Google Associate Cloud Engineer - Practice Test 3
Your organization manages diverse datasets, each with distinct storage needs. These datasets include: 1. Structured customer information requiring complex query capabilities. 2. Extensive historical log data, accessed rarely but needing long-term retention. 3. High-throughput sensor readings that are written frequently and need to be available for analysis, with a tolerance for minor data loss. You need to implement the most cost-effective Google Cloud storage solution that meets all these requirements. Which combination of services should you choose?
Cloud SQL is ideal for structured customer data requiring complex queries. Cloud Storage Coldline is a cost-effective choice for large volumes of infrequently accessed historical logs. BigQuery is well-suited for high-velocity sensor data, offering powerful analytics capabilities and cost-efficiency for large datasets, even with some data loss tolerance.
You are responsible for managing the security configuration of your company’s Google Cloud organization. Your Operations team requires specific permissions to manage both a Google Kubernetes Engine (GKE) cluster and a Cloud SQL instance. You've identified two existing predefined Identity and Access Management (IAM) roles that each contain some, but not all, of the necessary permissions. You need to grant the Operations team the required IAM permissions while adhering to Google's recommended practices for least privilege. What is the most appropriate action to take?
The principle of least privilege dictates that users should only be granted the minimum permissions necessary to perform their tasks. Creating a custom IAM role with only the required permissions ensures this. Granting entire predefined roles (options 1, 3, and 4) would likely provide more permissions than needed, violating the least privilege principle.
You have deployed a Linux-based application on a Google Compute Engine instance. An external contractor needs secure access to this instance. The contractor is connected to your corporate network via a VPN but does not possess a Google account. What is the most appropriate method to grant them access?
Since the external contractor does not have a Google account, Identity-Aware Proxy (IAP) is not a suitable option for direct access. The most secure and common method for external users to access Linux instances without Google accounts is through SSH key-based authentication. The public key is added to the instance, allowing the contractor to authenticate with their corresponding private key.
You are designing the infrastructure for a new Enterprise Resource Planning (ERP) system on Google Cloud. This application relies heavily on an in-memory database for rapid data access. Which Google Cloud Compute Engine machine type would be most appropriate for this workload?
For applications like ERP systems that utilize large in-memory databases (e.g., SAP HANA), memory-optimized machine types are essential. The M1 machine type is specifically designed for such memory-intensive workloads, providing the necessary RAM and performance. Other options like preemptible instances, GPUs, or local SSDs are not primarily suited for optimizing in-memory database performance.
Your web application, hosted on Cloud Run, frequently interacts with a Cloud SQL database. During peak traffic periods each morning, you observe recurring API quota errors in your Cloud SQL logs, indicating that the project has hit its maximum API quota. To mitigate this issue, which configuration change should you implement?
The API quota errors during traffic spikes are likely caused by numerous cold starts of Cloud Run instances, each making initial API calls to Cloud SQL. By setting a minimum number of Cloud Run instances, you ensure that some instances are always running, reducing cold starts and the associated burst of API calls during peak load, thus preventing quota exhaustion.