Google (Professional Cloud Architect) Professional Cloud Architect on Google Cloud Platform Total: 319 Questions Link: httpsd/certya.com/papers?provider=google&exam=professional-cloud-architect‘Question: cortyia ‘Your company has decided te me o mejor rvison af thei APL in der a create batter experiences fo thie " ay enpemenung regula tatover you wil nae to mx ne pretem + omg aregulr radoverit a goed Question: 26, cortyia ‘Your orgenzation quires that motres rom al applzstinsbe retained fr legal proceeding. Which epeach should you use? for future anaiyssin possible B. Configure Stackeriver Motoring fe al Projects, and export to BigQuery ©. ontigreStocketiver Monitoring foal Projets it the datultrtention poles .Contigure Stocker Monitoring eal Projects and export to Google Cioud Storage newer Explanation: DDmakos more sense, 80 very expensive asa storage ‘The answer sD becaus tis not rqured tothe anata st iy naods tobe done ‘The msinequroment ie that itneede tobe stored for complince purposes and IF NEED BE for analtice ax wat‘Question: 27 cortyia ‘Your company has decided to bud a backup repli of thar on-premises user authentication PostgreSQL dstaboreon Googie Cloud Platform The databace is 4 1a, and large updates are troquentRopizaton requis pve adres space communication, Which networking approach shoul you uss? ‘Googe Cloud Dodictedintrconnact B.Coogle Cloud VPN connected tthe data enter networe .ANATand TLS translation gateway installed on promcos .A Google Compute Engine instance wth a VPN server installed connected tothe data coner network Explanation: ‘Googe Cloud Dedicated interconnect provides direct physical connections and RFC 118 communscaton betwoon your on-premises netwerk nd Google's network Dedicated interconnect enables you to anster larg aneunts of data between ntwecks which can be more coat effective then purchasing addons bandwidth vor tho publ Internet erusing VPN tunnels. Benefit Trae between your on promises network ae your VPC network est travers the public nt ‘rate might gt éropped or erupted = Your VPC networks intemal RFC 918) IP adcrense re dsctly accessible rm your om premises network. roach tema P eddasses oer adecatod connection. To raach Geog externa adresse, you mUSt Uso a sapaate connection. += Youcan scale your connaction te Google basd on your nocd Conncton capacity is delivered over an or ‘moro 10 Gps Ethrnat conection, wit a maximum of eight connections [80 Gbps total po interconnect "The costof esr ratfic rom your VPC network to your on promises networkisroduced A dodcated connections general the east expensive mathd i you have ahighveluma of ait and ram Goo work Iupecioud gogla comnterconnactdocsietalldodieated Question: 28, certyia ‘Aucier st your teams every 12 months and ask to review all the Google Cloud ent and Access Management {Gioud aan paey changes nthe proiou 12 montha You went to streamineandespedte the anaijals and sua pescess Nat stout you do? ‘A croate custom Google Stacker rts and ond them tothe suitor 8B Eneble Logging export to Google igQuery anduse ACLS and views 1oScope the data shared with the autor Use cloud tunction to transfer log antes to Google Cloud SOL and ute ACLs nd views oi an auditor .Eneble Google Cio Storage (GCS) log expat to ust ogs nto a GCS bucket and delegate accass tothe Anowor 8 Explanation:B.Enable Logging export to Google BigQuery and uso ACLS and vows o Scope the data shared with the lauder Bis neater slution a5 they ae olin tostteomline an expedite te aut pocoss compared aD thats isa choapor solution ond not as nos. B:htpsiieloud goon comlamldeesiohurctinsleudtingtsceneto external sudtors Question: 28, ortyia ‘You are designing sarge debuted application with 30 microsorics. Each of your strbuted mirorervces foods to comect to detabace back and. You want to stare the cresontits securely. ‘inte Sheu you strata crodent? B Inannvonment variable C.inaseeretmanagoment system D.inaconfig he that has restricted acces through ACLS newer Explanation: ‘isthe anewor, sinc ky manageman systms generate, setae, encrypt and destroy cryptographic ays and