Professional Cloud Architect Practice Exam (2021.06.28)

Ace Your Professional Cloud Architect Certification with Practice Exams.

Google Cloud Certified – Professional Cloud Architect – Practice Exam (Question 22)

Question 1

You are developing a globally scaled frontend for a legacy streaming backend data API.
This API expects events in strict chronological order with no repeat data for proper processing.
Which products should you deploy to ensure guaranteed-once FIFO (first-in, first-out) delivery of data?

• A. Google Cloud Pub/Sub to Google Cloud Dataflow.
• B. Google Cloud Pub/Sub to Google Cloud SQL.
• C. Google Cloud Pub/Sub to Stackdriver.
• D. Google Cloud Pub/Sub alone

Correct Answer: A

Reference contents:
– Ordering messages | Cloud Pub/Sub Documentation

Question 2

A small number of API requests to your microservices-based application take a very long time.
You know that each request to the API can traverse many services. You want to know which service takes the longest in those cases.
What should you do?

• A. Instrument your application with Stackdnver Trace in order to break down the request latencies at each microservice.
• B. Set timeouts on your application so that you can fail requests faster.
• C. Use Stackdriver Monitoring to look for insights that show when your API latencies are high.
• D. Send custom metrics for each of your requests to Stackdriver Monitoring.

Correct Answer: A

Reference contents:
– About Cloud Trace | Google Cloud

Question 3

The development team has provided you with a Kubernetes Deployment file.
You have no infrastructure yet and need to deploy the application.
What should you do?

• A. Use gcloud to create a Kubernetes cluster. Use Google Cloud Deployment Manager to create the deployment.
• B. Use kubect1 to create a Kubernetes cluster. Use Google Cloud Deployment Manager to create the deployment.
• C. Use kubect1 to create a Kubernetes cluster. Use kubect1 to create the deployment.
• D. Use gcloud to create a Kubernetes cluster. Use kubect1 to create the deployment.

Correct Answer: D

Reference contents:
– Creating a zonal cluster | Kubernetes Engine Documentation

Question 4

For this question, refer to the Helicopter Racing League (HRL) case study.
HRL is looking for a cost-effective approach for storing their race data such as telemetry. They want to keep all historical
records, train models using only the previous season’s data, and plan for data growth in terms of volume and information collected.
You need to propose a data solution. Considering HRL business requirements and the goals expressed by CEO S.Hawke, what should you do?

• A. Use Google Cloud Spanner for its scalability and ability to version schemas with zero downtime. Split race data using season as a primary key.
• B. Use Firestore for its scalable and flexible document-based database. Use collections to aggregate race data by season and event.
• C. Use BigQuery for its scalability and ability to add columns to a schema. Partition race data based on season.
• D. Use Google Cloud SQL for its ability to automatically manage storage increases and compatibility with MySQL. Use separate database instances for each season.

Correct Answer: C

Reference contents:
– BigQuery public datasets  | Google Cloud

Question 5

Your company runs several databases on a single MySQL instance.
They need to take backups of a specific database at regular intervals. The backup activity needs to complete as quickly as possible and cannot be allowed to impact disk performance.
How should you configure the storage?

• A. Mount additional persistent disk volumes onto each virtual machine (VM) instance in a RAID10 array and use LVM to create snapshots to send to Google Cloud Storage.
• B. Configure a cron job to use the gcloud tool to take regular backups using persistent disk snapshots.
• C. Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage.
• D. Use gcsfuse to mount a Google Cloud Storage bucket as a volume directly on the instance and write backups to the mounted location using mysqldump.

Correct Answer: C

Reference contents:
– Best practices for SQL Server instances | Compute Engine Documentation

Question 6

Your company pushes batches of sensitive transaction data from its application server VMs to Google Cloud Pub/Sub for processing and storage.
What is the Google-recommended way for your application to authenticate to the required Google Cloud services?

