Coursera Study Guide with Complete Solutions, Exams of Advanced Education

Coursera Study Guide with Complete Solutions

Typology: Exams

2023/2024

Available from 10/22/2024

Examproff
Examproff 🇺🇸

3

(2)

8.3K documents

1 / 24

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Coursera Study Guidewith Complete Solutions
An application running on a highly-customized version of Ubuntu needs to be migrated
to Google Cloud. You need to do this in the least amount of time with minimal code
changes. How should you proceed?
A. Create Compute Engine Virtual Machines and migrate the app to that infrastructure.
B. Deploy the existing application to App Engine.
C. Deploy your application in a container image to Cloud Run.
D. Implement a Kubernetes cluster and create pods to enable your app. - ANSWER-A.
Create Compute Engine Virtual Machines and migrate the app to that infrastructure
Feedback: Correct! Compute Engine is a great option for quick migration of traditional
apps. You can implement a solution in the cloud without changing your existing code.
B. Deploy the existing application to App Engine. Feedback: Incorrect. You would need
to change your code to run it on App Engine.
C. Deploy your application in a container image to Cloud Run. Feedback: Incorrect. You
would need to re-engineer the current app to work in a container environment.
D. Implement a Kubernetes cluster and create pods to enable your app. Feedback:
Incorrect. You would need to build and manage your Kubernetes cluster, and re-
engineer the current app to work in a container environment.
Cymbal Superstore asks you to implement Cloud SQL as a database backend to their
supply chain application. You want to configure automatic failover in case of a zone
outage. You decide to use the gcloud sql instances create command set to accomplish
this. Which gcloud command line argument is required to configure the stated failover
capability as you create the required instances?
A. --availability-type
B. --replica-type
C. --secondary-zone
D. --master-instance-name - ANSWER-A. --availability-type Feedback: Correct! This
option allows you to specify zonal or regional availability, with regional providing
automatic failover to a standby node in another region.
B. --replica-type Feedback: Incorrect. If you have --master-instance-name, this option
allows you to define the replica type: a default of read, or a legacy MySQL replica type
of failover, which has been deprecated.
C. --secondary-zone Feedback: Incorrect. This is an optional argument that is valid only
when you have a specified availability type: regional.
D. --master-instance-name Feedback: Incorrect. This option creates a read replica
based on the control plane instance. It replicates data but does not automate failover.
Cymbal Superstore decides to migrate their supply chain application to Google Cloud.
You need to configure specific operating system dependencies. What should you do?
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18

Partial preview of the text

Download Coursera Study Guide with Complete Solutions and more Exams Advanced Education in PDF only on Docsity!

Coursera Study Guide with Complete Solutions

An application running on a highly-customized version of Ubuntu needs to be migrated to Google Cloud. You need to do this in the least amount of time with minimal code changes. How should you proceed? A. Create Compute Engine Virtual Machines and migrate the app to that infrastructure. B. Deploy the existing application to App Engine. C. Deploy your application in a container image to Cloud Run. D. Implement a Kubernetes cluster and create pods to enable your app. - ANSWER-A. Create Compute Engine Virtual Machines and migrate the app to that infrastructure Feedback: Correct! Compute Engine is a great option for quick migration of traditional apps. You can implement a solution in the cloud without changing your existing code. B. Deploy the existing application to App Engine. Feedback: Incorrect. You would need to change your code to run it on App Engine. C. Deploy your application in a container image to Cloud Run. Feedback: Incorrect. You would need to re-engineer the current app to work in a container environment. D. Implement a Kubernetes cluster and create pods to enable your app. Feedback: Incorrect. You would need to build and manage your Kubernetes cluster, and re- engineer the current app to work in a container environment. Cymbal Superstore asks you to implement Cloud SQL as a database backend to their supply chain application. You want to configure automatic failover in case of a zone outage. You decide to use the gcloud sql instances create command set to accomplish this. Which gcloud command line argument is required to configure the stated failover capability as you create the required instances? A. --availability-type B. --replica-type C. --secondary-zone D. --master-instance-name - ANSWER-A. --availability-type Feedback: Correct! This option allows you to specify zonal or regional availability, with regional providing automatic failover to a standby node in another region. B. --replica-type Feedback: Incorrect. If you have --master-instance-name, this option allows you to define the replica type: a default of read, or a legacy MySQL replica type of failover, which has been deprecated. C. --secondary-zone Feedback: Incorrect. This is an optional argument that is valid only when you have a specified availability type: regional. D. --master-instance-name Feedback: Incorrect. This option creates a read replica based on the control plane instance. It replicates data but does not automate failover. Cymbal Superstore decides to migrate their supply chain application to Google Cloud. You need to configure specific operating system dependencies. What should you do?

