Get 100% Authentic Google Professional-Cloud-Architect Dumps with Correct Answers [Q62-Q80]

Get 100% Authentic Google Professional-Cloud-Architect Dumps with Correct Answers

New Training Course Professional-Cloud-Architect Tutorial Preparation Guide

Before attending the exam for the Google Professional Cloud Architect certification, the individuals need to develop a good comprehension of its topics. The syllabus of the test is divided into five sections, each including several subtopics. The detailed outline of the exam domains can be viewed on the vendor’s website. A brief overview of the content is provided below:

• Analysis & Optimization of Technical & Business Processes

  Within this subject area, the students need to demonstrate their proficiency in analyzing and determining technical as well as business processes. It also requires their skills in developing procedures to guarantee the reliability of solutions in production.

• Security & Compliance Design

  The examinees will be evaluated based on their competency in designing for security, including such considerations as identity & access management (IAM), resource hierarchy, data security, separation of duties (SoD), security controls, remote access, as well as managing customer-managed encryption keys using Cloud Key Management Service. Another subtopic covered in this section is designing for compliance. This involves the knowledge of legislation, commercial, industry certifications, as well as audits.

• Management & Provisioning of Solution Infrastructure

  In the framework of this topic, the test takers will be asked to showcase their ability to configure network topologies, individual storage systems, as well as compute systems.

• Cloud Solution Architecture Design & Planning

  Here the candidates need to demonstrate their skills in designing a solution infrastructure that satisfies the business needs; envisioning future solution improvements; creating a migration plan; designing network, compute, and storage resources; designing a solution infrastructure that satisfies the technical needs.

During the exam for the Google Professional Cloud Architect certification, some of the questions will refer you to a case study describing a fictitious business & solution concept. These case studies are designed to provide the students with additional context to help them choose the right answer(s). The candidates can review the examples of possible case studies in the official guide.

Designing for Compliance and Security

• Design for security: the learners need to gain knowledge of penetration testing; identity and access management; resource hierarchy; separation of duties; security control; data security; customer-managed encryption key management with Cloud KMS;
• Design for compliance: this covers one’s knowledge of legislation (health record privacy, data privacy, ownership, and children’s privacy); commercial (sensitive data handling and personally identifiable information); industry certifications (SOC 2); audits (such as logs).

 

NEW QUESTION 62
TerramEarth has equipped all connected trucks with servers and sensors to collect telemetry data. Next year they want to use the data to train machine learning models. They want to store this data in the cloud while reducing costs.
What should they do?

• A. Push the telemetry data in real-time to a streaming dataflow job that compresses the data, and store it in Google BigQuery
• B. Have the vehicle's computer compress the data in hourly snapshots, and store it in a Google Cloud Storage (GCS) Nearline bucket
• C. Have the vehicle's computer compress the data in hourly snapshots, and store it in a GCS Coldline bucket
• D. Push the telemetry data in real-time to a streaming dataflow job that compresses the data, and store it in Cloud Bigtable

Answer: C

Explanation:
Storage is the best choice for data that you plan to access at most once a year, due to its slightly lower availability, 90-day minimum storage duration, costs for data access, and higher per-operation costs. For example:
Cold Data Storage - Infrequently accessed data, such as data stored for legal or regulatory reasons, can be stored at low cost as Coldline Storage, and be available when you need it.
Disaster recovery - In the event of a disaster recovery event, recovery time is key. Cloud Storage provides low latency access to data stored as Coldline Storage.
References: https://cloud.google.com/storage/docs/storage-classes

 

NEW QUESTION 63
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery.
What should you do to fix the script?

• A. Install the latest BigQuery API client library for Python
• B. Run your script on a new virtual machine with the BigQuery access scope enabled
• C. Create a new service account with BigQuery access and execute your script with that user
• D. Install the bq component for gcloud with the command gcloud components install bq.

Answer: B

 

NEW QUESTION 64
Dress4win has end to end tests covering 100% of their endpoints.
They want to ensure that the move of cloud does not introduce any new bugs.
Which additional testing methods should the developers employ to prevent an outage?

• A. They should add additional unit tests and production scale load tests on their cloud staging environment.
• B. They should run the end to end tests in the cloud staging environment to determine if the code is working as intended.
• C. They should enable google stack driver debugger on the application code to show errors in the code
• D. They should add canary tests so developers can measure how much of an impact the new release causes to latency

Answer: A

 

NEW QUESTION 65
You are creating an App Engine application that uses Cloud Datastore as its persistence layer. You need to retrieve several root entities for which you have the identifiers. You want to minimize the overhead in operations performed by Cloud Datastore. What should you do?