manage permissions to hase Koy. Aisincoect becouse storing credantalsin sourcecode and source conto iselscoverabe,inpain ot by nyane with acess to the source cade The le intradces the requirement to update cede ano 8 > Lone step here eliinate Bre 1 he source code change andrerun the deployment pipeline >> This revert wl be loggein the source repo, Wl go with this way althoush D als is corec. {Login othe servers withthe bs code change and swap nthe previous cade > Cle manually doing whet can be sutomsialy done by Band, hence eliminate. . change the stance grou template othe previous one and do >> Th sia to B but why manuel do something which seutomsted Hence slninte Buti also corect. But Bic better fom code lifecycle parspective.Honea ‘Question: 37, cortyia ‘Your orgniaton wants to contr IAM polis frsitfarent departments indopandenty, bu cantly. Which aperoach shout you take? ‘A Matin Organization wth multi Folders 'B. Mule Organizations, ono foreach departmont CA single Organization with Folders for each department Seasons eee Anewor Explanation: Fodor are nodesin tho Cloud Patorm Resource Herarchy.A folder an contain projects other folders or combination of oth, You can use folders to grou projects under anerganizton ina hierarchy. For exam, ‘your erganzation might contain multiple departments, each witht own st of GCP resources Feder allow {youte group these resources on a per-dpartmant babs. Folders ae sed to group resources that share ‘common polis While flder ean contin multiple older of esburces, gen folder of rescue can hav exact eno parent. upscioud gocelaconvtesouce-menageriseclereating-maneting-folders Question: 38, ceortyia You dey your custom Ive apleton to Googe Ap ngs a depo nd ges othe flowing stack What shoul you do?Java.lang.Securityfxception: SHA1 digest error for com/Altostrat/CloakedServlet.class at com.google.appengine. runtime. Request .process -d36£818a24b8cfid (Request.java) at sun. security.util.ManifestEntryVerifier.verify (Mani festEntryVerifier.java:210) at java.util. jar.JarVerifier.processintry (JarVerifier.java:2i8) at java.util. jar.Jarverifier.update (Jarverifier.java:205) at java.util. jar. JarVerifiersverifierstrean.read (sarverifier.java:428) at sun.misc.Resource.getBytes (Resource. java: 124) at java.net .URL.ClassLoader.defineClass (URLClassLoader. java:273) at sun. reflect .oneratedMethodAccessor5. invoke (Unknown Source) at sun.reflect .DelegatingMethodAccessorImp]. invoke (Delegatingnethodaccessorimpl.java:43) at java. lang. reflect Method. invoke (tethod. java: 616) at java. lang. ClassLoader. loadclass (ClassLoader. java:266) ‘A Upload missing JAR fs and redopioy your aplication 6B Digally sgn al ot your JAR ies and redapoy your apelcation Anowor 8Explanation: 'B Digitally sgn all of your JAR es and redeploy your application Question: 39 centyia ‘You ara designing a mabe chat application You want to ensure peopl canot spoof chat messages, by providing Amossage wore sant by especie user Wat sre you do? [A Tag messages cont side wth tho originating user deter and the destination user. 8B Eneryt the message cent se using bock-based encryption witha saradkoy ©. Use public ko inrastructre (PKI to enerytthe message clon side using the originating user's private ey bus rusted corticate authority to neble SSL conectvtybatwoan the clan application andthe server. Explanation: lam no ure about tis ne D work if SSL client authentications enabled ‘Cworks as well tnt encrypts message wth ritat key and server decrypt wth publikey. Question: 40, cortyia ‘As pct of implementing the aster recover plan, your companys tying to replete thee production MySOL ‘ataboc rom thor private data contort that ‘SCP project using a Google Claus VPN connection. They ae experiencing latony issues anda small amaunt of pacha! os thats duping the rplcaton, Nnat srau they do? B.Configre 2 Gooste Cloud Deseatd interconnect. Restore their database daly using Google Cloud Sa. Sond the replated transaction to Google Cloud PubSub newer 8 Explanation: ny esues. That won't slve by adding another VPN tunnel. fit was st