A. Implement an application using containers on Cloud Run. B. Implement an application using code on App Engine. C. Implement an application using containers on Google Kubernetes Engine. D. Implement an application using virtual machines on Compute Engine. - ANSWER-* D. Implement an application using virtual machines on Compute Engine. Feedback: Correct! Compute Engine gives you full control over operating system choice and configuration. A. Implement an application using containers on Cloud Run. Feedback: Incorrect. Cloud Run deploys containers in Google Cloud without you specifying the underlying cluster or deployment architecture. B. Implement an application using code on App Engine. Feedback: Incorrect. App Engine is a platform as a service for deployment of your code on infrastructure managed by Google. You don't manage operating system dependencies with App Engine. C. Implement an application using containers on Google Kubernetes Engine. Feedback: Incorrect. Google Kubernetes Engine is a container management platform as a service and doesn't give you control over operating system dependencies. Cymbal Superstore decides to pilot a cloud application for their point of sale system in their flagship store. You want to focus on code and develop your solution quickly, and you want your code to be portable. How do you proceed? A. SSH into a Compute Engine VM and execute your code. B. Package your code to a container image and post it to Cloud Run. C. Implement a deployment manifest and run kubectl apply on it in Google Kubernetes Engine. D. Code your solution in Cloud Functions. - ANSWER-B. Package your code to a container image and post it to Cloud Run. Feedback: Correct! Cloud Run provides serverless container management. It lets you focus on code and you can deploy your solution quickly. A. SSH into a Compute Engine VM and execute your code. Feedback: Incorrect. Configuring SSH connectivity to a Compute Engine VM does not meet the focus on code requirement of this scenario. C. Implement a deployment manifest and run kubectl apply on it in Google Kubernetes Engine. Feedback: Incorrect. Google Kubernetes Engine requires you to build and manage resources of a cluster to host your container in GKE. This does meet the requirement of focusing on code. D. Code your solution in Cloud Functions. Feedback: Incorrect. Cloud Functions manages your code as short, executable functions and does not manage your code in containers, which are more portable. Cymbal Superstore has a need to populate visual dashboards with historical time-based data. This is an analytical use-case. Which two storage solutions could they use?

Cymbal Superstore is implementing a mobile app for end users to track deliveries that are en route to them. The app needs to access data about truck location from Pub/Sub using Google recommended practices. A. API key B. OAuth 2.0 client C. Environment provided service account D. Service account key - ANSWER-D. Service account keyFeedback: Correct! Service account keys are used for accessing private data such as your Pub/Sub truck information from an external environment such as a mobile app running on a phone. A. API keyFeedback: Incorrect. API keys are used to access publicly available data. B. OAuth 2.0 clientFeedback: Incorrect. OAuth 2.0 clients provide access to an application for private data on behalf of end users. C. Environment provided service accountFeedback: Incorrect. Environment-provided service accounts are for applications running on resources inside Google Cloud. Cymbal Superstore is piloting an update to its ecommerce app for the flagship store in Minneapolis, Minnesota. The app is implemented as a three-tier web service with traffic originating from the local area and resources dedicated for it in us-central1. You need to configure a secure, low-cost network load-balancing architecture for it. How do you proceed? A. Implement a premium tier pass-through external https load balancer connected to the web tier as the frontend and a regional internal load balancer between the web tier and backend. B. Implement a proxied external TCP/UDP network load balancer connected to the web tier as the frontend and a premium network tier ssl load balancer between the web tier and the backend. C. Configure a standard tier proxied external https load balancer connected to the web tier as a frontend and a regional internal load balancer between the web tier and the backend. D. Configure a - ANSWER-C. Configure a standard tier proxied external https load balancer connected to the web tier as a frontend and a regional internal load balancer between the web tier and the backend. Feedback: Correct! A standard tier proxied external load balancer is effectively a regional resource. A regional internal load balancer doesn't require external IPs and is more secure. A. Implement a premium tier pass-through external https load balancer connected to the web tier as the frontend and a regional internal load balancer between the web tier and backend. Feedback: Incorrect. Premium external https load balancer is global and more expensive. All the resources for the scenario are in the same region. Also, https load balancer is proxied, not pass-through. B. Implement a proxied external TCP/UDP network load balancer connected to the web tier as the frontend and a premium network tier ssl load balancer between the web tier and the backend. Feedback: Incorrect. TCP/UDP is a pass-through balancer. Premium

