Updated Sep-2021 Exam Engine or PDF for the Google Professional-Cloud-Architect test to help you quickly prepare for the Google exam! [Q116-Q135]

Updated Sep-2021 Test Engine or PDF for the Google Professional-Cloud-Architect test to help you quickly prepare for the Google exam!

Full Professional-Cloud-Architect Practice Test and 230 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 116
For this question, refer to the EHR Healthcare case study. You need to define the technical architecture for securely deploying workloads to Google Cloud. You also need to ensure that only verified containers are deployed using Google Cloud services. What should you do? (Choose two.)

• A. Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.
• B. Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.
• C. Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry.
• D. Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.

Answer: A,D

Explanation:
Reference:
Binary Authorization to ensure only verified containers are deployed To ensure deployment are secure and and consistent, automatically scan images for vulnerabilities with container analysis (https://cloud.google.com/docs/ci-cd/overview?hl=en&skip_cache=true)

 

NEW QUESTION 117
Your company acquired a healthcare startup and must retain its customers' medical information for up to 4 more years, depending on when it was created. Your corporate policy is to securely retain this data, and then delete it as soon as regulations allow.
Which approach should you take?

• A. Anonymize the data using the Cloud Data Loss Prevention API and store it indefinitely.
• B. Store the data in Cloud Storage and run a nightly batch script that deletes all expired data.
• C. Store the data in Cloud Storage and use lifecycle management to delete files when they expire.
• D. Store the data in Google Drive and manually delete records as they expire.

Answer: C

 

NEW QUESTION 118
The operations manager asks you for a list of recommended practices that she should consider when migrating a J2EE application to the cloud. Which three practices should you recommend? Choose 3 answers

• A. Migrate from MySQL to a managed NoSQL database like Google Cloud Datastore or Bigtable.
• B. Instrument the application with a monitoring tool like Stackdriver Debugger.
• C. Select an automation framework to reliably provision the cloud infrastructure.
• D. Deploy a continuous integration tool with automated testing in a staging environment.
• E. Port the application code to run on Google App Engine.
• F. Integrate Cloud Dataflow into the application to capture real-time metrics.

Answer: A,C,F

 

NEW QUESTION 119
The current Dress4Win system architecture has high latency to some customers because it is located in one data center.
As of a future evaluation and optimizing for performance in the cloud, Dresss4Win wants to distribute its system architecture to multiple locations when Google cloud platform.
Which approach should they use?

• A. Use a global load balancer with a set of virtual machines that forward the requests to a closer group of virtual machines managed by your operations team.
• B. Use a global load balancer with a set of virtual machines that forward the requests to a closer group of virtual machines as part of a separate managed instance groups.
• C. Use regional managed instance groups and a global load balancer to increase performance because the regional managed instance group can grow instances in each region separately based on traffic.
• D. Use regional managed instance groups and a global load balancer to increase reliability by providing automatic failover between zones in different regions.

