Google Associate Cloud Engineer - Practice Test 3
Your company operates a critical batch process on-premises that requires approximately 30 hours to complete. This task runs monthly, can be executed without an active network connection, and must be restarted from the beginning if interrupted. You need to migrate this workload to Google Cloud, prioritizing cost minimization. What is the most appropriate solution?
The batch process takes 30 hours, exceeding the 24-hour maximum runtime for Preemptible VMs, making options involving Preemptible VMs unsuitable. Since the task runs monthly and can be performed offline, a standard Compute Engine VM that is started only when needed and stopped afterward minimizes cost by only paying for compute time when the task is running.
Your team has developed an application on Google Cloud that leverages Cloud Spanner. The support team needs to observe the application's performance and health metrics but must not be able to view or modify any sensitive table data. You need to implement a streamlined solution to grant the appropriate permissions to the support team, adhering to Google's recommended security practices. Which of the following actions should you take?
The roles/monitoring.viewer role provides read-only access to monitoring data across all resources, which is sufficient for the support team to monitor the environment without accessing sensitive Spanner table data. Other Spanner-specific roles would grant access to the database content, which is explicitly not desired. The stackdriver.accounts.viewer role is too broad and not specifically tailored for monitoring resource metrics.
Your organization is migrating its infrastructure to Google Cloud. You need to ensure that only users with company-issued Google accounts can access your Google Cloud environment. Additionally, users within the same department should only be able to access resources relevant to their department. You aim to minimize operational costs while adhering to Google-recommended security practices. What is the most effective solution?
Option 2 effectively addresses both requirements. Using Google Groups and IAM roles is a recommended practice for managing departmental access to resources. Implementing organization policies to block non-company issued emails provides a centralized and automated way to enforce the access restriction, minimizing operational overhead.
You have a web application deployed on Cloud Run for Anthos. To perform a canary deployment, you need to introduce an updated version of the application and direct a specific percentage of production user traffic to it. What is the most appropriate method to achieve this?
Cloud Run manages different versions of an application through revisions. To perform a canary deployment, you create a new revision for the updated application and then use Cloud Run's built-in traffic management features to split traffic between the existing and new revisions. Services in Cloud Run typically represent a single application, while revisions represent specific versions of that application.
You are managing a web application hosted on Google App Engine standard environment. You need to introduce a new experimental version of the website and direct 1% of your user traffic to it, while minimizing operational complexity. Which approach should you take?
App Engine's traffic splitting feature is designed for this exact scenario, allowing you to easily direct a percentage of traffic to different versions within the same application. The `--splits` option provides a straightforward way to allocate traffic weights. Creating new applications or using external load balancers would introduce unnecessary complexity for A/B testing within App Engine.