• A. Use the identifiers to create a query filter and run a batch query operation
• B. Create the Key object for each Entity and run multiple get operations, one operation for each entity
• C. Create the Key object for each Entity and run a batch get operation
• D. Use the identifiers to create a query filter and run multiple query operations, one operation for each entity

Answer: C

Explanation:
Explanation
https://cloud.google.com/datastore/docs/concepts/entities#datastore-datastore-batch-upsert-nodejs

 

NEW QUESTION 66
For this question, refer to the TerramEarth case study.
TerramEarth's CTO wants to use the raw data from connected vehicles to help identify approximately when a vehicle in the development team to focus their failure. You want to allow analysts to centrally query the vehicle data. Which architecture should you recommend?
A)

B)

C)

D)

• A. Option B
• B. Option A
• C. Option D
• D. Option C

Answer: B

Explanation:
Explanation
https://cloud.google.com/solutions/iot/
https://cloud.google.com/solutions/designing-connected-vehicle-platform
https://cloud.google.com/solutions/designing-connected-vehicle-platform#data_ingestion
http://www.eweek.com/big-data-and-analytics/google-touts-value-of-cloud-iot-core-for-analyzing-connected-car
https://cloud.google.com/solutions/iot/
The push endpoint can be a load balancer.
A container cluster can be used.
Cloud Pub/Sub for Stream Analytics

References: https://cloud.google.com/pubsub/
https://cloud.google.com/solutions/iot/
https://cloud.google.com/solutions/designing-connected-vehicle-platform
https://cloud.google.com/solutions/designing-connected-vehicle-platform#data_ingestion
http://www.eweek.com/big-data-and-analytics/google-touts-value-of-cloud-iot-core-for-analyzing-connected-car
https://cloud.google.com/solutions/iot/

 

NEW QUESTION 67
Your company wants to start using Google Cloud resources but wants to retain their on-premises Active Directory domain controller for identity management. What should you do?

• A. Use Google Cloud Directory Sync to synchronize Active Directory usernames with cloud identities and configure SAML SSO.
• B. Use Cloud Identity-Aware Proxy configured to use the on-premises Active Directory domain controller as an identity provider.
• C. Use Compute Engine to create an Active Directory (AD) domain controller that is a replica of the on- premises AD domain controller using Google Cloud Directory Sync.
• D. Use the Admin Directory API to authenticate against the Active Directory domain controller.

Answer: A

 

NEW QUESTION 68
Your company plans to migrate a multi-petabyte data set to the cloud. The data set must be available 24hrs a day. Your business analysts have experience only with using a SQL interface. How should you store the data to optimize it for ease of analysis?

• A. Stream data into Google Cloud Datastore.
• B. Load data into Google BigQuery.
• C. Put flat files into Google Cloud Storage.
• D. Insert data into Google Cloud SQL.

Answer: B

Explanation:
Google Big Query is for multi peta byte storage , HA(High availability) which means 24 hours, SQL interface .
https://medium.com/google-cloud/the-12-components-of-google-bigquery-c2b49829a7c7
https://cloud.google.com/solutions/bigquery-data-warehouse
https://cloud.google.com/bigquery/
BigQuery is Google's serverless, highly scalable, low cost enterprise data warehouse designed to make all your data analysts productive. Because there is no infrastructure to manage, you can focus on analyzing data to find meaningful insights using familiar SQL and you don't need a database administrator.
BigQuery enables you to analyze all your data by creating a logical data warehouse over managed, columnar storage as well as data from object storage, and spreadsheets.
References:
https://cloud.google.com/bigquery/

 

NEW QUESTION 69
You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via SSH into a specific machine without violating the security requirements. What should you do?

• A. Create a bastion host in the network to SSH into the bastion host from your office location. From the bastion host, SSH into the desired instance.
• B. Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance.
• C. Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance.
• D. Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP.

Answer: C

Explanation:
https://cloud.google.com/iap/docs/using-tcp-forwarding#tunneling_with_ssh Leveraging the BeyondCorp security model. "This January, we enhanced context-aware access capabilities in Cloud Identity-Aware Proxy (IAP) to help you protect SSH and RDP access to your virtual machines (VMs)-without needing to provide your VMs with public IP addresses, and without having to set up bastion hosts. " https://cloud.google.com/blog/products/identity-security/cloud-iap-enables-context-aware-access-to-vms-via-ssh-and-rdp-without-bastion-hosts

 

NEW QUESTION 70
Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires private address space communication. Which networking approach should you use?