tier SSL is global and is not the proper solution between web and backend within a region. D. Configure a proxied SSL load balancer connected to the web tier as the frontend and a standard tier internal TCP/UDP load balancer between the web tier and the backend. Feedback: Incorrect. SSL load balancer is not a good solution for web front ends. For a web frontend, you should use an HTTP/S load balancer (layer 7) whenever possible. Cymbal Superstore needs to analyze whether they met quarterly sales projections. Analysts assigned to run this query are familiar with SQL. What data solution should they implement? A. BigQuery B. Cloud SQL C. Cloud Spanner D. Cloud Firestore - ANSWER-A. BigQuery Feedback: Correct! BigQuery is Google Cloud's implementation of a modern data warehouse. BigQuery analyzes historical data and uses a SQL query engine. B. Cloud SQL Feedback: Incorrect. Cloud SQL is optimized for transactional reads and writes. It is not a good candidate for querying historical data as described in the scenario. C. Cloud Spanner Feedback: Incorrect. Cloud Spanner is an SQL-compatible relational database, but it is not built for analyzing historical data. D. Cloud Firestore Feedback: Incorrect. Cloud Firestore is a NoSQL document database used to define entities with attributes. It is not a good choice for the analysis of historical data as described in the scenario. Cymbal Superstore's GKE cluster requires an internal http(s) load balancer. You are creating the configuration files required for this resource. What is the proper setting for this scenario? A. Annotate your ingress object with an ingress.class of "gce." B. Configure your service object with a type: LoadBalancer. C. Annotate your service object with a "neg" reference. D. Implement custom static routes in your VPC. - ANSWER-C. Annotate your service object with a "neg" reference. Feedback: Correct! This is correct because an internal http(s) load balancer can only use NEGs. A. Annotate your ingress object with an ingress.class of "gce." Feedback: Incorrect. To implement an internal load balancer, the ingress class needs to be "gce-internal." B. Configure your service object with a type: LoadBalancer. Feedback: incorrect. Using Load Balancer at the service level implements a Layer 4 network load balancer, not an http(s) load balancer. D. Implement custom static routes in your VPC. Feedback: Incorrect. This describes a routes-based cluster. In order to support internal load balancing, your cluster needs to

B. Implement a database instance using Cloud SQL, back up your local data, and restore it to the new instance. Feedback: Incorrect. Cloud SQL does not support user- defined functions, which are used in the database being migrated. D. Use gcloud to implement a Compute Engine instance with an E2-standard-8 machine type, install, and configure MySQL. Feedback: Incorrect. E2 is a cost-optimized machine type. A recommended machine type for a medium-sized database is a balanced machine type. Cymbal Superstore's supply chain application frequently analyzes large amounts of data to inform business processes and operational dashboards. What storage class would make sense for this use case? A. Archive B. Coldline C. Nearline D. Standard - ANSWER-D. Standard. Correct. Standard storage is best for data that is frequently accessed ("hot" data) and/or stored for only brief periods of time. In addition, co-locating your resources by selecting the regional option maximizes the performance for data-intensive computations and can reduce network charges. A. Archive Feedback: Incorrect. Archive storage is the best choice for data that you plan to access less than once a year. B. Coldline Feedback: Incorrect. Dashboards need current data to analyze. Coldline is good for storing data accessed only every 90 days. C. Nearline Feedback: Incorrect. Dashboards need current data to analyze. Nearline is good for storing data accessed only every 30 days. Cymbal Superstore's supply chain management system has been deployed and is working well. You are tasked with monitoring the system's resources so you can react quickly to any problems. You want to ensure the CPU usage of each of your Compute Engine instances in us-central1 remains below 60%. You want an incident created if it exceeds this value for 5 minutes. You need to configure the proper alerting policy for this scenaio. What should you do? A. Choose resource type of VM instance and metric of CPU load, condition trigger if any time series violates, condition is below, threshold is .60, for 5 minutes. B. Choose resource type of VM instance and metric of CPU utilization, condition trigger all time series violates, condition is above, threshold is .60 for 5 minutes. C. Choose resource type of VM instance, and metric of CPU utilization, condition trigger if any time series violates, condition is below, threshold - ANSWER-D. Choose resource type of VM instance and metric of CPU utilization, condition trigger if any time series violates, condition is above, threshold is .60 for 5 minutes. Feedback: Correct! All the values of this statement match the scenario.

