Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Google Cloud Certified Professional-Cloud-Architect Questions and answers with Dumpstech

Exam Professional-Cloud-Architect Premium Access

View all detail and faqs for the Professional-Cloud-Architect exam

Go to Exam
Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 5 out of 7 pages
Viewing questions 41-50 out of questions
Questions # 41:

You are migrating third-party applications from optimized on-premises virtual machines to Google Cloud. You are unsure about the optimum CPU and memory options. The application have a consistent usage patterns across multiple weeks. You want to optimize resource usage for the lowest cost. What should you do?

Options:

A.

Create a Compute engine instance with CPU and Memory options similar to your application’s current on-premises virtual machine. Install the cloud monitoring agent, and deploy the third party application. Run a load with normal traffic levels on third party application and follow the Rightsizing Recommendations in the Cloud Console

B.

Create an App Engine flexible environment, and deploy the third party application using a Docker file and a custom runtime. Set CPU and memory options similar to your application’s current on-premises virtual machine in the app.yaml file.

C.

Create an instance template with the smallest available machine type, and use an image of the third party application taken from the current on-premises virtual machine. Create a managed instance group that uses average CPU to autoscale the number of instances in the group. Modify the average CPU utilization threshold to optimize the number of instances running.

D.

Create multiple Compute Engine instances with varying CPU and memory options. Install the cloud monitoring agent and deploy the third-party application on each of them. Run a load test with high traffic levels on the application and use the results to determine the optimal settings.

Questions # 42:

You are designing a new insurance claims processing application that will be deployed on Google Kubernetes Engine (GKE). Your company's compliance team requires a complete and non-repudiable audit trail for all administrative actions from day one. Your application must capture who deploys a new container image, who modifies the GKE cluster's configuration, and who interacts with running pods or Kubernetes secrets using kubectl. What should you do?

Options:

A.

Enable Binary Authorization on the GKE cluster and create a policy that requires all deployed container images to be signed by a trusted attestor.

B.

Enable GKE Audit Logging to send Kubernetes API server logs to Cloud Logging, and ensure Cloud Audit Logs are enabled for the project.

C.

Activate the Security Command Center Premium tier to analyze GKE logs and detect threats, vulnerabilities, and misconfigurations in real time.

D.

Deploy a DaemonSet to every node in the GKE cluster that runs a logging agent to collect and forward all container logs to Cloud Logging.

Questions # 43:

Your company has a Google Cloud project that uses BigQuery for data warehousing They have a VPN tunnel between the on-premises environment and Google Cloud that is configured with Cloud VPN. The security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing. What should they do?

Options:

A.

Configure Private Google Access for on-premises only.

B.

Perform the following tasks:

1) Create a service account.

2) Give the BigQuery JobUser role and Storage Reader role to the service account.

3) Remove all other IAM access from the project.

C.

Configure VPC Service Controls and configure Private Google Access.

D.

Configure Private Google Access.

Questions # 44:

Your company has a support ticketing solution that uses App Engine Standard. The project that contains the App Engine application already has a Virtual Private Cloud(VPC) network fully

connected to the company’s on-premises environment through a Cloud VPN tunnel. You want to enable App Engine application to communicate with a database that is running in the company’s on-premises environment. What should you do?

Options:

A.

Configure private services access

B.

Configure private Google access for on-premises hosts only

C.

Configure serverless VPC access

D.

Configure private Google access

Questions # 45:

To improve governance and security, your organization has structured the Google Cloud environment using folders for different business units. Each Business unit folder has subfolders for development, staging, and production environments, which must comply with internal security controls. You need to design a scalable and enforceable model that blocks internet ingress traffic to the production folders while selectively allowing direct HTTPS traffic to the necessary virtual machines. You must also ensure that individual project teams cannot overwrite these controls. What should you do?

Options:

A.

Mandate the application teams to deploy a Terraform module to create VPC firewall rules in each project that deny ingress and allow HTTPS.