• A. A Google Compute Engine instance with a VPN server installed connected to the data center network
• B. A NAT and TLS translation gateway installed on-premises
• C. Google Cloud Dedicated Interconnect
• D. Google Cloud VPN connected to the data center network

Answer: C

Explanation:
Google Cloud Dedicated Interconnect provides direct physical connections and RFC 1918 communication between your on-premises network and Google's network. Dedicated Interconnect enables you to transfer large amounts of data between networks, which can be more cost effective than purchasing additional bandwidth over the public Internet or using VPN tunnels.
Benefits:
Traffic between your on-premises network and your VPC network doesn't traverse the public
* Internet. Traffic traverses a dedicated connection with fewer hops, meaning there are less points of failure where traffic might get dropped or disrupted.
Your VPC network's internal (RFC 1918) IP addresses are directly accessible from your on-
* premises network. You don't need to use a NAT device or VPN tunnel to reach internal IP addresses. Currently, you can only reach internal IP addresses over a dedicated connection.
To reach Google external IP addresses, you must use a separate connection.
You can scale your connection to Google based on your needs. Connection capacity is
* delivered over one or more 10 Gbps Ethernet connections, with a maximum of eight connections (80 Gbps total per interconnect).
The cost of egress traffic from your VPC network to your on-premises network is reduced. A
* dedicated connection is generally the least expensive method if you have a high-volume of traffic to and from Google's network.
References: https://cloud.google.com/interconnect/docs/details/dedicated

 

NEW QUESTION 71
Your organization requires that metrics from all applications be retained for 5 years for future analysis in possible legal proceedings. Which approach should you use?

• A. Configure Stackdriver Monitoring for all Projects with the default retention policies.
• B. Grant the security team access to the logs in each Project.
• C. Configure Stackdriver Monitoring for all Projects, and export to Google Cloud Storage.
• D. Configure Stackdriver Monitoring for all Projects, and export to BigQuery.

Answer: C

Explanation:
Explanation: https://cloud.google.com/monitoring/api/v3/metrics

 

NEW QUESTION 72
For this question, refer to the Mountkirk Games case study. Which managed storage option meets Mountkirk's technical requirement for storing game activity in a time series database service?

• A. Cloud Datastore
• B. Cloud Bigtable
• C. BigQuery
• D. Cloud Spanner

Answer: B

 

NEW QUESTION 73
Your customer support tool logs all email and chat conversations to Cloud Bigtable for retention and analysis. What is the recommended approach for sanitizing this data of personally identifiable information or payment card information before initial storage?

• A. Use regular expressions to find and redact phone numbers, email addresses, and credit card numbers
• B. De-identify the data with the Cloud Data Loss Prevention API
• C. Hash all data using SHA256
• D. Encrypt all data using elliptic curve cryptography

Answer: B

Explanation:
https://cloud.google.com/solutions/pci-dss-compliance-
ingcp#using_data_loss_prevention_api_to_sanitize_data

 

NEW QUESTION 74
You set up an autoscaling instance group to serve web traffic for an upcoming launch. After configuring the instance group as a backend service to an HTTP(S) load balancer, you notice that virtual machine (VM) instances are being terminated and re-launched every minute. The instances do not have a public IP address. You have verified the appropriate web response is coming from each instance using the curl command. You want to ensure the backend is configured correctly. What should you do?

• A. Create a tag on each instance with the name of the load balancer. Configure a firewall rule with the name of the load balancer as the source and the instance tag as the destination.
• B. Assign a public IP to each instance and configure a firewall rule to allow the load balancer to reach the instance public IP.
• C. Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group.
• D. Ensure that a firewall rule exists to allow source traffic on HTTP/HTTPS to reach the load balancer.

Answer: C

Explanation:
https://cloud.google.com/vpc/docs/using-firewalls
The best practice when configuration a health check is to check health and serve traffic on the same port. However, it is possible to perform health checks on one port, but serve traffic on another. If you do use two different ports, ensure that firewall rules and services running on instances are configured appropriately. If you run health checks and serve traffic on the same port, but decide to switch ports at some point, be sure to update both the backend service and the health check.
Backend services that do not have a valid global forwarding rule referencing it will not be health checked and will have no health status.
References:
https://cloud.google.com/compute/docs/load-balancing/http/backend-service

 

NEW QUESTION 75
You are using a single Cloud SQL instance to serve your application from a specific zone. You want to introduce high availability. What should you do?