A. Choose resource type of VM instance and metric of CPU load, condition trigger if any time series violates, condition is below, threshold is .60, for 5 minutes. Feedback: Incorrect. CPU load is not a percentage, it is a number of processes. B. Choose resource type of VM instance and metric of CPU utilization, condition trigger all time series violates, condition is above, threshold is .60 for 5 minutes. Feedback: Incorrect. The trigger should be "each of your instances", not "all of your instances." C. Choose resource type of VM instance, and metric of CPU utilization, condition trigger if any time series violates, condition is below, threshold is .60 for 5 minutes. Feedback: Incorrect. The alert policy should record an incident when the CPU utilization exceeds a certain amount. The condition for this statement is below that, so it is wrong. Fiona is the billing administrator for the project associated with Cymbal Superstore's eCommerce application. Jeffrey, the marketing department lead, wants to receive emails related to budget alerts. Jeffrey should have access to no additional billing information. What should you do? A. Change the budget alert default threshold rules to include Jeffrey as a recipient. B. Use Cloud Monitoring notification channels to send Jeffrey an email alert. C. Add Jeffrey and Fiona to the budget scope custom email delivery dialog. D. Send alerts to a Pub/Sub topic that Jeffrey is subscribed to. - ANSWER-B. Correct! You can set up to 5 Cloud Monitoring channels to define email recipients that will receive budget alerts. A. Incorrect. To add Jeffrey as a recipient to the default alert behavior you would have to grant him the role of a billing administrator or billing user. The qualifier in the questions states he should have no additional access. C. Incorrect. Budget scope defines what is reported in the alert. D. Incorrect. Pub/Sub is for programmatic use of alert content. How are billing accounts applied to projects in Google Cloud? (Pick two.) A. Set up Cloud Billing to pay for usage costs in Google Cloud projects and Google Workspace accounts. B. A project and its resources can be tied to more than one billing account. C. A billing account can be linked to one or more projects. D. A project and its resources can only be tied to one billing account. E. If your project only uses free resources you don't need a link to an active billing account. - ANSWER-C: Correct! A billing account can handle billing for more than one project. D: Correct! A project can only be linked to one billing account at a time. A: Incorrect. Cloud Billing does not pay for charges associated with a Google Workspace account. B: Incorrect. A project can only be linked to one billing account at a time. E: Incorrect. Even projects using free resources need to be tied to a valid Cloud Billing account.

A: Incorrect. The console is a graphical interface. C: Incorrect. The Cloud Mobile App allows you to interact graphically with your Google Cloud resources through an app on your mobile device. E: Incorrect. This interface allows API access through CURL or client-based programming SDKs. Stella is a new member of a team in your company who has been put in charge of monitoring VM instances in the organization. Stella will need the required permissions to perform this role. How should you grant her those permissions? A. Assign Stella a roles/compute.viewer role. B. Assign Stella compute.instances.get permissions on all of the projects she needs to monitor. C. Add Stella to a Google Group in your organization. Bind that group to roles/compute.viewer. D. Assign the "viewer" policy to Stella. - ANSWER-C. Correct! Best practice is to manage role assignment by groups, not by individual users. A. Incorrect. You should not assign roles to an individual user. Users should be added to groups and groups assigned roles to simplify permissions management. B. Incorrect. Roles are combinations of individual permissions. You should assign roles, not individual permissions, to users. * D. Incorrect. A policy is a binding that is created when you associate a user with a role. Policies are not "assigned" to a user. The backend of Cymbal Superstore's e-commerce system consists of managed instance groups. You need to update the operating system of the instances in an automated way using minimal resources. What should you do? A. Create a new instance template. Click Update VMs. Set the update type to Opportunistic. Click Start. B. Create a new instance template, then click Update VMs. Set the update type to PROACTIVE. Click Start. C. Create a new instance template. Click Update VMs. Set max surge to 5. Click Start. D. Abandon each of the instances in the managed instance group. Delete the instance template, replace it with a new one, and recreate the instances in the managed group. - ANSWER-B. Create a new instance template, then click Update VMs. Set the update type to PROACTIVE. Click Start. Feedback: Correct! This institutes a rolling update where the surge is set to 1 automatically, which minimizes resources as requested. A. Create a new instance template. Click Update VMs. Set the update type to Opportunistic. Click Start. Feedback: Incorrect. Opportunistic updates are not interactive. C. Create a new instance template. Click Update VMs. Set max surge to 5. Click Start. Feedback: Incorrect. Max surge creates 5 new machines at a time. It does not use minimal resources.

