Google Professional Cloud Architect Exam Questions - Real Practice Questions for Guaranteed Success

Question 1

Your company has a Google Cloud project that uses BigQuery for data warehousing They have a VPN tunnel between the on-premises environment and Google Cloud that is configured with Cloud VPN. The security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing. What should they do?

AConfigure Private Google Access for on-premises only.

BPerform the following tasks:
1) Create a service account.
2) Give the BigQuery JobUser role and Storage Reader role to the service account.
3) Remove all other IAM access from the project.

CConfigure VPC Service Controls and configure Private Google Access.

DConfigure Private Google Access.

Correct : C

https://cloud.google.com/vpc-service-controls/docs/overview

VPC Service Controls improves your ability to mitigate the risk of data exfiltration from Google Cloud services such as Cloud Storage and BigQuery.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AConfigure Private Google Access for on-premises only.

BPerform the following tasks:
1) Create a service account.
2) Give the BigQuery JobUser role and Storage Reader role to the service account.
3) Remove all other IAM access from the project.

CConfigure VPC Service Controls and configure Private Google Access.

DConfigure Private Google Access.

0 / 1500

Question 2

Your company is designing its data lake on Google Cloud and wants to develop different ingestion pipelines to collect unstructured data from different sources. After the data is stored in Google Cloud, it will be processed in several data pipelines to build a recommendation engine for end users on the website. The structure of the data retrieved from the source systems can change at any time. The data must be stored exactly as it was retrieved for reprocessing purposes in case the data structure is incompatible with the current processing pipelines. You need to design an architecture to support the use case after you retrieve the dat

a. What should you do?

ASend the data through the processing pipeline, and then store the processed data in a BigQuery table for reprocessing.

BStore the data in a BigQuery table. Design the processing pipelines to retrieve the data from the table.

CSend the data through the processing pipeline, and then store the processed data in a Cloud Storage bucket for reprocessing.

DStore the data in a Cloud Storage bucket. Design the processing pipelines to retrieve the data from the bucket

Correct : D

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ASend the data through the processing pipeline, and then store the processed data in a BigQuery table for reprocessing.

BStore the data in a BigQuery table. Design the processing pipelines to retrieve the data from the table.

CSend the data through the processing pipeline, and then store the processed data in a Cloud Storage bucket for reprocessing.

DStore the data in a Cloud Storage bucket. Design the processing pipelines to retrieve the data from the bucket

0 / 1500

Question 3

Your company is developing a web-based application. You need to make sure that production deployments are linked to source code commits and are fully auditable. What should you do?

AMake sure a developer is tagging the code commit with the date and time of commit

BMake sure a developer is adding a comment to the commit that links to the deployment.

CMake the container tag match the source code commit hash.

DMake sure the developer is tagging the commits with :latest

Correct : C

From: https://cloud.google.com/architecture/best-practices-for-building-containers

Under: Tagging using the Git commit hash (bottom of page almost)

'In this case, a common way of handling version numbers is to use the Git commit SHA-1 hash (or a short version of it) as the version number. By design, the Git commit hash is immutable and references a specific version of your software.

You can use this commit hash as a version number for your software, but also as a tag for the Docker image built from this specific version of your software. Doing so makes Docker images traceable: because in this case the image tag is immutable, you instantly know which specific version of your software is running inside a given container.'

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AMake sure a developer is tagging the code commit with the date and time of commit

BMake sure a developer is adding a comment to the commit that links to the deployment.

CMake the container tag match the source code commit hash.

DMake sure the developer is tagging the commits with :latest

0 / 1500

Question 4

Your company has a support ticketing solution that uses App Engine Standard. The project that contains the App Engine application already has a Virtual Private Cloud(VPC) network fully

connected to the company's on-premises environment through a Cloud VPN tunnel. You want to enable App Engine application to communicate with a database that is running in the company's on-premises environment. What should you do?

AConfigure private services access

BConfigure private Google access for on-premises hosts only

CConfigure serverless VPC access

DConfigure private Google access

Correct : C

https://cloud.google.com/appengine/docs/standard/python3/connecting-vpc

https://cloud.google.com/appengine/docs/flexible/python/using-third-party-databases#on_premises

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AConfigure private services access

BConfigure private Google access for on-premises hosts only

CConfigure serverless VPC access

DConfigure private Google access

0 / 1500

Question 5

Your company has a Google Workspace account and Google Cloud Organization Some developers in the company have created Google Cloud projects outside of the Google Cloud Organization

You want to create an Organization structure that allows developers to create projects, but prevents them from modifying production projects You want to manage policies for all projects centrally and be able to set more restrictive policies for production projects

You want to minimize disruption to users and developers when business needs change in the future You want to follow Google-recommended practices How should you design the Organization structure?

A1 Create a second Google Workspace account and Organization
2 Grant all developers the Project Creator IAM role on the new Organization
3 Move the developer projects into the new Organization
4 Set the policies for all projects on both Organizations.
5 Additionally set the production policies on the original Organization

B1 Create a folder under the Organization resource named 'Production '
2 Grant all developers the Project Creator IAM role on the Organization 3. Move the developer projects into the Organization
4 Set the policies for all projects on the Organization
5 Additionally set the production policies on the 'Production' folder

C1 Create folders under the Organization resource named 'Development' and Production'
2 Grant all developers the Project Creator IAM role on the ''Development1 folder 3. Move the developer projects into the 'Development' folder
4 Set the policies for all projects on the Organization
5 Additionally set the production policies on the 'Production' folder

D1 Designate the Organization for production projects only
2 Ensure that developers do not have the Project Creator IAM role on the Organization
3 Create development projects outside of the Organization using the developer Google Workspace accounts
4 Set the policies for all projects on the Organization
5 Additionally set the production policies on the individual production projects

Correct : C

This option can help create an organization structure that allows developers to create projects, but prevents them from modifying production projects. Folders are containers for projects and other folders within Google Cloud organizations. Folders allow resources to be structured hierarchically and inherit policies from their parent resources. By creating folders under the organization resource named ''Development'' and ''Production'', you can organize your projects by environment and apply different policies to them. By granting all developers the Project Creator IAM role on the ''Development'' folder, you can allow them to create projects under that folder, but not under the ''Production'' folder. By moving the developer projects into the ''Development'' folder, you can ensure that they are subject to the policies set on that folder. By setting the policies for all projects on the organization, you can manage policies centrally and efficiently. By additionally setting the production policies on the ''Production'' folder, you can enforce more restrictive policies for production projects and prevent developers from modifying them. The other options are not optimal for this scenario, because they either create a second Google Workspace account and organization, which increases complexity and cost (A), or do not use folders to organize projects by environment, which makes it harder to manage policies and permissions (B, D). Reference:

https://cloud.google.com/resource-manager/docs/creating-managing-folders

https://cloud.google.com/architecture/framework/system-design

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

0 / 1500

Master Google Professional Cloud Architect Exam with Reliable Practice Questions

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: