Google Associate Cloud Engineer - Practice Test 3
Your company has acquired a startup, and you are tasked with integrating their IT systems. The startup operates a production Google Cloud project within their own organization. You need to migrate this project to your company's organization and ensure that all future billing for the project is handled by your organization. What is the most efficient way to achieve this?
The most straightforward method to move a Google Cloud project between organizations and update its billing is by using the `projects.move` method (or the equivalent `gcloud beta project move` command). This action directly transfers ownership and control. After the project is moved, its billing account must be explicitly updated to reflect the new organization's billing.
Your organization has multiple development teams, all based in the United States, each managing its own Google Cloud project. You need to enforce a policy that restricts these development teams to creating cloud resources exclusively within US locations. What is the most appropriate Google Cloud solution to achieve this?
Organization Policies are designed to set restrictions on 'what' resources can be configured and where, making them ideal for enforcing location constraints. By creating a folder to group the development projects and then applying an organization policy at the folder level, the restriction will automatically apply to all child projects. IAM policies, on the other hand, focus on 'who' can do 'what' and are not the primary mechanism for enforcing resource location constraints.
Your organization operates a hybrid cloud environment, utilizing Google Cloud Compute Engine and on-premises infrastructure. Your Google Cloud Virtual Private Cloud (VPC) is connected to your corporate WAN via a VPN tunnel. You need to provision a new Compute Engine virtual machine (VM) and ensure that it is completely isolated from direct public internet access. What is the most effective way to achieve this?
To prevent a Compute Engine instance from being accessible directly from the public internet, the most fundamental step is to not assign it a public IP address. Without a public IP, the instance is only reachable via internal IP addresses within the VPC or through connected networks like a VPN. Other options address different concerns, such as egress traffic or access to Google services, but do not directly prevent public internet ingress.
You are using Looker Studio (formerly Data Studio) to visualize data from a BigQuery table that serves as your data warehouse. Throughout the day, data is appended to this table. Each night, a daily summary is regenerated by overwriting the entire table. You've noticed that your Looker Studio charts are now broken, and you need to diagnose the root cause. What is the most appropriate first step to analyze this problem?
Since the issue manifests as broken charts in Looker Studio, and the data source is a BigQuery table that is overwritten nightly, the most direct approach is to investigate the process responsible for updating that table. Checking the BigQuery job history will reveal if the nightly data refresh completed successfully or encountered errors, which would directly impact the data available to Looker Studio. Cloud Debugger is deprecated and not relevant for BigQuery job issues.
You are using Google Cloud Deployment Manager to provision a Google Kubernetes Engine (GKE) cluster. You also need to deploy a Kubernetes DaemonSet into the `kube-system` namespace of this newly created cluster using the same Deployment Manager deployment. Your goal is to achieve this with the fewest possible additional services or external dependencies. What is the most efficient approach?
To manage Kubernetes resources directly within Deployment Manager, the Kubernetes API needs to be exposed as a Type Provider. This allows Deployment Manager to interact with the GKE cluster's API server to create, update, and delete Kubernetes objects like DaemonSets, integrating the deployment seamlessly without requiring external services like Compute Engine instances or Runtime Configurator for this specific task. This method leverages Deployment Manager's extensibility to manage third-party APIs.