Google Exam Practice Questions - Page 38

Google Practice Questions, Discussions & Exam Topics by our Authors

You want to create a private connection between your instances on Compute Engine and your on-premises data center. You require a connection of at least 20 Gbps. You want to...

To create a private connection between your Compute Engine instances and your on-premises data center with at least 20 Gbps of bandwidth, let's evaluate each option in detail: A) Create a VPC and connect it to your on-premises data center using Dedicated Interconnect - Pros: This is the recommended solution for establishing high-bandwidth, private connections between Google Cloud and on-premises infrastructure. Dedicated Interconnect supports bandwidths ranging from 10 Gbps to 100 Gbps, which meets your requirement of at least 20 Gbps. It provides a direct, private, and reliable connection with low latency, ensuring high performance. - Cons: Dedicated Interconnect requires the setup of physical infrastructure, such as dedicated links, and can be more complex to implement compared to other options. - Scenario for Use: This is the best choice for environments where high throughput and reliable performance are critical. It is ideal for enterprises or businesses needing to integrate on-premises systems with Google Cloud in a secure and efficient manner. - Selected Reason: This option meets both the bandwidth requirement (20+ Gbps) and Google’s best practices for establishing private, high-performance connections. B) Create a VPC and connect it to your on-premises data center using a single Cloud VPN - Pros: Cloud VPN provides secure connections over the public internet, with relatively straightforward setup. - Cons: Cloud VPN typically offers much lower throughput compared to Dedicated Interconnect. While Cloud VPN can scale up to 3 Gbps per tunnel, it doesn't meet the requirement of at least 20 Gbps. Also, performance is affected by the public internet, leading to potential instability or higher latencies. - Scenario for Use: Cloud VPN is suitable for low to medium bandwidth scenarios or for cases where high security and encryption over the public internet are needed, but it is not suitable for high-performance, high-bandwidth requirements like this one. - Rejected Reason: Does not meet the required bandwidth of 20 Gbps and is generally less reliable for high-throughput scenarios. C) Create a Cloud Content Delivery Network (Cloud CDN) and connect it to your o...

Author: Isabella · Last updated May 10, 2026

You are analyzing and defining business processes to support your startup's trial usage of GCP, and you don't yet know what consumer demand for your product will be. Your manager requires you to...

To define the best approach for minimizing GCP service costs while adhering to Google best practices, you should consider the startup's trial usage and uncertain consumer demand. Here’s an analysis of each option: A) Utilize free tier and sustained use discounts. Provision a staff position for service cost management. - Reasoning: The free tier provides a limited amount of free resources for certain GCP services, which is great for testing and trial usage. Sustained use discounts apply when services are used for a long duration, offering automatic discounts for compute resources. - Why Rejected: Provisioning a staff position specifically for service cost management can be an unnecessary expense for a startup in the trial phase. It could also lead to inefficiencies or delays when the team's main focus should be on product development and early testing. The cost management can likely be handled more effectively by providing the team with the right training. B) Utilize free tier and sustained use discounts. Provide training to the team about service cost management. - Reasoning: The free tier and sustained use discounts will help minimize costs during the trial phase as you scale up. Providing training to the team on how to manage and monitor service costs helps ensure the team can use resources efficiently, take advantage of discounts, and avoid overprovisioning. - Why Selected: This option offers a balanced approach by utilizing available discounts while empowering the team with the knowledge to manage costs. It is an efficient way to avoid additional overhead while keeping costs down without sacrificing the ability to scale based on demand. ...

Author: Kai · Last updated May 10, 2026

You are building a continuous deployment pipeline for a project stored in a Git source repository and want to ensure that code changes can be...

To build a continuous deployment pipeline that ensures code changes are verified before deploying to production, you need to implement a process that both tests the changes and gradually deploys them while maintaining the ability to rollback in case of issues. Let's evaluate each option: A) Use Spinnaker to deploy builds to production using the red/black deployment strategy so that changes can easily be rolled back. - Reasoning: The red/black deployment strategy (also known as blue/green deployment) involves deploying the new version of the application alongside the old version and then switching traffic to the new version once it's verified to be stable. This approach allows for easy rollback in case of failure. - Why Rejected: While Spinnaker and the red/black deployment strategy are excellent for managing production deployments and rollbacks, this option doesn't explicitly mention the verification (testing) step before deployment, which is crucial in your scenario. It's more about deployment strategy than the testing and verification of the code changes before deployment. B) Use Spinnaker to deploy builds to production and run tests on production deployments. - Reasoning: Running tests on production deployments could help identify issues after the deployment has gone live, but it’s not the best approach for verifying code changes before deploying to production. This would delay detecting issues and could potentially affect users in the production environment. - Why Rejected: Testing in production after deployment is risky, especially if the tests could affect production users. It's always better to test in a staging environment that mimics production before pushing changes to live users. Also, it doesn't meet the requirement of ensuring verification before deployment. ...

Author: Oscar · Last updated May 10, 2026

You have an outage in your Compute Engine managed instance group: all instances keep restarting after 5 seconds. You have a health check configured, but autoscaling is disabled. Your colleague, who is a Linux expert, offer...

To grant your colleague access to the VMs, we need to focus on providing SSH access. Let's go over the options: A) Grant your colleague the IAM role of project Viewer: - Granting the Project Viewer role would give your colleague read-only access to resources in the project, but not the ability to directly interact with instances via SSH. This doesn't help in solving the issue because SSH access requires a different set of permissions. - Rejected: This option doesn't grant SSH access. B) Perform a rolling restart on the instance group: - Performing a rolling restart would trigger a restart of the instances in the managed instance group, but it does not address the underlying issue or grant access to your colleague. In fact, since all instances are restarting due to a failure, a rolling restart might cause further instability. - Rejected: This option does not address the core issue and would not help your colleague access the instances. C) Disable the health check for the instance group. Add his SSH key to the project-wide SSH Keys: - Disabling the health check may prevent the instances from being marked unhealthy, which could stop the restarts. However, this does not directly address your colleague...

Author: Zara · Last updated May 10, 2026

Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Google Kubernetes Engine (GKE) for workload orchestration. Parts of your ar...

Let's evaluate each option based on your requirements to integrate Google Kubernetes Engine (GKE) and meet PCI DSS compliance: A) App Engine is the only compute platform on GCP that is certified for PCI DSS hosting. - Incorrect. While App Engine is a fully managed platform that can be used for building PCI DSS-compliant applications, it is not the only compute platform on Google Cloud that can be used for PCI DSS hosting. Other services like GKE (with appropriate configuration) can also be used in a PCI DSS-compliant way. - Rejected: This option is misleading because it limits compliance to a single service, ignoring GKE's potential with the right setup. B) GKE cannot be used under PCI DSS because it is considered shared hosting. - Incorrect. GKE can be used for PCI DSS-compliant workloads if configured properly. While it is a shared environment, GKE offers features like private clusters, custom VPCs, and the ability to control the underlying infrastructure, allowing you to meet the requirements of PCI DSS. Therefore, it is not true that GKE is excluded from PCI DSS compliance. - Rejected: This option is incorrect because GKE can be configured to meet PCI DSS requirements. C) GKE and GCP provide the tools you need to build a PCI DSS-compliant environment. - Correct. Google Kubernetes Engine (GKE) can be used in conjunction ...

Author: Grace · Last updated May 10, 2026

Your company has multiple on-premises systems that serve as sources for reporting. The data has not been maintained well and has become degraded over time. You want to use Google-reco...

Let's evaluate the options for detecting anomalies and cleaning the degraded data using Google-recommended practices: A) Upload your files into Cloud Storage. Use Cloud Datalab to explore and clean your data. - Incorrect. Cloud Datalab is a powerful tool for data exploration and analysis, but it is not specifically designed for data cleaning, especially at scale. It requires a more manual approach and might not be the most efficient tool for cleaning large or degraded datasets. It's more suited for exploratory data analysis and visualization. - Rejected: Although it can be used for exploration, it isn't optimal for cleaning and anomaly detection in this scenario. B) Upload your files into Cloud Storage. Use Cloud Dataprep to explore and clean your data. - Correct. Cloud Dataprep is designed specifically for data cleaning, transformation, and preparation. It provides a visual interface to explore, clean, and transform data without needing to write complex code. It also integrates well with data stored in Cloud Storage. For detecting anomalies in degraded data, Cloud Dataprep can help you clean and normalize the data effectively. Additionally, it has machine learning and anomaly detection features that can assist in identifying irregularities in data. - Selected: This is the best option because Cloud Dataprep is built for the task of cleaning and preparing degraded data, and it offers an intuitive interface for this process. C) Connect Cloud Datalab to your on-premises systems. Use Cloud D...

Author: Rahul · Last updated May 10, 2026

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these differe...

Let's evaluate each option based on how Google Cloud Identity and Access Management (IAM) policies work in the hierarchical structure of organizations, folders, and projects. A) The effective policy is determined only by the policy set at the node. - Incorrect. IAM policies are inherited from parent nodes (e.g., from the organization to folders to projects). This option ignores the inheritance of policies from ancestor nodes, which is crucial to how IAM works in Google Cloud. The policy at the node can be overridden or supplemented by policies set at higher levels. - Rejected: This is incorrect because IAM policies inherit from parent levels. B) The effective policy is the policy set at the node and restricted by the policies of its ancestors. - Incorrect. This statement partially captures the relationship, but it is not fully accurate. While policies can be restricted by ancestors, the policy at the node is not simply “restricted” by its ancestors. Instead, policies can be inherited and combined with the node’s specific policies. - Rejected: It is not about restricting but about the union of policies (see below). C) The effective policy is the union of the policy set at the node and policies inherited from its ancestors. - Correct. IAM policies are evaluat...

Author: IceDragon2023 · Last updated May 10, 2026

You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google Cloud until the migration is completed. You want to make sure all your on-pr...