• A. Generate an OAuth2 access token for accessing Google Cloud Pub/Sub, encrypt it, and store it in Google Cloud Storage for access from each VM.
• B. Create a gateway to Google Cloud Pub/Sub using a Google Cloud Functions, and grant the Google Cloud Functions service account the appropriate Google Cloud Pub/Sub IAM roles.
• C. Ensure that VM service accounts are granted the appropriate Google Cloud Pub/Sub IAM roles.
• D. Ensure that VM service accounts do not have access to Google Cloud Pub/Sub, and use VM access scopes to grant the appropriate Google Cloud Pub/Sub IAM roles.

Correct Answer: C

Question 7

For this question, refer to the Dress4Win case study.
Dress4Win has asked you to recommend machine types they should deploy their application servers to.
How should you proceed?

• A. Recommend that Dress4Win deploy application servers to machine types that offer the highest RAM to CPU ratio available.
• B. Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.
• C. Perform a mapping of the on-premises physical hardware cores and RAM to the nearest machine types in the cloud.
• D. Identify the number of virtual cores and RAM associated with the application server virtual machines, align them to a custom machine type in the cloud, monitor performance, and scale the machine types up until the desired performance is reached.

Correct Answer: B

Question 8

For this question, refer to the Helicopter Racing League (HRL) case study.
Recently HRL started a new regional racing league in Cape Town, South Africa.
In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer.
Which command should you use?

• A. gcloud compute firewall rules update sourceiplist-fastly \
  –priority 100 \
  –allow tcp:443
• B. gcloud compute security-policies rules update 1000 \
  –security-policy hir-policy \
  –expression “evaluatePreconfiguredExpr(‘sourceiplist-fastly’)” \
  –action “allow”
• C. gcloud compute firewall rules update hir-policy \
  –priority 100 \
  –target-tags=sourceiplist-fastly \
  –allow tcp:443
• D. gcloud compute security-policies rules update 1000 \
  –security-policy from-fastly \
  –src-ip-ranges * \
  –action “allow”

Correct Answer: D

Reference contents:
– External HTTP(S) Load Balancing overview | Google Cloud

Question 9

Your company has a project in Google Cloud with three Virtual Private Clouds (VPCs).
There is a Google Compute Engine instance on each VPC. Network subnets do not overlap and must remain separated.
The network configuration is shown below.

Instance #1 is an exception and must communicate directly with both Instance #2 and Instance #3 via internal IPs.
How should you accomplish this?

• A. Peer all three VPCs:
  *Peer VPC #1 with VPC #2.
  *Peer VPC #2 with VPC #3.
  Update firewall rules to enable traffic between the instances.
• B. Create a cloud router to advertise subnet #2 and subnet #3 to subnet #1.
• C. Add two additional NICs to Instance #1 with the following configuration:
  *NIC1
  VPC: VPC #2
  SUBNETWORK: subnet #2
  *NIC2
  VPC: VPC #3
  SUBNETWORK: subnet #3
  Update firewall rules to enable traffic between instances.
• D. Create two VPN tunnels via CloudVPN:
  *1 between VPC #1 and VPC #2.
  *1 between VPC #2 and VPC #3.
  Update firewall rules to enable traffic between the instances.

Correct Answer: C

Question 10

You are tasked with building an online analytical processing (OLAP) marketing analytics and reporting tool.
This requires a relational database that can operate on hundreds of terabytes of data.
What is the Google recommended tool for such applications?

• A. Firestore, because it offers real-time synchronization across devices.
• B. Google Cloud Spanner, because it is globally distributed.
• C. BigQuery, because it is designed for large-scale processing of tabular data.
• D. Google Cloud SQL, because it is a fully managed relational database.

Correct Answer: B

Reference contents:
– An Inside Look at Google BigQuery (PDF)

Question 11

For this question, refer to the Dress4Win case study.
As part of Dress4Win’s plans to migrate to the cloud, they want to be able to set up a managed logging and monitoring system so they can handle spikes in their traffic load.
They want to ensure that:
– The infrastructure can be notified when it needs to scale up and down to handle the ebb and flow of usage throughout the day.
– Their administrators are notified automatically when their application reports errors.
– They can filter their aggregated logs down in order to debug one piece of the application across many hosts.
Which Google StackDriver features should they use?