Answer: C

Explanation:
Explanation/Reference:
Dress4Win, B
Testlet 1
Company Overview
Dress4Win is a web-based company that helps their users organize and manage their personal wardrobe using a web app and mobile application. The company also cultivates an active social network that connects their users with designers and retailers. They monetize their services through advertising, e-commerce, referrals, and a freemium app model. The application has grown from a few servers in the founder's garage to several hundred servers and appliances in a colocated data center. However, the capacity of their infrastructure is now insufficient for the application's rapid growth. Because of this growth and the company's desire to innovate faster, Dress4Win is committing to a full migration to a public cloud.
Solution Concept
For the first phase of their migration to the cloud, Dress4Win is moving their development and test environments. They are also building a disaster recovery site, because their current infrastructure is at a single location. They are not sure which components of their architecture they can migrate as is and which components they need to change before migrating them.
Existing Technical Environment
The Dress4Win application is served out of a single data center location. All servers run Ubuntu LTS v16.04.
Databases:
* MySQL. 1 server for user data, inventory, static data:
- MySQL 5.8
- 8 core CPUs
- 128 GB of RAM
- 2x 5 TB HDD (RAID 1)
* Redis 3 server cluster for metadata, social graph, caching. Each server is:
- Redis 3.2
- 4 core CPUs
- 32GB of RAM
Compute:
* 40 Web Application servers providing micro-services based APIs and static content.
- Tomcat - Java
- Nginx
- 4 core CPUs
- 32 GB of RAM
* 20 Apache Hadoop/Spark servers:
- Data analysis
- Real-time trending calculations
- 8 core CPUs
- 128 GB of RAM
- 4x 5 TB HDD (RAID 1)
* 3 RabbitMQ servers for messaging, social notifications, and events:
- 8 core CPUs
- 32GB of RAM
* Miscellaneous servers:
- Jenkins, monitoring, bastion hosts, security scanners
- 8 core CPUs
- 32GB of RAM
Storage appliances:
* iSCSI for VM hosts
* Fiber channel SAN - MySQL databases
- 1 PB total storage; 400 TB available
* NAS - image storage, logs, backups
- 100 TB total storage; 35 TB available
Business Requirements
* Build a reliable and reproducible environment with scaled parity of production.
* Improve security by defining and adhering to a set of security and Identity and Access Management (IAM) best practices for cloud.
* Improve business agility and speed of innovation through rapid provisioning of new resources.
* Analyze and optimize architecture for performance in the cloud.
Technical Requirements
* Easily create non-production environments in the cloud.
* Implement an automation framework for provisioning resources in cloud.
* Implement a continuous deployment process for deploying applications to the on-premises datacenter or cloud.
* Support failover of the production environment to cloud during an emergency.
* Encrypt data on the wire and at rest.
* Support multiple private connections between the production data center and cloud environment.
Executive Statement
Our investors are concerned about our ability to scale and contain costs with our current infrastructure. They are also concerned that a competitor could use a public cloud platform to offset their up-front investment and free them to focus on developing better features. Our traffic patterns are highest in the mornings and weekend evenings; during other times, 80% of our capacity is sitting idle.
Our capital expenditure is now exceeding our quarterly projections. Migrating to the cloud will likely cause an initial increase in spending, but we expect to fully transition before our next hardware refresh cycle. Our total cost of ownership (TCO) analysis over the next 5 years for a public cloud strategy achieves a cost reduction between 30% and 50% over our current model.

 

NEW QUESTION 120
For this question, refer to the Dress4Win case study.
Dress4Win has end-to-end tests covering 100% of their endpoints. They want to ensure that the move to the cloud does not introduce any new bugs. Which additional testing methods should the developers employ to prevent an outage?

• A. They should run the end-to-end tests in the cloud staging environment to determine if the code is working as intended.
• B. They should add canary tests so developers can measure how much of an impact the new release causes to latency.
• C. They should add additional unit tests and production scale load tests on their cloud staging environment.
• D. They should enable Google Stackdriver Debugger on the application code to show errors in the code.

Answer: C

 

NEW QUESTION 121
The application reliability team at your company has added a debug feature to their backend service to send all server events to Google Cloud Storage for eventual analysis. The event records are at least 50 KB and at most
15 MB and are expected to peak at 3,000 events per second. You want to minimize data loss.
Which process should you implement?

• A. * Append metadata to file body.
  * Compress individual files.
  * Name files with a random prefix pattern.
  * Save files to one bucket
• B. * Compress individual files.
  * Name files with serverName-EventSequence.
  * Save files to one bucket
  * Set custom metadata headers for each object after saving.
• C. * Append metadata to file body.
  * Compress individual files.
  * Name files with serverName-Timestamp.
  * Create a new bucket if bucket is older than 1 hour and save individual files to the new bucket.
  Otherwise, save files to existing bucket
• D. * Batch every 10,000 events with a single manifest file for metadata.
  * Compress event files and manifest file into a single archive file.
  * Name files using serverName-EventSequence.
  * Create a new bucket if bucket is older than 1 day and save the single archive file to the new bucket.
  Otherwise, save the single archive file to existing bucket.