When setting up a Cloud VPN to maintain a connection between your on-premises systems and Google Cloud during migration, it’s critical to ensure there are no IP conflicts between your on-premises systems and your Google Cloud network. Let’s evaluate each option in terms of maintaining reachability and avoiding IP conflicts: A) Use the same IP range on Google Cloud as you use on-premises. - Incorrect. If you use the same IP range on Google Cloud as on-premises, you will have a IP address overlap. This means that routing between the on-premises systems and Google Cloud will not work correctly, as both networks would have conflicting IP addresses. This would prevent proper communication. - Rejected: This option is not feasible because of IP address conflicts. B) Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use a secondary range that does not overlap with the range you use on-premises. - Incorrect. While you can use a secondary range that doesn’t overlap with your on-premises network, the primary IP range being the same as the on-premises IP range would still create conflict in the routing between your on-premises systems and Google Cloud. Having a conflicting primary range undermines the connection. - Rejected: This approach would still result in an IP conflict in the primary IP range. C) Use an IP range on Google Cloud that does not overlap with the range yo...

Author: StarryEagle42 · Last updated May 10, 2026

You have found an error in your App Engine application caused by missing Cloud Datastore indexes. You have created a YAML file with the required indexes and wan...

To deploy new Cloud Datastore indexes to your application, the most suitable approach should be based on the steps that directly deploy the configuration file to the Cloud Datastore service, and this should be done in an efficient and straightforward way. Let's review the options: Option A: Point gcloud datastore create-indexes to your configuration file This option is the most straightforward and direct way to deploy new Datastore indexes. You use the `gcloud` command to apply your configuration file with the necessary indexes. The command directly takes your YAML file and uploads the indexes to Datastore. It is a common and standard method to apply new Datastore index configurations. - Why selected: It directly addresses the task by using the `gcloud` command to create the indexes based on the YAML file. Option B: Upload the configuration file to App Engine's default Cloud Storage bucket, and have App Engine detect the new indexes This is an incorrect approach because App Engine does not automatically detect or apply Datastore index configurations when uploaded to the Cloud Storage bucket. You still need to deploy the indexes via proper commands like `gcloud`. Uploading the file to Cloud Storage doesn't trigger automatic application of Datastore indexes. - Rejected: This method relies on App Engine's non-existent automatic handling of Datastore index configura...

Author: Suresh · Last updated May 10, 2026

You have an application that will run on Compute Engine. You need to design an architecture that takes into account a disaster recovery plan that requires your application to f...

When designing an architecture that accounts for disaster recovery with regional failover, the solution should provide high availability, seamless failover, and minimal downtime in case of a regional outage. Let's evaluate each option: Option A: Deploy the application on two Compute Engine instances in the same project but in a different region. Use the first instance to serve traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster. - Explanation: This option deploys the application in two regions, ensuring that there is a backup instance ready to take over in case of a failure in the primary region. By using HTTP load balancing, traffic can be automatically directed to the backup instance when needed. - Why rejected: This solution is almost correct but is slightly less flexible since both instances are in the same project. While it can work, using separate instance groups and managing more complex failover handling across regions in the same project may introduce limitations for scaling or failover flexibility. - Scenario: This approach works for basic failover scenarios but could benefit from more robust management, particularly when it comes to auto-scaling and resource management across regions. Option B: Deploy the application on a Compute Engine instance. Use the instance to serve traffic, and use the HTTP load balancing service to fail over to an instance on your premises in case of a disaster. - Explanation: Here, one instance is deployed on Compute Engine, and traffic is routed to an on-premises server in the event of a disaster. - Why rejected: This option introduces complexity and reliability concerns, as it relies on on-premises infrastructure for disaster recovery. In addition, there would be challenges in terms of network latency, failover reliability, and ensuring the on-premises server can scale or handle cloud-native traffic demands effectively. - Scenario: This might be used in hybrid cloud scenarios, but it is not the ideal solution for cloud-native disaster recovery, where cloud-based failover would be more seamless and reliable. Option C: Deploy the application on two Compute Engine instance groups, each in the same project but in a different r...

Author: Vivaan · Last updated May 10, 2026

You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must...

When integrating an application deployed on Google Cloud's App Engine with an on-premises database, the goal is to ensure security and prevent direct access from the public internet. The best approach is to create a secure, private connection between the App Engine application and the on-premises database. Let's review the available options: Option A: Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database. - Explanation: App Engine standard environments are designed to run stateless applications, but they do not provide full network connectivity options to private on-premises systems. App Engine firewall rules would allow you to restrict access to your application but wouldn't provide a secure private connection to the on-premises database. Additionally, App Engine standard environments lack the networking features required for secure private communication with on-premises resources. - Why rejected: This option doesn’t provide a secure and private network connection, which is essential when dealing with sensitive on-premises databases. App Engine firewall rules alone cannot secure the private connection between App Engine and the database. Option B: Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the on-premises database. - Explanation: Cloud VPN enables secure communication between your Google Cloud environment and your on-premises infrastructure. However, App Engine standard environments do not support the use of Cloud VPN directly due to their lack of support for custom networking features like VPC (Virtual Private Cloud) peering, which Cloud VPN requires. - Why rejected: App Engine standard environment does not allow the custom networking configurations required to use Cloud VPN. The absence of VPC support makes it difficult to connect securely to an on-premises database through a VPN. ...

Author: Ravi Patel · Last updated May 10, 2026

You are working in a highly secured environment where public Internet access from the Compute Engine VMs is not allowed. You do not yet have a VPN connection to access an on-premises file server. You need to in...

When working in a highly secured environment where the Compute Engine VMs do not have access to the public internet, the key is to find a way to download and install the necessary software in a secure manner without violating any security policies. Let's evaluate the options: Option A: Upload the required installation files to Cloud Storage. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gsutil. - Explanation: This option is feasible because Private Google Access allows the VM to access Google Cloud services, including Cloud Storage, over a private network without requiring public internet access. The `gsutil` command is used to download files from Cloud Storage, and since the VM only has an internal IP, this ensures it remains isolated from the public internet. - Why selected: This is the optimal solution because it maintains the required security restrictions (no public internet access) while allowing the VM to access Cloud Storage through a private network. This setup does not require additional configuration beyond setting up Cloud Storage and Private Google Access. Option B: Upload the required installation files to Cloud Storage and use firewall rules to block all traffic except the IP address range for Cloud Storage. Download the files to the VM using gsutil. - Explanation: While firewall rules can limit traffic, this solution introduces unnecessary complexity. Private Google Access (used in Option A) is a simpler, more secure way to allow the VM to access Google Cloud services without opening it to the public internet. Relying on firewall rules to restrict access to Cloud Storage might work but requires manual management of IP address ranges, which can become complex and prone to errors. - Why rejected: This option introduces more manual work in managing firewall rules and does not leverage the simpler and more effective Priva...

Author: Joseph · Last updated May 10, 2026

Your company is moving 75 TB of data into Google Cloud. You want to use Cloud Storage and follow Googl...

When moving large volumes of data like 75 TB into Google Cloud, it’s crucial to choose a method that aligns with best practices for efficiency, scalability, and security. Let's evaluate each of the options: Option A: Move your data onto a Transfer Appliance. Use a Transfer Appliance Rehydrator to decrypt the data into Cloud Storage. - Explanation: Google’s Transfer Appliance is a physical device that can be used to move large amounts of data into Google Cloud Storage. The appliance is suitable for scenarios where large datasets are being migrated and network transfer isn't feasible due to bandwidth limitations. The Transfer Appliance Rehydrator helps decrypt the data if necessary, but it’s typically used for highly secure and encrypted data. - Why selected: Transfer Appliance is an ideal solution for migrating large datasets like 75 TB to Google Cloud, especially if there are bandwidth constraints. It allows for physical data migration to Cloud Storage and is a recommended method for large-scale data transfers. - Scenario: This option is best suited for situations where transferring over the internet is not practical or would take an impractical amount of time due to bandwidth limitations. Option B: Move your data onto a Transfer Appliance. Use Cloud Dataprep to decrypt the data into Cloud Storage. - Explanation: Cloud Dataprep is a tool for data preparation and cleaning, but it's not typically used for handling raw data migration. It's more suited for transforming and cleansing data once it’s already in Google Cloud. Using Dataprep for decryption in this context is unnecessary and not the recommended tool for simply moving large datasets. - Why rejected: Cloud Dataprep is not designed for basic data migration, especially large data like 75 TB. It’s better suited for data processing and preparation, not data transfer or decryption during migration. - Scenario: This could be useful for processing or preparing data once it's already in Cloud Storage, but not during the transfer phase. Option C: Install gsutil on each server that contains data. Use resum...

Author: Amelia · Last updated May 10, 2026

You have an application deployed on Google Kubernetes Engine using a Deployment named echo-deployment. The deployment is exposed using a Service called echo-service. You need to perform an upda...

To perform an update to your application with minimal downtime, you need to ensure that the Kubernetes Deployment performs a rolling update. Here's an analysis of each option: A) Use kubectl set image deployment/echo-deployment <new-image> - Reasoning: The `kubectl set image` command updates the container image of the deployment in place. Kubernetes will automatically perform a rolling update to ensure that some pods are always available while the update takes place, thus ensuring minimal downtime. This method works efficiently for updating container images without needing to recreate the deployment. It is the preferred method for performing image updates in Kubernetes. - Why others are rejected: - Option B: The rolling update functionality of the Instance Group is relevant to VM instances but not to the Kubernetes Deployment itself. The Kubernetes Deployment controller is responsible for managing rolling updates for Pods, not the instance group...

Author: Aarav · Last updated May 10, 2026

Your company is using BigQuery as its enterprise data warehouse. Data is distributed over several Google Cloud projects. All queries on BigQuery need to be billed on a single project. You want to make sure that no query costs are incurred on the projects that contain th...

