM) role should you assign to the auditor to grant the necessary permissions, and what additional instruction should be provided?
The `roles/logging.privateLogViewer` role grants permissions to view both Admin Activity logs and Data Access logs, which covers the auditor's requirement. The additional instruction to review logs for changes to Cloud IAM policy is a common practice for auditors to ensure security and compliance. Exporting logs to Cloud Storage is an option for long-term retention but not directly required for immediate review with the specified role.
Your company has a large quantity of unstructured data in different file formats. You want to perform ETL transformations on the data. You need to make the data accessible on Google Cloud so it can be processed by a Dataflow job. What should you do?
Selected Answer: B Its B, non structure data
You are managing a critical web application hosted on Google Compute Engine. Your objective is to ensure that your support team is immediately notified if users experience elevated latency for a sustained period of at least 5 minutes. You require a Google-recommended solution that incurs no development overhead. Which approach should you implement?
The requirement for 'no development cost' eliminates options involving BigQuery/Looker Studio (which requires setup and dashboard development) and App Engine (which requires custom code development). The need for 'automatic' notification rules out manual monitoring via a dashboard. Cloud Monitoring alert policies are specifically designed for automated notifications based on metric thresholds, fulfilling all specified requirements.
A company needs to process daily batch jobs that typically run for about two hours each night. The primary goal is to minimize the operational costs associated with these compute resources. Which Google Cloud strategy should be implemented?
Preemptible VM instances on Compute Engine are designed for fault-tolerant batch processing workloads and offer significant cost savings (up to 80% off standard prices). Since the jobs run nightly and can tolerate potential interruptions, preemptible VMs are the most cost-effective solution. Other options like GKE or non-preemptible VMs would incur higher costs or might not provide sufficient resources efficiently.
Your organization mandates that all developers possess consistent permissions across all Google Cloud projects. The security policy specifically limits developer access to Compute Engine, Cloud Functions, and Cloud SQL services. You need to implement this policy with minimal administrative overhead. What is the most efficient approach?
Option 2 is the most efficient solution. Creating a custom role at the organization level ensures consistent permissions across all projects and centralizes management. Assigning this role to a Cloud Identity group simplifies user management, as developers can be added or removed from the group, automatically updating their permissions.