Answer: A

 

NEW QUESTION 122
You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN
to maintain a connection between your on-premises systems and Google Cloud until the migration is
completed. You want to make sure all your on-premises systems remain reachable during this period. How
should you organize your networking in Google Cloud?

• A. Use an IP range on Google Cloud that does not overlap with the range you use on-premises
• B. Use an IP range on Google Cloud that does not overlap with the range you use on-premises for your
  primary IP range and use a secondary range with the same IP range as you use on-premises
• C. Use the same IP range on Google Cloud as you use on-premises
• D. Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use a
  secondary range that does not overlap with the range you use on-premises

Answer: B

 

NEW QUESTION 123
You have deployed an application to Google Kubernetes Engine (GKE), and are using the Cloud SQL proxy container to make the Cloud SQL database available to the services running on Kubernetes. You are notified that the application is reporting database connection issues. Your company policies require a post- mortem. What should you do?

• A. In the GCP Console, navigate to Stackdriver Logging. Consult logs for (GKE) and Cloud SQL.
• B. Use gcloud sql instances restart.
• C. Validate that the Service Account used by the Cloud SQL proxy container still has the Cloud Build Editor role.
• D. In the GCP Console, navigate to Cloud SQL. Restore the latest backup. Use kubectlto restart all pods.

Answer: A

 

NEW QUESTION 124
You want to create a private connection between your instances on Compute Engine and your on-premises data center. You require a connection of at least 20 Gbps. You want to follow Google-recommended practices.
How should you set up the connection?

• A. Create a VPC and connect it to your on-premises data center using Dedicated Interconnect.
• B. Create a Cloud Content Delivery Network (Cloud CDN) and connect it to your on-premises data center using Dedicated Interconnect.
• C. Create a VPC and connect it to your on-premises data center using a single Cloud VPN.
• D. Create a Cloud Content Delivery Network (Cloud CDN) and connect it to your on-premises datacenter using a single Cloud VPN.

Answer: A

 

NEW QUESTION 125
Your company's user-feedback portal comprises a standard LAMP stack replicated across two zones. It is deployed in the us-central1 region and uses autoscaled managed instance groups on all layers, except the database. Currently, only a small group of select customers have access to the portal. The portal meets a 99.99% availability SLA under these conditions However next quarter, your company will be making the portal available to all users, including unauthenticated users. You need to develop a resiliency testing strategy to ensure the system maintains the SLA once they introduce additional user load. What should you do?

• A. Capture existing users input, and replay captured user load until resource utilization crosses 80%. Also, derive estimated number of users based on existing users usage of the app, and deploy enough resources to handle 200% of expected load.
• B. Expose the new system to a larger group of users, and increase group ' size each day until autoscale logic is tnggered on all layers. At the same time, terminate random resources on both zones.
• C. Create synthetic random user input, replay synthetic load until autoscale logic is triggered on at least one layer, and introduce "chaos" to the system by terminating random resources on both zones.
• D. Capture existing users input, and replay captured user load until autoscale is triggered on all layers. At the same time, terminate all resources in one of the zones.

Answer: A

 

NEW QUESTION 126
Your agricultural division is experimenting with fully autonomous vehicles.
You want your architecture to promote strong security during vehicle operation.
Which two architecture should you consider?
Choose 2 answers:

• A. Require IPv6 for connectivity to ensure a secure address space.
• B. Use multiple connectivity subsystems for redundancy.
• C. Use a functional programming language to isolate code execution cycles.
• D. Enclose the vehicle's drive electronics in a Faraday cage to isolate chips.
• E. Use a trusted platform module (TPM) and verify firmware and binaries on boot.
• F. Treat every micro service call between modules on the vehicle as untrusted.

Answer: D,E

Explanation:
Topic 3, JencoMart Case Study
Company Overview
JencoMart is a global retailer with over 10,000 stores in 16 countries. The stores carry a range of goods, such as groceries, tires, and jewelry. One of the company's core values is excellent customer service. In addition, they recently introduced an environmental policy to reduce their carbon output by 50% over the next 5 years.
Company Background
JencoMart started as a general store in 1931, and has grown into one of the world's leading brands known for great value and customer service. Over time, the company transitioned from only physical stores to a stores and online hybrid model, with 25% of sales online. Currently, JencoMart has little presence in Asia, but considers that market key for future growth.
Solution Concept
JencoMart wants to migrate several critical applications to the cloud but has not completed a technical review to determine their suitability for the cloud and the engineering required for migration. They currently host all of these applications on infrastructure that is at its end of life and is no longer supported.
Existing Technical Environment
JencoMart hosts all of its applications in 4 data centers: 3 in North American and 1 in Europe, most applications are dual-homed.
JencoMart understands the dependencies and resource usage metrics of their on-premises architecture.
Application Customer loyalty portal
LAMP (Linux, Apache, MySQL and PHP) application served from the two JencoMart-owned U.S.
data centers.
Database
* Oracle Database stores user profiles
* 20 TB
* Complex table structure
* Well maintained, clean data
* Strong backup strategy
* PostgreSQL database stores user credentials
* Single-homed in US West
No redundancy
Backed up every 12 hours
* 100% uptime service level agreement (SLA)
* Authenticates all users
Compute
* 30 machines in US West Coast, each machine has:
Twin, dual core CPUs
32GB of RAM
* Twin 250 GB HDD (RAID 1)
* 20 machines in US East Coast, each machine has:
Single-cdourealCPU
24 GB of RAM
* Twin 250 GB HDD (RAID 1)
Storage
* Access to shared 100 TB SAN in each location
* Tape backup every week
Business Requirements
* Optimize for capacity during peak periods and value during off-peak periods
* Guarantee service availably and support
* Reduce on-premises footprint and associated financial and environmental impact.
* Move to outsourcing model to avoid large upfront costs associated with infrastructure purchase
* Expand services into Asia.
Technical Requirements
* Assess key application for cloud suitability.
* Modify application for the cloud.
* Move applications to a new infrastructure.
* Leverage managed services wherever feasible
* Sunset 20% of capacity in existing data centers
* Decrease latency in Asia
CEO Statement
JencoMart will continue to develop personal relationships with our customers as more people access the web. The future of our retail business is in the global market and the connection between online and in-store experiences. As a large global company, we also have a responsibility to the environment through 'green' initiatives and polices.
CTO Statement
The challenges of operating data centers prevents focus on key technologies critical to our long- term success. Migrating our data services to a public cloud infrastructure will allow us to focus on big data and machine learning to improve our service customers.
CFO Statement
Since its founding JencoMart has invested heavily in our data services infrastructure. However, because of changing market trends, we need to outsource our infrastructure to ensure our long-term success. This model will allow us to respond to increasing customer demand during peak and reduce costs.

 

NEW QUESTION 127
For this question, refer to the TerramEarth case study
Your development team has created a structured API to retrieve vehicle data. They want to allow third parties to develop tools for dealerships that use this vehicle event data. You want to support delegated authorization against this data. What should you do?

• A. Build SAML 2.0 SSO compatibility into your authentication system.
• B. Build or leverage an OAuth-compatible access control system.
• C. Create secondary credentials for each dealer that can be given to the trusted third party.
• D. Restrict data access based on the source IP address of the partner systems.

Answer: B

Explanation:
Explanation
https://cloud.google.com/appengine/docs/flexible/go/authorizing-apps
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#delegate_application_autho Delegate application authorization with OAuth2 Cloud Platform APIs support OAuth 2.0, and scopes provide granular authorization over the methods that are supported. Cloud Platform supports both service-account and user-account OAuth, also called three-legged OAuth.
References:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#delegate_application_autho
https://cloud.google.com/appengine/docs/flexible/go/authorizing-apps

 

NEW QUESTION 128
Your agricultural division is experimenting with fully autonomous vehicles. You want your architecture to
promote strong security during vehicle operation.
Which two architectures should you consider? (Choose two.)

