| Exam Code | Professional-Cloud-Architect |
| Exam Name | Google Certified Professional - Cloud Architect (GCP) |
| Questions | 275 Questions Answers With Explanation |
| Update Date | September 02,2024 |
| Price |
Was : |
Prepare Yourself Expertly for Professional-Cloud-Architect Exam:
Our team of highly skilled and experienced professionals is dedicated to delivering up-to-date and precise study materials in PDF format to our customers. We deeply value both your time and financial investment, and we have spared no effort to provide you with the highest quality work. We ensure that our students consistently achieve a score of more than 95% in the Google Professional-Cloud-Architect exam. You provide only authentic and reliable study material. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is any change in the Professional-Cloud-Architect dumps file. The Google Professional-Cloud-Architect exam question answers and Professional-Cloud-Architect dumps we offer are as genuine as studying the actual exam content.
You can reach out to our agents at any time for guidance; we are available 24/7. Our agent will provide you information you need; you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your Professional-Cloud-Architect exam with extraordinary marks.
Pass4surexams provide trusted study material. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our experts work tirelessly for our customers, ensuring a seamless journey to passing the Google Professional-Cloud-Architect exam on the first attempt. We have already helped a lot of students to ace IT certification exams with our genuine Professional-Cloud-Architect Exam Question Answers. Don't wait and join us today to collect your favorite certification exam study material and get your dream job quickly.
Enroll with confidence at Pass4surexams, and not only will you access our comprehensive Google Professional-Cloud-Architect exam question answers and dumps, but you will also benefit from a remarkable offer – 90 days of free updates. In the dynamic landscape of certification exams, our commitment to your success doesn't waver. If there are any changes or updates to the Google Professional-Cloud-Architect exam content during the 90-day period, rest assured that our team will promptly notify you and provide the latest study materials, ensuring you are thoroughly prepared for success in your exam."
Quality is the heart of our service that's why we offer our students real exam questions with 100% passing assurance in the first attempt. Our Professional-Cloud-Architect dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.
For this question, refer to the EHR Healthcare case study. EHR has single Dedicated Interconnectconnection between their primary data center and Googles network. This connectionsatisfiesEHR’s network and security policies:• On-premises servers without public IP addresses need to connect to cloud resourceswithout public IP addresses• Traffic flows from production network mgmt. servers to Compute Engine virtualmachines should never traverse the public internet.You need to upgrade the EHR connection to comply with their requirements. The newconnection design must support business critical needs and meet the same network andsecurity policy requirements. What should you do?
A. Add a new Dedicated Interconnect connection
B. Upgrade the bandwidth on the Dedicated Interconnect connection to 100 G
C. Add three new Cloud VPN connections
D. Add a new Carrier Peering connection
For this question, refer to the EHR Healthcare case study. You are responsible fordesigning the Google Cloud network architecture for Google Kubernetes Engine. You wantto follow Google best practices. Considering the EHR Healthcare business and technicalrequirements, what should you do to reduce the attack surface?
A. Use a private cluster with a private endpoint with master authorized networksconfigured.
B. Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.
C. Use a private cluster with a public endpoint with master authorized networks configured.
D. Use a public cluster with master authorized networks enabled and firewall rules.
For this question, refer to the EHR Healthcare case study. You need to define the technicalarchitecture for securely deploying workloads to Google Cloud. You also need to ensurethat only verified containers are deployed using Google Cloud services. What should youdo? (Choose two.)
A. Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.
B. Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.
C. Configure Container Registry to only allow trusted service accounts to create and deploycontainers from the registry.
D. Configure Container Registry to use vulnerability scanning to confirm that there are novulnerabilities before deploying the workload.
For this question, refer to the EHR Healthcare case study. You are a developer on the EHRcustomer portal team. Your team recently migrated the customer portal application toGoogle Cloud. The load has increased on the application servers, and now the applicationis logging many timeout errors. You recently incorporated Pub/Sub into the applicationarchitecture, and the application is not logging any Pub/Sub publishing errors. You want toimprove publishing latency. What should you do?
A. Increase the Pub/Sub Total Timeout retry value.
B. Move from a Pub/Sub subscriber pull model to a push model.
C. Turn off Pub/Sub message batching.
D. Create a backup Pub/Sub message queue.
For this question, refer to the EHR Healthcare case study. In the past, configuration errorsput public IP addresses on backend servers that should not have been accessible from theInternet. You need to ensure that no one can put external IP addresses on backendCompute Engine instances and that external IP addresses can only be configured onfrontend Compute Engine instances. What should you do?
A. Create an Organizational Policy with a constraint to allow external IP addresses only onthe frontend Compute Engine instances.
B. Revoke the compute.networkAdmin role from all users in the project with front endinstances.
C. Create an Identity and Access Management (IAM) policy that maps the IT staff to thecompute.networkAdmin role for the organization.
D. Create a custom Identity and Access Management (IAM) role named GCE_FRONTENDwith the compute.addresses.create permission.
For this question, refer to the EHR Healthcare case study. You are responsible for ensuringthat EHR's use of Google Cloud will pass an upcoming privacy compliance audit. Whatshould you do? (Choose two.)