tvoughput issue then VPN would de, however timpreve latency Youneed tog layer 2. Answers ‘Question: 41 cortyia ‘Your customer support oa logs al ei and chat convrstions to Cloud Bigable fo retention and analysis ‘What is thorecomenonded approach for sartizng hs data of personally ientalenfrmatin or payment ardInformation befor inal storage? ‘A Hash al date sing SHAQSS B.Eneryptalldta using lpi curve rypography ©. e-dontty tho data withthe Cloud Data Loss Prevention APL Anowor ¢ Explanation: Reternce: Attpaclud goglecon/ssuton/pl-ds-cmplancein-gepfusing dato. prevetion.ep.t,sentin, ‘Question: 42, ‘You are using Clo Shel nd need intl custom lity fr ure ina fow weeks, Where can you tos ‘soit inthe dofalt exocuton pth and persists acrons sessions? Aris B.cloud Storage C.rgooeelcrints Anowor 8 Explanation: upset gocelaconvshelvdocsmaw cou shelt-morks Ciou shal provisions § G0 of fee persistent nk storage meunted a your SHOME directory onthe virtua ‘machin instance. his storage son a per-usor basis ands aalable seas projocs. Unk thanstance itso, the storage does not tne aut on nctvty. Al files you str in yourhome rectory, eluding install ‘oftware seit and user confiscation hie ke bash and vine, prs between sessions. Your SHOME ‘rectory pate to you andeannot be accesad by other ser. ‘Question: 43, ‘You want 0 create a privat conection betwean your instances on Compute Engine ad your en-premis Conte You requires eannecion ofa east 20 ‘Gbps You went to flaw Google “econmcnded practics How should you setup the conection? ‘A roste a VPC and connect it to you on-premises data center using Dedicated itorconect B Croatoa VPC and connect to your on premises data cantar using single Glow VPN, ©. create cloud Content Delivery Network (Cou CDN! and connect itt your on premiss eta center ung Bedieted interconnect Create Cloud Content Dairy Network (Cloud CON and connect it to yur on premises datacenter using 2 sing Cloud VPNExplanation: ‘A.Createa PC and connec ito your on-premise ate conte using Decatd Interconnect. Question: 44 cortyia ‘You are analyzing and daining busines processs to support your startups al usage of GCP. and you don't yot now wht consumer demand fo your poaost willbe. Yor manage raqures you to minmize GP sone costs land odors to Googlo best racic What should you da? |. Uslize roe tar and sustined us discounts Proven stat poston for servic cost mansgement 8B. Utz fre tor and sustained use discounts, Provide raining tthe tam about sarvics cost management ©. Uilize re tor nd committed use siscounts. Provision staff positon er sori cost management. elie re er and committs.use acounts. Provide tring othe team sbout sie cost management Explanation: Answer 8 Sustined us fecounts are applied on incremental ve after you ranch certain usage thresholds. This means that you pay ly fer the number of minutes that youuse an instance ond Compute Engine automatically iv youthe best pice. There's no reas trun an instance forlnger then you ned it. upsiictoud google comicomputeldecsisustaned-use-dacounts ‘commited use scounts ae ea or werkloae with presetble resource needs. When you purchase @ committed use contact you purchase compute resource (x2PUs, memory, GPUs, ad local $508) ata _icounted pie n retin for commiting to payin for thoes resource for yer or 3 years. Te decounte upto 57% formost resources ike machine types or GPUs. The discounts up to 70% for momory-ptiized machine tyes. For committed use price or diferent machine types, se VM instances prc. upsicloud google com/computeldecshstancessignny-up-commtteduse-dacounts Question: 45, cortyia ‘You are buleng a continueus deployment pipeline for apeojec storedin a Git source repository and want to ensure that code changos cone veri beforo deploying to production What shold you da? ‘A. Use Spinnaker te doploy bul te production using tho redblck deployment strategy so that changes an as bevaled back B.Use Spinnaker to depoy bulls te production and run tests on production deployments ©.Use Jonkins to bul he staging branches and tha master branch Bul and deploy changes to Production for 