To achieve the desired setup, let's break down the requirements and analyze each option: Requirements: 1. Single billing project: All queries need to be billed on a single project (the billing project). 2. Users should be able to query but not edit: Users should have read-only access to datasets and should be able to query, but should not have permissions to modify the data. Key Roles: - BigQuery User: This role allows users to run queries and use BigQuery jobs. - BigQuery DataViewer: This is a read-only role that allows users to view datasets but not edit or modify them. - BigQuery JobUser: This role allows users to run BigQuery jobs, which is necessary for running queries. Let's evaluate the options: A) Add all users to a group. Grant the group the role of BigQuery user on the billing project and BigQuery dataViewer on the projects that contain the data. - Reasoning: Granting BigQuery User on the billing project allows users to run queries and incur costs on that project. Granting BigQuery DataViewer on the data-containing projects ensures users can view the datasets, but not modify them. - Why this is correct: This configuration satisfies the requirement to direct the billing to the billing project while giving users read-only access to the data. The BigQuery User role on the billing project allows users to run queries and incur costs there, while BigQuery DataViewer grants them read-only access to the datasets in the data-containing projects. B) Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery user on the projects that contain the data. - Reasoning: Granting BigQuery DataViewer on the billing project does not allow users to execute queries, so ...

Author: Aditya · Last updated May 10, 2026

You have developed an application using Cloud ML Engine that recognizes famous paintings from uploaded images. You want to test the application and allow specific people to upload images for the next ...

Let's evaluate the options based on your requirements: you want specific people to upload images for the next 24 hours, and not all users have a Google Account. Key Factors: 1. Image uploads: Users need a method to upload images to Cloud Storage. 2. Limited access period: The upload should be available for only 24 hours. 3. Users without Google accounts: Users may not have a Google account, so authentication methods that require Google accounts are not ideal. 4. Security: The method must ensure that only authorized users can upload images. Option Breakdown: A) Have users upload the images to Cloud Storage. Protect the bucket with a password that expires after 24 hours. - Reasoning: Cloud Storage doesn’t natively support password protection for buckets, and it’s not a recommended or secure method. A password-based access mechanism for Cloud Storage is not available in Google Cloud's native tooling. - Why this is rejected: There’s no direct way to "password-protect" a Cloud Storage bucket in the way described here. It would also not be as secure as other methods, and managing passwords manually might lead to potential issues. B) Have users upload the images to Cloud Storage using a signed URL that expires after 24 hours. - Reasoning: This is a great solution. A signed URL allows users to upload images to Cloud Storage without requiring Google accounts. You can generate a URL with permissions to upload to the bucket, and it will automatically expire after a set time (24 hours in this case). This ensures that only authorized users can upload images, and the URL e...

Author: VenomousSerpent42 · Last updated May 10, 2026

Your web application must comply with the requirements of the European Union's General Data Protection Regulation (GDPR). You are responsible for the t...

To ensure your web application complies with the European Union's General Data Protection Regulation (GDPR), you need to focus on the broader aspects of compliance, which go beyond specific configurations or tools. Let's evaluate each option: Key Factors: 1. GDPR Overview: GDPR is primarily concerned with data privacy, user consent, data handling, and the rights of users, such as the right to erasure (right to be forgotten) and data portability. 2. Compliance Scope: GDPR compliance is not just about using compliant services but also about the design, processing, and storage of personal data. 3. Cloud Platform Considerations: While Google Cloud can help facilitate compliance, you are ultimately responsible for ensuring your web application meets all legal and regulatory requirements. Option Breakdown: A) Ensure that your web application only uses native features and services of Google Cloud Platform, because Google already has various certifications and provides GDPR compliance when you use native features. - Reasoning: Google Cloud Platform (GCP) indeed provides many certifications and services that comply with GDPR standards, but this alone does not guarantee full compliance for your web application. While GCP helps, you must ensure your application’s specific handling of personal data aligns with GDPR principles, such as data processing, consent, and security. - Why this is rejected: Solely relying on Google Cloud’s certifications is not enough to ensure GDPR compliance. You need to implement specific measures for how your web application processes, stores, and manages personal data. B) Enable the relevant GDPR compliance setting within the GCP Console for each of the services in use within your application. - Reasoning: Some GCP services provide settings to help with compliance, such as data storage location selection (e.g., ensuring data stays within the EU), but GDPR compliance is not fully ensured by just enabling settings. Compliance also requires business processes and legal obligations, like obtaining user consent, handling data...

Author: Andrew · Last updated May 10, 2026

You need to set up Microsoft SQL Server on GCP. Management requires that there's no downtime in case of a data center outage in an...

To ensure that Microsoft SQL Server remains operational without downtime in the event of a data center outage within any of the zones of a GCP region, we need to carefully consider the options available for high availability and fault tolerance. Let's evaluate each option: Key Factors: 1. High Availability: Ensuring no downtime means the solution must be resilient to zone outages. 2. No Downtime: The solution must automatically failover to another zone or region to ensure continuous availability. 3. SQL Server Setup: We need to choose the most suitable setup for SQL Server that provides high availability and can withstand data center outages in any zone. Option Breakdown: A) Configure a Cloud SQL instance with high availability enabled. - Reasoning: Cloud SQL offers high availability using a regional instance configuration that automatically replicates the database between two zones within the same region. This setup ensures that if one zone fails, the database can automatically failover to the other zone with minimal disruption. - Why this is selected: Cloud SQL with high availability (HA) enabled provides a managed, fault-tolerant solution without the need to manually configure failover, replication, or clustering. It ensures that the SQL Server instance is protected against zone outages, making it a simple and reliable choice for achieving no downtime in the event of a data center failure. B) Configure a Cloud Spanner instance with a regional instance configuration. - Reasoning: Cloud Spanner is a fully managed, scalable relational database that offers high availability and can be configured for multi-region or regional deployments. However, it is not designed specifically for SQL Server, and using it as a replacement would involve changing the database platform. Since the requirement is to set up Microsoft SQL Server, this is not suitable. - Why this is rejected: Cloud Spanner is not designed for SQL Server workloads, and the solution involves switching to a different database platform altogether. This would require additional effort and may no...

Author: SilverBear · Last updated May 10, 2026

The development team has provided you with a Kubernetes Deployment file. You have no infrastructure yet and nee...

To deploy the application, let’s assess the options: Option A: Use gcloud to create a Kubernetes cluster. Use Deployment Manager to create the deployment. - gcloud can be used to create a Kubernetes cluster on Google Cloud, which is correct. - Deployment Manager is designed for managing infrastructure resources on Google Cloud, such as VM instances, networking, and storage, but it’s not meant for Kubernetes deployments. It lacks Kubernetes-specific functionality like handling Pods or Deployments, which are managed by Kubernetes itself. Hence, using Deployment Manager for the Kubernetes Deployment is not the right choice. Rejected because: Deployment Manager isn't designed to manage Kubernetes workloads directly. Option B: Use gcloud to create a Kubernetes cluster. Use kubectl to create the deployment. - gcloud can create the Kubernetes cluster, and this is correct. - kubectl is the right tool to interact with the Kubernetes cluster. It allows you to apply Kubernetes YAML files (like the Deployment file) and manage the deployment process. Selected option because: This option uses the correct tools for both creating the cluster (gcloud...

Author: FrozenWolf2022 · Last updated May 10, 2026

You need to evaluate your team readiness for a new GCP project. You must perform the evaluation and create a skills gap plan which incorporates the business goal of cost optimization. Y...

Let's analyze each option in terms of evaluating the team's readiness and aligning it with business goals, particularly cost optimization: Option A: Allocate budget for team training. Set a deadline for the new GCP project. - Allocate budget for training is a great approach to improve the team’s skill set and ensure they can handle future projects. - Set a deadline for the project: While having deadlines is important for project management, it doesn’t directly evaluate the team’s readiness. If the team isn't fully prepared, rushing a project can lead to inefficiencies and higher costs. This approach overlooks ensuring the team's ability to execute the project optimally. Rejected because: This option focuses more on time constraints rather than evaluating the team's readiness in a structured manner. Additionally, it doesn’t directly incorporate a structured training path or certification. Option B: Allocate budget for team training. Create a roadmap for your team to achieve Google Cloud certification based on job role. - Allocate budget for team training aligns well with improving the team's skills. - Create a roadmap for achieving Google Cloud certification based on job roles is an effective approach because certifications provide a structured learning path. It ensures that each team member's development aligns with their responsibilities and strengthens their expertise in key areas. - Focusing on Google Cloud certification directly supports cost optimization because a well-trained team can implement solutions more efficiently and reduce the need for external help or mistakes. Selected option because: This option provides a comprehensive approach to evaluate readiness through structured training and certifications. It alig...

Author: Rohan · Last updated May 10, 2026

You are designing an application for use only during business hours. For the minimum viable product release, you'd like to use a managed product that automatically `scales to zero` so you don't incu...

Let's assess each option based on the requirement of automatically scaling to zero and minimizing costs when there is no activity: Option A: Cloud Functions - Cloud Functions is a serverless compute service that scales automatically based on the number of incoming requests. If there are no requests, Cloud Functions scales to zero, meaning you don’t incur any costs. This fits perfectly with the requirement of only running during business hours and minimizing costs when idle. - Use case: Ideal for event-driven applications that are triggered by HTTP requests, Pub/Sub messages, etc. It automatically handles scaling based on demand. Selected option because: Cloud Functions is designed for event-driven, low-cost scenarios where scaling to zero is essential. It is the most cost-effective choice when the application only runs during specific times or when there's no activity. Option B: Compute Engine - Compute Engine provides virtual machines (VMs), which need to be explicitly shut down to stop incurring costs. While you can schedule VM shutdowns, Compute Engine doesn’t automatically scale to zero; you need to manage the scaling and stop/start processes manually. - Use case: Useful for applications that need full control over the virtual machine environment but doesn't meet the requirement of automatic scaling to zero for cost savings. Rejected because: Compute Engine requires manual intervention to scale down to zero and doesn’t scale automatically based on demand, which conflicts with the need for minimizing costs when idle. Option C: Google Kubernetes Engine (GKE) - Google Kubernetes Engine is a managed Kubernetes service, and while Ku...

Author: FrozenWolf2022 · Last updated May 10, 2026

You are creating an App Engine application that uses Cloud Datastore as its persistence layer. You need to retrieve several root entities for which you have the identifiers. You want to min...