• A. Require IPv6 for connectivity to ensure a secure address space.
• B. Use multiple connectivity subsystems for redundancy.
• C. Use a functional programming language to isolate code execution cycles.
• D. Enclose the vehicle's drive electronics in a Faraday cage to isolate chips.
• E. Use a trusted platform module (TPM) and verify firmware and binaries on boot.
• F. Treat every micro service call between modules on the vehicle as untrusted.

Answer: D,E

 

NEW QUESTION 129
As part of Dress4Win's plans to migrate to the cloud, they want to be able to set up a managed logging
and monitoring system so they can handle spikes in their traffic load.
They want to ensure that:
* The infrastructure can be notified when it needs to scale up and down to handle the ebb and flow of
usage throughout the day
* Their administrators are notified automatically when their application reports errors.
* They can filter their aggregated logs down in order to debug one piece of the application across many
hosts
Which Google StackDriver features should they use?

• A. Monitoring, Trace, Debug, Logging
• B. Logging, Alerts, Insights, Debug
• C. Monitoring, Logging, Alerts, Error Reporting
• D. Monitoring, Logging, Debug, Error Report

Answer: A

 

NEW QUESTION 130
Case Study: 5 - Dress4win
Company Overview
Dress4win is a web-based company that helps their users organize and manage their personal wardrobe using a website and mobile application. The company also cultivates an active social network that connects their users with designers and retailers. They monetize their services through advertising, e-commerce, referrals, and a freemium app model. The application has grown from a few servers in the founder's garage to several hundred servers and appliances in a collocated data center. However, the capacity of their infrastructure is now insufficient for the application's rapid growth. Because of this growth and the company's desire to innovate faster.
Dress4Win is committing to a full migration to a public cloud.
Solution Concept
For the first phase of their migration to the cloud, Dress4win is moving their development and test environments. They are also building a disaster recovery site, because their current infrastructure is at a single location. They are not sure which components of their architecture they can migrate as is and which components they need to change before migrating them.
Existing Technical Environment
The Dress4win application is served out of a single data center location. All servers run Ubuntu LTS v16.04.
Databases:
MySQL. 1 server for user data, inventory, static data:
* - MySQL 5.8
- 8 core CPUs
- 128 GB of RAM
- 2x 5 TB HDD (RAID 1)
Redis 3 server cluster for metadata, social graph, caching. Each server is:
* - Redis 3.2
- 4 core CPUs
- 32GB of RAM
Compute:
40 Web Application servers providing micro-services based APIs and static content.
* - Tomcat - Java
- Nginx
- 4 core CPUs
- 32 GB of RAM
20 Apache Hadoop/Spark servers:
* - Data analysis
- Real-time trending calculations
- 8 core CPUS
- 128 GB of RAM
- 4x 5 TB HDD (RAID 1)
3 RabbitMQ servers for messaging, social notifications, and events:
* - 8 core CPUs
- 32GB of RAM
Miscellaneous servers:
* - Jenkins, monitoring, bastion hosts, security scanners
- 8 core CPUs
- 32GB of RAM
Storage appliances:
iSCSI for VM hosts
* Fiber channel SAN - MySQL databases
* - 1 PB total storage; 400 TB available
NAS - image storage, logs, backups
* - 100 TB total storage; 35 TB available
Business Requirements
Build a reliable and reproducible environment with scaled parity of production.
* Improve security by defining and adhering to a set of security and Identity and Access
* Management (IAM) best practices for cloud.
Improve business agility and speed of innovation through rapid provisioning of new resources.
* Analyze and optimize architecture for performance in the cloud.
* Technical Requirements
Easily create non-production environment in the cloud.
* Implement an automation framework for provisioning resources in cloud.
* Implement a continuous deployment process for deploying applications to the on-premises
* datacenter or cloud.
Support failover of the production environment to cloud during an emergency.
* Encrypt data on the wire and at rest.
* Support multiple private connections between the production data center and cloud
* environment.
Executive Statement
Our investors are concerned about our ability to scale and contain costs with our current infrastructure. They are also concerned that a competitor could use a public cloud platform to offset their up-front investment and free them to focus on developing better features. Our traffic patterns are highest in the mornings and weekend evenings; during other times, 80% of our capacity is sitting idle.
Our capital expenditure is now exceeding our quarterly projections. Migrating to the cloud will likely cause an initial increase in spending, but we expect to fully transition before our next hardware refresh cycle. Our total cost of ownership (TCO) analysis over the next 5 years for a public cloud strategy achieves a cost reduction between 30% and 50% over our current model.
For this question, refer to the Dress4Win case study. You are responsible for the security of data stored in Cloud Storage for your company, Dress4Win. You have already created a set of Google Groups and assigned the appropriate users to those groups. You should use Google best practices and implement the simplest design to meet the requirements.
Considering Dress4Win's business and technical requirements, what should you do?

