You are running multiple VPC-native Google Kubernetes Engine clusters in the same subnet. The IPs available for the nodes are exhausted, and you want to ensure that the clusters can grow in nodes when needed.
What should you do?
A. Add an alias IP range to the subnet used by the GKE clusters.
B. Create a new subnet in the same region as the subnet being used.
C. Create a new VPC, and set up VPC peering with the existing VPC.
D. Expand the CIDR range of the relevant subnet for the cluster.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of
10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?
A. Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing
B. Use a custom mode VPC network, configure static routes, and use active/passive routing
C. Use an automatic mode VPC network, configure static routes, and use active/active routing
D. Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
You have created an application that is packaged into a Docker image. You want to deploy the Docker image as a workload on Google Kubernetes Engine. What should you do?
A. Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.
B. Upload the image to Container Registry and create a Kubernetes Service referencing the image.
C. Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.
D. Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
You are assisting a new Google Cloud user who just installed the Google Cloud SDK on their VM. The server needs access to Cloud Storage. The user wants your help to create a new storage bucket. You need to make this change in multiple environments. What should you do?
A. Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM
B. Use the gsutii command to create a storage bucket in the same region as the VM
C. Use a local SSD to improve performance of the VM for the targeted workload
D. Use a Deployment Manager script to automate creating storage buckets in an appropriate region
正解:D
質問 5:
After a recent security incident, your startup company wants better insight into what is happening in the Google Cloud environment. You need to monitor unexpected firewall changes and instance creation. Your company prefers simple solutions. What should you do?
A. Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.
B. Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.
C. Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance.
Analyze the logs on Kibana in real time.
D. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage.Use BigQuery to periodically analyze log events in the storage bucket.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
All development (dev) teams in your organization are located in the United States. Each dev team has its own Google Cloud project. You want to restrict access so that each dev team can only create cloud resources in the United States (US). What should you do?
A. Create an Identity and Access Management <IAM) policy to restrict the resources locations in the US.
Apply the policy to all dev projects.
B. Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.
C. Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.
D. Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.
正解:A
質問 7:
You are building an application that will run in your data center. The application will use Google Cloud Platform (GCP) services like AutoML. You created a service account that has appropriate access to AutoML.
You need to enable authentication to the APIs from your on-premises environment. What should you do?
A. Use service account credentials in your on-premises application.
B. Use gcloud to create a key file for the service account that has appropriate permissions.
C. Go to the IAM & admin console, grant a user account permissions similar to the service account permissions, and use this user account for authentication from your data center.
D. Set up direct interconnect between your data center and Google Cloud Platform to enable authentication for your on-premises applications.
正解:B
質問 8:
You deployed a new application inside your Google Kubernetes Engine cluster using the YAML file specified below.
You check the status of the deployed pods and notice that one of them is still in PENDING status:
You want to find out why the pod is stuck in pending status. What should you do?
A. View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.
B. Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.
C. Review details of the myapp-deployment Deployment object and check for error messages.
D. Review details of the myapp-service Service object and check for error messages.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
You need to set up permissions for a set of Compute Engine instances to enable them to write data into a particular Cloud Storage bucket. You want to follow Google-recommended practices. What should you do?
A. Create a service account with an access scope. Use the access scope
'https://www.googleapis.com/auth/devstorage.write_only'.
B. Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket.
C. Create a service account and add it to the IAM role 'storage.objectAdmin' for that bucket.
D. Create a service account with an access scope. Use the access scope
'https://www.googleapis.com/auth/cloud-platform'.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
Tamaki -
GoogleさんのAssociate-Cloud-Engineerの問題集を使用し、2週間で2回回すことで難問に足を引っ張らなくなり無事合格できました。