• A. Monitoring, Logging, Alerts, Error Reporting.
• B. Monitoring, Logging, Debug, Error Report.
• C. Monitoring, Trace, Debug, Logging.
• D. Logging, Alerts, Insights, Debug.

Correct Answer: B

Question 12

A new teed web service has the following code running on Google App Engine.
During peak load, users report that they can see news articles they already viewed.
What is the most likely cause of this problem?

• A. The HTTP Expires header needs to be set to -1 to stop caching.
• B. The session variable is local to just a single instance.
• C. The session variable is being overwritten in Google Cloud Datastore.
• D. The URL of the API needs to be modified to prevent caching.

Correct Answer: B

Reference contents:
– java – Google App Engine Cache List in Session Variable – Stack Overflow

Question 13

You are using Google Cloud SQL as the database backend for a large CRM deployment.
You want to scale as usage increases and ensure that you don’t run out of storage, maintain 75% CPU usage cores, and keep replication lag below 60 seconds.
What are the correct steps to meet your requirements?

• A.
  • Create a Stackdriver alert when storage exceeds 75%, and increase the available storage on the instance to create more space.
  • Deploy memcached to reduce CPU load.
  • Change the instance type to a 32-core machine type to reduce replication lag.
• B.
  • Enable automatic storage increase for instance.
  • Create a Stackdriver alert when CPU usage exceeds 75%, and change the instance type to reduce CPU usage.
  • Create a Stackdriver alert for replication lag, and shard the database to reduce replication time.
• C.
  • Create a Stackdriver alert when storage exceeds 75%, and increase the available storage on the instance to create more space.
  • Deploy memcached to reduce CPU load.
  • Create a Stackdriver alert for replication lag, and change the instance type to a 32-core machine type to reduce replication lag.
• D.
  • Enable automatic storage increase for instance.
  • Change the instance type to a 32-core machine type to keep CPU usage below 75%.
  • Create a Stackdriver alert for replication lag, and shard the database to reduce replication time.

Correct Answer: B

Question 14

You are running a cluster on Google Kubernetes Engine to serve a web application.
Users are reporting that a specific part of the application is not responding anymore. You notice that all pods of your deployment keep restarting after 2 seconds. The application writes logs to standard output. You want to inspect the logs to find the cause of the issue.
Which approach can you take?

• A. Connect to the cluster using gcloud credentials and connect to a container in one of the pods to read the logs.
• B. Review the Stackdriver logs for the specific Google Kubernetes Engine container that is serving the unresponsive part of the application.
• C. Review the Serial Port logs for each Google Compute Engine instance that is serving as a node in the cluster.
• D. Review the Stackdriver logs for each Google Compute Engine instance that is serving as a node in the cluster.

Correct Answer: B

Question 15

You are developing your microservices application on Google Kubernetes Engine.
During testing, you want to validate the behavior of your application in case a specific microservice should suddenly crash.
What should you do?

• A. Destroy one of the nodes of the Kubernetes cluster to observe the behavior.
• B. Use Istio’s fault injection on the particular microservice whose faulty behavior you want to simulate.
• C. Add a taint to one of the nodes of the Kubernetes cluster. For the specific microservice, configure a pod anti-affinity label that has the name of the tainted node as a value.
• D. Configure Istio’s traffic management features to steer the traffic away from a crashing microservice.

Correct Answer: A

Question 16

Your company is migrating its on-premises data center into the cloud.
As part of the migration, you want to integrate Google Kubernetes Engine for workload orchestration. Parts of your architecture must also be PCI DSScompliant.
Which of the following is most accurate?

• A. Google App Engine is the only compute platform on GCP that is certified for PCI DSS hosting.
• B. Google Kubernetes Engine and GCP provide the tools you need to build a PCI DSS-compliant environment.
• C. Google Kubernetes Engine cannot be used under PCI DSS because it is considered shared hosting.
• D. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.

