[2023年12月20日]Associate-Cloud-Engineer試験問題集を試そう!ベストAssociate-Cloud-Engineer試験問題 [Q104-Q120]

Share

[2023年12月20日]Associate-Cloud-Engineer試験問題集を試そう!ベストAssociate-Cloud-Engineer試験問題

検証済みのAssociate-Cloud-Engineerテスト問題集で正確な246問題と解答

質問 # 104
You need to create a custom IAM role for use with a GCP service. All permissions in the role must be suitable for production use. You also want to clearly share with your organization the status of the custom role. This will be the first version of the custom role. What should you do?

  • A. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
  • B. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to ALPHA while testing the role permissions.
  • C. Use permissions in your role that use the 'supported' support level for role permissions. Set the role stage to BETA while testing the role permissions.
  • D. Use permissions in your role that use the 'testing' support level for role permissions. Set the role stage to BETA while testing the role permissions.

正解:A

解説:
Explanation


質問 # 105
You have an application that receives SSL-encrypted TCP traffic on port 443. Clients for this application are located all over the world. You want to minimize latency for the clients. Which load balancing option should you use?

  • A. Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.
  • B. SSL Proxy Load Balancer
  • C. HTTPS Load Balancer
  • D. Network Load Balancer

正解:B

解説:
Reference:
https://cloud.google.com/load-balancing/docs/ssl


質問 # 106
You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?

  • A. Configure an external TCP proxy load balancer.
  • B. Configure an external SSL proxy load balancer.
  • C. Configure an HTTP(S) load balancer.
  • D. Configure an internal TCP load balancer.

正解:C

解説:
Reference:
According to this guide for setting up an HTTP (S) load balancer in GCP: The client SSL session terminates at the load balancer. Sessions between the load balancer and the instance can either be HTTPS (recommended) or HTTP.
https://cloud.google.com/load-balancing/docs/ssl


質問 # 107
You need to run an important query in BigQuery but expect it to return a lot of records. You want to find out how much it will cost to run the query. You are using on-demand pricing. What should you do?

  • A. Use the command line to run a dry run query to estimate the number of bytes returned.
    Then convert that bytes estimate to dollars using the Pricing Calculator.
  • B. Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.
  • C. Run a select count (*) to get an idea of how many records your query will look through.
    Then convert that number of rows to dollars using the Pricing Calculator.
  • D. Use the command line to run a dry run query to estimate the number of bytes read.
    Then convert that bytes estimate to dollars using the Pricing Calculator.

正解:D

解説:
On-demand pricing
Under on-demand pricing, BigQuery charges for queries by using one metric: the number of bytes processed (also referred to as bytes read). You are charged for the number of bytes processed whether the data is stored in BigQuery or in an external data source such as Cloud Storage, Drive, or Cloud Bigtable. On-demand pricing is based solely on usage.
https://cloud.google.com/bigquery/pricing#on_demand_pricing


質問 # 108
You want to configure a solution for archiving data in a Cloud Storage bucket. The solution must be cost-effective. Data with multiple versions should be archived after 30 days. Previous versions are accessed once a month for reporting. This archive data is also occasionally updated at month-end. What should you do?

  • A. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.
  • B. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.
  • C. Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.
  • D. Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

正解:A


質問 # 109
You are managing a Data Warehouse on BigQuery. An external auditor will review your company's processes, and multiple external consultants will need view access to the data. You need to provide them with view access while following Google-recommended practices. What should you do?

  • A. Grant each individual external consultant the role of BigQuery Viewer
  • B. Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor
  • C. Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer
  • D. Grant each individual external consultant the role of BigQuery Editor

正解:C


質問 # 110
Your company completed the acquisition of a startup and is now merging the IT systems of both companies.
The startup had a production Google Cloud project in their organization. You need to move this project into your organization and ensure that the project is billed lo your organization. You want to accomplish this task with minimal effort. What should you do?

  • A. Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup's production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company's project.
  • B. Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.
  • C. Ensure that you have an Organization Administrator Identity and Access Management (1AM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.
  • D. Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

正解:D


質問 # 111
You want to add a new auditor to a Google Cloud Platform project. The auditor should be allowed to read, but not modify, all project items.
How should you configure the auditor's permissions?

  • A. Create a custom role with view-only service permissions. Add the user's account to the custom role.
  • B. Create a custom role with view-only project permissions. Add the user's account to the custom role.
  • C. Select the built-in IAM service Viewer role. Add the user's account to this role.
  • D. Select the built-in IAM project Viewer role. Add the user's account to this role.

