| Question.51 You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over Internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements? (A) Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range. (B) Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range. (C) Create 2 custom VPCs, each with a single subnet. Create each subnet in a different region and with a different CIDR range. (D) Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range. |
51. Click here to View Answer
Correct Answer: A
| Question.52 Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Google-recommended practices. What should you do? (A) 1. Create an IAM entry for each data scientist’s user account. 2. Assign the BigQuery jobUser role to the group. (B) 1. Create an IAM entry for each data scientist’s user account. 2. Assign the BigQuery dataViewer user role to the group. (C) 1. Create a dedicated Google group in Cloud Identity. 2. Add each data scientist’s user account to the group. 3. Assign the BigQuery jobUser role to the group. (D) 1. Create a dedicated Google group in Cloud Identity. 2. Add each data scientist’s user account to the group. 3. Assign the BigQuery dataViewer user role to the group. |
52. Click here to View Answer
Answer : D
Reference:
https://cloud.google.com/bigquery/docs/cloud-sql-federated-queriesNext Question
| Question.53 Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.  Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows: * Instances in tier #1 must communicate with tier #2. * Instances in tier #2 must communicate with tier #3. What should you do? (A) 1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.2.0/24) ג€¢ Protocols: allow all 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.1.0/24) ג€¢ Protocols: allow all (B) 1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #2 service account ג€¢ Source filter: all instances with tier #1 service account ג€¢ Protocols: allow TCP:8080 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #3 service account ג€¢ Source filter: all instances with tier #2 service account ג€¢ Protocols: allow TCP: 8080 (C) 1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #2 service account ג€¢ Source filter: all instances with tier #1 service account ג€¢ Protocols: allow all 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #3 service account ג€¢ Source filter: all instances with tier #2 service account ג€¢ Protocols: allow all (D) 1. Create an egress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.2.0/24) ג€¢ Protocols: allow TCP: 8080 2. Create an egress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.1.0/24) ג€¢ Protocols: allow TCP: 8080 |
53. Click here to View Answer
Answer : B
| Question.54 You are given a project with a single Virtual Private Cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do? (A) 1. Create a subnetwork in the same VPC, in europe-west1. 2. Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint. (B) 1. Create a VPC and a subnetwork in europe-west1. 2. Expose the application with an internal load balancer. 3. Create the new instance in the new subnetwork and use the load balancer’s address as the endpoint. (C) 1. Create a subnetwork in the same VPC, in europe-west1. 2. Use Cloud VPN to connect the two subnetworks. 3. Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint. (D) 1. Create a VPC and a subnetwork in europe-west1. 2. Peer the 2 VPCs. 3. Create the new instance in the new subnetwork and use the first instance’s private address as the endpoint. |
54. Click here to View Answer
Answer : A
| Question.55 Your projects incurred more costs than you expected last month. Your research reveals that a development GKE container emitted a huge number of logs, which resulted in higher costs. You want to disable the logs quickly using the minimum number of steps. What should you do? (A) 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource. (B) 1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource. (C) 1. Go to the GKE console, and delete existing clusters. 2. Recreate a new cluster. 3. Clear the option to enable legacy Stackdriver Logging. (D) 1. Go to the GKE console, and delete existing clusters. 2. Recreate a new cluster. 3. Clear the option to enable legacy Stackdriver Monitoring. |
55. Click here to View Answer
Answer : A