• A. Create a failover replica instance in the same region, but in a different zone
• B. Create a failover replica instance in a different region
• C. Create a read replica instance in a different region
• D. Create a read replica instance in the same region, but in a different zone

Answer: B

 

NEW QUESTION 76
Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform. Each tier (web, API, and database) scales independently of the others Network traffic should flow through the web to the API tier and then on to the database tier. Traffic should not flow between the web and the database tier. How should you configure the network?

• A. Add tags to each tier and set up firewall rules to allow the desired traffic flow.
• B. Add each tier to a different subnetwork.
• C. Set up software based firewalls on individual VMs.
• D. Add tags to each tier and set up routes to allow the desired traffic flow.

Answer: A

Explanation:
https://aws.amazon.com/blogs/aws/building-three-tier-architectures-with-security-groups/ Google Cloud Platform(GCP) enforces firewall rules through rules and tags. GCP rules and tags can be defined once and used across all regions.
References: https://cloud.google.com/docs/compare/openstack/
https://aws.amazon.com/it/blogs/aws/building-three-tier-architectures-with-security-groups/

 

NEW QUESTION 77
For this question, refer to the Mountkirk Games case study.
Mountkirk Games wants to set up a continuous delivery pipeline. Their architecture includes many small services that they want to be able to update and roll back quickly.
Mountkirk Games has the following requirements:
* Services are deployed redundantly across multiple regions in the US and Europe.
* Only frontend services are exposed on the public internet.
* They can provide a single frontend IP for their fleet of services.
* Deployment artifacts are immutable.
Which set of products should they use?

• A. Google Container Registry, Google Container Engine, Google HTTP(s) Load Balancer
• B. Google Cloud Storage, Google App Engine, Google Network Load Balancer
• C. Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine
• D. Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager

Answer: A

Explanation:
https://cloud.google.com/load-balancing/
https://cloud.google.com/solutions/ansible-with-spinnaker-tutorial
http://blog.armory.io/what-is-immutable-infrastructure/
https://cloud.google.com/compute/docs/load-balancing/http/

 

NEW QUESTION 78
For this question, refer to the Dress4Win case study.
At Dress4Win, an operations engineer wants to create a tow-cost solution to remotely archive copies of database backup files. The database files are compressed tar files stored in their current data center. How should he proceed?

• A. Create a cron script using gsutil to copy the files to a Regional Storage bucket.
• B. Create a cron script using gsutil to copy the files to a Coldline Storage bucket.
• C. Create a Cloud Storage Transfer Service job to copy the files to a Regional Storage bucket.
• D. Create a Cloud Storage Transfer Service Job to copy the files to a Coldline Storage bucket.

Answer: B

Explanation:
Reference:
Follow these rules of thumb when deciding whether to use gsutil or Storage Transfer Service:
When transferring data from an on-premises location, use gsutil.
When transferring data from another cloud storage provider, use Storage Transfer Service.
Otherwise, evaluate both tools with respect to your specific scenario.
Use this guidance as a starting point. The specific details of your transfer scenario will also help you determine which tool is more appropriate
https://cloud.google.com/storage-transfer/docs/overview

 

NEW QUESTION 79
Your company just finished a rapid lift and shift to Google Compute Engine for your compute needs. You have another 9 months to design and deploy a more cloud-native solution. Specifically, you want a system that is no-ops and auto-scaling. Which two compute products should you choose? Choose 2 answers

• A. Compute Engine with managed instance groups
• B. Compute Engine with custom instance types
• C. Google Kubernetes Engine with containers
• D. Compute Engine with containers
• E. Google App Engine Standard Environment

Answer: C,E

Explanation:
B: With Container Engine, Google will automatically deploy your cluster for you, update, patch, secure the nodes.
Kubernetes Engine's cluster autoscaler automatically resizes clusters based on the demands of the workloads you want to run.
C: Solutions like Datastore, BigQuery, AppEngine, etc are truly NoOps.
App Engine by default scales the number of instances running up and down to match the load, thus providing consistent performance for your app at all times while minimizing idle instances and thus reducing cost.
Note: At a high level, NoOps means that there is no infrastructure to build out and manage during usage of the platform. Typically, the compromise you make with NoOps is that you lose control of the underlying infrastructure.

 

NEW QUESTION 80
......

Dumps of Professional-Cloud-Architect Cover all the requirements of the Real Exam: https://interfacett.braindumpquiz.com/Professional-Cloud-Architect-exam-material.html