正解:D

解説:
Reference:
https://cloud.google.com/resource-manager/docs/access-control-proj


質問 # 112
Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

  • A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
  • B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
  • C. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.
  • D. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.

正解:C

解説:
Explanation/Reference: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys


質問 # 113
You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions.
You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?

  • A. Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.
  • B. Create a single budget for all projects and configure budget alerts on this budget.
  • C. Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.
  • D. Create a budget per project and configure budget alerts on all of these budgets.

正解:D


質問 # 114
You're working as a Cloud Engineer for a small company. The lead developer needs to create some new projects in order to get started with deploying the codebase. She tried to create a project and received an error. She messaged you on Slack to ask for help, though, she couldn't recall the exact error message. You checked and found that she does have Project Creator permissions. Keeping in mind the principle of least privilege, what is the best role to grant her so that she can create billable projects?

  • A. The "Billing Account Administrator" role.
  • B. The "Project Owner" role.
  • C. The "Billing Account Viewer" role.
  • D. The "Billing Account User" role.

正解:D


質問 # 115
You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?

  • A. Use kubectl config get-contexts to review the output.
  • B. Use kubectl config use-context and kubectl config view to review the output.
  • C. Use gcloud config configurations activate and gcloud config list to review the output.
  • D. Use gcloud config configurations describe to review the output.

正解:B

解説:
Reference:
kubectl config view -o jsonpath='{.users[].name}' # display the first user kubectl config view -o jsonpath='{.users[*].name}' # get a list of users kubectl config get-contexts # display list of contexts kubectl config current-context # display the current-context kubectl config use-context my-cluster-name # set the default context to my-cluster-name
https://kubernetes.io/docs/reference/kubectl/cheatsheet/


質問 # 116
You need to manage a Cloud Spanner Instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

  • A. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45%.
    If you exceed this threshold, add nodes lo your instance.
  • B. Create an alert in Cloud Monitoring to alert when the percentage ot high priority CPU utilization reaches 45%.
    Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.
  • C. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%.
    If you exceed this threshold, add nodes to your instance.
  • D. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%.
    Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

正解:C

解説:
Increase instances on single region if CPU above 65%
https://cloud.google.com/spanner/docs/cpu-utilization#recommended-max


質問 # 117
You have a website hosted on App Engine standard environment. You want 1% of your users to see a new test version of the website. You want to minimize complexity. What should you do?

  • A. Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.
  • B. Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.
  • C. Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.
  • D. Deploy the new version in the same application and use the --migrate option.

正解:A


質問 # 118
You are using Deployment Manager to create a Google Kubernetes Engine cluster. Using the same Deployment Manager deployment, you also want to create a DaemonSet in the kube-system namespace of the cluster. You want a solution that uses the fewest possible services. What should you do?

  • A. With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.
  • B. In the cluster's definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.
  • C. Add the cluster's API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.
  • D. Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.

正解:A

解説:
Reference:
https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl


質問 # 119
You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?

  • A. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage.
  • B. Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.
  • C. Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.
  • D. Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.

正解:A


質問 # 120
......


Google Associate-Cloud-Engineer認定は、個人がクラウドコンピューティングの習熟度を示し、雇用市場で競争力を獲得するための優れた方法です。クラウドコンピューティングの専門家に対する需要が高いため、この認定を取得することで、多くのキャリアの機会が開かれ、個人がクラウドコンピューティング業界でキャリアを前進させることができます。


Google Associate-Cloud-Engineer 認定試験は、クラウドコンピューティングと GCP テクノロジーの専門知識を証明したい IT プロフェッショナルにとって貴重な資格です。この認定は、競争の激しい就職市場での差別化や、収益の増加に役立ちます。試験に合格することで、Google Associate Cloud Engineer の認定を取得し、Google Cloud Platform 上でクラウドベースのソリューションを展開・管理するために必要なスキルや知識を有していることを潜在的な雇用主に示すことができます。

 

Google Associate-Cloud-EngineerテストエンジンPDFで全問 無料問題集:https://jp.fast2test.com/Associate-Cloud-Engineer-premium-file.html

手に入れよう!最新Associate-Cloud-Engineer認定有効な試験問題集解答:https://drive.google.com/open?id=11gNEI7TOOoiu_94A7XWe65FlVLKZ99Mv


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어