108% of sor before doing complete allow. Use Jenkins to monitor tags in the repository. Deploy staging tags to staging arvicrment fr testing. ter testing tng the repostory fer production and deploy thatthe production enwfonment, newer’ Explanation: the est anawor iD, bees nai bos practice thats recommended on nkns/Splanakor toent the right code and prevent accidental (rintenonali push of wrong code troduction Reternce: tpssithuhcon/GoopletowdPlatfmicontinsous deployment on kubemnetes(hohimastor README md Question: 46, ceortyia ‘Youheve an cutagein your Compute Engne managed instance group all stances hep restarting ater 5 {econds Youareehelth check configured, bv svtosaing is ambled. Your college who =a Linx expe, ‘tore tolookint the sae. Yu nee to make sre thatheean access hehe What shoud you do? {Grant yourcalleague the IAM roe of project Viewer Perform acolling restart onthe instance group {Disable thehealth chek for he instance group. Ald i SSH key tothe projet wide SSH Keys Disable autosealing forthe nstence group. Ada Ne SSH oy tothe project-wide SSH Keys Explanation: ‘ciate covet answer Aspe the requrement nx expert would need access to VM to woublesheat ‘i willbe auto-restd So, hs situation wil prevent mux expert to troubleshoot te issue Heditbeen the cote that sack dover logging enabled and the expert ist want 1 Vow theoge tam the Cousogs than rola to project viewer could help. Butit is specifically mentioned that expert wl agin into VM to roubleshoct ‘the sue and not ooking a the cloud Logs So, Optin-Cist ‘Question: 47 certyia ‘Your companys migrating ite on premizes data canter into the lous. As pat of th migration, you want o Integrate Google Kubernets Engin (KE! fr workioadorchesraben Parts of your rcitectre ust also be PI DsS-compliant Wien ofthe ellongismost accurate? | App Engine isthe only compute platform on GP thats ceri for PC DSS hosting 'B.OKE cant be used under PCI DSS because Ite considered shared hosting. ©.GKE ane GCP provide the tools yournaod to build a PCI OSS.compiintemionment All Google Glos services aro useble because Google Clos Platform certified PCl-ompllant Explanation: (©-GKEa Compute Engine ie PCI DSS compliant while Cloud Function App Engine ae nat PC comin’ ‘Question: 48, cortyia ‘Yur company has multiple on premiss systoms that ser as sources or reporting The data has nt boon ‘Youwont use Google recommended pracies to elect anomalies i your company data What shuld you ds?‘A. Upload your les into Cloud Storage. Use Cloud Datalab to explore and cloan your data 8B. Uplood your es into Cloud Storage Use Cloud Dateprep to explore ondclean your deta. Connect oud Detsab to your on premises systems, Use Cou Datalab to explore and clean your date Connect oud Dataerepto yur on-promises syst Use Cloud Datapep to explore and clean your dat, Explanation: Answers 1-On promise data sources 2: Uni data: not well maintained and degraded '3- Google recommended bast practic to "tert anomalies” << Vary important 'A&C- Incorrect Datla doos nt provide anomaly detection OOTB tis used more for dat _scanaisikeintractive data analysis and build ML modo. '- CORRECT: DataPrep OOTS provides for fas oxploration and anomaly detection and lt low storage as ingestion medium Refer to ELT pple architecture hee =htpsifeloud goose comiataore> incorrect At this time DataPrp cannot connec to $298 0 on-remise source Not tbe confuse for ‘Question: 49) cortyia ‘ooo cious Platform esourcs are managodhiererehcally using organization, foldars, and project. When ‘Cloud entity and Access Management AM) polos ens a these trent evel what ete aective pay at ‘Spertcular ode tthe eter? ‘A The ettectve policy determined only by the plcy stat the nade B.Thectfecte poles the pally set atthe nade and restricted by tho polis ots ancestors (-Theetfectve paleysthe union ofthe poly set atthe node and poles inetd trom ts ancestors The fective policy isthe intersection ofthe policy se at he node andpoliosinhoritedfomits ancestors Explanation: ‘Congo Clos resources ere organized hierarchical, where the organization nadois the rot nado int