A. Verify EHR's product usage against the list of compliant products on the Google Cloudcompliance page.
B. Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.
C. Use Firebase Authentication for EHR's user facing applications.
D. Implement Prometheus to detect and prevent security breaches on EHR's web-based applications.
E. Use GKE private clusters for all Kubernetes workloads.
You need to upgrade the EHR connection to comply with their requirements. The newconnection design must support business-critical needs and meet the same network andsecurity policy requirements. What should you do?
A. Add a new Dedicated Interconnect connection.
B. Upgrade the bandwidth on the Dedicated Interconnect connection to 100 G.
C. Add three new Cloud VPN connections.
D. Add a new Carrier Peering connection.
For this question, refer to the EHR Healthcare case study. You need to define the technicalarchitecture for hybrid connectivity between EHR's on-premises systems and GoogleCloud. You want to follow Google's recommended practices for production-levelapplications. Considering the EHR Healthcare business and technical requirements, whatshould you do?
A. Configure two Partner Interconnect connections in one metro (City), and make sure theInterconnect connections are placed in different metro zones.
B. Configure two VPN connections from on-premises to Google Cloud, and make sure theVPN devices on-premises are in separate racks.
C. Configure Direct Peering between EHR Healthcare and Google Cloud, and make sureyou are peering at least two Google locations.
D. Configure two Dedicated Interconnect connections in one metro (City) and twoconnections in another metro, and make sure the Interconnect connections are placed indifferent metro zones.
For this question, refer to the Helicopter Racing League (HRL) case study. Your team is incharge of creating apayment card data vault for card numbers used to bill tens of thousands of viewers,merchandise consumers,and season ticket holders. You need to implement a custom card tokenization service thatmeets the followin grequirements:• It must provide low latency at minimal cost. • It must be able to identify duplicate credit cards and must not store plaintext cardnumbers.• It should support annual key rotation.Which storage approach should you adopt for your tokenization service?
A. Store the card data in Secret Manager after running a query to identify duplicates.
B. Encrypt the card data with a deterministic algorithm stored in Firestore using Datastore mode.
C. Encrypt the card data with a deterministic algorithm and shard it across multiple Memorystore instances.
D. Use column-level encryption to store the data in Cloud SQL.
For this question, refer to the Helicopter Racing League (HRL) case study. A recent financeaudit of cloudinfrastructure noted an exceptionally high number of Compute Engine instances areallocated to do videoencoding and transcoding. You suspect that these Virtual Machines are zombie machinesthat were not deletedafter their workloads completed. You need to quickly get a list of which VM instances areidle. What should youdo?
A. Log into each Compute Engine instance and collect disk, CPU, memory, and networkusage statistics foranalysis.
B. Use the gcloud compute instances list to list the virtual machine instances that have theidle: true label set.
C. Use the gcloud recommender command to list the idle virtual machine instances.
D. From the Google Console, identify which Compute Engine instances in the managedinstance groups areno longer responding to health check probes.
For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRLstarted a new regionalracing league in Cape Town, South Africa. In an effort to give customers in Cape Town abetter userexperience, HRL has partnered with the Content Delivery Network provider, Fastly. HRLneeds to allow trafficcoming from all of the Fastly IP address ranges into their Virtual Private Cloud network(VPC network). You area member of the HRL security team and you need to configure the update that will allowonly the Fastly IPaddress ranges through the External HTTP(S) load balancer. Which command should youuse?
A. glouc compute firewall rules update hlr-policy \--priority 1000 \target tags-sourceiplist fastly \--allow tcp:443
B. gcloud compute security policies rules update 1000 \--security-policy hlr-policy \--expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \--action " allow"
C. gcloud compute firewall rules updatesourceiplist-fastly \priority 1000 \allow tcp: 443
D. gcloud compute priority-policies rules update1000 \security policy from fastly--src- ip-ranges"-- action " allow"
For this question, refer to the Helicopter Racing League (HRL) case study. HRL wantsbetter predictionaccuracy from their ML prediction models. They want you to use Google’s AI Platform soHRL can understandand interpret the predictions. What should you do?
A. Use Explainable AI.
B. Use Vision AI.
C. Use Google Cloud’s operations suite.
D. Use Jupyter Notebooks.
For this question, refer to the Helicopter Racing League (HRL) case study. HRL is lookingfor a cost-effectiveapproach for storing their race data such as telemetry. They want to keep all historicalrecords, train modelsusing only the previous season's data, and plan for data growth in terms of volume andinformation collected.You need to propose a data solution. Considering HRL business requirements and thegoals expressed byCEO S. Hawke, what should you do?
A. Use Firestore for its scalable and flexible document-based database. Use collections to aggregate race databy season and event.
B. Use Cloud Spanner for its scalability and ability to version schemas with zero downtime. Split race datausing season as a primary key.
C. Use BigQuery for its scalability and ability to add columns to a schema. Partition race data based on season.
D. Use Cloud SQL for its ability to automatically manage storage increases and compatibility with MySQL. Useseparate database instances for each season.