Let's assess each option based on minimizing the overhead of operations performed by Cloud Datastore when retrieving multiple root entities based on their identifiers: Option A: Create the Key object for each Entity and run a batch get operation - Batch get operation is the ideal choice for efficiently retrieving multiple entities using their keys. Cloud Datastore supports batch operations that allow you to fetch multiple entities in a single API call. - This option reduces overhead because you’re executing one operation for multiple entities, minimizing the number of network round-trips and optimizing resource usage. - Use case: When you need to retrieve several entities by their keys (which are provided), a batch get operation is optimal as it retrieves all the entities in a single operation. Selected option because: Batch get operations are designed specifically to minimize the overhead when retrieving multiple entities by their keys, making it the most efficient choice in this case. Option B: Create the Key object for each Entity and run multiple get operations, one operation for each entity - Multiple get operations mean performing one operation per entity. This incurs overhead due to the increased number of requests (network round-trips) to the Datastore API. Each individual request will require extra time and resources, leading to inefficiency. - Use case: This would be more suitable if you were retrieving entities under different conditions or if the entities had different query needs, but in the case of simply retrieving by identifiers, this is inefficient. Rejected because: This approach increases the overhead due to multiple network calls, which is not optimal when you can retrieve multiple entities in a single batch operation. Option C: Use the identifiers to create ...

Author: CrimsonViperX · Last updated May 10, 2026

You need to upload files from your on-premises environment to Cloud Storage. You want the files to be encrypted on Cloud Storage usi...

Let's evaluate the options based on uploading files to Cloud Storage while ensuring customer-supplied encryption keys (CSEK) are used for encryption. Option A: Supply the encryption key in a .boto configuration file. Use gsutil to upload the files. - .boto configuration file is used by the `gsutil` tool to configure various settings, including access and encryption options. However, customer-supplied encryption keys are typically specified as part of the command line or in bucket creation settings, rather than being part of the `.boto` configuration file for uploading files. - Use case: This method is not optimal for dynamically supplying the encryption key when uploading individual files as it’s not the standard method for applying encryption during upload. Rejected because: Using the `.boto` file for supplying the encryption key isn’t a recommended or typical approach for customer-supplied encryption keys. Option B: Supply the encryption key using gcloud config. Use gsutil to upload the files to that bucket. - gcloud config is typically used to configure Google Cloud CLI preferences, such as authentication and region settings. It doesn't directly apply to customer-supplied encryption keys for Cloud Storage uploads. The encryption key needs to be supplied during the upload process via the correct flag. - Use case: This option doesn't fit the scenario of supplying customer-supplied encryption keys during upload. Rejected because: gcloud config is not designed for supplying encryption keys for file uploads to Cloud Storage. Option C: Use gsutil to upload the files, and use the flag `--encryption-key` to supply the encryption key. - `...

Author: Leah Davis · Last updated May 10, 2026

Your customer wants to capture multiple GBs of aggregate real-time key performance indicators (KPIs) from their game servers running on Google Cloud Platform and...

To capture multiple GBs of aggregate real-time KPIs from game servers on Google Cloud Platform with low latency, we must prioritize a solution that enables high throughput, fast data ingestion, and minimal delays in monitoring. Option A: Store time-series data in Google Bigtable, and view it using Google Data Studio - Bigtable is a scalable NoSQL database designed for high-throughput, low-latency operations. It's a great fit for time-series data such as KPIs from game servers. However, Google Data Studio isn't optimal for real-time monitoring of Bigtable data. It is primarily used for visualization and is not suited for high-frequency, low-latency monitoring. Option B: Output custom metrics to Stackdriver (now Google Cloud Operations Suite), and create a Dashboard in Stackdriver Monitoring Console - Stackdriver (Google Cloud Operations Suite) is a managed solution designed specifically for monitoring and observing infrastructure, services, and applications in real time. It supports real-time data collection and visualization, making it ideal for aggregating and monitoring KPIs. This solution provides low-latency insights, is highly scalable, and integrates seamlessly with various Google Cloud services. It's the best fit for real-time KPI tracking. Option C: Schedule BigQ...

Author: Julian · Last updated May 10, 2026

You have a Python web application with many dependencies that requires 0.1 CPU cores and 128 MB of memory to operate in production. You want to monitor and maximize machine utilization. You also want ...

To maximize machine utilization and reliably deploy new versions of a Python web application with minimal resource requirements (0.1 CPU cores and 128 MB memory), we must consider scalability, efficient resource usage, and deployment reliability. Let’s analyze each option based on these factors. Option A: Managed Instance Group with f1-micro machines, startup script for app deployment - f1-micro machines have very limited resources (0.2 vCPU and 0.6 GB of memory). While the app requires only 0.1 vCPU and 128 MB of memory, using f1-micro might be an over-provisioning in terms of CPU, but it could still work for small workloads. However, this setup doesn’t offer an efficient, scalable solution, as f1-micro instances don’t scale well and are not ideal for maximizing machine utilization. The use of a startup script for each deployment introduces risk and lack of automation, making the deployment process less reliable and prone to failures during updates. Rejected because: The approach lacks automation in deployment, and f1-micro machines are suboptimal for scaling and performance. Option B: Managed Instance Group with n1-standard-1 machines and Compute Engine images - n1-standard-1 machines are much more powerful than required for the web application (1 vCPU, 3.75 GB of memory). This leads to under-utilization of resources and higher costs than necessary. Using Compute Engine images allows for reliable deployments but doesn’t provide the fine-grained control and flexibility offered by containerized solutions. It also doesn't help maximize machine utilization and would require manual intervention for rebuilding the image and updating the instance template. Rejected because: It results in higher resource usage (over-provisioning) and manual image rebuilding for updates, which is not as efficient as modern container-based deployments. Option C: GKE Cluster with n1-standard-1 machines, Dock...

Author: FlamePhoenix2025 · Last updated May 10, 2026

Your company wants to start using Google Cloud resources but wants to retain their on-premises Active Directory domain con...

To integrate Google Cloud resources with your on-premises Active Directory (AD) domain controller while retaining AD as the identity management system, we need to look at options that allow both seamless identity integration and effective use of AD without unnecessarily replicating or migrating all data to Google Cloud. Let's evaluate each option: Option A: Use the Admin Directory API to authenticate against the Active Directory domain controller - The Admin Directory API is typically used for managing Google Workspace (formerly G Suite) accounts and directories, not for authenticating against an on-premises Active Directory domain controller. This option would not be suitable for integrating on-prem AD with Google Cloud for identity management, as it is not designed to directly connect to an AD domain controller. Rejected because: The Admin Directory API is designed for managing Google Cloud identities, not for integrating on-prem AD as an identity provider. Option B: Use Google Cloud Directory Sync (GCDS) to synchronize Active Directory usernames with cloud identities and configure SAML SSO - Google Cloud Directory Sync (GCDS) can synchronize Active Directory usernames with Google Cloud identities, allowing users to use the same credentials to access both on-premises and cloud resources. Additionally, by configuring SAML SSO, users can authenticate to both Google Cloud services and other systems via the same Active Directory credentials. This solution enables seamless integration between on-prem AD and Google Cloud, without the need to migrate all identities or replace the identity management system. Selected because: It provides easy synchronization between on-prem AD and Google Cloud and supports SSO, which is essential for organizations wishing to retain their on-prem AD while leveraging Google Cloud resources. Option C: Use Cloud Identity-Aware Proxy configured to use the on-premises Active Directory domain controller as an identity provider - Cloud Identity-Aware Proxy (IAP) is a powerful too...

Author: IronLion88 · Last updated May 10, 2026

You are running a cluster on Kubernetes Engine (GKE) to serve a web application. Users are reporting that a specific part of the application is not responding anymore. You notice that all pods of your deployment keep restarting after 2 seconds. The application writes...

When troubleshooting an issue with a Kubernetes Engine (GKE) cluster, particularly when pods are restarting frequently and a part of the application is not responding, inspecting the logs of the specific container or pod is key. Let’s evaluate the given options based on this scenario: Option A: Review the Stackdriver logs for each Compute Engine instance that is serving as a node in the cluster - Stackdriver logs for Compute Engine instances will show logs related to the node level (e.g., OS, infrastructure-related issues). While this might provide some clues, it doesn't focus on container or pod-level logs where the application is running. Since the issue seems to be application-specific (as indicated by pods restarting), node-level logs won't help isolate the problem. Rejected because: This option focuses on node-level logs, which are not helpful when troubleshooting application-specific issues inside containers. Option B: Review the Stackdriver logs for the specific GKE container that is serving the unresponsive part of the application - Stackdriver logs are an excellent way to review logs generated by your containers in Google Kubernetes Engine (GKE). These logs will provide insights into the container’s standard output (where your application writes logs). Since the issue is that a specific part of the application isn't responding, Stackdriver logs for the specific container will help you understand the application’s behavior or error messages leading to the pod restarts. Selected because: Stackdriver is the ideal tool for viewing logs of the specific container running in GKE. This will help identify the cause of the issue within the application, especially since logs are being written to standard output. Option C: Connect to the cluster us...

Author: CrystalWolfX · Last updated May 10, 2026

You are using a single Cloud SQL instance to serve your application from a specific zone. You want to int...

To introduce high availability for your Cloud SQL instance, the solution must provide automatic failover and redundancy in case of zone or instance failures. Let’s evaluate the options based on this need: Option A: Create a read replica instance in a different region - A read replica is typically used for offloading read traffic and improving performance, not for high availability. In this case, the replica will be in a different region, which means it won't provide automatic failover in the event of an outage in the primary region. Additionally, there could be higher latency between the primary instance and the replica in a different region, which is not ideal for high availability. Rejected because: Read replicas do not provide automatic failover and do not meet the requirement for high availability. Also, cross-region replication introduces higher latency. Option B: Create a failover replica instance in a different region - A failover replica provides high availability by automatically failing over to the replica if the primary instance becomes unavailable. However, having this failover replica in a different region is not ideal because: - Cross-region failover introduces latency issues, making it slower for failover to occur. - Google Cloud SQL's failover replicas are designed to be used within the same region to minimize latency during failover. Rejected because: While a failover replica provides high availability, using it across regions leads to unnecessary latency and is not ...