Ierarchy. the project are the children of the organization. and the other resources are descendants of projects. Youcan set Wentity and Access Management OAM) plies at diferent evel ofthe resource Ierarcy.Rosources nha te polices af the parent resource. Tha effect poly for aresaure isthe union ‘ofthe poy set at hat resource andthe ply inbred from te parent. Reternce: tpsicloud google comiresource-managerideciclous-platorm-osource-Nerarchy‘Question: 50 cortyia ‘You ara migrating you on-premises solution a Google Cloudin sever phates. You wil use Clou VPN to maintain a connoctonbotweon you" on-proisossyrtams and Geog Cloud unl the migrations complotd. You want © ‘ako sural your on romiso systems roma reachable during this period, How shuld you srzane Your rotwerkingm Coosa Cloud? ‘A. Use tho same Prange on Google Cloud a you use on-premises Use the same P rang an Google Cio a you use on-pemiaes for your primary Prange and use a econdary range tht does nat velop with te range you ura on promos. ©. Use an Prange on Google Cloud that doos nat overap withthe range you Use or-premise6 Use en P ange on Google Cloud that doos nat verap withthe range you use or premise or your aximary TP range ond woe asacondary range withthe samo Prange as yeu use ox promicas Anowor Explanation: Asis htpsicloud gooslacompciéocsusing-ps “Primary an socondry ranges cant cotle with on promises I ranges you have connected yur VPC network to another network wth Cloud VPN, Dedicated interconnect or Partner Intrcennect ‘Question: 51 certyia ‘Youve found an err in your kop Engin sptcation caused by missing Cloud Dststors indexes You have ‘yoateda YAML Tio wih the requred indexes and want te deploy these new indexes to Cloud Dtastore. What ‘Shoulsyou do? ‘Poin cous dtastor create-ndoxes to your configuration fle 8. Uplood the congurtion le to App Engnos default Clo Storage bucket, and have App Engine detect he newinderes inthe GOP Consol, use Datastre Adminto deat the current indoxes and upload the nw configuration fle . roate an HTTP rquost othe bult-in python module to send the index configuration let your application Explanation: Correct A you hve to recreate thaindoxes ‘Question: 52, cortyia ‘secount e isatr recover plan that raqures Your sppizaion fal veto enahar ogi care of regione ‘utage. What shuld you da? ‘A. Deploy the pplication on two Compute Engine natancesin the same project but ina terentrgion. Use {ho feat netane te reve rte, na oe the HTTP (ond balancing eric fo fo over fo the standby eto in cnes of acento Deploy the application ons Compute Engin instance. Use the instance to serve trai, and ue the HTTP Teadbolaning serve to fal over oon tance on your premises in ese of sstr‘andby tence group incase of duster Deploy the pplication on two Compute Engine instance groups, each ina seperate projet anda erent Fegion, Utohe fet instane group to save tats and ure tho HTTP Lod balaning sores ofl oer othe "andby stance group mease of aaster newer e Explanation: ©. Deploy the apletion on two Compute Engine nttance groups each inthe same project But ina tert region Ue the istinstance group to serve Watfcand use the HTTP oad balancing sav ofl vero the tandby instance grup incase of a ante. ‘Question: 53, cortyia ‘Yu are depoying an application on App Engine that noods to integrate wih anon promises database For scutty |. eloy your application on App Ensine stand ervranment and use App Engine fowal rte to iit ‘s:cos oth open onaromices oatabane, 8Daploy your eppicetion on App Engine standard environment and use Cloud VPN to limit access te tho on- proms databace vaio you spans Ap ng esl vont de Ap igne ewe eso ces ©. Deploy you pplicton on App Engine faible envionment and use Cloud VPN to lit acess tothe on- newer 0 Explanation: ‘Agree wth D-"Whon to choose the faible envionment "Accesses ho resources or sence of your Google ‘loud projet that reside inthe Compute Engine network” tpsctoud goelecon/appengine/docsthe-appengine-envrorments Question: 54 certyia ‘You are working in aight secured envionment where publi Internet ecess fom the Compute Engine VM is