For this question, refer to the Helicopter Racing League (HRL) case study. The HRLdevelopment teamreleases a new version of their predictive capability application every Tuesday evening at 3a.m. UTC to arepository. The security team at HRL has developed an in-house penetration test CloudFunction called Airwolf.The security team wants to run Airwolf against the predictive capability application as soonas it is releasedevery Tuesday. You need to set up Airwolf to run at the recurring weekly cadence. Whatshould you do?
A. Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.
B. Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.
C. Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.
D. Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.
You are monitoring Google Kubernetes Engine (GKE) clusters in a Cloud Monitoringworkspace. As a Site Reliability Engineer (SRE), you need to triage incidents quickly. Whatshould you do?
A. Navigate the predefined dashboards in the Cloud Monitoring workspace, and then addmetrics and create alert policies.
B. Navigate the predefined dashboards in the Cloud Monitoring workspace, create custommetrics, and install alerting software on a Compute Engine instance.
C. Write a shell script that gathers metrics from GKE nodes, publish these metrics to aPub/Sub topic, export the data to BigQuery, and make a Data Studio dashboard.
D. Create a custom dashboard in the Cloud Monitoring workspace for each incident, andthen add metrics and create alert policies.
You are designing a Data Warehouse on Google Cloud and want to store sensitive data inBigQuery. Your company requires you to generate encryption keys outside of GoogleCloud. You need to implement a solution. What should you do?
A. Generate a new key in Cloud Key Management Service (Cloud KMS). Store all data inCloud Storage using the customer-managed key option and select the created key. Set upa Dataflow pipeline to decrypt the data and to store it in a BigQuery dataset.
B. Generate a new key in Cloud Key Management Service (Cloud KMS). Create a datasetin BigQuery using the customer-managed key option and select the created key
C. Import a key in Cloud KMS. Store all data in Cloud Storage using the customermanagedkey option and select the created key. Set up a Dataflow pipeline to decrypt thedata and to store it in a new BigQuery dataset.
D. Import a key in Cloud KMS. Create a dataset in BigQuery using the customer-suppliedkey option and select the created key.
Your team is developing a web application that will be deployed on Google KubernetesEngine (GKE). Your CTO expects a successful launch and you need to ensure yourapplication can handle the expected load of tens of thousands of users. You want to testthe current deployment to ensure the latency of your application stays below a certainthreshold. What should you do?
A. Use a load testing tool to simulate the expected number of concurrent users and totalrequests to your application, and inspect the results.
B. Enable autoscaling on the GKE cluster and enable horizontal pod autoscaling on yourapplication deployments. Send curl requests to your application, and validate if the autoscaling works.
C. Replicate the application over multiple GKE clusters in every Google Cloud region.Configure a global HTTP(S) load balancer to expose the different clusters over a single global IP address.
D. Use Cloud Debugger in the development environment to understand the latencybetween the different microservices.
An application development team has come to you for advice.They are planning to write and deploy an HTTP(S) API using Go 1.12. The API will have a very unpredictableworkload and must remain reliable during peaks in traffic. They want to minimizeoperational overhead for this application. What approach should you recommend?
A. Use a Managed Instance Group when deploying to Compute Engine
B. Develop an application with containers, and deploy to Google Kubernetes Engine (GKE)
C. Develop the application for App Engine standard environment
D. Develop the application for App Engine Flexible environment using a custom runtime
Your company has a Google Cloud project that uses BlgQuery for data warehousing Thereare some tables that contain personally identifiable information (PI!) Only the complianceteam may access the PH. The other information in the tables must be available to the datascience team. You want to minimize cost and the time it takes to assign appropriate accessto the tables What should you do?
A. 1 From the dataset where you have the source data, create views of tables that youwant to share, excluding Pll2 Assign an appropriate project-level IAM role to the members of the data science team3 Assign access controls to the dataset that contains the view
B. 1 From the dataset where you have the source data, create materialized views of tablesthat you want to share excluding Pll2 Assign an appropriate project-level IAM role to the members of the data science team 3.Assign access controls to the dataset that contains the view.
C. 1 Create a dataset for the data science team2 Create views of tables that you want to share excluding Pll3 Assign an appropriate project-level IAM role to the members of the data science team4 Assign access controls to the dataset that contains the view5 Authorize the view to access the source dataset
D. 1. Create a dataset for the data science team.2. Create materialized views of tables that you want to share, excluding Pll3. Assign an appropriate project-level IAM role to the members of the data science team4 Assign access controls to the dataset that contains the view5 Authorize the view to access the source dataset
You want to allow your operations learn to store togs from all the production protects inyour Organization, without during logs from other projects All of the production projects arecontained in a folder. You want to ensure that all logs for existing and new productionprojects are captured automatically. What should you do?
A. Create an aggregated export on the Production folder. Set the log sink to be a CloudStorage bucket in an operations project
B. Create an aggregated export on the Organization resource. Set the tog sink to be aCloud Storage bucket in an operations project.
C. Create log exports in the production projects. Set the log sinks to be a Cloud Storage bucket in an operations project.
D. Create tog exports in the production projects. Set the tog sinks to be BigQuery datasetsin the production projects and grant IAM access to the operations team to run queries onthe datasets