Author: Aarav · Last updated May 10, 2026

Your company is running a stateless application on a Compute Engine instance. The application is used heavily during regular business hours and lightly outside of business hours. Users are reporting that the application is...

To optimize the application's performance, especially during peak hours, the best approach would be to scale the application dynamically to handle increased traffic. An autoscaled managed instance group allows the system to automatically add more instances based on the load. Let's go through each option to identify which would be most suitable: A) Create a snapshot of the existing disk. Create an instance template from the snapshot. Create an autoscaled managed instance group from the instance template. - Reasoning: This approach could work but introduces a step that is unnecessary. A snapshot is typically used for backing up data, not for creating scaling templates. Creating an instance template directly from the disk is not the most efficient way to set up an autoscaling system. - Why rejected: The extra snapshot step may slow down the setup and doesn’t add any advantage compared to using a custom image. B) Create a snapshot of the existing disk. Create a custom image from the snapshot. Create an autoscaled managed instance group from the custom image. - Reasoning: This option is quite similar to option A. It adds a custom image, which could make sense if you want a reusable configuration for creating new instances, but the snapshot is still a step that may not be necessary for autoscaling setup. - Why rejected: Similar to option A, this introduces extra complexity with the snapshot, which is not optimal for autoscaling the application. C) Create a custom image from the existing disk. Create an instance template from the custom image. Create an autos...

Author: Isabella · Last updated May 10, 2026

Your web application has several VM instances running within a VPC. You want to restrict communications between instances to only the paths and ports you authorize, but you don't want to rely on static IP ad...

To restrict communications between instances in your web application without relying on static IPs or subnets (since the app autoscares), you need a solution that can dynamically scale and maintain secure traffic controls across changing instances. Let's examine each option: A) Use separate VPCs to restrict traffic - Reasoning: While VPCs can be used to isolate traffic, this approach involves setting up entirely separate networks, which would complicate communication between the necessary services. VPC peering would be required for inter-VPC communication, adding complexity that might not be necessary for your scenario. - Why rejected: VPC separation is often used for stricter isolation, but it would require maintaining more infrastructure, and managing autoscaling between VPCs would be cumbersome. It’s unnecessary in your case when there are simpler, more scalable ways to manage traffic. B) Use firewall rules based on network tags attached to the compute instances - Reasoning: This is the most suitable option. By using network tags, you can create firewall rules to allow traffic between instances based on the tags attached to them, rather than relying on static IPs. As your instances autoscale, new instances can be dynamically assigned the appropriate tags, ensuring they are included in the correct firewall rules for communication. - Why selected: This method provides flexible and scalable control. You can create firewall rules that allow only certain traffic to/from instances with specific tags, ensuring only authorized communication paths and ports are accessible. It works seamlessly with autoscaling because tags are automatically assigned as n...

Author: ThunderBear · Last updated May 10, 2026

You are using Cloud SQL as the database backend for a large CRM deployment. You want to scale as usage increases and ensure that you don't run out of storage, maintain 75% CPU usage cores, and keep r...

To meet your requirements of ensuring automatic scaling, managing CPU usage, and keeping replication lag below 60 seconds in a Cloud SQL environment, let's carefully analyze each option: Key Requirements: 1. Automatic storage scaling: Ensuring the database does not run out of storage. 2. CPU usage maintenance: Keeping CPU usage at or below 75% to avoid overutilization and performance bottlenecks. 3. Replication lag: Keeping replication lag below 60 seconds for consistent data across replicas. Analysis of Each Option: A) 1. Enable automatic storage increase for the instance: This is a good choice as it ensures that storage automatically increases when usage reaches the configured threshold, preventing running out of space. 2. Create a Stackdriver alert when CPU usage exceeds 75%, and change the instance type to reduce CPU usage: This makes sense as an alert will notify you when the CPU exceeds 75%, and adjusting the instance type could help alleviate the load. However, changing the instance type may be a reactive approach, and scaling the database instance vertically might not be enough if the load increases further. 3. Create a Stackdriver alert for replication lag, and shard the database to reduce replication time: Sharding might be overcomplicating the solution, especially if the replication lag is within the acceptable range but slightly fluctuates. Sharding is more useful for distributing the database load across multiple instances, which may not be necessary in this case. Why rejected: The sharding suggestion in this option may introduce unnecessary complexity when you could instead scale the instance or optimize other resources to reduce replication lag. B) 1. Enable automatic storage increase for the instance: This is a good approach for ensuring you don't run out of storage space as usage grows. 2. Change the instance type to a 32-core machine type to keep CPU usage below 75%: Upgrading to a larger machine type can indeed reduce CPU usage, but it’s a less efficient way of managing CPU load compared to autoscaling or horizontal scaling. Also, a 32-core machine might be overkill and inefficient for the application’s needs. 3. Create a Stackdriver alert for replication lag, and deploy memcache to reduce load on the master: Memcache could reduce load on the database by caching frequently accessed data. This is a valid strategy for reducing load and replication lag, but it’s only helpful for read-heavy workloads and might not address replication lag as effectively as adjusting instance type or configuration. Why rejected: This option relies too heavily on vertical scaling (32-core machine), which may ...

Author: SilverBear · Last updated May 10, 2026

You are tasked with building an online analytical processing (OLAP) marketing analytics and reporting tool. This requires a relational database that can operate on hundreds of t...

To select the appropriate Google Cloud tool for building an OLAP (Online Analytical Processing) marketing analytics and reporting tool on hundreds of terabytes of data, let’s analyze each option based on your requirements of handling large-scale relational data for analytics. Key Requirements: - OLAP functionality: The tool must efficiently handle complex queries, aggregations, and reporting on large datasets. - Scalability: It should scale to handle hundreds of terabytes of data. - Performance: It must be optimized for analytics, not transactional workloads. Analysis of Each Option: A) Cloud Spanner, because it is globally distributed - Reasoning: Cloud Spanner is designed to be a globally distributed, horizontally scalable relational database. It is well-suited for transactional workloads (OLTP) where data consistency and high availability are critical. While it can scale, it is generally used for applications requiring strong consistency and transactional support. - Why rejected: While Cloud Spanner is a powerful solution for scalable and globally distributed relational databases, it is not optimized specifically for OLAP or large-scale analytical workloads. OLAP workloads typically involve large aggregations and complex queries, which are not Cloud Spanner's strength. It's better suited for applications requiring real-time transactional consistency across regions. B) Cloud SQL, because it is a fully managed relational database - Reasoning: Cloud SQL is a fully managed relational database that supports popular engines like MySQL, PostgreSQL, and SQL Server. It is good for OLTP (transactional) workloads, and while it can handle moderate-sized datasets, it is not designed for large-scale analytics on hundreds of terabytes of data. - Why rejected: Cloud SQL can handle some data processing but is not designed for ma...

Author: Noah Williams · Last updated May 10, 2026

You have deployed an application to Google Kubernetes Engine (GKE), and are using the Cloud SQL proxy container to make the Cloud SQL database available to the services running on Kubernetes. You are notified that the application is re...

When diagnosing and addressing issues with an application deployed on Google Kubernetes Engine (GKE) and connected to Cloud SQL via the Cloud SQL proxy, it's important to focus on identifying the root cause of the database connection issues. Let's analyze each option based on this requirement. Key Requirements: - Diagnosing the issue: We need to identify the cause of the connection issue to avoid applying unnecessary fixes. - Fixing the issue: Once the root cause is identified, we can apply the appropriate resolution. Analysis of Each Option: A) Use gcloud sql instances restart. - Reasoning: Restarting the Cloud SQL instance can resolve transient issues, such as connectivity problems. However, this is a somewhat broad and reactive approach that may not solve the underlying issue, especially if the issue is on the Kubernetes side or related to the Cloud SQL proxy configuration. - Why rejected: Restarting the Cloud SQL instance could temporarily resolve the issue, but it doesn't provide insight into the root cause. It is better to first investigate logs and metrics to understand the issue before taking action. B) Validate that the Service Account used by the Cloud SQL proxy container still has the Cloud Build Editor role. - Reasoning: The Service Account used by the Cloud SQL proxy must have the correct permissions (typically Cloud SQL Client role) to authenticate with Cloud SQL. While the Cloud Build Editor role might be related to building applications, it is not directly relevant to Cloud SQL connection issues. - Why rejected: The issue likely lies with the Cloud SQL proxy's connectivity or configuration, not the role associated with the Service Account. The correct role for connecting to Cloud SQL is the Cloud SQL Client role, not the Cloud Build Editor role. Thus, this option does not seem relevant. C) In the GCP Console, nav...

Author: Grace · Last updated May 10, 2026

Your company pushes batches of sensitive transaction data from its application server VMs to Cloud Pub/Sub for processing and storage. What is the Google- recommended way f...

To authenticate your application to Google Cloud services, the goal is to securely and efficiently grant the necessary permissions for interacting with Cloud Pub/Sub while minimizing complexity and reducing security risks. Let's break down each option and explain the reasoning behind rejecting or selecting them. Option A: Ensure that VM service accounts are granted the appropriate Cloud Pub/Sub IAM roles. - Reasoning: Granting the appropriate IAM roles directly to the VM service accounts is the most straightforward and recommended approach. Google Cloud encourages using service accounts to grant permissions to resources, as it allows fine-grained access control and integrates well with the IAM system. This method is secure because the service account credentials are automatically managed and rotated by Google Cloud. - Drawback: This approach doesn’t have any significant drawbacks in typical use cases, so it is widely preferred. It's direct and fully supported by Google Cloud. Option B: Ensure that VM service accounts do not have access to Cloud Pub/Sub, and use VM access scopes to grant the appropriate Cloud Pub/Sub IAM roles. - Reasoning: VM access scopes are legacy mechanisms that were originally used to grant access to Google APIs. However, they are being phased out in favor of IAM roles, which offer more granular and robust security features. Access scopes are less flexible and do not provide the fine-grained control that IAM roles do. - Drawback: This option is not recommended because IAM roles are a better solution for access management than VM access scopes, and it restricts the flexibility of modern IAM-based access controls. Option C: Generate an OAuth2 access token for accessing Cloud Pub/Sub, encrypt it, and store it in Cloud Storage for access from each ...