rot alowed, You dena yet have a VPN connection to sacess aon pemisas He serve. You need tinstal ‘Specie aatare cn Compute Engine instance Hour ahould you stall the sare? ‘Upload the required instalation tes to Cloud Storage. Configure the VM on subnet with Private Google Decese suet Resign ony anintrnl Padres tothe VM, Download the instalation fies tote VM Ung sevth 5. Uplosd the equed istlation fs to Cloud Storage and use rewal ules to Block al wat except he? eres range fo Clo Storage Downlaod the esto the VM using gut .Uplond the required instalation fies a Cloud Source Repositories Configure the VM ona eat with 3 Private Google Aecoss subnet Aslzn oly an Ineral Padres tothe VM. Download tho metalation Mesto ‘ho Vi using gcloue Upload the required instalation fos Cloud Source Repositories and uso fremall rte eBook all trac ‘xcopt the I adarere rong fr Cloud Source Repostrce Dowload the es tothe VM using Bout.Explanation: ‘A. Upload th omuirod instalation fs to Cloud Storage Configure the VM ona subnet with Private Google ‘Access subnet. Assan ony anintena IP adess otha VM, Download th ntallatin fas othe VM using sun Question: 55, cortyia ‘Your companys moving 75 TB of dat into Goose Cloud, You want to use Cloud Storage and fellow Googie: ecommandod practices. What should you do? ‘A Move your dota onto a Transfer Appliance, Use a Transfer Appliance Rehyérator to decrypt the dat into haut Sir 15. Move your data onto Tronster Appliance, Use Coud Dateocep to decrypt the datainto Claud Ste install gst on each server that contains dta Use resumable transfers to upload the data into Cloud Seer instal gett on each sever containing deta, Use streaming rensters to upload the data inte Cloud Storage Anowor 8 Explanation: Trantor Appiancs lets you quickly and securely transfer large amounts of data to Googie Cloud Platform ‘ns high opacity atoage server hat youlease fam Google and sh tour datecentr. Transfer Appliance Isracommendes for data that exceeds 208 or would take more than a week 1 upload Question: 56 cortyia ‘Yu hav an application depiyed on Googe Kubernotes Engin sng a Deployment named echo deployment. Tho eploymentis exposed using a Service called ech service Tou need te perform an update‘ the appeatin lth ‘animal downtine tothe aplication What shold you da? |. Use habe set mege denoymentecho deployment snew-image> Use theraling update unctinaity f the Instance Greupbalind the Kubernates cluster ©. Update the dopioyment yan a with the now container age, Use kabul delete doploymentiocho Uplate the serves yale which the new container image Use hubeet delete serice/echo serie snd abet exoate yar f= Anowor:® Explanation: ‘A Use kuboct! set mage deploymentiecho deployment cnewimage> Question: 57, cortyia ‘Your companys using BizQuery ass entero data warshouse Data lstibuted over soveral Googie Cloud brojects Alqueres on kgQuory ned te boblid ons snglprojec. You want tomake sare thst ne quar costsar incurred onthe projct that contain tho data, How shuld youconigue users accaes oes? or should be able o quer the datasets, but net dt them. 4 Adal rst ger he grap elf gen tein pre! rd ay Adal uses to. group. Geant the group the roles of BisQuory dtaViewor on he iling roect nd Bigdvory user onthe proects tat conta tha data 6; Asal seat au. Gent the proup tereso BgCuey er one ing oc an BOs) aViawer onthe projects tha entan the data . Ail users toa group. Grant the group he roles of Bizduery detaViowar on he ling project nd Bigduory jobsar an tho projects that conta tho det, Explanation: ‘is wrong bocauso bq User Permission wil alow you to et th datas, whichis something that we don't ‘Band Ole wrong because "You want ta make aur that no query costs aveincuradon the project that template > mil ‘Question: 72 cortyia ‘Your web application as several VM instances runing within a VPC. You want to rstict communications Between stances toon) the paths and pots you authorize but you dent want rely on state P odes‘A. Use saparate VPCS to restrict wate Use rrwnl rules based on network tag attached othe compute instances .Use servic accounts and configure the web application to authorze particular service accounts to have rower 8 Explanation 'B.Usefiowal rls based on network tage attached tothe comput instances ‘Question: 73 cortyia ‘You ate using Cloud SQL asthe database beckend fo large CRM deployment You want to seae es usage Ineranses an ensre that yu don rn tof storage maintain 75% CPU usage eaten, nd kee epson ag below 60 seconde What ar the correct stops fo meet your requirements? ‘A. Enable automate storage nrease for theinstance. 