• A. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.
  Enable default storage encryption before storing files in Cloud Storage.
• B. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.
• C. Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.
  Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.
• D. Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Google's default encryption at rest when storing files in Cloud Storage.

Answer: B

 

NEW QUESTION 131
Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process. What should you do?

• A. Use cloud functions to transfer log entries to Google Cloud SQL and use ACLS and views to limit an auditor's view.
• B. Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor.
• C. Create custom Google Stackdriver alerts and send them to the auditor.
• D. Enable Google Cloud Storage (GCS) log export to audit logs Into a GCS bucket and delegate access to the bucket.

Answer: D

Explanation:
Reference:
Export the logs to Google Cloud Storage bucket - Archive Storage, as it will not be used for 1 year, price for which is $0.004 per GB per Month. The price for long term storage in BigQuery is $0.01 per GB per Month (250% more). Also for analysis purpose, whenever Auditors are there(once per year), you can use BigQuery and use GCS bucket as external data source. BigQuery supports querying Cloud Storage data from these storage classes:
Standard Nearline Coldline Archive

 

NEW QUESTION 132
Your company runs several databases on a single MySQL instance. They need to take backups of a specific database at regular intervals. The backup activity needs to complete as quickly as possible and cannot be allowed to impact disk performance. How should you configure the storage?

• A. Mount additional persistent disk volumes onto each virtual machine (VM) instance in a RAID10 array and use LVM to create snapshots to send to Cloud Storage.
• B. Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage.
• C. Configure a cron job to use the gcloud tool to take regular backups using persistent disk snapshots.
• D. Use gcsfuse to mount a Google Cloud Storage bucket as a volume directly on the instance and write backups to the mounted location using mysqldump

Answer: D

 

NEW QUESTION 133
A news feed web service has the following code running on Google App Engine. During peak load, users report that they can see news articles they already viewed.
What is the most likely cause of this problem?

• A. The URL of the API needs to be modified to prevent caching
• B. The session variable is being overwritten in Cloud Datastore
• C. The session variable is local to just a single instance
• D. The HTTP Expires header needs to be set to -1 stop caching

Answer: C

 

NEW QUESTION 134
For this question, refer to the JencoMart case study.
The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources. What Google domain and project structure should you recommend?

• A. Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications.
• B. Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment.
• C. Create a single G Suite account to manage users with each stage of each application in its own project.
• D. Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application.

Answer: D

Explanation:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#projects-and- access

 

NEW QUESTION 135
......

Get Latest Professional-Cloud-Architect Dumps Exam Questions: https://drive.google.com/open?id=1X5bprcUWJKSXOIql2ul7XtKG70e7dTx0

Full Professional-Cloud-Architect Practice Test and 230 unique questions with explanations waiting just for you, get it now: https://www.vceengine.com/Professional-Cloud-Architect-vce-test-engine.html