Author: MoonlitPantherX · Last updated May 10, 2026

You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN t...

To establish a Compute Engine application across two regions and have it communicate over VPN to an on-premises network, the best approach would be one that ensures seamless connectivity, security, and scalability, while also optimizing for latency and reliability. Let's review each option and its suitability for the requirements: Option A: Use VPC Network Peering between the VPC and the on-premises network. - Reasoning: VPC Network Peering is typically used for connecting two different VPCs within Google Cloud or across Google Cloud projects, but it does not apply directly to connecting a VPC to an on-premises network. Additionally, it doesn't provide the necessary VPN functionality for on-premises communication. VPC Peering is not suitable in this case because it's not designed for VPN connections with external on-premises networks. - Drawback: This option does not support VPN tunnels and cannot directly solve the problem of establishing a secure VPN connection with an on-premises network. Option B: Expose the VPC to the on-premises network using IAM and VPC Sharing. - Reasoning: IAM and VPC Sharing are designed for resource sharing within Google Cloud between projects or teams but don't provide the functionality required for VPN connections. Exposing the VPC using IAM does not allow for the establishment of a VPN connection between a VPC and an on-premises network. - Drawback: This option is irrelevant for establishing a VPN connection with an on-premises network and doesn’t meet the stated requirement. Option C: Create a global Cloud VPN Gateway with VPN tunnels from each region to the on-premises peer gateway. - Reasoning: Cloud VPN can be used to esta...

Author: Leah Davis · Last updated May 10, 2026

Your applications will be writing their logs to BigQuery for analysis. Each application should have its own table. Any logs older than 45 days should be removed. You want to o...

To address the need for log data retention of 45 days while optimizing storage in BigQuery and following Google-recommended practices, let's evaluate each option: Option A: Configure the expiration time for your tables at 45 days - Reasoning: While you can set an expiration time for entire tables in BigQuery, this approach doesn't provide fine-grained control over the data within the table. If you set the table expiration to 45 days, BigQuery will automatically delete the entire table after 45 days. This approach would not be suitable because logs from other applications within the same table would also be deleted at the same time, leading to loss of data for all applications. - Drawback: This method is not appropriate if you want to retain individual log data and only delete logs that are older than 45 days. It’s not granular enough for this use case. Option B: Make the tables time-partitioned, and configure the partition expiration at 45 days - Reasoning: Time partitioning is the best approach for handling log data in BigQuery. By partitioning tables based on a timestamp (e.g., the log's creation time), you can manage data retention on a per-partition basis. With partition expiration set to 45 days, BigQuery will automatically delete partitions that are older than 45 days, which helps keep storage costs optimized by removing only the outdated data. This is a Google-recommended practice for log management in BigQuery because it’s efficient, scalable, and ensures that only old data is deleted while keeping recent logs available for analysis. - Drawback: None, this is a highly efficient, Google-recommended approach fo...

Author: Daniel · Last updated May 10, 2026

You want your Google Kubernetes Engine cluster to automatically add or remove nodes based on CPU loa...

To automatically scale the nodes in a Google Kubernetes Engine (GKE) cluster based on CPU load, the solution needs to consider both pod-level scaling (via `HorizontalPodAutoscaler`) and node-level scaling (via `Cluster Autoscaler`). Let's evaluate each option to identify the best solution: Option A: Configure a HorizontalPodAutoscaler with a target CPU usage. Enable the Cluster Autoscaler from the GCP Console. - Reasoning: This option is the best choice. The `HorizontalPodAutoscaler` (HPA) automatically scales the number of pods based on CPU usage or other metrics. Enabling the `Cluster Autoscaler` ensures that the number of nodes in the cluster can increase or decrease based on resource usage. The Cluster Autoscaler will scale up the node pool when there aren't enough resources to schedule new pods or when pods are unscheduled due to insufficient resources. Enabling the Cluster Autoscaler via the GCP Console is a simple and effective method. - Drawback: None, this is a Google-recommended and integrated approach for node and pod autoscaling in GKE. Option B: Configure a HorizontalPodAutoscaler with a target CPU usage. Enable autoscaling on the managed instance group for the cluster using the gcloud command. - Reasoning: This option also enables the `HorizontalPodAutoscaler` for pod scaling, but instead of using the GCP Console to enable the `Cluster Autoscaler`, it uses the `gcloud` command to enable autoscaling on the instance group directly. The concept is the same as Option A but relies on command-line tools instead of the console for enabling the Cluster Autoscaler. Both methods are valid, and it's more about user preference whether to use the GCP Console or the `gcloud` command. - Drawback: This option is also valid but slightly less conv...

Author: Isabella · Last updated May 10, 2026

You need to develop procedures to verify resilience of disaster recovery for remote recovery using GCP. Your production environment is hosted on-premises. You need to establish a secure, redundant ...

To verify the resilience of disaster recovery and establish a secure, redundant connection between your on-premises network and Google Cloud Platform (GCP), it's crucial to set up a reliable and flexible network connection that ensures both high availability and data integrity. Let’s evaluate each option: Option A: Verify that Dedicated Interconnect can replicate files to GCP. Verify that direct peering can establish a secure connection between your networks if Dedicated Interconnect fails. - Reasoning: Dedicated Interconnect is a high-performance, low-latency, and private connection between your on-premises network and GCP. It is ideal for a production environment that requires high throughput and reliability. However, direct peering is typically used for connecting two networks directly without any Google intermediary and doesn’t offer as much redundancy or security for cloud connectivity as Cloud VPN. While direct peering can work in some cases, it’s not as ideal for disaster recovery scenarios where redundancy and failover mechanisms are necessary. - Drawback: Direct peering does not offer as much flexibility and security as Cloud VPN, which would be a better option for a secure backup connection in the event of a failure of Dedicated Interconnect. Option B: Verify that Dedicated Interconnect can replicate files to GCP. Verify that Cloud VPN can establish a secure connection between your networks if Dedicated Interconnect fails. - Reasoning: Dedicated Interconnect provides a reliable and secure connection, and using Cloud VPN as a backup is a good disaster recovery strategy. Cloud VPN is secure, allows for redundancy, and can automatically failover to maintain the connection in the event that Dedicated Interconnect fails. Cloud VPN is a recommended solution for creating secure, encrypted tunnels between on-premises networks and GCP, offering flexibility and ensuring high availability of the network connection. - Drawback: None. This option is well-suited for a secure and resilient disaster recovery plan, offering redundancy through Cloud VPN if Dedicated Interconnect fails. Option C: ...

Author: Madison · Last updated May 10, 2026

Your company operates nationally and plans to use GCP for multiple batch workloads, including some that are not time-critical. You also need to use GCP services that are HIPAA-certified...

To design your solution according to Google Cloud Platform (GCP) best practices, the following key factors need to be considered: 1. Cost Management: For batch workloads, especially non-time-critical workloads, cost optimization is important. Preemptible VMs are a great option as they offer up to 80% savings compared to standard VMs, but they can be terminated by Google Cloud at any time. This makes them suitable for workloads that can tolerate interruptions. 2. HIPAA Compliance: GCP offers HIPAA-compliant services, but it is essential to use only those services that are HIPAA-certified if you handle sensitive health information. The solution must ensure that the services being used are compliant. Discontinuing non-HIPAA-compliant services or APIs is necessary for regulatory reasons. 3. Service Availability and Interruption Management: For non-time-critical batch jobs, preemptible VMs are ideal as they are cost-effective. However, their interruption risk must be managed. You may need to use alternative strategies like checkpoints, retry logic, or backup plans to handle these interruptions. Evaluating the options: - Option A: Provisioning preemptible VMs for cost reduction is a valid approach. However, the complete discontinuation of non-HIPAA-compliant services could create gaps in service availability and functionality. If any required services are not HIPAA-compliant, the company may struggle to perform certain operations, potentially limiting functionality. This option does not allow flexibility if certain services are necessary for operations even if they are non-HIPAA-compliant. - Option B: This option introduces the risk of service ...

Author: Zara · Last updated May 10, 2026

Your customer wants to do resilience testing of their authentication layer. This consists of a regional managed instance group serving a public REST API that...

To perform resilience testing for the authentication layer, particularly a REST API that reads from and writes to a Cloud SQL instance, you need to focus on testing how your system behaves during disruptions or failures that can impact the availability and performance of critical components, such as the virtual machines (VMs) in the managed instance group and the Cloud SQL database. Evaluating the options: - Option A: Engage with a security company to run web scrapers for malicious data. This option focuses on security monitoring and not on testing resilience or availability. While web scrapers can help identify stolen or exposed authentication data, it does not test the system's ability to handle failures, such as zone failures or database outages. This approach is irrelevant to resilience testing and should be rejected. - Option B: Deploy intrusion detection software to your virtual machines to detect and log unauthorized access. Intrusion detection focuses on identifying and logging unauthorized access and security breaches, which is valuable for security, but it does not directly contribute to resilience testing of the authentication layer. Resilience testing should focus on how the system responds to infrastructure failures or disruptions, such as instances or databases going down, rather than unauthorized access. Thus, this option is not relevant for resilience testing. - Option C: Schedule a disaster simulation exercise during which you can shut off all VMs in a zone to see how your application behaves. Shutting off all ...

Author: Max · Last updated May 10, 2026

Your BigQuery project has several users. For audit purposes, you need to see how many queries each use...

To determine how many queries each user ran in the last month for audit purposes, we need to identify the most efficient and accurate way to retrieve that information. Let’s break down the options: Evaluating the options: - Option A: Connect Google Data Studio to BigQuery. Create a dimension for the users and a metric for the amount of queries per user. - Analysis: Google Data Studio is primarily used for creating visual reports and dashboards based on data from BigQuery or other data sources. While Data Studio can help you visualize query metrics, it is not ideal for querying raw data to audit user activity. Data Studio is a visualization tool and not a tool for direct query auditing. Therefore, this option is not suitable for gathering detailed audit information about user queries. - Option B: In the BigQuery interface, execute a query on the JOBS table to get the required information. - Analysis: BigQuery stores job-related information in a system table called `INFORMATION_SCHEMA.JOBS_BY_PROJECT`. You can execute a query on this table to retrieve job-related metadata, such as the user who ran the query and the time it was executed. This approach is well-suited for auditing purposes, as it directly provides the information on queries run within the last month. This is a very efficient and effective method for auditing user query activity, as it directly queries BigQuery's internal metadata. - Option C: Use 'bq show' to list all jobs. Per job, use 'bq ls' to list job information and get the required information. - Analysis: The `...