2. Creat Stocker tert when CPU usage oxconds 75%, and change th stan typo fo reduce CPU sage. 3, roate a Stacker alot or aplication Ls 2d ‘Shardthe databose to reducoroplcaton time. 8.1 Enble automatic storage increase for holnstance. 2 Change the instance type to 2 S2-core machine type {okeep CPU usage beow 75%. 3. Create a Stcharivr sot for epiaion og. and deploy mameaze to 1 create Stakervralart when storage axcoeds 75%, nd increase the svable storage on tho nstance 200.2 Deploy memcached to feduce CPU load 8. Change the nstance ype ta S2-core machine ype ta reduce epication a DL Create Stackaivr alert when storage axcceds 75%, andincreae the suale storage on thainatance to create more space, 2. Delay memcached to reduce CPU load 3. Create a Stackarvr alert fr epization lag and change the nstance tye ta S2-core machine type te rue epication a, ‘Enable automatic strageinerase fr the stance. 2. Creat Stacker alert when CPU usage ‘xceeds 75% and change the instance type to roduc CPU usage. Create Stackeivr alot fr rpiation log an shard he databse to edie repletion te. ‘Question: 74 cortyia ‘You ara tasked with bising an online analytical processing [LAP] marking analytics and reporting tol. This ‘equres relational database hat can operate on hundreds of fray of data Whats the Googie: ‘ecommandod tel fr such appleatans? | Cloud Snaanr,bacauseit i eobaly stbuted 8B Cloud $0. because ica uly managed elaional dtabo . Cloud Frestore, because offer realtime synchronization scroc devicas BigQuery because itis designed for large-scale processing of abular dota Explanation:‘Tho keyword inthis contoxtisOLAP, CiowdSQL is Relational SQL for OLTP. Capacity wise, BQ supports for B+ utile CleudSQL only have mex capacity of up t IOTB. Again the questions specially mention “tuned of TB af ata 0 isthe anewer Reference: upsicloud goelaconvile/SigdueryTecoicalWP pdt ‘Question: 75, cortyia ‘Yu have deployed an application to Google Kubernetes Engine (KEI andro using the Glows SOL proxy Contr tomeko the Cloud SOL database avalabo fo the sr vcos running on Kuberntos. You ao otid tht tha appcaton'srepedting database connection saute You campany pales tequ post mater What ‘A. Use gtoudeanstancos restart 'B.Vabdote thatthe Service Account used by the Cloud SL proxy container sil has the Cloud Build Ectorrole C.inthe G¢P Consol, navigate to Stacker Logging. Consult gs fr (GKE) and Goud SQL. inthe GOP Console, navigate to Cloud SOL Restore the latest backup. Uso kubect to restart ll pods, newer e Explanation: oat mort ways includes tog nays, anwar ia Question: 76 cortyia Your company pushos batches of sensitiv transaction dta rom ts aplleation servor VMs to Cioud PubSub for processing an storage Whats the Google: ecarimended way for you aplcation to authenticate tothe ‘equved Google Claud series? ‘Anus that VM service accounts re granted the eprops Cloud PUB/SUD IAM oles. Ensure that VM service account de at have acces to Cloud PulSub, and use VM access acne to gant tho appropriate Cloud PubSub IAM roles C.Cenarte an OAuth acess token or accessing Cloud PubSub, encrypt, nd str itin Cloud Storage for D create gateway to Cloud PubySub sing Cloud Function. ad rant the Cloud Function envi ceaunt ‘ho approprint Cloud PubySub IAM oles Anewor:8 Explanation: xr ranted the appropriate Cloud Pub/Sub AM eo ‘Question: 77 cortyia ‘You want to sstablish a Compute Engine aplication na single VPC acress two regions. The applieation must Communicate over VON to ono promise natwerk.