Correct Answer: D

Reference contents:
– PCI DSS – Compliance | Google Cloud

Question 17

For this question, refer to the Mountkirk Games case study.
You are in charge of the new Game Backend Platform architecture.
The game communicates with the backend over a REST API. You want to follow Google-recommended practices.
How should you design the backend?

• A. Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L4 load balancer.
• B. Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L7 load balancer.
• C. Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L7 load balancer.
• D. Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L4 load balancer.

Correct Answer: B

Reference contents:
– Overview of Cloud Game Infrastructure #Dedicated game server | Cloud Architecture Center

Question 18

For this question, refer to the TerramEarth case study.
You need to implement a reliable, scalable GCP solution for the data warehouse for your company, TerramEarth.
Considering the TerramEarth business and technical requirements, what should you do?

• A. Replace the existing data warehouse with BigQuery. Use table partitioning.
• B. Replace the existing data warehouse with a Google Compute Engine instance with 96 CPUs.
• C. Replace the existing data warehouse with BigQuery. Use federated data sources.
• D. Replace the existing data warehouse with a Google Compute Engine instance with 96 CPUs. Add an additional Compute Engine preemptible instance with 32 CPUs.

Correct Answer: C

Reference contents:
– BigQuery for data warehouse practitioners | Cloud Architecture Center
– BigQuery for data warehouse practitioners #External sources | Cloud Architecture Center

Question 19

For this question, refer to the JencoMart case study.
A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops responding to SSH connections.
It is still serving database requests to the application servers correctly.
What three steps should you take to diagnose the problem? (Choose 3 answers)

• A. Delete the virtual machine (VM) and disks and create a new one.
• B. Check inbound firewall rules for the network the machine is connected to.
• C. Delete the instance, attach the disk to a new VM, and investigate.
• D. Take a snapshot of the disk and connect to a new machine to investigate.
• E. Connect the machine to another network with very simple firewall rules and investigate.
• F. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate.

Correct Answer: B, D, F

“Unable to connect on port 22” error message Possible causes include:
There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Google Compute Engine instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than 22, you need to enable the access to that port with a custom firewall rule.
The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP. Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from session to session.

Reference contents:
– Troubleshooting SSH | Compute Engine Documentation
– SSH from the browser | Compute Engine Documentation

Question 20

Your company has announced that they will be outsourcing operations functions.
You want to allow developers to easily stage new versions of a cloud-based application in the production environment and allow the outsourced operations team to autonomously promote staged versions to production. You want to minimize the operational overhead of the solution. Which Google Cloud product should you migrate to?

• A. Google Kubernetes Engine
• B. Google Compute Engine
• C. GKE On-Prem
• D. Google App Engine

Correct Answer:A

Reference contents:
– EBA Outsourcing Guidelines Mapping | Google Cloud

Question 21

You are deploying an application on Google  App Engine that needs to integrate with an on-premises database.
For security purposes, your on-premises database must not be accessible through the public Internet.
What should you do?

• A. Deploy your application on Google App Engine flexible environment and use Google App Engine firewall rules to limit access to the on-premises database.
• B. Deploy your application on Google App Engine standard environment and use Google App Engine firewall rules to limit access to the open on-premises database.
• C. Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the on premises database.
• D. Deploy your application on Google App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.

Correct Answer: D

Reference contents:
– Understanding Data and File Storage  | Google Cloud

Question 22

Your company provides a recommendation engine for retail customers.
You are providing retail customers with an API where they can submit a user ID and the API returns a list of recommendations for that user. You are responsible for the API lifecycle and want to ensure stability for your customers in case the API makes backward-incompatible changes. You want to follow Google-recommended practices.
What should you do?

• A. Create an automated process to generate API documentation, and update the public API documentation as part of the CI/CD process when deploying an update to the API.
• B. Use a versioning strategy for the APIs that increases the version number on every backwards compatible change.
• C. Use a versioning strategy for the APIs that adds the suffix “DEPRECATED” to the current API version number on every backward-incompatible change. Use the current version number for the new API.
• D. Create a distribution list of all customers to inform them of an upcoming backward-incompatible change at least one month before replacing the old API with the new API.

Correct Answer: D