D. Abandon each of the instances in the managed instance group. Delete the instance template, replace it with a new one, and recreate the instances in the managed group. Feedback: Incorrect. This is not an automated approach. The abandoned instances are not deleted or replaced. It does not minimize resource use. The development team for the supply chain project is ready to start building their new cloud app using a small Kubernetes cluster for the pilot. The cluster should only be available to team members and does not need to be highly available. The developers also need the ability to change the cluster architecture as they deploy new capabilities. How would you implement this? A. Implement an autopilot cluster in us-central1-a with a default pool and an Ubuntu image. B. Implement a private standard zonal cluster in us-central1-a with a default pool and an Ubuntu image. C. Implement a private standard regional cluster in us-central1 with a default pool and container-optimized image type. D. Implement an autopilot cluster in us-central1 with an Ubuntu image type. - ANSWER- B. Implement a private standard zonal cluster in us-central1-a with a default pool and an Ubuntu image. Feedback: Correct! Standard clusters can be zonal. The default pool provides nodes used by the cluster. A. Implement an autopilot cluster in us-central1-a with a default pool and an Ubuntu image. Feedback: Incorrect. Autopilot clusters are regional and us-central1-a specifies a zone. Also, autopilot clusters are managed at the pod level. C. Implement a private standard regional cluster in us-central1 with a default pool and container-optimized image type. Feedback: Incorrect. The container-optimized image that supports autopilot type does not support custom packages. D. Implement an autopilot cluster in us-central1 with an Ubuntu image type. Feedback: Incorrect. Autopilot doesn't support Ubuntu image types. The Operations Department at Cymbal Superstore wants to provide managers access to information about VM usage without allowing them to make changes that would affect the state. You assign them the Compute Engine Viewer role. Which two permissions will they receive? A. compute.images.list B. compute.images.get C. compute.images.create D. compute.images.setIAM E. computer.images.update - ANSWER-A: Correct! Viewer can perform read-only actions that do not affect state. B: Correct! Get is read-only. Viewer has this permission. C: Incorrect. This permission would change state. D: Incorrect. Only the Owner can set the IAM policy on a service.

A. Downloads the latest version of the terraform provider. Feedback: Incorrect. Terraform init downloads the latest version. B. Verifies syntax of terraform config file. Feedback: Incorrect. Terraform plan verifies the syntax. C. Shows a preview of resources that will be created. Feedback: Incorrect. Terraform plan outputs a preview of resources. What GKE object implements an http(s) load balancer? A. Service B. Pod C. Deployment D. Ingress - ANSWER-D. Ingress What Google Cloud load balancing option runs at Layer 7 of the TCP stack? A. Global http(s) B. Global SSL Proxy C. Global TCP Proxy D. Regional Network - ANSWER-A. Global http(s) Feedback: Correct! https(s) is an application protocol, so it lives at layer 7 of the TCP stack. B. Global SSL Proxy Feedback: Incorrect. SSL is a layer 4 load balancer. C. Global TCP Proxy Feedback: Incorrect. TCP is a layer 4 load balancer. D. Regional Network Feedback: Incorrect. Regional network is a layer 4 load balancer. What Google Cloud project attributes can be changed? A. The Project ID. B. The Project Name. C. The Project Number. D. The Project Category - ANSWER-B: Correct! Project name is set by the user at creation. It does not have to be unique. It can be changed after creation time. A: Incorrect. Project ID is set by the user at creation time but cannot be changed. It must be unique. C: Incorrect. Project number is an automatically generated unique identifier for a project. It cannot be changed. D: Incorrect. Project category isn't a valid attribute when setting up a Google Cloud project. What is the declarative way to initialize and update Kubernetes objects? A. kubectl apply B. kubectl create C. kubectl replace