‘A. Use VPC Network Peering between the VPC andthe on promises network B Expose the VPC to the an premises network using IAM a VEC Sharing Croat alobal Cloud VPN Gateway with VPN tunnels from each region othe on-premises poe stawn, Deploy Cloud VPN Gateway in each elon. Ensure that each eon hat at Least ne VPN tunnel othe on prams peer gateway newer Explanation: Iteant be A VPC Network Posting ony allows privat RFCT818connactiviy across two Virtual Private ‘tou VPC networks In hi example zone VPC wih on-promie network tpsicloud goslacompeicstpe-peoring Inlsnotdetntoly-8-Cantbe Inlenot C- Because Cloud VEN gateways and tunnels ar regional beets, ot aba So. the answers D- tpsicloud golacompn/decsihow tlcreatingstatewpns ‘Question: 78 cortyia ‘Your applications wi bo writing thor logs to Bigduer fer analysis Each application should have ts own table. Any loge older than 45 days should be removed ‘You want to optimiza Storage and fallow Googlerecommanded practices. What should you de? ‘Contig the expiration tne or your tabos at 45 days Make the abies tme-pationed nd configure the patton expiration at 45 days Rely on BigQueny's default behavior o pre apatiction logs older than 5 days Create sari thet utes he BigQuery commenting tol (bq) to Femeve records lr then 45 day 'B. Mako the abies timo-paritioned and configure th partition expiration at 45 days Question: 79 certyia ‘You want your Google Kuberetes Engine clustor to automatically aor rove nadosbase on CPU load Wat sretayou go? ‘A Contigre a HorzonalPodAutoscaler with trget CPU usage, Enable the Cus Consat, Configure « HorzontalPedAutosalar with target CPU usage. Enable autoscaling onthe managed stance soup tthe unter using the loud command ©. create deployment nd ser the masUnaaleble and maxSurge properties, Enable the Cluster Autoscaler tng the gto cormmana . create a deployment and et te mexUnoeale and maxSurge properties, Enable autoscaling nthe ‘luster managed stance praup tm the GCP Consol. Autoscaler trom the Go?Anowor 8 Explanation: |A. Configure a HriontalPedAutoscaler witha target CPU usa ‘Question: 20 cortyia You ned odoveion procedures to verity resllnceofdsstr recover for femate recovery using OCP. Your rodicton envronment is Rastod on promises You noed to etablah a cece redundant cnectonbatwoon |. Verity that Deicatad interconnect can replicate files to GCP Verity that rect posing can establish 2 Secure conneonBotwoen your networks f Deaeatd Interconnect fal: 8 Vary that Dedioetedntrconnact cn eplleate fe o GCP. Verity that Cloud VPN can establish a socure C.verty thatthe Transfer Appliance can replicate eso GOP Vest tht ect peering en establish ¢ Secure conection between our networks he Transfer Appianes fis Very thatthe TansfrApelance can replicate tas to GCP Very tht Cloud VPN can establish secure annection Between your networks the Transfer Appones a newer 8 Explanation: B.Cloud VPN provides secur IPSec canecton, though Dect Peering dosent. Also chock sloction dlagram “wnat GCP connection right for you” on Hybrid Connacivty page, Mtps:/cloud google.comiybri conectvty! Ieexplty pots thet Cloud VPN and Dedceted interconnect fe fo extenlon of you Data Center to Cloud 3 vate compute resources). And Direct Paring for accessing GSuito fl st of GCP resources Direct Peering hips/loud googie cominetwork-conectvydocsldrect- peering tou VEN: tps /eloud goog com/ntwerkconnectityidocsvpnconceptsoverew ‘choot ntaconnect Typ: htps/eoud googla.coninetwork-connoctvtydacsowta/choose: roductfclout. interconnect only suggests Dedcted Partner and Cloud VPN, tpa/elud gogleconverchitectrede scenarios budding bockettranetering. dato end. fomThank you Thank you for being so interested in the premium exam material, 1'm glad to hear that you found it informative and helpful. But Wait I wanted to let you know that there is more content availabe inthe fullversion. ‘The full paper contains addtional sections and information that you may find helpful, and | encourage you to download it to gat a more comprahensive and datalled view of all the subject matter Perce ao a © 9 Total: 319 Questions Link: httosd/certyiq.com/papers?provider=google&exam=professional-cloud-architect