B.

At each production folder, use an organization policy to block all external IPs and require teams to use external HTTPS load balancers.

C.

At each production folder, apply a hierarchical firewall policy to deny all ingress except for HTTPS to tagged VMs.

D.

At the organization root, apply a hierarchical firewall policy to deny all ingress except for HTTPS to tagged VMs.

Questions # 46:

Your company has developed a monolithic, 3-tier application to allow external users to upload and share files. The solution cannot be easily enhanced and lacks reliability. The development team would like to re-architect the application to adopt microservices and a fully managed service approach, but they need to convince their leadership that the effort is worthwhile. Which advantage(s) should they highlight to leadership?

Options:

A.

The new approach will be significantly less costly, make it easier to manage the underlying infrastructure, and automatically manage the CI/CD pipelines.

B.

The monolithic solution can be converted to a container with Docker. The generated container can then be deployed into a Kubernetes cluster.

C.

The new approach will make it easier to decouple infrastructure from application, develop and release new features, manage the underlying infrastructure, manage CI/CD pipelines and perform A/B testing, and scale the solution if necessary.

D.

The process can be automated with Migrate for Compute Engine.

Questions # 47:

Your web application must comply with the requirements of the European Union’s General Data Protection Regulation (GDPR). You are responsible for the technical architecture of your web application. What should you do?

Options:

A.

Ensure that your web application only uses native features and services of Google Cloud Platform,

because Google already has various certifications and provides “pass-on” compliance when you use native features.

B.

Enable the relevant GDPR compliance setting within the GCPConsole for each of the services in use within your application.

C.

Ensure that Cloud Security Scanner is part of your test planning strategy in order to pick up any compliance gaps.

D.

Define a design for the security of data in your web application that meets GDPR requirements.

Questions # 48:

For this question, refer to the Dress4Win case study.

Dress4Win has asked you to recommend machine types they should deploy their application servers to. How should you proceed?

Options:

A.

Perform a mapping of the on-premises physical hardware cores and RAM to the nearest machine types in the cloud.

B.

Recommend that Dress4Win deploy application servers to machine types that offer the highest RAM to CPU ratio available.

C.

Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.

D.

Identify the number of virtual cores and RAM associated with the application server virtual machines align them to a custom machine type in the cloud, monitor performance, and scale the machine types up until the desired performance is reached.

Questions # 49:

For this question, refer to the Dress4Win case study.

As part of Dress4Win's plans to migrate to the cloud, they want to be able to set up a managed logging and monitoring system so they can handle spikes in their traffic load. They want to ensure that:

• The infrastructure can be notified when it needs to scale up and down to handle the ebb and flow of usage throughout the day

• Their administrators are notified automatically when their application reports errors.

• They can filter their aggregated logs down in order to debug one piece of the application across many hosts

Which Google StackDriver features should they use?

Options:

A.

Logging, Alerts, Insights, Debug

B.

Monitoring, Trace, Debug, Logging

C.

Monitoring, Logging, Alerts, Error Reporting

D.

Monitoring, Logging, Debug, Error Report

Questions # 50:

For this question, refer to the Dress4Win case study.

Dress4Win has configured a new uptime check with Google Stackdriver for several of their legacy services. The Stackdriver dashboard is not reporting the services as healthy. What should they do?

Options:

A.

Install the Stackdriver agent on all of the legacy web servers.

B.

In the Cloud Platform Console download the list of the uptime servers' IP addresses and create an inbound firewall rule

C.

Configure their load balancer to pass through the User-Agent HTTP header when the value matches GoogleStackdriverMonitoring-UptimeChecks (https://cloud.google.com/monitoring)

D.

Configure their legacy web servers to allow requests that contain user-Agent HTTP header when the value matches GoogleStackdriverMonitoring— UptimeChecks (https://cloud.google.com/monitoring)

Viewing page 5 out of 7 pages
Viewing questions 41-50 out of questions