D. kubectl run - ANSWER-A. kubectl apply Feedback: Correct! kubectl apply creates and updates Kubernetes objects in a declarative way from manifest files. B. kubectl create Feedback: Incorrect. kubectl create creates objects in an imperative way. You can build an object from a manifest but you can't change it after the fact. You will get an error. C. kubectl replace Feedback: Incorrect. kubectl replace downloads the current copy of the spec and lets you change it. The command replaces the object with a new one based on the spec you provide. D. kubectl run Feedback: Incorrect. kubectl run creates a Kubernetes object in an imperative way using arguments you specify on the command line. What is the lowest level basic role that gives you permissions to change resource state? A. Owner B. Administrator C. Viewer D. Editor - ANSWER-D. Editor What kind of account is meant for machine-to-machine communication in Google Cloud? A. User account B. Google Workspace account C. Service account D. Cloud Identity account - ANSWER-C. Service account What Kubernetes object provides access to logic running in your cluster via endpoints that you define? A. Pod templates B. Pods C. Services D. Deployments - ANSWER-C. Services Feedback: Correct! Service endpoints are defined by pods with labels that match those specified in the service configuration file. Services then specify how those pods are exposed. A. Pod templates Feedback: Incorrect. Pod templates define how pods will be configured as part of a deployment. B. Pods Feedback: Incorrect. Pods provide the executable resources your containers run in. D. Deployments Feedback: Incorrect. Deployments help you with availability and the health of a set of pod replicas. They do not help you configure external access. Which Cloud Audit log is disabled by default with a few exceptions?

B. Providing Number of instances Feedback: Correct! Number of instances is part of your managed instance group configuration. C. Specifying Persistent disks Feedback: Incorrect. This is part of your instance template definition. D. Choosing instance Machine type Feedback: Incorrect. This is part of your instance template definition. E. Configuring the operating system Feedback: Incorrect. This is part of your instance template definition. Which of the scenarios below is an example of a situation where you should use a service account? A. To directly access user data B. For development environments C. For interactive analysis D. For individual GKE pods - ANSWER-D. For individual GKE podsFeedback: Correct! When configuring access for GKE, you set up dedicated service accounts for each pod. You then use workload identity to map them to dedicated Kubernetes service accounts. A. To directly access user dataFeedback: Incorrect. Service accounts should not be used to access user data without consent. B. For development environmentsFeedback: Incorrect. Service accounts should not be used for development environments. Use the application default credentials. C. For interactive analysisFeedback: Incorrect. Service accounts should be used for unattended work that does not require user interaction. Which serverless option is based on developing and executing small snippets of code? A. Cloud Functions B. Cloud Run C. BigQuery D. Dataflow - ANSWER-A. Cloud Functions Which services are based on logic implemented in containers? (Pick 2.) A. Cloud Functions B. Cloud Run C. Google Kubernetes Engine D. Compute Engine E. Managed Instance Groups - ANSWER-B. Cloud Run C. Google Kubernetes Engine Which storage class is designed for long term storage has a 365 day minimum storage agreement, and a lower storage price as compared to other storage types?

A. Standard storage B. Coldline storage C. Nearline storage D. Archive storage - ANSWER-D. Archive storage Which storage class that is designed for long term storage has a 365 day minimum storage agreement, and a lower storage price as compared to other storage types? A. Standard storage B. Coldline storage C. Nearline storage D. Archive storage - ANSWER-D. Archive storage Which type of audit log entry should you monitor? A. Admin Activity log entries B. ADMIN_READ log entries C. DATA_READ log entries D. DATA_WRITE log entries - ANSWER-D. DATA_WRITE log entriesFeedback: Correct! DATA_WRITE log entries include information about when objects are created or deleted. A. Admin Activity log entriesFeedback: Incorrect. Admin Activity logs record when buckets are created and deleted. B. ADMIN_READ log entriesFeedback: Incorrect. ADMIN_READ log entries are created when buckets are listed and bucket metadata is accessed. C. DATA_READ log entriesFeedback: Incorrect. DATA_READ log entries contain operations such as listing and getting object data. Which Virtual Private Cloud (VPC) network type allows you to fully control IP ranges and the definition of regional subnets? A. Default Project network B. Auto mode network C. Custom mode network D. An auto mode network converted to a custom network - ANSWER-C. Custom mode network Feedback: Correct! A custom mode network gives you control over regions that you place your subnets in and lets you specify IP ranges for them as well. A. Default Project network Feedback: Incorrect. A project's default network is an auto mode network that creates one subnet in each Google Cloud region automatically with a predetermined set of IP ranges. B. Auto mode network Feedback: Incorrect. An auto mode network creates one subnet in each Google Cloud region automatically with a predetermined set of IP ranges.

