Google Associate Cloud Engineer - Practice Test 3
You are developing a new web application on Google Cloud Platform and need to implement a canary release strategy. You want to test updates on a small percentage of live user traffic while the majority of users continue to access the stable version. Which Google Cloud service and configuration should you use?
App Engine is designed for managing different versions of an application within the same service. Its built-in traffic splitting feature allows you to direct a small percentage of user traffic to a new version, enabling effective canary testing without impacting the stable version for most users. Creating a new service for each update would be less efficient and not the intended use for versioning within App Engine.
You have a Dockerfile for an application and need to deploy it to Google Kubernetes Engine. Which sequence of steps correctly describes how to achieve this?
To deploy an application defined by a Dockerfile to Kubernetes Engine, you must first build the Docker image and push it to a container registry like Container Registry. Afterward, you define a Kubernetes Deployment in a YAML file, referencing the image from the registry, and then use `kubectl apply -f` to create the deployment on the cluster. Options 1 and 3 use incorrect commands for Kubernetes Engine, while Option 4 incorrectly suggests storing the image in Cloud Storage instead of a container registry.
You need to deploy a single, latency-sensitive HTTP reverse proxy with caching on Google Cloud Platform. This proxy has minimal CPU requirements but needs a 30 GB in-memory cache and an additional 2 GB for other processes. Your primary goal is to minimize costs. Which Google Cloud service and configuration should you choose?
The question specifies a need for 32 GB of memory for both caching and other processes, with minimal CPU usage. While Cloud Memorystore provides an in-memory cache, it doesn't support running additional processes. A Compute Engine custom instance type allows precise resource allocation, providing the required memory without over-provisioning CPU, which is the most cost-effective solution for this specific workload.
You are responsible for managing the security configuration of your company’s Google Cloud organization. The Operations team requires specific permissions to manage both a Google Kubernetes Engine (GKE) cluster and a Cloud SQL instance. Two existing predefined Identity and Access Management (IAM) roles provide some, but not all, of the necessary permissions. You need to grant the Operations team the required IAM permissions while adhering to the principle of least privilege and Google-recommended practices. What is the most appropriate action?
The principle of least privilege dictates that users should only be granted the minimum permissions necessary to perform their tasks. Since the predefined roles contain only a subset of needed permissions, granting the full predefined roles (options 1, 3, and 4) would likely grant more permissions than required. Creating a custom IAM role with only the specific necessary permissions (option 2) directly adheres to this principle and is a Google-recommended practice for fine-grained access control.
You are configuring Google Cloud DNS for your domain `mydomain.com`. You need to ensure that `mydomain.com`, `www.mydomain.com`, and `home.mydomain.com` all resolve to the IP address of your Google Cloud load balancer. Which DNS record configuration should you implement?
An A record is used to map a domain name to an IPv4 address, which is necessary for the root domain (`mydomain.com`) to point to the load balancer's IP. CNAME records (Canonical Name) are then used to alias subdomains (`www.mydomain.com`, `home.mydomain.com`) to the root domain, effectively pointing them to the same IP address without needing separate A records for each subdomain. CNAME records cannot be used for the root domain if other records exist, making an A record the correct choice for `mydomain.com`.