google professional-cloud-architect online test

Question 1 Topic 1, Case Study 1Case Study Question View Case

The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model
with separation of duties for administration between production and development resources.
What Google domain and project structure should you recommend?

• A. Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application
• B. Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications
• C. Create a single G Suite account to manage users with each stage of each application in its own project
• D. Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment

Answer:

D

Explanation:
Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are
intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege
levels than they actually need
Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no

more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates
for which they are not authorized.
Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform.

No user should be given responsibility for more than one related function. This limits the ability of a user to perform a
malicious action and then cover up that action. Reference: https://cloud.google.com/kms/docs/separation-of-duties

Question 2 Topic 1, Case Study 1Case Study Question View Case

A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server,
the new database server stops responding to SSH connections. It is still serving database requests to the application servers
correctly.
What three steps should you take to diagnose the problem? (Choose three.)

• A. Delete the virtual machine (VM) and disks and create a new one
• B. Delete the instance, attach the disk to a new VM, and investigate
• C. Take a snapshot of the disk and connect to a new machine to investigate
• D. Check inbound firewall rules for the network the machine is connected to
• E. Connect the machine to another network with very simple firewall rules and investigate
• F. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate

Answer:

C D F

Explanation:
D: Handling "Unable to connect on port 22" error message Possible causes include:
There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Compute Engine

instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than
22, you need to enable the access to that port with a custom firewall rule.
The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP Console services.

Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from
session to session.
F: Handling "Could not connect, retrying..." error
You can verify that the daemon is running by navigating to the serial console output page and looking for output lines
prefixed with the accounts-from-metadata: string. If you are using a standard image but you do not see these output prefixes
in the serial console output, the daemon might be stopped. Reboot the instance to restart the daemon.
Reference: https://cloud.google.com/compute/docs/ssh-in-browser https://cloud.google.com/compute/docs/ssh-in-browser

Question 3 Topic 1, Case Study 1Case Study Question View Case

JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google
Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.
What service account key-management strategy should you recommend?

• A. Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
• B. Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
• C. Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
• D. Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs

Answer:

C

Explanation:
Migrating data to Google Cloud Platform
Lets say that you have some data processing that happens on another cloud provider and you want to transfer the
processed data to Google Cloud Platform. You can use a service account from the virtual machines on the external cloud to
push the data to Google Cloud Platform. To do this, you must create and download a service account key when you create
the service account and then use that key from the external process to call the Cloud Platform APIs.
Reference: https://cloud.google.com/iam/docs/understanding-service-accounts#migrating_data_to_google_cloud_platform

Question 4 Topic 1, Case Study 1Case Study Question View Case

JencoMart has built a version of their application on Google Cloud Platform that serves traffic to Asia. You want to measure
success against their business and technical goals.
Which metrics should you track?

• A. Error rates for requests from Asia
• B. Latency difference between US and Asia
• C. Total visits, error rates, and latency from Asia
• D. Total visits and average latency for users from Asia
• E. The number of character sets present in the database

Answer:

D

Explanation:
From scenario:
Business Requirements include: Expand services into Asia
Technical Requirements include: Decrease latency in Asia

Question 5 Topic 1, Case Study 1Case Study Question View Case

The migration of JencoMarts application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is
shown in the diagram. You want to maximize throughput.
What are three potential bottlenecks? (Choose three.)

• A. A single VPN tunnel, which limits throughput
• B. A tier of Google Cloud Storage that is not suited for this task
• C. A copy command that is not suited to operate over long distances
• D. Fewer virtual machines (VMs) in GCP than on-premises machines
• E. A separate storage layer outside the VMs, which is not suited for this task
• F. Complicated internet connectivity between the on-premises infrastructure and GCP

Answer:

A C E

Question 6 Topic 1, Case Study 1Case Study Question View Case

JencoMart wants to move their User Profiles database to Google Cloud Platform.
Which Google Database should they use?

• A. Cloud Spanner
• B. Google BigQuery
• C. Google Cloud SQL
• D. Google Cloud Datastore

Answer:

D

Explanation:
Common workloads for Google Cloud Datastore:
User profiles

Product catalogs

Game state

Reference: https://cloud.google.com/storage-options/ https://cloud.google.com/datastore/docs/concepts/overview

Question 7 Topic 2, Case Study 2Case Study Question View Case

Mountkirk Games wants you to design their new testing strategy. How should the test coverage differ from their existing
backends on the other platforms?

• A. Tests should scale well beyond the prior approaches
• B. Unit tests are no longer required, only end-to-end tests
• C. Tests should be applied after the release is in the production environment
• D. Tests should include directly testing the Google Cloud Platform (GCP) infrastructure

Answer:

A

Explanation:
From Scenario:
A few of their games were more popular than expected, and they had problems scaling their application servers, MySQL
databases, and analytics tools.
Requirements for Game Analytics Platform include: Dynamically scale up or down based on game activity

Question 8 Topic 2, Case Study 2Case Study Question View Case

Mountkirk Games has deployed their new backend on Google Cloud Platform (GCP). You want to create a through testing
process for new versions of the backend before they are released to the public. You want the testing environment to scale in
an economical way. How should you design the process?

• A. Create a scalable environment in GCP for simulating production load
• B. Use the existing infrastructure to test the GCP-based backend at scale
• C. Build stress tests into each component of your application using resources internal to GCP to simulate load
• D. Create a set of static environments in GCP to test different levels of load – for example, high, medium, and low

Answer:

A

Explanation:
From scenario: Requirements for Game Backend Platform
1. Dynamically scale up or down based on game activity
2. Connect to a managed NoSQL database service
3. Run customize Linux distro

Question 9 Topic 2, Case Study 2Case Study Question View Case

Mountkirk Games wants to set up a continuous delivery pipeline. Their architecture includes many small services that they
want to be able to update and roll back quickly. Mountkirk Games has the following requirements:
Services are deployed redundantly across multiple regions in the US and Europe

Only frontend services are exposed on the public internet

They can provide a single frontend IP for their fleet of services

Deployment artifacts are immutable

Which set of products should they use?

• A. Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine
• B. Google Cloud Storage, Google App Engine, Google Network Load Balancer
• C. Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer
• D. Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager

Answer:

C

Question 10 Topic 2, Case Study 2Case Study Question View Case

Mountkirk Games gaming servers are not automatically scaling properly. Last month, they rolled out a new feature, which
suddenly became very popular. A record number of users are trying to use the service, but many of them are getting 503
errors and very slow response times. What should they investigate first?

• A. Verify that the database is online
• B. Verify that the project quota hasn’t been exceeded
• C. Verify that the new feature code did not introduce any performance bugs
• D. Verify that the load-testing team is not running their tool against production

Answer:

B

Explanation:
503 is service unavailable error. If the database was online everyone would get the 503 error.