D. Set Concurrency settings. - ANSWER-B. Set Max instances. Feedback: Correct! Max instances control costs, keeping you from starting too many instances by limiting your number of connections to a backing service. A. Set Min instances. Feedback: Incorrect. Min instances reduce latency when you start getting requests after a period of no activity. It keeps you from scaling down to zero. C. Set CPU Utilization. Feedback: Incorrect. Default CPU utilization is 60%. It doesn't affect the number of connections to your backing service. D. Set Concurrency settings. Feedback: Incorrect. Concurrency is how many users can connect to a particular instance. It does not directly affect connections to backend services. You have a custom role implemented for administration of the dev/test environment for Cymbal Superstore's transportation management application. You are developing a pilot to use Cloud Run instead of Cloud Functions. You want to ensure your administrators have the correct access to the new resources. A. Make the change to the custom role locally and run an update on the custom role. B. Delete the custom role and recreate a new custom role with required permissions. C. Copy the existing role, add the new permissions to the copy, and delete the old role. D. Create a new role with needed permissions and migrate users to it. - ANSWER-A. Make the change to the custom role locally and run an update on the custom role Feedback: Correct! There is a recommended process to update an existing custom role. You get the current policy, update it locally, and write the updated policy back into Google Cloud. The gcloud commands used in this process include the get and update policy subcommands. B. Delete the custom role and recreate a new custom role with required permissions Feedback: Incorrect. Recreating a custom role is not necessary in this scenario. You can update the existing one. C. Copy the existing role, add the new permissions to the copy, and delete the old role Feedback: Incorrect. Copying an existing role creates a new custom role. Creating a new custom role is not required for this scenario. D. Create a new role with needed permissions and migrate users to it.Feedback: Incorrect. Finding all users with this role and reassigning them could be very time consuming. You should update the existing custom role instead. You have a scheduled snapshot you are trying to delete, but the operation returns an error. What should you do to resolve this problem? A. Delete the downstream incremental snapshots before deleting the main reference. B. Delete the object the snapshot was created from. C. Detach the snapshot schedule before deleting it. D. Restore the snapshot to a persistent disk before deleting it. - ANSWER-C. Detach the snapshot schedule before deleting it. Feedback: Correct! You can't delete a snapshot schedule that is still attached to a persistent disk.

A. Delete the downstream incremental snapshots before deleting the main reference. Feedback: Incorrect. This is not required to delete a scheduled snapshot and would be a lot of manual work. B. Delete the object the snapshot was created from. Feedback: Incorrect. This is not required to delete a scheduled snapshot and is destructive. D. Restore the snapshot to a persistent disk before deleting it. Feedback: Incorrect. This does not allow you to delete a scheduled snapshot. You need to add new groups of employees in Cymbal Superstore's production environment. You need to consider Google's recommendation of using least privilege. What should you do? A. Grant the most restrictive basic role to most services, grant predefined or custom roles as necessary. B. Grant predefined and custom roles that provide necessary permissions and grant basic roles only where needed. C. Grant the least restrictive basic roles to most services and grant predefined and custom roles only when necessary. D. Grant custom roles to individual users and implement basic roles at the resource level. - ANSWER-B: Correct! Basic roles are broad and don't use the concept of least privilege. You should grant only the roles that someone needs through predefined and custom roles. A: Incorrect. Basic roles are too broad and don't provide least privilege. C: Incorrect. Basic roles apply to the project level and do not provide least privilege. D: Incorrect. You should see if a predefined role meets your needs before implementing a custom role. You need to analyze and act on files being added to a Cloud Storage bucket. Your programming team is proficient in Python. The analysis you need to do takes at most 5 minutes. You implement a Cloud Function to accomplish your processing and specify a trigger resource pointing to your bucket. How should you configure the --trigger-event parameter using gcloud? A. --trigger-event google.storage.object.finalize B. --trigger-event google.storage.object.create C. --trigger-event google.storage.object.change D. --trigger-event google.storage.object.add - ANSWER-A. --trigger-event google.storage.object.finalize Feedback: Correct! Finalize event trigger when a write to Cloud Storage is complete. B. --trigger-event google.storage.object.create Feedback: Incorrect. This is not a cloud storage notification event. C. --trigger-event google.storage.object.change Feedback: Incorrect. This is not a cloud storage notification event.