Author: Aarav2020 · Last updated May 10, 2026

You want to automate the creation of a managed instance group. The VMs have many OS package dependencies. You want to minimize the startup t...

To automate the creation of a managed instance group with minimal startup time for VMs, the goal is to ensure that the VMs are pre-configured with the necessary OS packages so that they don't need to install dependencies each time they are created. Let’s evaluate each option based on this requirement: Evaluating the options: - Option A: Use Terraform to create the managed instance group and a startup script to install the OS package dependencies. - Analysis: Terraform is an excellent infrastructure-as-code tool for automating the creation of cloud resources, including managed instance groups. However, using a startup script to install OS package dependencies can lead to longer startup times because the packages need to be installed when the VM is created. This is not the most efficient solution for minimizing startup time, as installation happens after the VM is provisioned and can cause delays in VM initialization. - Option B: Create a custom VM image with all OS package dependencies. Use Deployment Manager to create the managed instance group with the VM image. - Analysis: Creating a custom VM image that includes all required OS package dependencies is the most efficient option. This method ensures that the packages are already pre-installed in the image, minimizing the startup time of new VMs in the managed instance group. The VM image can be used as a template, so no additional installation is required when the VMs are launched. Deployment Manager can be used to automate the creation of the instance group and deploy the custom image to all VMs. This solution is ideal for minimizing startup time. ...

Author: Victoria · Last updated May 10, 2026

Your company captures all web traffic data in Google Analytics 360 and stores it in BigQuery. Each country has its own dataset. Each dataset has multiple tables. You want analysts from each country to be able to see and ...

To ensure that analysts can only access the data for their respective countries, you need to properly configure access controls in Google BigQuery, leveraging both IAM roles and dataset-level access control. Evaluating the options: - Option A: Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate dataset with view access with each respective analyst country-group. - Analysis: This option provides good granularity by using the BigQuery jobUser role for the overall analysts group, which allows users to run jobs. The key point here is the use of dataset-level access for the individual country groups. By granting view access at the dataset level for each country's analysts, this ensures that analysts can only query the data for their respective countries. This is a solid approach as it correctly restricts access at the dataset level. - Why it's good: Dataset-level access ensures that analysts can only query the data for their specific country without the ability to access data from other countries. - Option B: Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate tables with view access with each respective analyst country-group. - Analysis: This approach suggests sharing access at the table level. While table-level permissions can work, it is more cumbersome to manage as your data structure grows. If new tables are added or removed, it could require frequent updates to access controls. Dataset-level permissions provide a more scalable and efficient approach to managing access across multiple tables in a dataset. - Why it's less ideal: Table-level access adds complexity for future updates and may result in more maintenance overhead, especially as new tables are created or old ones are removed. - Option C:...

Author: NightmareDragon2025 · Last updated May 10, 2026

You have been engaged by your client to lead the migration of their application infrastructure to GCP. One of their current problems is that the on-premises high performance SAN is requiring frequent and expensive upgrades to keep up with the variety of workloads that are identified as follows: 20 TB of log archives retained for legal reasons; 500 GB of VM boot/data volumes and templates; 500 GB of image thumbnails; 200 GB of customer sess...

To determine the most cost-effective storage solution, let's evaluate each option based on the workloads and the underlying technology. We need to consider the following: - Log archives (20 TB): This is likely to be infrequently accessed and retained for legal reasons, meaning it doesn’t require high-speed storage. - VM boot/data volumes and templates (500 GB): These require reliable and fast storage for virtual machines. - Image thumbnails (500 GB): These are relatively small, but still need to be available for access and storage efficiently. - Customer session state data (200 GB): This data should be quickly accessible, potentially needing frequent reads and writes, and the ability to persist even if the customer is offline. Option Analysis: Option A: Local SSD for customer session state data. Lifecycle-managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes. - Customer session state data (Local SSD): Local SSD provides fast, low-latency storage, which is a good fit for session state that needs to be accessed quickly. However, local SSD is volatile (data is lost if the instance fails), which might not be ideal for session state data that should persist across VM reboots. - Log archives (Lifecycle-managed Cloud Storage): Lifecycle-managed Cloud Storage is ideal for large data like logs, as it provides cost-effective storage with automatic transitions between storage classes based on age (e.g., frequent access to cold storage), making it a good choice for log retention. - VM boot/data volumes and templates (Lifecycle-managed Cloud Storage): This isn’t the best fit for VM volumes. Persistent Disks or local SSDs are better suited for VM boot volumes, but Cloud Storage could still work for templates or archives. - Thumbnails (Lifecycle-managed Cloud Storage): This is acceptable since Cloud Storage can store image files with low retrieval costs if lifecycle rules are applied effectively. Option B: Memcache backed by Cloud Datastore for the customer session state data. Lifecycle-managed Cloud Storage for log archives, thumbnails, and VM boot/data volumes. - Customer session state data (Memcache backed by Cloud Datastore): This is a better approach for session data since Memcache can handle frequent reads and writes, while Cloud Datastore offers persistent, scalable NoSQL storage. This combination ensures fast access and persistence. - Log archives (Lifecycle-managed Cloud Storage): As in Option A, this is the right fit for long-term, cost-effective storage of logs. - VM boot/dat...

Author: Victoria · Last updated May 10, 2026

Your web application uses Google Kubernetes Engine to manage several workloads. One workload requires a consistent set of hostnames even after pod scaling and rela...

To address the requirement for a consistent set of hostnames even after pod scaling and relaunches, let's evaluate the different Kubernetes features: Option Analysis: A) StatefulSets - StatefulSets are designed for applications that require persistent identifiers and stable network identities. They provide each pod with a unique, persistent hostname based on the StatefulSet's name and the pod's ordinal index (e.g., `myapp-0`, `myapp-1`, etc.). StatefulSets also handle pod scaling, ordering, and ensure that the hostnames remain consistent even when pods are rescheduled or relaunched. - Why selected: StatefulSets are the most appropriate choice for ensuring that each pod in the set gets a stable and consistent hostname, regardless of scaling or pod restarts. This feature is typically used for stateful applications, like databases or applications that need stable network identities. B) Role-based access control (RBAC) - RBAC is a mechanism for controlling access to Kubernetes resources based on user roles. It defines permissions for users and groups, granting or restricting access to certain resources. While important for security, it does not provide any functionality for ensuring consistent hostnames for pods. - Why rejected: RBAC is unrelated to the issue of hostname consistency. It focuses on user and permission management, not pod identity or ...

Author: Liam · Last updated May 10, 2026

You are using Cloud CDN to deliver static HTTP(S) website content hosted on a Compute Engine instance group. You want ...

Let's evaluate each option in terms of its impact on improving the cache hit ratio for your static HTTP(S) website content served via Cloud CDN from a Compute Engine instance group. Option Analysis: A) Customize the cache keys to omit the protocol from the key. - Cache Keys in Cloud CDN are used to determine whether a cached object is available for a specific request. By default, Cloud CDN may use the full URL (including the protocol, such as `http` or `https`) as part of the cache key. - Why it could help: If your website serves both `http` and `https` versions of the same content, omitting the protocol from the cache key ensures that both versions share the same cached object, which improves the cache hit ratio by reducing the number of unique cache keys. - Why rejected: This approach works well if you need to optimize caching for different protocols, but it is not a complete solution for improving cache hit ratios across regions or for large-scale static content delivery. There are other more effective strategies, such as serving content from Cloud Storage. B) Shorten the expiration time of the cached objects. - Cache Expiration Time is the duration for which Cloud CDN holds cached content before checking if it should be refreshed. Shortening the expiration time means the content is revalidated more often, which can decrease the cache hit ratio as the content is replaced or validated more frequently, leading to more cache misses. - Why rejected: Shortening expiration will reduce the effectiveness of caching by increasing revalidation, which is counterproductive if your goal is to improve cache hit ratios. You want content to be cached for a longer period, especially for static assets that don't change often. C) Make sure the HTTP(S) header `Cache-Region` points to the closest region of your users. - Cache-Region Header is used to specify the region where Cloud...

Author: FlamePhoenix2025 · Last updated May 10, 2026

Your architecture calls for the centralized collection of all admin activity and VM system logs within your project. How sho...

Let's evaluate each option for collecting admin activity and VM system logs within your project, ensuring efficient and centralized logging. Option Analysis: A) All admin and VM system logs are automatically collected by Stackdriver. - Stackdriver (now part of Google Cloud Operations Suite) provides logging services for Google Cloud, but it does not automatically collect all admin activity and system logs without any configuration. While it automatically captures logs for certain services, system logs from VMs and admin activity logs are not fully collected by default. - Why rejected: This option is overly broad and not accurate. Not all logs are collected by Stackdriver automatically without proper setup (e.g., installing the Stackdriver Logging agent on VMs). B) Stackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent must be installed on each instance to collect system logs. - Admin activity logs are captured by Cloud Audit Logs, which Stackdriver automatically collects for most Google Cloud services, including changes to resources in your project. - For VM system logs, the Stackdriver Logging agent (now called the Cloud Ops Agent) must be installed on each VM to capture operating system-level logs (e.g., syslog, application logs). - Why selected: This option is the most accurate. Cloud Audit Logs (part of Stackdriver) automatically capture admin activity for most GCP services. However, for VM-level system logs, the Cloud Ops agent must be installed, which is required for centralized logging of VM system activity. ...

Author: FrozenWolf2022 · Last updated May 10, 2026

You have an App Engine application that needs to be updated. You want to test the update with production traffic before replacin...

To test the update with production traffic before fully replacing the current application version in App Engine, we need a method that allows canary testing or gradual traffic splitting between the new and old versions. Option Analysis: A) Deploy the update using the Instance Group Updater to create a partial rollout, which allows for canary testing. - Instance Group Updater is used for Compute Engine instance groups, not App Engine. App Engine applications do not use instance groups in the same way, so this method doesn't apply here. - Why rejected: This option is designed for managing VM-based infrastructure, not App Engine. It’s irrelevant in this case because App Engine doesn’t use instance groups for application deployment. B) Deploy the update as a new version in the App Engine application, and split traffic between the new and current versions. - App Engine allows you to deploy new versions of your app and easily split traffic between the current and new versions using traffic splitting. This is ideal for canary testing where you want to direct a small percentage of traffic to the new version while keeping most traffic on the old version. - Why selected: This option directly leverages App Engine's native traffic-splitting feature, making it the most appropriate for testing updates with live production traffic. It allows you to control the percentage of traffic directed to the new version, ensuring that you can test the update without fully replacing the current version. This method is seamless and built specifically for App Engine. C) Deploy the update in a new VPC, and use Go...

Author: SolarFalcon11 · Last updated May 10, 2026

All Compute Engine instances in your VPC should be able to connect to an Active Directory server on specific ports. Any other traffic emerging from your instances is not allowed. You want to e...

To properly configure the firewall rules to enforce the requirement that all Compute Engine instances in your VPC can connect to an Active Directory server on specific ports, and no other traffic is allowed, we need to think through how VPC firewall rules work. The key factors to consider are the rule priorities and whether the traffic you want to allow (Active Directory) is being explicitly permitted before the deny rule, and whether the deny rule is properly blocking other traffic. Let’s analyze the options one by one: Option A: - Create an egress rule with priority 1000 to deny all traffic for all instances. - Create another egress rule with priority 100 to allow Active Directory traffic for all instances. Analysis: - The deny rule has a higher priority (1000), which means it is processed later than the allow rule (priority 100). - The allow rule (priority 100) will permit Active Directory traffic before the deny rule is processed. This works because the deny rule will only apply to traffic that doesn't match the allow rule. - This option works well because the higher priority rule (allow Active Directory traffic) will be evaluated first, and only unallowed traffic will be blocked by the deny rule. Option B: - Create an egress rule with priority 100 to deny all traffic for all instances. - Create another egress rule with priority 1000 to allow Active Directory traffic for all instances. Analysis: - The deny rule has a higher priority (100), which means it will be evaluated before the allow rule (priority 1000). - Since the deny rule will block all traffic before the allow rule can permit any, this configuration is not effective, as the allow rule will never have a chance to apply to the Active ...

Author: Ethan · Last updated May 10, 2026

Your customer runs a web service used by e-commerce sites to offer product recommendations to users. The company has begun experimenting with a machine learning model on Google Cloud Platform to improve the qu...

In order to improve the machine learning model's results over time, it is essential to collect and analyze data to continuously improve the model's performance. Let's evaluate the options in terms of achieving this goal: Option A: - Export Cloud Machine Learning Engine performance metrics from Stackdriver to BigQuery, to be used to analyze the efficiency of the model. Analysis: - This approach focuses on monitoring the performance of the model over time. By exporting performance metrics, you can identify areas where the model may be underperforming and refine the model based on empirical data. This helps in analyzing efficiency, discovering issues, and making improvements. - This is a good choice because tracking and analyzing performance metrics is crucial to identifying trends and areas for improvement. However, performance metrics alone may not directly lead to improved model results unless paired with actual training data improvements. Option B: - Build a roadmap to move the machine learning model training from Cloud GPUs to Cloud TPUs, which offer better results. Analysis: - While Cloud TPUs can indeed offer better computational performance for certain machine learning models, they don't automatically improve the model's accuracy or quality. TPUs are designed for high-performance computation, but the quality of results depends on factors like data quality, feature engineering, and model tuning. - This is a valid choice in certain cases, but it's not directly related to improving the model's results over time. Moving to TPUs might speed up training but doesn’t guarantee better model performance. Option C: - Monitor Compute Engine anno...

Author: Elizabeth · Last updated May 10, 2026

What Our Friends Say

What Our Friends Say

Google Practice Questions, Discussions & Exam Topics by our Authors

You want to create a private connection between your instances on Compute Engine and your on-premises data center. You require a connection of at least 20 Gbps. You want to...

You are analyzing and defining business processes to support your startup's trial usage of GCP, and you don't yet know what consumer demand for your product will be. Your manager requires you to...

You are building a continuous deployment pipeline for a project stored in a Git source repository and want to ensure that code changes can be...

You have an outage in your Compute Engine managed instance group: all instances keep restarting after 5 seconds. You have a health check configured, but autoscaling is disabled. Your colleague, who is a Linux expert, offer...

Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Google Kubernetes Engine (GKE) for workload orchestration. Parts of your ar...

Your company has multiple on-premises systems that serve as sources for reporting. The data has not been maintained well and has become degraded over time. You want to use Google-reco...

Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these differe...

You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google Cloud until the migration is completed. You want to make sure all your on-pr...

You have found an error in your App Engine application caused by missing Cloud Datastore indexes. You have created a YAML file with the required indexes and wan...

You have an application that will run on Compute Engine. You need to design an architecture that takes into account a disaster recovery plan that requires your application to f...

You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must...

You are working in a highly secured environment where public Internet access from the Compute Engine VMs is not allowed. You do not yet have a VPN connection to access an on-premises file server. You need to in...

Your company is moving 75 TB of data into Google Cloud. You want to use Cloud Storage and follow Googl...

You have an application deployed on Google Kubernetes Engine using a Deployment named echo-deployment. The deployment is exposed using a Service called echo-service. You need to perform an upda...

Your company is using BigQuery as its enterprise data warehouse. Data is distributed over several Google Cloud projects. All queries on BigQuery need to be billed on a single project. You want to make sure that no query costs are incurred on the projects that contain th...

You have developed an application using Cloud ML Engine that recognizes famous paintings from uploaded images. You want to test the application and allow specific people to upload images for the next ...

Your web application must comply with the requirements of the European Union's General Data Protection Regulation (GDPR). You are responsible for the t...

You need to set up Microsoft SQL Server on GCP. Management requires that there's no downtime in case of a data center outage in an...

The development team has provided you with a Kubernetes Deployment file. You have no infrastructure yet and nee...

You need to evaluate your team readiness for a new GCP project. You must perform the evaluation and create a skills gap plan which incorporates the business goal of cost optimization. Y...

You are designing an application for use only during business hours. For the minimum viable product release, you'd like to use a managed product that automatically `scales to zero` so you don't incu...

You are creating an App Engine application that uses Cloud Datastore as its persistence layer. You need to retrieve several root entities for which you have the identifiers. You want to min...

You need to upload files from your on-premises environment to Cloud Storage. You want the files to be encrypted on Cloud Storage usi...

Your customer wants to capture multiple GBs of aggregate real-time key performance indicators (KPIs) from their game servers running on Google Cloud Platform and...

You have a Python web application with many dependencies that requires 0.1 CPU cores and 128 MB of memory to operate in production. You want to monitor and maximize machine utilization. You also want ...

Your company wants to start using Google Cloud resources but wants to retain their on-premises Active Directory domain con...

You are running a cluster on Kubernetes Engine (GKE) to serve a web application. Users are reporting that a specific part of the application is not responding anymore. You notice that all pods of your deployment keep restarting after 2 seconds. The application writes...

You are using a single Cloud SQL instance to serve your application from a specific zone. You want to int...

Your company is running a stateless application on a Compute Engine instance. The application is used heavily during regular business hours and lightly outside of business hours. Users are reporting that the application is...

Your web application has several VM instances running within a VPC. You want to restrict communications between instances to only the paths and ports you authorize, but you don't want to rely on static IP ad...

You are using Cloud SQL as the database backend for a large CRM deployment. You want to scale as usage increases and ensure that you don't run out of storage, maintain 75% CPU usage cores, and keep r...

You are tasked with building an online analytical processing (OLAP) marketing analytics and reporting tool. This requires a relational database that can operate on hundreds of t...

You have deployed an application to Google Kubernetes Engine (GKE), and are using the Cloud SQL proxy container to make the Cloud SQL database available to the services running on Kubernetes. You are notified that the application is re...

Your company pushes batches of sensitive transaction data from its application server VMs to Cloud Pub/Sub for processing and storage. What is the Google- recommended way f...

You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN t...

Your applications will be writing their logs to BigQuery for analysis. Each application should have its own table. Any logs older than 45 days should be removed. You want to o...

You want your Google Kubernetes Engine cluster to automatically add or remove nodes based on CPU loa...

You need to develop procedures to verify resilience of disaster recovery for remote recovery using GCP. Your production environment is hosted on-premises. You need to establish a secure, redundant ...

Your company operates nationally and plans to use GCP for multiple batch workloads, including some that are not time-critical. You also need to use GCP services that are HIPAA-certified...

Your customer wants to do resilience testing of their authentication layer. This consists of a regional managed instance group serving a public REST API that...

Your BigQuery project has several users. For audit purposes, you need to see how many queries each use...

You want to automate the creation of a managed instance group. The VMs have many OS package dependencies. You want to minimize the startup t...

Your company captures all web traffic data in Google Analytics 360 and stores it in BigQuery. Each country has its own dataset. Each dataset has multiple tables. You want analysts from each country to be able to see and ...

Your web application uses Google Kubernetes Engine to manage several workloads. One workload requires a consistent set of hostnames even after pod scaling and rela...

You are using Cloud CDN to deliver static HTTP(S) website content hosted on a Compute Engine instance group. You want ...

Your architecture calls for the centralized collection of all admin activity and VM system logs within your project. How sho...

You have an App Engine application that needs to be updated. You want to test the update with production traffic before replacin...

All Compute Engine instances in your VPC should be able to connect to an Active Directory server on specific ports. Any other traffic emerging from your instances is not allowed. You want to e...

Your customer runs a web service used by e-commerce sites to offer product recommendations to users. The company has begun experimenting with a machine learning model on Google Cloud Platform to improve the qu...